http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java b/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
deleted file mode 100644
index 08d84fc..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.encryption;
-
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import org.apache.ambari.server.AmbariException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.security.KeyStore;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ThreadFactory;
-import java.util.concurrent.TimeUnit;
-
-/**
- * InMemoryCredentialStoreService is a CredentialStoreService implementation that creates and manages
- * a JCEKS (Java Cryptography Extension KeyStore) in memory. The key store and its contents are
- * encrypted using the key from the supplied {@link MasterKeyService}.
- * <p/>
- * This class handles the details of the in-memory storage buffer and associated input and output
- * streams. Each credential is stored in its own KeyStore that may be be purged upon some
- * retention timeout - if specified.
- */
-public class InMemoryCredentialStoreService extends CredentialStoreServiceImpl {
- private static final Logger LOG = LoggerFactory.getLogger(InMemoryCredentialStoreService.class);
-
- /**
- * A cache containing the KeyStore data
- */
- private final Cache<String, KeyStore> cache;
-
- /**
- * Constructs a new InMemoryCredentialStoreService where credentials have no retention timeout
- */
- public InMemoryCredentialStoreService() {
- this(0, TimeUnit.MINUTES, false);
- }
-
- /**
- * Constructs a new InMemoryCredentialStoreService with a specified credential timeout
- *
- * @param retentionDuration the time in some units to keep stored credentials, from the time they are added
- * @param units the units for the retention duration (minutes, seconds, etc...)
- * @param activelyPurge true to actively purge credentials after the retention time has expired;
- * otherwise false, to passively purge credentials after the retention time has expired
- */
- public InMemoryCredentialStoreService(final long retentionDuration, final TimeUnit units, boolean activelyPurge) {
- CacheBuilder<Object, Object> builder = CacheBuilder.newBuilder();
-
- // If the retentionDuration is less the 1, then no retention policy is to be enforced
- if (retentionDuration > 0) {
- // If actively purging expired credentials, set up a timer to periodically clean the cache
- if (activelyPurge) {
- ThreadFactory threadFactory = new ThreadFactory() {
- @Override
- public Thread newThread(Runnable runnable) {
- Thread t = Executors.defaultThreadFactory().newThread(runnable);
- if (t != null) {
- t.setName(String.format("%s active cleanup timer", InMemoryCredentialStoreService.class.getSimpleName()));
- t.setDaemon(true);
- }
- return t;
- }
- };
- Runnable runnable = new Runnable() {
- @Override
- public void run() {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Cleaning up cache due to retention timeout of {} milliseconds",
- units.toMillis(retentionDuration));
- }
- cache.cleanUp();
- }
- };
-
- Executors.newSingleThreadScheduledExecutor(threadFactory).schedule(runnable, 1, TimeUnit.MINUTES);
- }
-
- builder.expireAfterWrite(retentionDuration, units);
- }
-
- cache = builder.build();
- }
-
- @Override
- public void addCredential(String alias, char[] value) throws AmbariException {
- if ((alias == null) || alias.isEmpty()) {
- throw new IllegalArgumentException("Alias cannot be null or empty.");
- }
-
- KeyStore keyStore = loadKeyStore(null, DEFAULT_STORE_TYPE);
- addCredential(keyStore, alias, value);
- cache.put(alias, keyStore);
- }
-
- @Override
- public char[] getCredential(String alias) throws AmbariException {
- char[] credential = null;
-
- if ((alias != null) && !alias.isEmpty()) {
- KeyStore keyStore = cache.getIfPresent(alias);
- if (keyStore != null) {
- credential = getCredential(keyStore, alias);
- }
- }
-
- return credential;
- }
-
- @Override
- public void removeCredential(String alias) throws AmbariException {
- if (alias != null) {
- cache.invalidate(alias);
- }
- }
-
- @Override
- protected void persistCredentialStore(KeyStore keyStore) throws AmbariException {
- throw new UnsupportedOperationException();
- }
-
- @Override
- protected KeyStore loadCredentialStore() throws AmbariException {
- throw new UnsupportedOperationException();
- }
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
new file mode 100644
index 0000000..00f5611
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.resources;
+
+import org.apache.ambari.server.controller.spi.Resource;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Collection;
+
+/**
+ * CredentialResourceDefinitionTest tests.
