ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [24/50] [abbrv] ambari git commit: AMBARI-13916. Create API entry points for getting authorization information (rlevas)
Date Wed, 18 Nov 2015 16:51:20 GMT
AMBARI-13916. Create API entry points for getting authorization information (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/09c91347
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/09c91347
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/09c91347

Branch: refs/heads/branch-dev-patch-upgrade
Commit: 09c9134793dcb1ec1691f2ca38147519b28f61f0
Parents: 2173302
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Tue Nov 17 15:15:46 2015 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Tue Nov 17 15:16:00 2015 -0500

----------------------------------------------------------------------
 .../resources/PermissionResourceDefinition.java |   6 +-
 .../resources/ResourceInstanceFactoryImpl.java  |   8 +
 .../server/api/services/PermissionService.java  |  12 +
 .../api/services/RoleAuthorizationService.java  | 100 +++++
 .../api/services/UserAuthorizationService.java  |  94 ++++
 .../ambari/server/api/services/UserService.java |  13 +
 .../AbstractControllerResourceProvider.java     |   4 +
 .../RoleAuthorizationResourceProvider.java      | 319 ++++++++++++++
 .../UserAuthorizationResourceProvider.java      | 436 +++++++++++++++++++
 .../ambari/server/controller/spi/Resource.java  |   6 +-
 .../PermissionResourceDefinitionTest.java       |  10 +-
 .../ResourceInstanceFactoryImplTest.java        |  22 +
 .../AbstractControllerResourceProviderTest.java |  29 ++
 13 files changed, 1055 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java
index 56127b9..abae71e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java
@@ -20,7 +20,7 @@ package org.apache.ambari.server.api.resources;
 
 import org.apache.ambari.server.controller.spi.Resource;
 
-import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
 
@@ -53,6 +53,8 @@ public class PermissionResourceDefinition extends BaseResourceDefinition {
 
   @Override
   public Set<SubResourceDefinition> getSubResourceDefinitions() {
-    return Collections.emptySet();
+    Set<SubResourceDefinition> subResourceDefinitions = new HashSet<SubResourceDefinition>();
+    subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.RoleAuthorization));
+    return subResourceDefinitions;
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
index e7bbec4..27609e7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
@@ -396,6 +396,14 @@ public class ResourceInstanceFactoryImpl implements ResourceInstanceFactory {
         resourceDefinition = new CredentialResourceDefinition();
         break;
 
+      case RoleAuthorization:
+        resourceDefinition = new SimpleResourceDefinition(Resource.Type.RoleAuthorization, "authorization", "authorizations");
+        break;
+
+      case UserAuthorization:
+        resourceDefinition = new SimpleResourceDefinition(Resource.Type.UserAuthorization, "authorization", "authorizations");
+        break;
+
       default:
         throw new IllegalArgumentException("Unsupported resource type: " + type);
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java
index 594caba..3a1a875 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java
@@ -132,6 +132,18 @@ public class PermissionService extends BaseService {
     return handleRequest(headers, null, ui, Request.Type.DELETE, createPermissionResource(permissionId));
   }
 
+  /**
+   * Gets the role (permission) authorization service.
+   *
+   * @param request      the request
+   * @param permissionId the permission id
+   * @return the RoleAuthorizationService
+   */
+  @Path("{permissionId}/authorizations")
+  public RoleAuthorizationService getRoleAuthorizations(
+      @Context javax.ws.rs.core.Request request, @PathParam("permissionId") String permissionId) {
+    return new RoleAuthorizationService(permissionId);
+  }
 
