Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 25D8B200AC0 for ; Tue, 10 May 2016 05:39:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 244C5160A0F; Tue, 10 May 2016 03:39:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 75A241609A8 for ; Tue, 10 May 2016 05:39:20 +0200 (CEST) Received: (qmail 27769 invoked by uid 500); 10 May 2016 03:39:19 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 27753 invoked by uid 99); 10 May 2016 03:39:19 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2016 03:39:19 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 6614CDFDEC; Tue, 10 May 2016 03:39:19 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: rlevas@apache.org To: commits@ambari.apache.org Message-Id: <2fd1ca88d6e24a3abefff4753048b439@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas) Date: Tue, 10 May 2016 03:39:19 +0000 (UTC) archived-at: Tue, 10 May 2016 03:39:22 -0000 Repository: ambari Updated Branches: refs/heads/trunk 2865b1b4a -> 6ea2cc1df AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ea2cc1d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ea2cc1d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ea2cc1d Branch: refs/heads/trunk Commit: 6ea2cc1dffb9b45a4e7f43a4eb97dd8ae14b70da Parents: 2865b1b Author: Robert Levas Authored: Mon May 9 23:39:03 2016 -0400 Committer: Robert Levas Committed: Mon May 9 23:39:10 2016 -0400 ---------------------------------------------------------------------- .../ambari/server/orm/dao/PermissionDAO.java | 10 + .../server/orm/entities/PermissionEntity.java | 30 ++- .../server/orm/entities/PrincipalEntity.java | 2 +- .../orm/entities/PrincipalTypeEntity.java | 2 +- .../server/upgrade/AbstractUpgradeCatalog.java | 36 --- .../server/upgrade/UpgradeCatalog240.java | 85 +++++-- .../main/resources/Ambari-DDL-Derby-CREATE.sql | 42 +++- .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 208 ++++++++------- .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 42 +++- .../resources/Ambari-DDL-Postgres-CREATE.sql | 251 +++++++------------ .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 248 +++++++----------- .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 42 +++- .../resources/Ambari-DDL-SQLServer-CREATE.sql | 34 ++- .../security/authorization/TestUsers.java | 11 + .../server/upgrade/UpgradeCatalog240Test.java | 87 ++----- 15 files changed, 547 insertions(+), 583 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java index 5d1a04a..88d9775 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java @@ -58,6 +58,16 @@ public class PermissionDAO { } /** + * Create or updates a permission. + * + * @param permissionEntity entity to create or update + */ + @Transactional + public PermissionEntity merge(PermissionEntity permissionEntity) { + return entityManagerProvider.get().merge(permissionEntity); + } + + /** * Find a permission entity with the given id. * * @param id type id http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java index 43fd71b..f091bab 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java @@ -29,6 +29,7 @@ import javax.persistence.JoinColumns; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.ManyToOne; +import javax.persistence.OneToOne; import javax.persistence.Table; import javax.persistence.TableGenerator; import java.util.Collection; @@ -41,7 +42,7 @@ import java.util.Collection; @TableGenerator(name = "permission_id_generator", table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value" , pkColumnValue = "permission_id_seq" - , initialValue = 8 + , initialValue = 100 ) public class PermissionEntity { @@ -85,6 +86,15 @@ public class PermissionEntity { @Column(name = "permission_label") private String permissionLabel; + /** + * The permission's (admin)principal reference + */ + @OneToOne + @JoinColumns({ + @JoinColumn(name = "principal_id", referencedColumnName = "principal_id", nullable = false), + }) + private PrincipalEntity principal; + @ManyToOne @JoinColumns({ @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false), @@ -168,6 +178,24 @@ public class PermissionEntity { } /** + * Get the principal entity. + * + * @return the principal entity + */ + public PrincipalEntity getPrincipal() { + return principal; + } + + /** + * Set the principal entity. + * + * @param principal the principal entity + */ + public void setPrincipal(PrincipalEntity principal) { + this.principal = principal; + } + + /** * Get the resource type entity. * * @return the resource type entity http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java index 25d8d14..fc92a5f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java @@ -43,7 +43,7 @@ import javax.persistence.TableGenerator; @TableGenerator(name = "principal_id_generator", table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value" , pkColumnValue = "principal_id_seq" - , initialValue = 2 + , initialValue = 100 , allocationSize = 500 ) @NamedQueries({ http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java index b94f1ff..716d4f7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java @@ -28,7 +28,7 @@ import javax.persistence.*; @TableGenerator(name = "principal_type_id_generator", table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value" , pkColumnValue = "principal_type_id_seq" - , initialValue = 3 + , initialValue = 100 ) public class PrincipalTypeEntity { http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java index 17f9fe1..2e857ed 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java @@ -155,42 +155,6 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog { } /** - * Get a sequence value and increment it in ambariSequencesTable. - * @param seqName name of sequence to be fetched and incremented - * @throws SQLException, IllegalArgumentException - */ - @Transactional - public int getAndIncrementSequence(String seqName) throws SQLException{ - Statement statement = null; - ResultSet rs = null; - int value = -1; - try { - statement = dbAccessor.getConnection().createStatement(); - if (statement != null) { - rs = statement.executeQuery(String.format("SELECT sequence_value from %s where sequence_name='%s'", ambariSequencesTable, seqName)); - - if((rs != null) && rs.next()) { - value = rs.getInt(1); - dbAccessor.executeUpdate(String.format("UPDATE %s SET sequence_value = sequence_value + 1 where sequence_name='%s'", ambariSequencesTable, seqName)); - } else { - LOG.error("Sequence {} not found.", seqName); - throw new IllegalArgumentException("Sequence " + seqName + " not found."); - } - - } - } finally { - if (rs != null) { - rs.close(); - } - if (statement != null) { - statement.close(); - } - } - - return value; - } - - /** * Add several new sequences to ambariSequencesTable. * @param seqNames list of sequences to be inserted * @param seqDefaultValue initial value for the sequence http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index f85a4c7..1404144 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -41,6 +41,8 @@ import org.apache.ambari.server.orm.dao.AlertDefinitionDAO; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; +import org.apache.ambari.server.orm.dao.PrincipalDAO; +import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.dao.UserDAO; @@ -48,6 +50,7 @@ import org.apache.ambari.server.orm.entities.AlertDefinitionEntity; import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; @@ -82,6 +85,7 @@ import com.google.inject.persist.Transactional; public class UpgradeCatalog240 extends AbstractUpgradeCatalog { protected static final String ADMIN_PERMISSION_TABLE = "adminpermission"; + protected static final String PRINCIPAL_ID_COL = "principal_id"; protected static final String ALERT_DEFINITION_TABLE = "alert_definition"; protected static final String ALERT_CURRENT_TABLE = "alert_current"; protected static final String ALERT_CURRENT_OCCURRENCES_COLUMN = "occurrences"; @@ -151,6 +155,12 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { @Inject ClusterDAO clusterDAO; + @Inject + PrincipalTypeDAO principalTypeDAO; + + @Inject + PrincipalDAO principalDAO; + /** * Logger. */ @@ -263,30 +273,25 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { removeStandardDeviationAlerts(); updateClusterInheritedPermissionsConfig(); consolidateUserRoles(); + createRolePrincipals(); } protected void updateClusterInheritedPermissionsConfig() throws SQLException { - dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"3", "'ALL.CLUSTER.ADMINISTRATOR'"}, true); - dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"4", "'ALL.CLUSTER.OPERATOR'"}, true); - dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"5", "'ALL.CLUSTER.USER'"}, true); - dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"6", "'ALL.SERVICE.ADMINISTRATOR'"}, true); - dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"7", "'ALL.SERVICE.OPERATOR'"}, true); - getAndIncrementSequence("principal_type_id_seq"); - getAndIncrementSequence("principal_type_id_seq"); - getAndIncrementSequence("principal_type_id_seq"); - getAndIncrementSequence("principal_type_id_seq"); - getAndIncrementSequence("principal_type_id_seq"); - - int nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq"); - dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "3"}, true); - nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq"); - dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "4"}, true); - nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq"); - dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "5"}, true); - nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq"); - dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "6"}, true); - nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq"); - dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "7"}, true); + insertClusterInheritedPrincipal("ALL.CLUSTER.ADMINISTRATOR"); + insertClusterInheritedPrincipal("ALL.CLUSTER.OPERATOR"); + insertClusterInheritedPrincipal("ALL.CLUSTER.USER"); + insertClusterInheritedPrincipal("ALL.SERVICE.ADMINISTRATOR"); + insertClusterInheritedPrincipal("ALL.SERVICE.OPERATIOR"); + } + + private void insertClusterInheritedPrincipal(String name) { + PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity(); + principalTypeEntity.setName("ALL.CLUSTER.ADMINISTRATOR"); + principalTypeEntity = principalTypeDAO.merge(principalTypeEntity); + + PrincipalEntity principalEntity = new PrincipalEntity(); + principalEntity.setPrincipalType(principalTypeEntity); + principalDAO.create(principalEntity); } private void createSettingTable() throws SQLException { @@ -1060,6 +1065,12 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { // Add the sort_order column to the adminpermission table dbAccessor.addColumn(ADMIN_PERMISSION_TABLE, new DBColumnInfo(SORT_ORDER_COL, Short.class, null, 1, false)); + + // Add the principal_id column to the adminpermission table + // Note: This is set to nullable here, but will be altered once the column has been set + // properly during the DML update phase. + dbAccessor.addColumn(ADMIN_PERMISSION_TABLE, + new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, true)); } /** @@ -1121,6 +1132,38 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { } /** + * Create and update records to create the role-based principals. + *

+ * This includes creating the new "ROLE" principal type, a principal for each role, and finally + * updating the princial_id column for the role. + */ + void createRolePrincipals() throws SQLException { + // Create Role Principal Type + PrincipalTypeEntity rolePrincipalType = new PrincipalTypeEntity(); + rolePrincipalType.setName("ROLE"); + + // creates the new record and returns an entity with the id set. + rolePrincipalType = principalTypeDAO.merge(rolePrincipalType); + + // Get the roles (adminpermissions) and create a principal for each.... set the role's principal_id + // value as we go... + List roleEntities = permissionDAO.findAll(); + + for (PermissionEntity roleEntity : roleEntities) { + PrincipalEntity principalEntity = new PrincipalEntity(); + principalEntity.setPrincipalType(rolePrincipalType); + + roleEntity.setPrincipal(principalDAO.merge(principalEntity)); + + permissionDAO.merge(roleEntity); + } + + // Fix the adminpermission.principal_id column to be non-nullable: + dbAccessor.alterColumn(ADMIN_PERMISSION_TABLE, + new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, false)); + } + + /** * Makes the following changes to the {@value #REPO_VERSION_TABLE} table: *

    *
  • repo_type VARCHAR(255) DEFAULT 'STANDARD' NOT NULL