+ */
+public class CredentialResourceDefinitionTest {
+
+ @Test
+ public void testGetType() throws Exception {
+ CredentialResourceDefinition definition = new CredentialResourceDefinition();
+ Assert.assertEquals(Resource.Type.Credential, definition.getType());
+ }
+
+ @Test
+ public void testGetPluralName() throws Exception {
+ CredentialResourceDefinition definition = new CredentialResourceDefinition();
+ Assert.assertEquals("credentials", definition.getPluralName());
+ }
+
+ @Test
+ public void testGetSingularName() throws Exception {
+ CredentialResourceDefinition definition = new CredentialResourceDefinition();
+ Assert.assertEquals("credential", definition.getSingularName());
+ }
+
+ @Test
+ public void testGetSubResourceDefinitions() {
+ CredentialResourceDefinition definition = new CredentialResourceDefinition();
+ Assert.assertTrue(definition.getSubResourceDefinitions().isEmpty());
+ }
+
+ @Test
+ public void testGetCreateDirectives() {
+ CredentialResourceDefinition definition = new CredentialResourceDefinition();
+ Collection<String> directives = definition.getCreateDirectives();
+ Assert.assertEquals(0, directives.size());
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
new file mode 100644
index 0000000..3d218fb
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Unit tests for CredentialService.
+ */
+public class CredentialServiceTest extends BaseServiceTest {
+
+
+ public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+ List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+ //getCredential
+ CredentialService CredentialService = new TestCredentialService("alias");
+ Method m = CredentialService.getClass().getMethod("getCredential", HttpHeaders.class, UriInfo.class, String.class);
+ Object[] args = new Object[]{getHttpHeaders(), getUriInfo(), "alias"};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, CredentialService, m, args, null));
+
+ //getCredentials
+ CredentialService = new TestCredentialService(null);
+ m = CredentialService.getClass().getMethod("getCredentials", HttpHeaders.class, UriInfo.class);
+ args = new Object[]{getHttpHeaders(), getUriInfo()};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, CredentialService, m, args, null));
+
+ //createCredential
+ CredentialService = new TestCredentialService("alias");
+ m = CredentialService.getClass().getMethod("createCredential", String.class, HttpHeaders.class, UriInfo.class, String.class);
+ args = new Object[]{"body", getHttpHeaders(), getUriInfo(), "alias"};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.POST, CredentialService, m, args, "body"));
+
+ //deleteCredential
+ CredentialService = new TestCredentialService("alias");
+ m = CredentialService.getClass().getMethod("deleteCredential", HttpHeaders.class, UriInfo.class, String.class);
+ args = new Object[]{getHttpHeaders(), getUriInfo(), "alias"};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.DELETE, CredentialService, m, args, null));
+
+ return listInvocations;
+ }
+
+
+ private class TestCredentialService extends CredentialService {
+ private String alias;
+
+ private TestCredentialService(String alias) {
+ super("C1");
+ this.alias = alias;
+ }
+
+ @Override
+ ResourceInstance createCredentialResource(String alias) {
+ assertEquals(this.alias, alias);
+ return getTestResource();
+ }
+
+ @Override
+ RequestFactory getRequestFactory() {
+ return getTestRequestFactory();
+ }
+
+ @Override
+ protected RequestBodyParser getBodyParser() {
+ return getTestBodyParser();
+ }
+
+ @Override
+ protected ResultSerializer getResultSerializer() {
+ return getTestResultSerializer();
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index bd02749..573c02f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -32,10 +32,11 @@ import java.lang.reflect.Method;
import java.util.Map;
import java.util.Properties;
+import junit.framework.Assert;
+
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration.ConnectionPoolType;
import org.apache.ambari.server.configuration.Configuration.DatabaseType;
-import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.security.authorization.LdapServerProperties;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.RandomStringUtils;
@@ -52,26 +53,14 @@ import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
-import com.google.inject.Guice;
-import com.google.inject.Inject;
-import com.google.inject.Injector;
-
-import junit.framework.Assert;
-
@RunWith(PowerMockRunner.class)