   // ----- helper methods ----------------------------------------------------
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
new file mode 100644
index 0000000..082200d
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.controller.spi.Resource;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+@Path("/authorizations/")
+public class RoleAuthorizationService extends BaseService {
+  private String permissionId;
+
+  /**
+   * Constructs a new RoleAuthorizationService that is not linked to any role (or permission)
+   */
+  public RoleAuthorizationService() {
+    this(null);
+  }
+
+  /**
+   * Constructs a new RoleAuthorizationService that is linked to the specified permission
+   *
+   * @param permissionId the permission id of a permission (or role)
+   */
+  public RoleAuthorizationService(String permissionId) {
+    this.permissionId = permissionId;
+  }
+
+  /**
+   * Handles: GET  /permissions/{permission_id}/authorizations
+   * Get all authorizations for the relative permission, or all if this RoleAuthorizationService is
+   * not linked to a particular permission.
+   *
+   * @param headers http headers
+   * @param ui      uri info
+   * @return authorizations collection resource representation
+   */
+  @GET
+  @Produces("text/plain")
+  public Response getAuthorizations(@Context HttpHeaders headers, @Context UriInfo ui) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createAuthorizationResource(null));
+  }
+
+  /**
+   * Handles: GET  /permissions/{permission_id}/authorizations/{authorization_id}
+   * Get a specific authorization, potentially limited to the set of authorizations for a permission
+   * if this RoleAuthorizationService is linked ot a particular permission.
+   *
+   * @param headers         http headers
+   * @param ui              uri info
+   * @param authorizationId authorization ID
+   * @return authorization instance representation
+   */
+  @GET
+  @Path("{authorization_id}")
+  @Produces("text/plain")
+  public Response getAuthorization(@Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("authorization_id") String authorizationId) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createAuthorizationResource(authorizationId));
+  }
+
+  /**
+   * Create an authorization resource.
+   *
+   * @param authorizationId authorization id
+   * @return an authorization resource instance
+   */
+  protected ResourceInstance createAuthorizationResource(String authorizationId) {
+    Map<Resource.Type, String> mapIds = new HashMap<Resource.Type, String>();
+    mapIds.put(Resource.Type.Permission, permissionId);
+    mapIds.put(Resource.Type.RoleAuthorization, authorizationId);
+    return createResource(Resource.Type.RoleAuthorization, mapIds);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
new file mode 100644
index 0000000..d6ee2fc
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.controller.spi.Resource;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+public class UserAuthorizationService extends BaseService {
+
+  /**
+   * The username this UserAuthorizationService is linked to
+   */
+  private final String username;
+
+  /**
+   * Create a new UserAuthorizationService that is linked to a particular user
+   *
+   * @param username the username of the user to link thi UserAuthorizationService to
+   */
+  public UserAuthorizationService(String username) {
+    this.username = username;
+  }
+
+  /**
+   * Handles: GET  /users/{user_name}/authorizations
+   * Get all authorizations for the relative user.
+   *
+   * @param headers http headers
+   * @param ui      uri info
+   * @return authorizations collection resource representation
+   */
+  @GET
+  @Produces("text/plain")
+  public Response getAuthorizations(@Context HttpHeaders headers, @Context UriInfo ui) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createAuthorizationResource(null));
+  }
+
+  /**
+   * Handles: GET  /permissions/{user_name}/authorizations/{authorization_id}
+   * Get a specific authorization.
+   *
+   * @param headers         http headers
+   * @param ui              uri info
+   * @param authorizationId authorization ID
+   * @return authorization instance representation
+   */
+  @GET
+  @Path("{authorization_id}")
+  @Produces("text/plain")
+  public Response getAuthorization(@Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("authorization_id") String authorizationId) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createAuthorizationResource(authorizationId));
+  }
+
+  /**
+   * Create an authorization resource.
+   *
+   * @param authorizationId authorization id
+   * @return an authorization resource instance
+   */
+  protected ResourceInstance createAuthorizationResource(String authorizationId) {
+    Map<Resource.Type, String> mapIds = new HashMap<Resource.Type, String>();
+    mapIds.put(Resource.Type.User, username);
+    mapIds.put(Resource.Type.UserAuthorization, authorizationId);
+    return createResource(Resource.Type.UserAuthorization, mapIds);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserService.java
index 05ee6b1..5abf4ed 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserService.java
@@ -149,6 +149,19 @@ public class UserService extends BaseService {
   }
 