    • http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index f5336bc..04f5cc4 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -633,9 +633,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id BIGINT NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -1027,9 +1029,9 @@ INSERT INTO ambari_sequences (sequence_name, sequence_value) union all select 'principal_type_id_seq', 8 FROM SYSIBM.SYSDUMMY1 union all - select 'principal_id_seq', 7 FROM SYSIBM.SYSDUMMY1 + select 'principal_id_seq', 13 FROM SYSIBM.SYSDUMMY1 union all - select 'permission_id_seq', 5 FROM SYSIBM.SYSDUMMY1 + select 'permission_id_seq', 7 FROM SYSIBM.SYSDUMMY1 union all select 'privilege_id_seq', 1 FROM SYSIBM.SYSDUMMY1 union all @@ -1117,7 +1119,9 @@ INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) UNION ALL SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1; + SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 8, 'ROLE' FROM SYSIBM.SYSDUMMY1; INSERT INTO adminprincipal (principal_id, principal_type_id) SELECT 1, 1 FROM SYSIBM.SYSDUMMY1 @@ -1130,25 +1134,39 @@ INSERT INTO adminprincipal (principal_id, principal_type_id) UNION ALL SELECT 5, 6 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 6, 7 FROM SYSIBM.SYSDUMMY1; + SELECT 6, 7 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 7, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 8, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 9, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 10, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 11, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 12, 8 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 13, 8 FROM SYSIBM.SYSDUMMY1; INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' FROM SYSIBM.SYSDUMMY1; -insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 FROM SYSIBM.SYSDUMMY1 +insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6 FROM SYSIBM.SYSDUMMY1 + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 FROM SYSIBM.SYSDUMMY1 + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 4, 'VIEW.USER', 3, 'View User', 7 FROM SYSIBM.SYSDUMMY1 + SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 FROM SYSIBM.SYSDUMMY1 + SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 FROM SYSIBM.SYSDUMMY1 + SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 FROM SYSIBM.SYSDUMMY1; + SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 FROM SYSIBM.SYSDUMMY1; INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' FROM SYSIBM.SYSDUMMY1 UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index fca3be3..006fa67 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -640,9 +640,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id BIGINT NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -1002,110 +1004,100 @@ CREATE INDEX idx_alert_group_name on alert_group(group_name); CREATE INDEX idx_alert_notice_state on alert_notice(notify_state); -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0. -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_role_command_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('user_id_seq', 2); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('group_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('member_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('configgroup_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('requestschedule_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resourcefilter_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('viewentity_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_level_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_version_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('service_config_id_seq', 1); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_definition_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_group_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_target_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_history_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_notice_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_current_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('repo_version_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_group_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_item_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('stack_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_layout_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_info_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_request_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_task_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_request_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_task_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_request_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_group_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('setting_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('hostcomponentstate_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponentdesiredstate_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponent_history_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('blueprint_setting_id_seq', 0); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('ambari_operation_history_id_seq', 0); - -insert into adminresourcetype (resource_type_id, resource_type_name) - select 1, 'AMBARI' - union all - select 2, 'CLUSTER' - union all - select 3, 'VIEW'; - -insert into adminresource (resource_id, resource_type_id) - select 1, 1; - -insert into adminprincipaltype (principal_type_id, principal_type_name) - select 1, 'USER' - union all - select 2, 'GROUP' - union all - select 3, 'ALL.CLUSTER.ADMINISTRATOR' - union all - select 4, 'ALL.CLUSTER.OPERATOR' - union all - select 5, 'ALL.CLUSTER.USER' - union all - select 6, 'ALL.SERVICE.ADMINISTRATOR' - union all - select 7, 'ALL.SERVICE.OPERATOR'; - -insert into adminprincipal (principal_id, principal_type_id) - select 1, 1 - union all - select 2, 3 - union all - select 3, 4 - union all - select 4, 5 - union all - select 5, 6 - union all - select 6, 7; - -insert into users(user_id, principal_id, user_name, user_password) - select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; - -insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 - union all - select 2, 'CLUSTER.USER', 2, 'Cluster User', 6 - union all - select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 - union all - select 4, 'VIEW.USER', 3, 'View User', 7 - union all -select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 - union all - select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 - union all - select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5; +INSERT INTO ambari_sequences(sequence_name, sequence_value) VALUES + ('cluster_id_seq', 1), + ('host_id_seq', 0), + ('host_role_command_id_seq', 1), + ('user_id_seq', 2), + ('group_id_seq', 1), + ('member_id_seq', 1), + ('configgroup_id_seq', 1), + ('requestschedule_id_seq', 1), + ('resourcefilter_id_seq', 1), + ('viewentity_id_seq', 0), + ('operation_level_id_seq', 1), + ('view_instance_id_seq', 1), + ('resource_type_id_seq', 4), + ('resource_id_seq', 2), + ('principal_type_id_seq', 