@PrepareForTest({ Configuration.class })
@PowerMockIgnore( {"javax.management.*", "javax.crypto.*"})
public class ConfigurationTest {
public TemporaryFolder temp = new TemporaryFolder();
- private Injector injector;
-
- @Inject
- private Configuration config;
@Before
public void setup() throws Exception {
- injector = Guice.createInjector(new InMemoryDefaultTestModule());
- injector.injectMembers(this);
temp.create();
}
@@ -86,7 +75,7 @@ public class ConfigurationTest {
*/
@Test
public void testDefaultTwoWayAuthNotSet() throws Exception {
- Assert.assertFalse(config.getTwoWaySsl());
+ Assert.assertFalse(new Configuration().getTwoWaySsl());
}
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
index 23ce914..10ede77 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
@@ -44,6 +44,8 @@ import org.apache.ambari.server.orm.entities.ClusterVersionEntity;
import org.apache.ambari.server.orm.entities.LdapSyncSpecEntity;
import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
import org.apache.ambari.server.security.authorization.Users;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreType;
import org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator;
import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.apache.ambari.server.state.Cluster;
@@ -200,18 +202,26 @@ public class AmbariManagementControllerImplTest {
expect(clusters.getCluster("cluster1")).andReturn(cluster);
expect(cluster.convertToResponse()).andReturn(response);
+ CredentialStoreService credentialStoreService = createNiceMock(CredentialStoreService.class);
+ expect(credentialStoreService.isInitialized(anyObject(CredentialStoreType.class))).andReturn(true).anyTimes();
+
// replay mocks
- replay(injector, clusters, cluster, response);
+ replay(injector, clusters, cluster, response, credentialStoreService);
// test
AmbariManagementController controller = new AmbariManagementControllerImpl(null, clusters, injector);
+
+ Field f = controller.getClass().getDeclaredField("credentialStoreService");
+ f.setAccessible(true);
+ f.set(controller, credentialStoreService);
+
Set<ClusterResponse> setResponses = controller.getClusters(setRequests);
// assert and verify
assertEquals(1, setResponses.size());
assertTrue(setResponses.contains(response));
- verify(injector, clusters, cluster, response);
+ verify(injector, clusters, cluster, response, credentialStoreService);
}
@Test
@@ -474,11 +484,20 @@ public class AmbariManagementControllerImplTest {
expect(cluster.convertToResponse()).andReturn(response);
expect(cluster2.convertToResponse()).andReturn(response2);
+
+ CredentialStoreService credentialStoreService = createNiceMock(CredentialStoreService.class);
+ expect(credentialStoreService.isInitialized(anyObject(CredentialStoreType.class))).andReturn(true).anyTimes();
+
// replay mocks
- replay(injector, clusters, cluster, cluster2, response, response2);
+ replay(injector, clusters, cluster, cluster2, response, response2, credentialStoreService);
//test
AmbariManagementController controller = new AmbariManagementControllerImpl(null, clusters, injector);
+
+ Field f = controller.getClass().getDeclaredField("credentialStoreService");
+ f.setAccessible(true);
+ f.set(controller, credentialStoreService);
+
Set<ClusterResponse> setResponses = controller.getClusters(setRequests);
// assert and verify
@@ -487,7 +506,7 @@ public class AmbariManagementControllerImplTest {
assertTrue(setResponses.contains(response));
assertTrue(setResponses.contains(response2));
- verify(injector, clusters, cluster, cluster2, response, response2);
+ verify(injector, clusters, cluster, cluster2, response, response2, credentialStoreService);
}
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
new file mode 100644
index 0000000..04ce22a
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
@@ -0,0 +1,683 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import junit.framework.Assert;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.ResourceProviderFactory;
+import org.apache.ambari.server.controller.predicate.AndPredicate;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.SecurePasswordHelper;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
+import org.apache.ambari.server.security.encryption.CredentialStoreType;
+import org.apache.ambari.server.security.encryption.MasterKeyServiceImpl;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import static org.easymock.EasyMock.*;
+
+
+/**
+ * CredentialResourceProviderTest unit tests.