   /**
+   * Gets the user authorization service.
+   *
+   * @param request  the request
+   * @param username the username
+   * @return the UserAuthorizationService
+   */
+  @Path("{userName}/authorizations")
+  public UserAuthorizationService getUserAuthorizations(
+      @Context javax.ws.rs.core.Request request, @PathParam("userName") String username) {
+    return new UserAuthorizationService(username);
+  }
+
+  /**
    * Create a user resource instance.
    *
    * @param userName  user name

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
index 0310fdc..d2e7be7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
@@ -173,6 +173,10 @@ public abstract class AbstractControllerResourceProvider extends AbstractResourc
         return resourceProviderFactory.getHostKerberosIdentityResourceProvider(managementController);
       case Credential:
         return resourceProviderFactory.getCredentialResourceProvider(managementController);
+      case RoleAuthorization:
+        return new RoleAuthorizationResourceProvider(managementController);
+      case UserAuthorization:
+        return new UserAuthorizationResourceProvider(managementController);
 
       default:
         throw new IllegalArgumentException("Unknown type " + type);

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
new file mode 100644
index 0000000..82981a9
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
@@ -0,0 +1,319 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.Inject;
+import org.apache.ambari.server.StaticallyInject;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.Resource.Type;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.commons.lang.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A write-only resource provider for securely stored credentials
+ */
+@StaticallyInject
+public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider {
+
+  // ----- Property ID constants ---------------------------------------------
+
+  public static final String AUTHORIZATION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_id");
+  public static final String PERMISSION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "permission_id");
+  public static final String AUTHORIZATION_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_name");
+
+  private static final Set<String> PK_PROPERTY_IDS;
+  private static final Set<String> PROPERTY_IDS;
+  private static final Map<Type, String> KEY_PROPERTY_IDS;
+
+  static {
+    Set<String> set;
+    set = new HashSet<String>();
+    set.add(AUTHORIZATION_ID_PROPERTY_ID);
+    set.add(PERMISSION_ID_PROPERTY_ID);
+    PK_PROPERTY_IDS = Collections.unmodifiableSet(set);
+
+    set = new HashSet<String>();
+    set.add(AUTHORIZATION_ID_PROPERTY_ID);
+    set.add(PERMISSION_ID_PROPERTY_ID);
+    set.add(AUTHORIZATION_NAME_PROPERTY_ID);
+    PROPERTY_IDS = Collections.unmodifiableSet(set);
+
+    HashMap<Type, String> map = new HashMap<Type, String>();
+    map.put(Type.Permission, PERMISSION_ID_PROPERTY_ID);
+    map.put(Type.RoleAuthorization, AUTHORIZATION_ID_PROPERTY_ID);
+    KEY_PROPERTY_IDS = Collections.unmodifiableMap(map);
+  }
+
+  /**
+   * Data access object used to obtain permission entities.
+   */
+  @Inject
+  protected static PermissionDAO permissionDAO;
+
+  /**
+   * Create a new resource provider.
+   */
+  public RoleAuthorizationResourceProvider(AmbariManagementController managementController) {
+    super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController);
+  }
+
+  @Override
+  public Set<Resource> getResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+
+    Set<String> requestedIds = getRequestPropertyIds(request, predicate);
+    Set<Resource> resources = new HashSet<Resource>();
+
+    Set<Map<String, Object>> propertyMaps;
+
+    if (predicate == null) {
+      // The request must be from /
+      propertyMaps = Collections.singleton(Collections.<String, Object>emptyMap());
+    } else {
+      propertyMaps = getPropertyMaps(predicate);
+    }
+
+    if (propertyMaps != null) {
+      for (Map<String, Object> propertyMap : propertyMaps) {
+        Object object = propertyMap.get(PERMISSION_ID_PROPERTY_ID);
+        Collection<RoleAuthorizationEntity> authorizationEntities;
+        Integer permissionId;
+
+        if (object instanceof String) {
+          try {
+            permissionId = Integer.valueOf((String) object);
+          } catch (NumberFormatException e) {
+            LOG.warn(PERMISSION_ID_PROPERTY_ID + " is not a valid integer value", e);
+            throw new NoSuchResourceException("The requested resource doesn't exist: Authorization not found, " + predicate, e);
+          }
+        } else if (object instanceof Number) {