8), + ('principal_id_seq', 13), + ('permission_id_seq', 7), + ('privilege_id_seq', 1), + ('config_id_seq', 1), + ('cluster_version_id_seq', 0), + ('host_version_id_seq', 0), + ('service_config_id_seq', 1), + ('alert_definition_id_seq', 0), + ('alert_group_id_seq', 0), + ('alert_target_id_seq', 0), + ('alert_history_id_seq', 0), + ('alert_notice_id_seq', 0), + ('alert_current_id_seq', 0), + ('repo_version_id_seq', 0), + ('upgrade_id_seq', 0), + ('upgrade_group_id_seq', 0), + ('upgrade_item_id_seq', 0), + ('stack_id_seq', 0), + ('widget_id_seq', 0), + ('widget_layout_id_seq', 0), + ('topology_host_info_id_seq', 0), + ('topology_host_request_id_seq', 0), + ('topology_host_task_id_seq', 0), + ('topology_logical_request_id_seq', 0), + ('topology_logical_task_id_seq', 0), + ('topology_request_id_seq', 0), + ('topology_host_group_id_seq', 0), + ('setting_id_seq', 0), + ('hostcomponentstate_id_seq', 0), + ('servicecomponentdesiredstate_id_seq', 0), + ('servicecomponent_history_id_seq', 0), + ('blueprint_setting_id_seq', 0), + ('ambari_operation_history_id_seq', 0); + +INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES + (1, 'AMBARI'), + (2, 'CLUSTER'), + (3, 'VIEW'); + +INSERT INTO adminresource (resource_id, resource_type_id) VALUES + (1, 1); + +INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES + (1, 'USER'), + (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), + (8, 'ROLE'); + +INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES + (1, 1), + (2, 3), + (3, 4), + (4, 5), + (5, 6), + (6, 7), + (7, 8), + (8, 8), + (9, 8), + (10, 8), + (11, 8), + (12, 8), + (13, 8); + +INSERT INTO users(user_id, principal_id, user_name, user_password) + SELECT 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; + +INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL + SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL + SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL + SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL + SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5; INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' UNION ALL @@ -1349,11 +1341,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR'; -insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id) - select 1, 1, 1, 1; +INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES + (1, 1, 1, 1); -insert into metainfo(`metainfo_key`, `metainfo_value`) - select 'version','${ambariSchemaVersion}'; +INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES + ('version','${ambariSchemaVersion}'); -- Quartz tables http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index ce0bd84..f7346a0 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -630,9 +630,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id NUMBER(10) NOT NULL, permission_label VARCHAR(255), + principal_id NUMBER(19) NOT NULL, sort_order SMALLINT DEFAULT 1 NOT NULL, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -1008,8 +1010,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0); @@ -1067,7 +1069,9 @@ insert into adminprincipaltype (principal_type_id, principal_type_name) union all select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual union all - select 7, 'ALL.SERVICE.OPERATOR' from dual; + select 7, 'ALL.SERVICE.OPERATOR' from dual + union all + select 8, 'ROLE' from dual; insert into adminprincipal (principal_id, principal_type_id) select 1, 1 from dual @@ -1080,25 +1084,39 @@ insert into adminprincipal (principal_id, principal_type_id) union all select 5, 6 from dual union all - select 6, 7 from dual; + select 6, 7 from dual + union all + select 7, 8 from dual + union all + select 8, 8 from dual + union all + select 9, 8 from dual + union all + select 10, 8 from dual + union all + select 11, 8 from dual + union all + select 12, 8 from dual + union all + select 13, 8 from dual; insert into users(user_id, principal_id, user_name, user_password) select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual; -insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 from dual +insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 from dual union all - select 2, 'CLUSTER.USER', 2, 'Cluster User', 6 from dual + select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 from dual union all - select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 from dual + select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 from dual union all - select 4, 'VIEW.USER', 3, 'View User', 7 from dual + select 4, 'VIEW.USER', 3, 'View User', 10, 7 from dual union all - select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 from dual + select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 from dual union all - select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 from dual + select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 from dual union all - select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 from dual; + select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 from dual; INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' FROM dual UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 7fb8c31..a3567b2 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -633,9 +633,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id BIGINT NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -993,159 +995,100 @@ CREATE INDEX idx_alert_notice_state on alert_notice(notify_state); ---------inserting some data----------- -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0. BEGIN; -INSERT INTO ambari_sequences (sequence_name, sequence_value) - SELECT 'cluster_id_seq', 1 - UNION ALL - SELECT 'host_id_seq', 0 - UNION ALL - SELECT 'user_id_seq', 2 - UNION ALL - SELECT 'group_id_seq', 1 - UNION ALL - SELECT 'member_id_seq', 1 - UNION ALL - SELECT 'host_role_command_id_seq', 1 - union all - select 'configgroup_id_seq', 1 - union all - select 'requestschedule_id_seq', 1 - union all - select 'resourcefilter_id_seq', 1 - union all - select 'viewentity_id_seq', 0 - union all - select 'operation_level_id_seq', 1 - union all - select 'view_instance_id_seq', 1 - union all - select 'resource_type_id_seq', 4 - union all - select 'resource_id_seq', 2 - union all - select 'principal_type_id_seq', 8 - union all - select 'principal_id_seq', 7 - union all - select 'permission_id_seq', 5 - union all - select 'privilege_id_seq', 1 - union all - select 'alert_definition_id_seq', 0 - union all - select 'alert_group_id_seq', 0 - union all - select 'alert_target_id_seq', 0 - union all - select 'alert_history_id_seq', 0 - union all - select 'alert_notice_id_seq', 