+ */
+@SuppressWarnings("unchecked")
+public class CredentialResourceProviderTest {
+
+ @Rule
+ public TemporaryFolder tmpFolder = new TemporaryFolder();
+
+ private Injector injector;
+
+ @Before
+ public void setUp() throws Exception {
+ tmpFolder.create();
+ final File masterKeyFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+ Assert.assertTrue(MasterKeyServiceImpl.initializeMasterKeyFile(masterKeyFile, "secret"));
+
+ injector = Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ Properties properties = new Properties();
+
+ properties.setProperty(Configuration.MASTER_KEY_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+ properties.setProperty(Configuration.MASTER_KEYSTORE_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+
+ bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
+
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+ bind(Configuration.class).toInstance(new Configuration(properties));
+ }
+ });
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ tmpFolder.delete();
+ }
+
+ @Test
+ public void testCreateResources() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY);
+
+ // set expectations
+ expect(request.getProperties()).andReturn(setProperties);
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
+ ((ObservableResourceProvider) provider).addObserver(observer);
+
+ provider.createResources(request);
+
+ ResourceProviderEvent lastEvent = observer.getLastEvent();
+ Assert.assertNotNull(lastEvent);
+ Assert.assertEquals(Resource.Type.Credential, lastEvent.getResourceType());
+ Assert.assertEquals(ResourceProviderEvent.Type.Create, lastEvent.getType());
+ Assert.assertEquals(request, lastEvent.getRequest());
+ Assert.assertNull(lastEvent.getPredicate());
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testCreateResources_FailMissingAlias() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.TEMPORARY);
+
+ // set expectations
+ expect(request.getProperties()).andReturn(setProperties);
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ try {
+ provider.createResources(request);
+ Assert.fail("Expected exception due to missing alias");
+ } catch (IllegalArgumentException e) {
+ // expected
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testCreateResources_FailMissingPrincipal() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", "alias1", null, "password1", CredentialStoreType.TEMPORARY);
+
+ // set expectations
+ expect(request.getProperties()).andReturn(setProperties);
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ try {
+ provider.createResources(request);
+ Assert.fail("Expected exception due to missing alias");
+ } catch (IllegalArgumentException e) {
+ // expected
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testCreateResources_NotInitialized() throws Exception {
+
+ // Create injector where the Configuration object does not have the persisted CredentialStore
+ // details set.
+ Injector injector = Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ Properties properties = new Properties();
+
+ bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
+
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+ bind(Configuration.class).toInstance(new Configuration(properties));
+ }
+ });
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+
+ // The temporary store should always be initialized.... this should succeed.
+ provider.createResources(request);
+
+ try {
+ provider.createResources(request);
+ Assert.fail("Expected IllegalArgumentException thrown");
+ } catch (IllegalArgumentException e) {
+ Assert.assertEquals("Credentials cannot be stored in Ambari's persistent secure credential " +
+ "store since secure persistent storage has not yet be configured. Use ambari-server " +
+ "setup-security to enable this feature.", e.getLocalizedMessage()
+ );
+ }
+
+ verify(request, factory, managementController);
+ }
+
+
+ @Test
+ public void testGetResources() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).once();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+ provider.createResources(request);
+ provider.createResources(request);
+
+ Predicate predicate = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+
+ Set<Resource> results = provider.getResources(request, predicate);
+ Assert.assertEquals(3, results.size());
+
+ for (Resource result : results) {
+ Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+ Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+ if ("alias1".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+ } else if ("alias2".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.PERSISTED.name().toLowerCase(), type);
+ } else if ("alias3".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+ } else {
+ Assert.fail("Unexpected alias in list: " + alias.toString());
+ }
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testGetResources_WithPredicate() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).once();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+ provider.createResources(request);
+ provider.createResources(request);
+
+ Predicate predicate1 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+ Predicate predicate2 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+ .toPredicate();
+ Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+
+ Set<Resource> results = provider.getResources(request, predicate);
+ Assert.assertEquals(1, results.size());
+
+ for (Resource result : results) {
+ Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+ Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+ if ("alias1".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+ } else {