+          permissionId = ((Number) object).intValue();
+        } else {
+          permissionId = null;
+        }
+
+        if (permissionId == null) {
+          // TODO: ** This is stubbed out until the data layer catches up...
+          // TODO: entities = roleAuthorizationDAO.findAll();
+          authorizationEntities = createAdminAuthorizations();
+        } else {
+          PermissionEntity permissionEntity = permissionDAO.findById(permissionId);
+
+          if(permissionEntity == null)
+            authorizationEntities = null;
+          else
+          {
+            // TODO: ** This is stubbed out until the data layer catches up...
+            // TODO: authorizationEntities = (permissionEntity == null)
+            // TODO: ? null
+            // TODO: : permissionEntity.getAuthorizations();
+            String permissionName = permissionEntity.getPermissionName();
+            if (permissionName.startsWith("AMBARI")) {
+              authorizationEntities = createAdminAuthorizations();
+            } else if (permissionName.startsWith("CLUSTER")) {
+              authorizationEntities = createOperatorAuthorizations();
+            } else {
+              authorizationEntities = null;
+            }
+          }
+        }
+
+        if (authorizationEntities != null) {
+          String authorizationId = (String) propertyMap.get(AUTHORIZATION_ID_PROPERTY_ID);
+
+          if(!StringUtils.isEmpty(authorizationId)) {
+            // Filter the entities
+            Iterator<RoleAuthorizationEntity> iterator = authorizationEntities.iterator();
+            while(iterator.hasNext()) {
+              if(!authorizationId.equals(iterator.next().getAuthorizationId())) {
+                iterator.remove();
+              }
+            }
+          }
+
+          for (RoleAuthorizationEntity entity : authorizationEntities) {
+            resources.add(toResource(permissionId, entity, requestedIds));
+          }
+        }
+      }
+    }
+
+    return resources;
+  }
+
+  @Override
+  protected Set<String> getPKPropertyIds() {
+    return PK_PROPERTY_IDS;
+  }
+
+  /**
+   * Creates a new resource from the given RoleAuthorizationEntity and set of requested ids.
+   *
+   * @param entity       the RoleAuthorizationEntity
+   * @param requestedIds the properties to include in the resulting resource instance
+   * @return a resource
+   */
+  private Resource toResource(Integer permissionId, RoleAuthorizationEntity entity, Set<String> requestedIds) {
+    Resource resource = new ResourceImpl(Type.RoleAuthorization);
+    setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds);
+    if(permissionId != null) {
+      setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, permissionId, requestedIds);
+    }
+    setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds);
+    return resource;
+  }
+
+  /**
+   * Fills RoleAuthorizationEntities for an administrator user
+   * <p/>
+   * This is a temporary method until the data layer catches up
+   * <p/>
+   * TODO: Remove when the data later catches up
+   *
+   * @return an array of RoleAuthorizationEntity objects
+   */
+  private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
+    Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+    authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
+    return authorizationEntities;
+  }
+
+  /**
+   * Fills RoleAuthorizationEntities for an administrator user
+   * <p/>
+   * This is a temporary method until the data layer catches up
+   * <p/>
+   * TODO: Remove when the data later catches up
+   *
+   * @return an array of RoleAuthorizationEntity objects
+   */
+  private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
+    Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
+    return authorizationEntities;
+  }
+
+  /**
+   * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
+   * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
+   */
+  private static class RoleAuthorizationEntity {
+    private final String authorizationId;
+    private final String authorizationName;
+
+    private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
+      this.authorizationId = authorizationId;
+      this.authorizationName = authorizationName;
+    }
+
+    public String getAuthorizationId() {
+      return authorizationId;
+    }
+
+    public String getAuthorizationName() {
+      return authorizationName;
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
new file mode 100644
index 0000000..ec686e5
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
@@ -0,0 +1,436 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.Inject;