0 - union all - select 'alert_current_id_seq', 0 - union all - select 'config_id_seq', 1 - union all - select 'repo_version_id_seq', 0 - union all - select 'cluster_version_id_seq', 0 - union all - select 'host_version_id_seq', 0 - union all - select 'service_config_id_seq', 1 - union all - select 'upgrade_id_seq', 0 - union all - select 'upgrade_group_id_seq', 0 - union all - select 'widget_id_seq', 0 - union all - select 'widget_layout_id_seq', 0 - union all - select 'upgrade_item_id_seq', 0 - union all - select 'stack_id_seq', 0 - union all - select 'topology_host_info_id_seq', 0 - union all - select 'topology_host_request_id_seq', 0 - union all - select 'topology_host_task_id_seq', 0 - union all - select 'topology_logical_request_id_seq', 0 - union all - select 'topology_logical_task_id_seq', 0 - union all - select 'topology_request_id_seq', 0 - union all - select 'topology_host_group_id_seq', 0 - union all - select 'setting_id_seq', 0 - union all - select 'hostcomponentstate_id_seq', 0 - union all - select 'servicecomponentdesiredstate_id_seq', 0 - union all - select 'servicecomponent_history_id_seq', 0 - union all - select 'blueprint_setting_id_seq', 0 - union all - select 'ambari_operation_history_id_seq', 0; - - -INSERT INTO adminresourcetype (resource_type_id, resource_type_name) - SELECT 1, 'AMBARI' - UNION ALL - SELECT 2, 'CLUSTER' - UNION ALL - SELECT 3, 'VIEW'; - -INSERT INTO adminresource (resource_id, resource_type_id) - SELECT 1, 1; - -INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) - SELECT 1, 'USER' - UNION ALL - SELECT 2, 'GROUP' - UNION ALL - SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' - UNION ALL - SELECT 4, 'ALL.CLUSTER.OPERATOR' - UNION ALL - SELECT 5, 'ALL.CLUSTER.USER' - UNION ALL - SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' - UNION ALL - SELECT 7, 'ALL.SERVICE.OPERATOR'; - -INSERT INTO adminprincipal (principal_id, principal_type_id) - SELECT 1, 1 - UNION ALL - SELECT 2, 3 - UNION ALL - SELECT 3, 4 - UNION ALL - SELECT 4, 5 - UNION ALL - SELECT 5, 6 - UNION ALL - SELECT 6, 7; +INSERT INTO ambari_sequences (sequence_name, sequence_value) VALUES + ('cluster_id_seq', 1), + ('host_id_seq', 0), + ('user_id_seq', 2), + ('group_id_seq', 1), + ('member_id_seq', 1), + ('host_role_command_id_seq', 1), + ('configgroup_id_seq', 1), + ('requestschedule_id_seq', 1), + ('resourcefilter_id_seq', 1), + ('viewentity_id_seq', 0), + ('operation_level_id_seq', 1), + ('view_instance_id_seq', 1), + ('resource_type_id_seq', 4), + ('resource_id_seq', 2), + ('principal_type_id_seq', 8), + ('principal_id_seq', 13), + ('permission_id_seq', 7), + ('privilege_id_seq', 1), + ('alert_definition_id_seq', 0), + ('alert_group_id_seq', 0), + ('alert_target_id_seq', 0), + ('alert_history_id_seq', 0), + ('alert_notice_id_seq', 0), + ('alert_current_id_seq', 0), + ('config_id_seq', 1), + ('repo_version_id_seq', 0), + ('cluster_version_id_seq', 0), + ('host_version_id_seq', 0), + ('service_config_id_seq', 1), + ('upgrade_id_seq', 0), + ('upgrade_group_id_seq', 0), + ('widget_id_seq', 0), + ('widget_layout_id_seq', 0), + ('upgrade_item_id_seq', 0), + ('stack_id_seq', 0), + ('topology_host_info_id_seq', 0), + ('topology_host_request_id_seq', 0), + ('topology_host_task_id_seq', 0), + ('topology_logical_request_id_seq', 0), + ('topology_logical_task_id_seq', 0), + ('topology_request_id_seq', 0), + ('topology_host_group_id_seq', 0), + ('setting_id_seq', 0), + ('hostcomponentstate_id_seq', 0), + ('servicecomponentdesiredstate_id_seq', 0), + ('servicecomponent_history_id_seq', 0), + ('blueprint_setting_id_seq', 0), + ('ambari_operation_history_id_seq', 0); + +INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES + (1, 'AMBARI'), + (2, 'CLUSTER'), + (3, 'VIEW'); + +INSERT INTO adminresource (resource_id, resource_type_id) VALUES + (1, 1); + +INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES + (1, 'USER'), + (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), + (8, 'ROLE'); + +INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES + (1, 1), + (2, 3), + (3, 4), + (4, 5), + (5, 6), + (6, 7), + (7, 8), + (8, 8), + (9, 8), + (10, 8), + (11, 8), + (12, 8), + (13, 8); INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; -insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 - UNION ALL - SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6 - UNION ALL - SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 - UNION ALL - SELECT 4, 'VIEW.USER', 3, 'View User', 7 - UNION ALL - SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 - UNION ALL - SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 - UNION ALL - SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5; +INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL + SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL + SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL + SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL + SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5; INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' UNION ALL @@ -1377,7 +1320,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1389,11 +1332,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR'; -INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) - SELECT 1, 1, 1, 1; +INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES + (1, 1, 1, 1); -INSERT INTO metainfo (metainfo_key, metainfo_value) - SELECT 'version', '${ambariSchemaVersion}'; +INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES +('version','${ambariSchemaVersion}'); COMMIT; -- Quartz tables http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index 0f3a2c2..8814e10 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -742,9 +742,11 @@ CREATE TABLE ambari.adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id BIGINT NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES ambari.adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE ambari.roleauthorization ( @@ -1151,158 +1153,100 @@ CREATE INDEX idx_alert_notice_state on ambari.alert_notice(notify_state); ---------inserting some data----------- -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0. BEGIN; -INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value) - SELECT 'cluster_id_seq', 1 - UNION ALL - SELECT 'host_id_seq', 0 - UNION ALL - SELECT 'user_id_seq', 2 - UNION ALL - SELECT 'group_id_seq', 1 - UNION ALL - SELECT 'member_id_seq', 1 - UNION ALL - SELECT 'host_role_command_id_seq', 1 - union all - select 'configgroup_id_seq', 1 - union all - select 'requestschedule_id_seq', 1 - union all - select 'resourcefilter_id_seq', 1 - union all - select 'viewentity_id_seq', 0 - union all - select 'operation_level_id_seq', 1 - union all - select 'view_instance_id_seq', 1 - union all - select 'resource_type_id_seq', 4 - union all - select 'resource_id_seq', 2 - union all - select 'principal_type_id_seq', 8 - union all - select 'principal_id_seq', 7 - union all - select 'permission_id_seq', 5 - union all - select 'privilege_id_seq', 1 - union all - select 'alert_definition_id_seq', 0 - union all - select 'alert_group_id_seq', 0 - union all - select 'alert_target_id_seq', 0 - union all - select 'alert_history_id_seq', 0 - union all - select 'alert_notice_id_seq', 0 - union all - select 'alert_current_id_seq', 0 - union all - select 'config_id_seq', 1 - union all - select 'repo_version_id_seq', 0 - union all - select 'cluster_version_id_seq', 0 - union all - select 'host_version_id_seq', 0 - union all - select 'service_config_id_seq', 1 - union all - select 'upgrade_id_seq', 0 - union all - select 'upgrade_group_id_seq', 0 - union all - select 'widget_id_seq', 0 - union all - select 'widget_layout_id_seq', 0 - union all - select 'upgrade_item_id_seq', 0 - union all - select 'stack_id_seq', 0 - union all - select 'topology_host_info_id_seq', 0 - union all - select 'topology_host_request_id_seq', 0 - union all - select 'topology_host_task_id_seq', 0 - union all - select 'topology_logical_request_id_seq', 0 - union all - select 'topology_logical_task_id_seq', 0 - union all - select 'topology_request_id_seq', 0 - union all - select 'topology_host_group_id_seq', 0 - union all - select 'setting_id_seq', 0 - union all - select 'hostcomponentstate_id_seq', 0 - union all - select 'servicecomponentdesiredstate_id_seq', 0 - union all - select 'servicecomponent_history_id_seq', 0 - union all - select 'blueprint_setting_id_seq', 0 - union all - select 'ambari_operation_history_id_seq', 0; - -INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name) - SELECT 1, 'AMBARI' - UNION ALL - SELECT 2, 'CLUSTER' - UNION ALL - SELECT 3, 'VIEW'; - -INSERT INTO ambari.adminresource (resource_id, resource_type_id) - SELECT 1, 1; - -INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) - SELECT 1, 'USER' - UNION ALL - SELECT 2, 'GROUP' - UNION ALL - SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' - UNION ALL - SELECT 4, 'ALL.CLUSTER.OPERATOR' - UNION ALL - SELECT 5, 'ALL.CLUSTER.USER' - UNION ALL - SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' - UNION ALL - SELECT 7, 'ALL.SERVICE.OPERATOR'; - -INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) - SELECT 1, 1 - UNION ALL - SELECT 2, 3 - UNION ALL - SELECT 3, 4 - UNION ALL - SELECT 4, 5 - UNION ALL - SELECT 5, 6 - UNION ALL - SELECT 6, 7; +INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value) VALUES + ('cluster_id_seq', 1), + ('host_id_seq', 0), + ('user_id_seq', 2), + ('group_id_seq', 1), + ('member_id_seq', 1), + ('host_role_command_id_seq', 1), + ('configgroup_id_seq', 1), + ('requestschedule_id_seq', 1), + ('resourcefilter_id_seq', 1), + ('viewentity_id_seq', 0), + ('operation_level_id_seq', 1), + ('view_instance_id_seq', 1), + ('resource_type_id_seq', 4), + ('resource_id_seq', 2), + ('principal_type_id_seq', 8), + ('principal_id_seq', 13), + ('permission_id_seq', 7), + ('privilege_id_seq', 1), + ('alert_definition_id_seq', 0), + ('alert_group_id_seq', 0), + ('alert_target_id_seq', 0), + ('alert_history_id_seq', 0), + ('alert_notice_id_seq', 0), + ('alert_current_id_seq', 0), + ('config_id_seq', 1), + ('repo_version_id_seq', 0), + ('cluster_version_id_seq', 0), + ('host_version_id_seq', 0), + ('service_config_id_seq', 1), + ('upgrade_id_seq', 0), + ('upgrade_group_id_seq', 0), + ('widget_id_seq', 0), + ('widget_layout_id_seq', 0), + ('upgrade_item_id_seq', 0), + ('stack_id_seq', 0), + ('topology_host_info_id_seq', 0), + ('topology_host_request_id_seq', 0), + ('topology_host_task_id_seq', 0), + ('topology_logical_request_id_seq', 0), + ('topology_logical_task_id_seq', 0), + ('topology_request_id_seq', 0), + ('topology_host_group_id_seq', 0), + ('setting_id_seq', 0), + ('hostcomponentstate_id_seq', 0), + ('servicecomponentdesiredstate_id_seq', 0), + ('servicecomponent_history_id_seq', 0), + ('blueprint_setting_id_seq', 0), + ('ambari_operation_history_id_seq', 0); + +INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name) VALUES + (1, 'AMBARI'), + (2, 'CLUSTER'), + (3, 'VIEW'); + +INSERT INTO ambari.adminresource (resource_id, resource_type_id) VALUES + (1, 1); + +INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) VALUES + (1, 'USER'), + (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), + (8, 'ROLE'); + +INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) VALUES + (1, 1), + (2, 3), + (3, 4), + (4, 5), + (5, 6), + (6, 7), + (7, 8), + (8, 8), + (9, 8), + (10, 8), + (11, 8), + (12, 8), + (13, 8); INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; -insert into ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 - UNION ALL - SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6 - UNION ALL - SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 - UNION ALL - SELECT 4, 'VIEW.USER', 3, 'View User', 7 - UNION ALL - SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 - UNION ALL - SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 - UNION ALL - SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5; +INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL + SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL + SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL + SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL + SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5; INSERT INTO ambari.roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' UNION ALL @@ -1547,11 +1491,11 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR'; -INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) - SELECT 1, 1, 1, 1; +INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES + (1, 1, 1, 1); -INSERT INTO ambari.metainfo (metainfo_key, metainfo_value) - SELECT 'version', '${ambariSchemaVersion}'; +INSERT INTO ambari.metainfo (metainfo_key, metainfo_value) VALUES + ('version', '${ambariSchemaVersion}'); COMMIT; -- Quartz tables http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index b89389c..5e588b4 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -629,9 +629,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id NUMERIC(19) NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -1007,8 +1009,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0); @@ -1064,7 +1066,9 @@ insert into adminprincipaltype (principal_type_id, principal_type_name) union all select 6, 'ALL.SERVICE.ADMINISTRATOR' union all - select 7, 'ALL.SERVICE.OPERATOR'; + select 7, 'ALL.SERVICE.OPERATOR' + union all + select 8, 'ROLE'; insert into adminprincipal (principal_id, principal_type_id) select 1, 1 @@ -1077,25 +1081,39 @@ insert into adminprincipal (principal_id, principal_type_id) union all select 5, 6 union all - select 6, 7; + select 6, 7 + union all + select 7, 8 + union all + select 8, 8 + union all + select 9, 8 + union all + select 10, 8 + union all + select 11, 8 + union all + select 12, 8 + union all + select 13, 8; insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; -insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) - select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 +insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) + select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 union all - select 2, 'CLUSTER.USER', 2, 'Cluster User', 6 + select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 union all - select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 + select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 union all - select 4, 'VIEW.USER', 3, 'View User', 7 + select 4, 'VIEW.USER', 3, 'View User', 10, 7 union all - select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 + select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 union all - select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 + select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 union all - select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5; + select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5; INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index 1107c4d..4f21502 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -640,9 +640,11 @@ CREATE TABLE adminpermission ( permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, permission_label VARCHAR(255), + principal_id BIGINT NOT NULL, sort_order SMALLINT NOT NULL DEFAULT 1, CONSTRAINT PK_adminpermission PRIMARY KEY CLUSTERED (permission_id), CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id), + CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id), CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id)); CREATE TABLE roleauthorization ( @@ -1033,8 +1035,8 @@ BEGIN TRANSACTION ('resource_type_id_seq', 4), ('resource_id_seq', 2), ('principal_type_id_seq', 8), - ('principal_id_seq', 7), - ('permission_id_seq', 5), + ('principal_id_seq', 13), + ('permission_id_seq', 7), ('privilege_id_seq', 1), ('alert_definition_id_seq', 0), ('alert_group_id_seq', 0), @@ -1084,7 +1086,8 @@ BEGIN TRANSACTION (4, 'ALL.CLUSTER.OPERATOR'), (5, 'ALL.CLUSTER.USER'), (6, 'ALL.SERVICE.ADMINISTRATOR'), - (7, 'ALL.SERVICE.OPERATOR'); + (7, 'ALL.SERVICE.OPERATOR'), + (8, 'ROLE'); insert into adminprincipal (principal_id, principal_type_id) values @@ -1093,20 +1096,27 @@ BEGIN TRANSACTION (3, 4), (4, 5), (5, 6), - (6, 7); + (6, 7), + (7, 8), + (8, 8), + (9, 8), + (10, 8), + (11, 8), + (12, 8), + (13, 8); insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; - insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order) + insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order) values - (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1), - (2, 'CLUSTER.USER', 2, 'Cluster User', 6), - (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2), - (4, 'VIEW.USER', 3, 'View User', 7), - (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3), - (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4), - (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5); + (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1), + (2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6), + (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2), + (4, 'VIEW.USER', 3, 'View User', 10, 7), + (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3), + (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4), + (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5); INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'VIEW.USE', 'Use View' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java index ad8cce1..dee4490 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java @@ -41,6 +41,8 @@ import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.UserEntity; @@ -108,9 +110,18 @@ public class TestUsers { resourceEntity.setResourceType(resourceTypeEntity); resourceDAO.create(resourceEntity); + PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity(); + principalTypeEntity.setName("ROLE"); + principalTypeEntity = principalTypeDAO.merge(principalTypeEntity); + + PrincipalEntity principalEntity = new PrincipalEntity(); + principalEntity.setPrincipalType(principalTypeEntity); + principalEntity = principalDAO.merge(principalEntity); + PermissionEntity adminPermissionEntity = new PermissionEntity(); adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME); + adminPermissionEntity.setPrincipal(principalEntity); adminPermissionEntity.setResourceType(resourceTypeEntity); permissionDAO.create(adminPermissionEntity); } http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java index 7c85ba7..a061c22 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java @@ -42,8 +42,6 @@ import java.util.HashSet; import java.util.List; import java.util.Map; -import javax.persistence.EntityManager; - import com.google.common.collect.Maps; import com.google.gson.Gson; import com.google.inject.AbstractModule; @@ -128,7 +126,8 @@ public class UpgradeCatalog240Test { @Test public void testExecuteDDLUpdates() throws SQLException, AmbariException { - Capture capturedColumnInfo = newCapture(); + Capture capturedSortOrderColumnInfo = newCapture(); + Capture capturedPermissionIDColumnInfo = newCapture(); Capture capturedScColumnInfo = newCapture(); Capture capturedScDesiredVersionColumnInfo = newCapture(); @@ -139,7 +138,8 @@ public class UpgradeCatalog240Test { ResultSet resultSet = createNiceMock(ResultSet.class); Capture> capturedSettingColumns = EasyMock.newCapture(); - dbAccessor.addColumn(eq("adminpermission"), capture(capturedColumnInfo)); + dbAccessor.addColumn(eq("adminpermission"), capture(capturedSortOrderColumnInfo)); + dbAccessor.addColumn(eq("adminpermission"), capture(capturedPermissionIDColumnInfo)); dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE), capture(capturedScColumnInfo)); dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE), capture(capturedScDesiredVersionColumnInfo)); @@ -248,13 +248,21 @@ public class UpgradeCatalog240Test { UpgradeCatalog240 upgradeCatalog240 = injector.getInstance(UpgradeCatalog240.class); upgradeCatalog240.executeDDLUpdates(); - DBAccessor.DBColumnInfo columnInfo = capturedColumnInfo.getValue(); - Assert.assertNotNull(columnInfo); - Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnInfo.getName()); - Assert.assertEquals(null, columnInfo.getLength()); - Assert.assertEquals(Short.class, columnInfo.getType()); - Assert.assertEquals(1, columnInfo.getDefaultValue()); - Assert.assertEquals(false, columnInfo.isNullable()); + DBAccessor.DBColumnInfo columnSortOrderInfo = capturedSortOrderColumnInfo.getValue(); + Assert.assertNotNull(columnSortOrderInfo); + Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnSortOrderInfo.getName()); + Assert.assertEquals(null, columnSortOrderInfo.getLength()); + Assert.assertEquals(Short.class, columnSortOrderInfo.getType()); + Assert.assertEquals(1, columnSortOrderInfo.getDefaultValue()); + Assert.assertEquals(false, columnSortOrderInfo.isNullable()); + + DBAccessor.DBColumnInfo columnPrincipalIDInfo = capturedPermissionIDColumnInfo.getValue(); + Assert.assertNotNull(columnPrincipalIDInfo); + Assert.assertEquals(UpgradeCatalog240.PRINCIPAL_ID_COL, columnPrincipalIDInfo.getName()); + Assert.assertEquals(null, columnPrincipalIDInfo.getLength()); + Assert.assertEquals(Long.class, columnPrincipalIDInfo.getType()); + Assert.assertEquals(null, columnPrincipalIDInfo.getDefaultValue()); + Assert.assertEquals(true, columnPrincipalIDInfo.isNullable()); // Verify if recovery_enabled column was added to servicecomponentdesiredstate table DBAccessor.DBColumnInfo columnScInfo = capturedScColumnInfo.getValue(); @@ -396,18 +404,15 @@ public class UpgradeCatalog240Test { Method removeHiveOozieDBConnectionConfigs = UpgradeCatalog240.class.getDeclaredMethod("removeHiveOozieDBConnectionConfigs"); Method updateClustersAndHostsVersionStateTableDML = UpgradeCatalog240.class.getDeclaredMethod("updateClustersAndHostsVersionStateTableDML"); Method removeStandardDeviationAlerts = UpgradeCatalog240.class.getDeclaredMethod("removeStandardDeviationAlerts"); - Method getAndIncrementSequence = AbstractUpgradeCatalog.class.getDeclaredMethod("getAndIncrementSequence", String.class); Method consolidateUserRoles = UpgradeCatalog240.class.getDeclaredMethod("consolidateUserRoles"); + Method updateClusterInheritedPermissionsConfig = UpgradeCatalog240.class.getDeclaredMethod("updateClusterInheritedPermissionsConfig"); + Method createRolePrincipals = UpgradeCatalog240.class.getDeclaredMethod("createRolePrincipals"); - Capture capturedStatements = newCapture(CaptureType.ALL); - Capture capturedTablesNames = newCapture(CaptureType.ALL); - Capture captureColumnNames = newCapture(CaptureType.ALL); - Capture captureColumnValues = newCapture(CaptureType.ALL); + Capture capturedStatements = newCapture(CaptureType.ALL); DBAccessor dbAccessor = createStrictMock(DBAccessor.class); expect(dbAccessor.executeUpdate(capture(capturedStatements))).andReturn(1).times(7); - expect(dbAccessor.insertRow(capture(capturedTablesNames), capture(captureColumnNames), capture(captureColumnValues), anyBoolean())).andReturn(true).times(10); UpgradeCatalog240 upgradeCatalog240 = createMockBuilder(UpgradeCatalog240.class) .addMockedMethod(addNewConfigurationsFromXml) @@ -424,12 +429,11 @@ public class UpgradeCatalog240Test { .addMockedMethod(removeHiveOozieDBConnectionConfigs) .addMockedMethod(updateClustersAndHostsVersionStateTableDML) .addMockedMethod(removeStandardDeviationAlerts) - .addMockedMethod(getAndIncrementSequence) .addMockedMethod(consolidateUserRoles) + .addMockedMethod(updateClusterInheritedPermissionsConfig) + .addMockedMethod(createRolePrincipals) .createMock(); - expect(upgradeCatalog240.getAndIncrementSequence(anyString())).andReturn(1).anyTimes(); - Field field = AbstractUpgradeCatalog.class.getDeclaredField("dbAccessor"); field.set(upgradeCatalog240, dbAccessor); @@ -448,6 +452,8 @@ public class UpgradeCatalog240Test { upgradeCatalog240.updateClustersAndHostsVersionStateTableDML(); upgradeCatalog240.removeStandardDeviationAlerts(); upgradeCatalog240.consolidateUserRoles(); + upgradeCatalog240.createRolePrincipals(); + upgradeCatalog240.updateClusterInheritedPermissionsConfig(); replay(upgradeCatalog240, dbAccessor); @@ -465,47 +471,6 @@ public class UpgradeCatalog240Test { Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=5 WHERE permission_name='SERVICE.OPERATOR'")); Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=6 WHERE permission_name='CLUSTER.USER'")); Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=7 WHERE permission_name='VIEW.USER'")); - - - List tableNames = capturedTablesNames.getValues(); - Assert.assertNotNull(tableNames); - Assert.assertEquals(10, tableNames.size()); - Assert.assertTrue(tableNames.contains("adminprincipaltype")); - Assert.assertTrue(tableNames.contains("adminprincipal")); - - List tableColumns = captureColumnNames.getValues(); - Assert.assertNotNull(tableColumns); - Assert.assertEquals(10, tableColumns.size()); - Assert.assertTrue(shouldOnlyHaveValidColumns(tableColumns)); - - List tableColumnsValue = captureColumnValues.getValues(); - Assert.assertNotNull(tableColumnsValue); - Assert.assertEquals(10, tableColumnsValue.size()); - isValidValues(tableColumnsValue.get(0), "3", "'ALL.CLUSTER.ADMINISTRATOR'"); - isValidValues(tableColumnsValue.get(1), "4", "'ALL.CLUSTER.OPERATOR'"); - isValidValues(tableColumnsValue.get(2), "5", "'ALL.CLUSTER.USER'"); - isValidValues(tableColumnsValue.get(3), "6", "'ALL.SERVICE.ADMINISTRATOR'"); - isValidValues(tableColumnsValue.get(4), "7", "'ALL.SERVICE.OPERATOR'"); - isValidValues(tableColumnsValue.get(5), "1", "3"); - isValidValues(tableColumnsValue.get(6), "1", "4"); - isValidValues(tableColumnsValue.get(7), "1", "5"); - isValidValues(tableColumnsValue.get(8), "1", "6"); - isValidValues(tableColumnsValue.get(9), "1", "7"); - } - - private void isValidValues(String[] actual, String expectedFirst, String expectedSecond) { - Assert.assertEquals(expectedFirst, actual[0]); - Assert.assertEquals(expectedSecond, actual[1]); - } - - private boolean shouldOnlyHaveValidColumns(List tableColumns) { - for(String[] columns: tableColumns) { - if (!(("principal_type_id".equalsIgnoreCase(columns[0]) && "principal_type_name".equalsIgnoreCase(columns[1])) - || ("principal_id".equalsIgnoreCase(columns[0]) && "principal_type_id".equalsIgnoreCase(columns[1])))) { - return false; - } - } - return true; } @Test