+ Assert.fail("Unexpected alias in list: " + alias.toString());
+ }
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testGetResources_WithPredicateNoResults() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).once();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+ provider.createResources(request);
+ provider.createResources(request);
+
+ Predicate predicate1 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+ Predicate predicate2 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias4")
+ .toPredicate();
+ Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+ try {
+ provider.getResources(request, predicate);
+ Assert.fail("Expected NoSuchResourceException not thrown");
+ } catch (NoSuchResourceException e) {
+ // expected
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testUpdateResources() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+ properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+ expect(request.getProperties()).andReturn(properties).once();
+
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+
+ Predicate predicate1 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+ Predicate predicate2 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+ .toPredicate();
+ Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+ Set<Resource> results = provider.getResources(request, predicate);
+ Assert.assertEquals(1, results.size());
+
+ for (Resource result : results) {
+ Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+ Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+ if ("alias1".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+ } else {
+ Assert.fail("Unexpected alias in list: " + alias.toString());
+ }
+ }
+
+ provider.updateResources(request, predicate);
+
+ results = provider.getResources(request, predicate);
+ Assert.assertEquals(1, results.size());
+
+ for (Resource result : results) {
+ Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+ Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+ if ("alias1".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.PERSISTED.name().toLowerCase(), type);
+ } else {
+ Assert.fail("Unexpected alias in list: " + alias.toString());
+ }
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testUpdateResources_ResourceNotFound() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+ properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+ expect(request.getProperties()).andReturn(properties).once();
+
+ expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+
+ Predicate predicate1 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+ Predicate predicate2 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias4")
+ .toPredicate();
+ Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+ try {
+ provider.updateResources(request, predicate);
+ Assert.fail("Expected NoSuchResourceException thrown");
+ } catch (NoSuchResourceException e) {
+ // expected
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ @Test
+ public void testDeleteResources() throws Exception {
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ Request request = createMock(Request.class);
+
+ CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+ injector.injectMembers(credentialResourceProvider);
+
+ // Create resources requests
+ Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+ properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+ properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+ expect(request.getProperties()).andReturn(properties).once();
+
+ // Get resources request
+ expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+ ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+ expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+ replay(request, factory, managementController);
+ // end expectations
+
+ AbstractControllerResourceProvider.init(factory);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ Resource.Type.Credential,
+ PropertyHelper.getPropertyIds(Resource.Type.Credential),
+ PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+ managementController);
+
+ provider.createResources(request);
+
+ Predicate predicate1 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+ .toPredicate();
+ Predicate predicate2 = new PredicateBuilder()
+ .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+ .toPredicate();
+ Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+ Set<Resource> results = provider.getResources(request, predicate);
+ Assert.assertEquals(1, results.size());
+
+ for (Resource result : results) {
+ Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+ Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+ if ("alias1".equals(alias)) {
+ Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+ } else {
+ Assert.fail("Unexpected alias in list: " + alias.toString());
+ }
+ }
+
+ provider.deleteResources(predicate);
+
+ try {
+ provider.getResources(request, predicate);
+ Assert.fail("Expected NoSuchResourceException thrown");
+ } catch (NoSuchResourceException e) {
+ // expected
+ }
+
+ verify(request, factory, managementController);
+ }
+
+ private Set<Map<String, Object>> getCredentialTestProperties(String clusterName, String alias, String principal, String password, CredentialStoreType credentialStoreType) {
+ Map<String, Object> mapProperties = new HashMap<String, Object>();
+
+ if (clusterName != null) {
+ mapProperties.put(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID, clusterName);
+ }
+
+ if (alias != null) {
+ mapProperties.put(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID, alias);
+ }
+