+import org.apache.ambari.server.StaticallyInject;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.predicate.EqualsPredicate;
+import org.apache.ambari.server.controller.spi.ClusterController;
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.Resource.Type;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.controller.utilities.ClusterControllerHelper;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * A write-only resource provider for securely stored credentials
+ */
+@StaticallyInject
+public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider {
+
+  // ----- Property ID constants ---------------------------------------------
+
+  public static final String AUTHORIZATION_ID_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_id");
+  public static final String USERNAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "user_name");
+  public static final String AUTHORIZATION_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "authorization_name");
+  public static final String AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "resource_type");
+  public static final String AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "cluster_name");
+  public static final String AUTHORIZATION_VIEW_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "view_name");
+  public static final String AUTHORIZATION_VIEW_VERSION_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "view_version");
+  public static final String AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("AuthorizationInfo", "view_instance_name");
+
+  private static final Set<String> PK_PROPERTY_IDS;
+  private static final Set<String> PROPERTY_IDS;
+  private static final Map<Type, String> KEY_PROPERTY_IDS;
+
+  static {
+    Set<String> set;
+    set = new HashSet<String>();
+    set.add(AUTHORIZATION_ID_PROPERTY_ID);
+    set.add(USERNAME_PROPERTY_ID);
+    set.add(AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID);
+    PK_PROPERTY_IDS = Collections.unmodifiableSet(set);
+
+    set = new HashSet<String>();
+    set.add(AUTHORIZATION_ID_PROPERTY_ID);
+    set.add(USERNAME_PROPERTY_ID);
+    set.add(AUTHORIZATION_NAME_PROPERTY_ID);
+    set.add(AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID);
+    set.add(AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID);
+    set.add(AUTHORIZATION_VIEW_NAME_PROPERTY_ID);
+    set.add(AUTHORIZATION_VIEW_VERSION_PROPERTY_ID);
+    set.add(AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID);
+    PROPERTY_IDS = Collections.unmodifiableSet(set);
+
+    HashMap<Type, String> map = new HashMap<Type, String>();
+    map.put(Type.User, USERNAME_PROPERTY_ID);
+    map.put(Type.UserAuthorization, AUTHORIZATION_ID_PROPERTY_ID);
+    KEY_PROPERTY_IDS = Collections.unmodifiableMap(map);
+  }
+
+  /**
+   * Data access object used to obtain permission entities.
+   */
+  @Inject
+  protected static PermissionDAO permissionDAO;
+
+  /**
+   * Data access object used to obtain resource type entities.
+   */
+  @Inject
+  protected static ResourceTypeDAO resourceTypeDAO;
+
+  /**
+   * The ClusterController user to get access to other resource providers
+   */
+  private final ClusterController clusterController;
+
+  /**
+   * Create a new resource provider.
+   */
+  public UserAuthorizationResourceProvider(AmbariManagementController managementController) {
+    super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController);
+
+    clusterController = ClusterControllerHelper.getClusterController();
+  }
+
+  @Override
+  public Set<Resource> getResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+
+    Set<String> requestedIds = getRequestPropertyIds(request, predicate);
+    Set<Resource> resources = new HashSet<Resource>();
+
+    // Use the UserPrivilegeProvider to get the set of privileges the user has. This set of privileges
+    // is used to generate a composite set of authorizations the user has been granted.
+    ResourceProvider userPrivilegeProvider = clusterController.ensureResourceProvider(Type.UserPrivilege);
+
+    for (Map<String, Object> propertyMap : getPropertyMaps(predicate)) {
+      String username = (String) propertyMap.get(USERNAME_PROPERTY_ID);
+      Request internalRequest = createUserPrivilegeRequest();
+      Predicate internalPredicate = createUserPrivilegePredicate(username);
+
+      Set<Resource> internalResources = userPrivilegeProvider.getResources(internalRequest, internalPredicate);
+      if (internalResources != null) {
+        for (Resource internalResource : internalResources) {
+          String permissionName = (String) internalResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID);
+          String resourceType = (String) internalResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID);