+ if (password != null) {
+ mapProperties.put(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID, password);
+ }
+
+ if (principal != null) {
+ mapProperties.put(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID, principal);
+ }
+
+ if (credentialStoreType != null) {
+ mapProperties.put(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID, credentialStoreType.name().toLowerCase());
+ }
+
+ return Collections.singleton(mapProperties);
+ }
+}
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
index b0e1018..a84cc3f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
@@ -46,6 +46,8 @@ import org.apache.ambari.server.security.SecurityHelper;
import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
import org.apache.ambari.server.stack.StackManagerFactory;
import org.apache.ambari.server.stageplanner.RoleGraphFactory;
import org.apache.ambari.server.stageplanner.RoleGraphFactoryImpl;
@@ -536,6 +538,7 @@ public class UserResourceProviderTest {
bind(Users.class).toInstance(createMock(Users.class));
bind(AmbariManagementController.class).to(AmbariManagementControllerImpl.class);
+ bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
}
});
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 1824486..251692f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -136,7 +136,7 @@ public class AmbariAuthorizationFilterTest {
expect(securityContext.getAuthentication()).andReturn(authentication);
- expect(request.getMethod()).andReturn("POST");
+ expect(request.getMethod()).andReturn("POST").anyTimes();
expect(permission.getId()).andReturn(PermissionEntity.VIEW_USE_PERMISSION);
// expect permission denial
@@ -163,6 +163,14 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
urlTests.put("/api/v1/persist/SomeValue", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -188,6 +196,14 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/views", "POST", false);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -213,6 +229,14 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/views", "POST", false);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
urlTests.put("/api/v1/persist/SomeValue", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -238,6 +262,14 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -263,6 +295,14 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/views", "POST", false);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+ urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
index ef1a9c8..884cffa 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
@@ -50,20 +50,22 @@ public class CredentialProviderTest {
public void testInitialization() throws Exception {
CredentialProvider cr;
File msFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+ File mksFile = tmpFolder.newFile(Configuration.MASTER_KEYSTORE_FILENAME_DEFAULT);
try {
- new CredentialProvider(null, null, true);
+ new CredentialProvider(null, null, true, null);
Assert.fail("Expected an exception");
} catch (Throwable t) {
Assert.assertTrue(t instanceof IllegalArgumentException);
}
// Without master key persisted
- cr = new CredentialProvider("blahblah!", msFile.getAbsolutePath(), false);
+ cr = new CredentialProvider("blahblah!", msFile, false, mksFile);
Assert.assertNotNull(cr);
Assert.assertNotNull(cr.getKeystoreService());
// With master key persisted
msFile.delete();
+ mksFile.delete();
createMasterKey();
- cr = new CredentialProvider(null, msFile.getAbsolutePath(), true);
+ cr = new CredentialProvider(null, msFile, true, mksFile);
Assert.assertNotNull(cr);
Assert.assertNotNull(cr.getKeystoreService());
}
@@ -87,10 +89,11 @@ public class CredentialProviderTest {
@Test
public void testCredentialStore() throws Exception {
File msFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+ File mksFile = tmpFolder.newFile(Configuration.MASTER_KEYSTORE_FILENAME_DEFAULT);
// With master key persisted
createMasterKey();
- CredentialProvider cr = new CredentialProvider(null, msFile.getAbsolutePath(), true);
+ CredentialProvider cr = new CredentialProvider(null, msFile, true, mksFile);
Assert.assertNotNull(cr);
Assert.assertNotNull(cr.getKeystoreService());
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
new file mode 100644
index 0000000..daea963
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
@@ -0,0 +1,293 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security.encryption;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import junit.framework.Assert;
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.SecurePasswordHelper;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import static org.easymock.EasyMock.createNiceMock;
+
+public class CredentialStoreServiceImplTest {
+
+ @Rule
+ public TemporaryFolder tmpFolder = new TemporaryFolder();
+
+ private CredentialStoreServiceImpl credentialStoreService;
+
+ private static final String CLUSTER_NAME = "C1";
+
+ @Before
+ public void setUp() throws Exception {
+ tmpFolder.create();
+ final File masterKeyFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+ Assert.assertTrue(MasterKeyServiceImpl.initializeMasterKeyFile(masterKeyFile, "secret"));
+
+ Injector injector = Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ Properties properties = new Properties();
+
+ properties.setProperty(Configuration.MASTER_KEY_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+ properties.setProperty(Configuration.MASTER_KEYSTORE_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+ bind(Configuration.class).toInstance(new Configuration(properties));
+ }
+ });
+
+
+ // Test to make sure the MasterKey file is ok...
+ MasterKeyService masterKeyService = new MasterKeyServiceImpl(masterKeyFile);
+ Assert.assertTrue(masterKeyService.isMasterKeyInitialized());
+
+ credentialStoreService = injector.getInstance(CredentialStoreServiceImpl.class);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ credentialStoreService = null;
+ tmpFolder.delete();
+ }
+
+ @Test
+ public void testSetAndGetCredential_Temporary() throws Exception {
+ PrincipalKeyCredential credential = new PrincipalKeyCredential("username", "password");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential, CredentialStoreType.TEMPORARY);
+
+ Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ }
+
+ @Test
+ public void testSetAndGetCredential_Persisted() throws Exception {
+ PrincipalKeyCredential credential = new PrincipalKeyCredential("username", "password");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential, CredentialStoreType.PERSISTED);
+
+ Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ }
+
+ @Test
+ public void testRemoveCredential_Temporary() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.TEMPORARY);
+
+ // Nothing should happen if forcing remove from persistent CredentialStore
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED);
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ // Remove should happen if forcing remove from temporary CredentialStore
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY);
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ // The other credentials should remain untouched
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+ }
+
+ @Test
+ public void testRemoveCredential_Persisted() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+
+ // Nothing should happen if forcing remove from temporary CredentialStore
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY);
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ // Remove should happen if forcing remove from persistent CredentialStore
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED);
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ // The other credentials should remain untouched
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+ }
+
+ @Test
+ public void testRemoveCredential_Either() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+ PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test1");
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+ Assert.assertEquals(credential3, credentialStoreService.getCredential(CLUSTER_NAME, "test3"));
+ Assert.assertEquals(credential4, credentialStoreService.getCredential(CLUSTER_NAME, "test4"));
+
+ credentialStoreService.removeCredential(CLUSTER_NAME, "test3");
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test3"));
+ Assert.assertEquals(credential4, credentialStoreService.getCredential(CLUSTER_NAME, "test4"));
+ }
+
+
+ @Test
+ public void testUpdateCredential() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential2, CredentialStoreType.PERSISTED);
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+ }
+
+
+ @Test
+ public void testContainsCredential() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+ PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+
+ Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+ Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.PERSISTED));
+
+ Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+ Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.PERSISTED));
+ Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.TEMPORARY));
+
+ Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test1"));
+ Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test3"));
+ }
+
+
+ @Test
+ public void testIsCredentialPersisted() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+ PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+ Assert.assertEquals(CredentialStoreType.PERSISTED, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test1"));
+ Assert.assertEquals(CredentialStoreType.PERSISTED, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test2"));
+ Assert.assertEquals(CredentialStoreType.TEMPORARY, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test3"));
+ Assert.assertEquals(CredentialStoreType.TEMPORARY, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test4"));
+
+ try {
+ credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test5");
+ Assert.fail("Expected AmbariException to be thrown");
+ } catch (AmbariException e) {
+ // expected
+ }
+ }
+
+ @Test
+ public void testListCredentials() throws Exception {
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+ PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+ PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+ PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+ credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+ credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+ Map<String, CredentialStoreType> credentials = credentialStoreService.listCredentials(CLUSTER_NAME);
+ Assert.assertNotNull(credentials);
+ Assert.assertEquals(4, credentials.size());
+ Assert.assertEquals(CredentialStoreType.PERSISTED, credentials.get("test1"));
+ Assert.assertEquals(CredentialStoreType.PERSISTED, credentials.get("test2"));
+ Assert.assertEquals(CredentialStoreType.TEMPORARY, credentials.get("test3"));
+ Assert.assertEquals(CredentialStoreType.TEMPORARY, credentials.get("test4"));
+ }
+
+ @Test(expected = AmbariException.class)
+ public void testFailToReinitialize_Persisted() throws Exception {
+ // This should throw an exception not matter what the arguments are....
+ credentialStoreService.initializePersistedCredentialStore(null, null);
+ }
+
+ @Test(expected = AmbariException.class)
+ public void testFailToReinitialize_Temporary() throws Exception {
+ // This should throw an exception not matter what the arguments are....
+ credentialStoreService.initializeTemporaryCredentialStore(1, TimeUnit.MINUTES, false);
+ }
+
+ @Test
+ public void testFailNotInitialized() throws Exception {
+ Configuration configuration = new Configuration(new Properties());
+ CredentialStoreService uninitializedCredentialStoreService = new CredentialStoreServiceImpl(configuration, new SecurePasswordHelper());
+ PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+
+ // The temporary store should always be initialized.... this should succeed.
+ uninitializedCredentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+
+ try {
+ uninitializedCredentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+ Assert.fail("AmbariException should have been thrown");
+ } catch (AmbariException e) {
+ // This is expected...
+ }
+ }
+}
\ No newline at end of file
|