+          Collection<RoleAuthorizationEntity> authorizationEntities;
+          ResourceTypeEntity resourceTypeEntity = resourceTypeDAO.findByName(resourceType);
+
+          if (resourceTypeEntity != null) {
+            PermissionEntity permissionEntity = permissionDAO.findPermissionByNameAndType(permissionName, resourceTypeEntity);
+
+            if (permissionEntity == null) {
+              authorizationEntities = null;
+            } else {
+              // TODO: ** This is stubbed out until the data layer catches up...
+              // TODO: authorizationEntities = permissionEntity.getAuthorizations();
+              if (permissionName.startsWith("AMBARI")) {
+                authorizationEntities = createAdminAuthorizations();
+              } else if (permissionName.startsWith("CLUSTER")) {
+                authorizationEntities = createOperatorAuthorizations();
+              } else if (permissionName.startsWith("VIEW")) {
+                authorizationEntities = createViewUserAuthorizations();
+              } else {
+                authorizationEntities = null;
+              }
+            }
+
+            if (authorizationEntities != null) {
+              // The details about the resource that the user has been granted access to are
+              // different depending on the resource type specified in the privilege entity
+              if ("VIEW".equals(resourceType)) {
+                addViewResources(resources, username, resourceType, internalResource, authorizationEntities, requestedIds);
+              } else {
+                addClusterResources(resources, username, resourceType, internalResource, authorizationEntities, requestedIds);
+              }
+            }
+          }
+        }
+      }
+    }
+
+    return resources;
+  }
+
+  @Override
+  protected Set<String> getPKPropertyIds() {
+    return PK_PROPERTY_IDS;
+  }
+
+  /**
+   * Create a predicate to use to query for the user's set of privileges
+   *
+   * @param username the username of the relevant user
+   * @return a predicate
+   */
+  private Predicate createUserPrivilegePredicate(String username) {
+    return new EqualsPredicate<String>(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID, username);
+  }
+
+  /**
+   * Create a request to use to query for the user's set of privileges
+   *
+   * @return a request
+   */
+  private Request createUserPrivilegeRequest() {
+    Set<String> propertyIds = new HashSet<>();
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_PRIVILEGE_ID_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_VERSION_PROPERTY_ID);
+    propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID);
+
+    return new RequestImpl(propertyIds, null, null, null);
+  }
+
+  /**
+   * Creates and adds resources to the results where each resource properly identities the cluster
+   * to which the authorization data applies.
+   * <p/>
+   * Generates an AuthorizationInfo block containing the following fields:
+   * <ul>
+   * <li>authorization_id</li>
+   * <li>authorization_name</li>
+   * <li>cluster_name</li>
+   * <li>resource_type</li>
+   * <li>user_name</li>
+   * </ul>
+   *
+   * @param resources             the set of resources to amend
+   * @param username              the username
+   * @param resourceType          the resource type (typically "CLUSTER" or "AMBARI")
+   * @param privilegeResource     the privilege resource used for retrieving cluster-specific details
+   * @param authorizationEntities relevant AuthorizationEntity values for this authorization
+   * @param requestedIds          the properties to include in the resulting resource instance
+   */
+  private void addClusterResources(Set<Resource> resources, String username,
+                                   String resourceType, Resource privilegeResource,
+                                   Collection<RoleAuthorizationEntity> authorizationEntities,
+                                   Set<String> requestedIds) {
+
+    for (RoleAuthorizationEntity entity : authorizationEntities) {
+      Resource resource = new ResourceImpl(Type.UserAuthorization);
+      setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds);
+      setResourceProperty(resource, USERNAME_PROPERTY_ID, username, requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID, resourceType, requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID,
+          privilegeResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID),
+          requestedIds);
+
+      resources.add(resource);
+    }
+  }
+
+  /**
+   * Creates and adds resources to the results where each resource properly identities the view
+   * to which the authorization data applies.
+   * <p/>
+   * Generates an AuthorizationInfo block containing the following fields:
+   * <ul>
+   * <li>authorization_id</li>
+   * <li>authorization_name</li>
+   * <li>resource_type</li>
+   * <li>view_name</li>
+   * <li>view_version</li>
+   * <li>view_instance_name</li>
+   * <li>user_name</li>
+   * </ul>
+   *
+   * @param resources             the set of resources to amend
+   * @param username              the username
+   * @param resourceType          the resource type (typically "VIEW")
+   * @param privilegeResource     the privilege resource used for retrieving view-specific details
+   * @param authorizationEntities relevant AuthorizationEntity values for this authorization
+   * @param requestedIds          the properties to include in the resulting resource instance
+   */
+  private void addViewResources(Set<Resource> resources, String username,
+                                String resourceType, Resource privilegeResource,
+                                Collection<RoleAuthorizationEntity> authorizationEntities,
+                                Set<String> requestedIds) {
+    for (RoleAuthorizationEntity entity : authorizationEntities) {
+      Resource resource = new ResourceImpl(Type.UserAuthorization);
+      setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds);
+      setResourceProperty(resource, USERNAME_PROPERTY_ID, username, requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID, resourceType, requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_VIEW_NAME_PROPERTY_ID,
+          privilegeResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID),
+          requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_VIEW_VERSION_PROPERTY_ID,
+          privilegeResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_VERSION_PROPERTY_ID),
+          requestedIds);
+      setResourceProperty(resource, AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID,
+          privilegeResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID),
+          requestedIds);
+
+      resources.add(resource);
+    }
+  }
+
+
+  /**
+   * Fills RoleAuthorizationEntities for an administrator user
+   * <p/>
+   * This is a temporary method until the data layer catches up
+   * <p/>
+   * TODO: Remove when the data later catches up
+   *
+   * @return an array of RoleAuthorizationEntity objects
+   */
+  private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
+    Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+    authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
+    authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
+    return authorizationEntities;
+  }
+
+  /**
+   * Fills RoleAuthorizationEntities for an administrator user
+   * <p/>
+   * This is a temporary method until the data layer catches up
+   * <p/>
+   * TODO: Remove when the data later catches up
+   *
+   * @return an array of RoleAuthorizationEntity objects
+   */
+  private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
+    Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
+    authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
+    authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
+    return authorizationEntities;
+  }
+
+  /**
+   * Fills RoleAuthorizationEntities for a view user
+   * <p/>
+   * This is a temporary method until the data layer catches up
+   * <p/>
+   * TODO: Remove when the data later catches up
+   *
+   * @return an array of RoleAuthorizationEntity objects
+   */
+  private Collection<RoleAuthorizationEntity> createViewUserAuthorizations() {
+    Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+    authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
+    return authorizationEntities;
+  }
+
+
+  /**
+   * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
+   * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
+   */
+  private static class RoleAuthorizationEntity {
+    private final String authorizationId;
+    private final String authorizationName;
+
+    private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
+      this.authorizationId = authorizationId;
+      this.authorizationName = authorizationName;
+    }
+
+    public String getAuthorizationId() {
+      return authorizationId;
+    }
+
+    public String getAuthorizationName() {
+      return authorizationName;
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
index fbbc7c8..55816a3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
@@ -146,7 +146,9 @@ public interface Resource {
     Theme,
     HostKerberosIdentity,
     Credential,
-    KerberosDescriptor;
+    KerberosDescriptor,
+    RoleAuthorization,
+    UserAuthorization;
 
     /**
      * Get the {@link Type} that corresponds to this InternalType.
@@ -254,6 +256,8 @@ public interface Resource {
     public static final Type HostKerberosIdentity = InternalType.HostKerberosIdentity.getType();
     public static final Type Credential = InternalType.Credential.getType();
     public static final Type KerberosDescriptor = InternalType.KerberosDescriptor.getType();
+    public static final Type RoleAuthorization = InternalType.RoleAuthorization.getType();
+    public static final Type UserAuthorization = InternalType.UserAuthorization.getType();
 
     /**
      * The type name.

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java
index 0ad3b47..bf2bac2 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java
@@ -18,9 +18,11 @@
 
 package org.apache.ambari.server.api.resources;
 
+import org.apache.ambari.server.controller.spi.Resource;
 import org.junit.Assert;
 import org.junit.Test;
 
+import java.util.HashSet;
 import java.util.Set;
 
 /**
@@ -43,8 +45,14 @@ public class PermissionResourceDefinitionTest {
   public void testGetSubResourceDefinitions() throws Exception {
     PermissionResourceDefinition permissionResourceDefinition = new PermissionResourceDefinition();
     Set<SubResourceDefinition> subResourceDefinitions = permissionResourceDefinition.getSubResourceDefinitions ();
+    Set<Resource.Type> expectedSubTypes = new HashSet<Resource.Type>();
+    expectedSubTypes.add(Resource.Type.RoleAuthorization);
 
-    Assert.assertEquals(0, subResourceDefinitions.size());
+    Assert.assertEquals(1, subResourceDefinitions.size());
+
+    for(SubResourceDefinition subResourceDefinition:subResourceDefinitions) {
+      Assert.assertTrue(expectedSubTypes.contains(subResourceDefinition.getType()));
+    }
   }
 }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImplTest.java
index 081a6eb..e761a72 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImplTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImplTest.java
@@ -59,4 +59,26 @@ public class ResourceInstanceFactoryImplTest {
     assertEquals("kerberos_identities", resourceDefinition.getPluralName());
     assertEquals(Resource.Type.HostKerberosIdentity, resourceDefinition.getType());
   }
+
+  @Test
+  public void testGetRoleAuthorizationDefinition() {
+    ResourceDefinition resourceDefinition = ResourceInstanceFactoryImpl.getResourceDefinition(
+        Resource.Type.RoleAuthorization, null);
+
+    assertNotNull(resourceDefinition);
+    assertEquals("authorization", resourceDefinition.getSingularName());
+    assertEquals("authorizations", resourceDefinition.getPluralName());
+    assertEquals(Resource.Type.RoleAuthorization, resourceDefinition.getType());
+  }
+
+  @Test
+  public void testGetUserAuthorizationDefinition() {
+    ResourceDefinition resourceDefinition = ResourceInstanceFactoryImpl.getResourceDefinition(
+        Resource.Type.UserAuthorization, null);
+
+    assertNotNull(resourceDefinition);
+    assertEquals("authorization", resourceDefinition.getSingularName());
+    assertEquals("authorizations", resourceDefinition.getPluralName());
+    assertEquals(Resource.Type.UserAuthorization, resourceDefinition.getType());
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/09c91347/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProviderTest.java
index ebe9b93..796c509 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProviderTest.java
@@ -35,6 +35,7 @@ import static org.easymock.EasyMock.createMock;
 import static org.easymock.EasyMock.createNiceMock;
 import static org.easymock.EasyMock.expect;
 import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
 import static org.junit.Assert.assertEquals;
 
 /**
@@ -85,4 +86,32 @@ public class AbstractControllerResourceProviderTest {
 
     assertEquals(StackArtifactResourceProvider.class, provider.getClass());
   }
+
+  @Test
+  public void testGetRoleAuthorizationResourceProvider() {
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    replay(managementController);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.RoleAuthorization, null, null, managementController);
+
+    verify(managementController);
+
+    assertEquals(RoleAuthorizationResourceProvider.class, provider.getClass());
+  }
+
+  @Test
+  public void testGetUserAuthorizationResourceProvider() {
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    replay(managementController);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.UserAuthorization, null, null, managementController);
+
+    verify(managementController);
+
+    assertEquals(UserAuthorizationResourceProvider.class, provider.getClass());
+  }
 }


Mime
View raw message