ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-17740. Cluster user role is permitted to install packages using API (rlevas)
Date Tue, 19 Jul 2016 19:40:48 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk e3385212a -> 38880143a


AMBARI-17740. Cluster user role is permitted to install packages using API (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/38880143
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/38880143
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/38880143

Branch: refs/heads/trunk
Commit: 38880143a9efcf524b3cf5454b59b32dfcacdb21
Parents: e338521
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Tue Jul 19 15:36:59 2016 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Tue Jul 19 15:37:50 2016 -0400

----------------------------------------------------------------------
 .../ClusterStackVersionResourceProvider.java    |  14 ++-
 ...ClusterStackVersionResourceProviderTest.java | 117 +++++++++++++++----
 2 files changed, 105 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/38880143/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java
index c11cd81..d5a14d5 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java
@@ -22,6 +22,7 @@ import static org.apache.ambari.server.agent.ExecutionCommand.KeyNames.JDK_LOCAT
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -69,6 +70,7 @@ import org.apache.ambari.server.orm.entities.RepositoryEntity;
 import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
 import org.apache.ambari.server.orm.entities.StackEntity;
 import org.apache.ambari.server.orm.entities.UpgradeEntity;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
 import org.apache.ambari.server.serveraction.upgrades.FinalizeUpgradeAction;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
@@ -208,10 +210,14 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou
   public ClusterStackVersionResourceProvider(
           AmbariManagementController managementController) {
     super(propertyIds, keyPropertyIds, managementController);
+
+    setRequiredCreateAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS));
+    setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS));
+    setRequiredUpdateAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS));
   }
 
   @Override
-  public Set<Resource> getResources(Request request, Predicate predicate) throws
+  public Set<Resource> getResourcesAuthorized(Request request, Predicate predicate)
throws
       SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException
{
     final Set<Resource> resources = new HashSet<Resource>();
     final Set<String> requestedIds = getRequestPropertyIds(request, predicate);
@@ -280,7 +286,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou
 
 
   @Override
-  public RequestStatus createResources(Request request) throws SystemException,
+  public RequestStatus createResourcesAuthorized(Request request) throws SystemException,
           UnsupportedPropertyException, ResourceAlreadyExistsException,
           NoSuchParentResourceException {
 
@@ -727,7 +733,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou
    * manual Stack Upgrade
    */
   @Override
-  public RequestStatus updateResources(Request request, Predicate predicate)
+  public RequestStatus updateResourcesAuthorized(Request request, Predicate predicate)
       throws SystemException, UnsupportedPropertyException,
       NoSuchResourceException, NoSuchParentResourceException {
     try {
@@ -848,7 +854,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou
   }
 
   @Override
-  public RequestStatus deleteResources(Request request, Predicate predicate)
+  public RequestStatus deleteResourcesAuthorized(Request request, Predicate predicate)
       throws SystemException, UnsupportedPropertyException,
       NoSuchResourceException, NoSuchParentResourceException {
     throw new SystemException("Method not supported");

http://git-wip-us.apache.org/repos/asf/ambari/blob/38880143/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
index a438edb..5c5156a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
@@ -81,6 +81,8 @@ import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.apache.ambari.server.orm.entities.StackEntity;
 import org.apache.ambari.server.orm.entities.UpgradeEntity;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.security.authorization.ResourceType;
 import org.apache.ambari.server.serveraction.upgrades.FinalizeUpgradeAction;
 import org.apache.ambari.server.state.Cluster;
@@ -118,9 +120,11 @@ import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.persist.PersistService;
 import com.google.inject.util.Modules;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 
-/**
+ /**
  * ClusterStackVersionResourceProvider tests.
  */
 public class ClusterStackVersionResourceProviderTest {
@@ -184,10 +188,21 @@ public class ClusterStackVersionResourceProviderTest {
   @After
   public void teardown() {
     injector.getInstance(PersistService.class).stop();
+
+    SecurityContextHolder.getContext().setAuthentication(null);
   }
 
   @Test
-  public void testCreateResources() throws Exception {
+  public void testCreateResourcesAsAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+   @Test(expected = AuthorizationException.class)
+   public void testCreateResourcesAsClusterAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  private void testCreateResources(Authentication authentication) throws Exception {
     Resource.Type type = Resource.Type.ClusterStackVersion;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -356,6 +371,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getCreateRequest(propertySet, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     RequestStatus status = provider.createResources(request);
     Assert.assertNotNull(status);
 
@@ -587,8 +604,17 @@ public class ClusterStackVersionResourceProviderTest {
     Assert.assertEquals(Float.valueOf(0.85f), successFactor);
   }
 
-  @Test
-  public void testCreateResourcesWithRepoDefinition() throws Exception {
+   @Test
+   public void testCreateResourcesWithRepoDefinitionAsAdministrator() throws Exception {
+     testCreateResourcesWithRepoDefinition(TestAuthenticationFactory.createAdministrator());
+   }
+
+   @Test(expected = AuthorizationException.class)
+   public void testCreateResourcesWithRepoDefinitionAsClusterAdministrator() throws Exception
{
+     testCreateResourcesWithRepoDefinition(TestAuthenticationFactory.createClusterAdministrator());
+   }
+
+   private void testCreateResourcesWithRepoDefinition(Authentication authentication) throws
Exception {
     Resource.Type type = Resource.Type.ClusterStackVersion;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -784,6 +810,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getCreateRequest(propertySet, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     RequestStatus status = provider.createResources(request);
     Assert.assertNotNull(status);
 
@@ -797,8 +825,17 @@ public class ClusterStackVersionResourceProviderTest {
     Assert.assertTrue(executionCommand.getRoleParams().containsKey(KeyNames.PACKAGE_VERSION));
   }
 
-  @Test
-  public void testCreateResourcesWithNonManagedOS() throws Exception {
+   @Test
+   public void testCreateResourcesWithNonManagedOSAsAdministrator() throws Exception {
+     testCreateResourcesWithNonManagedOS(TestAuthenticationFactory.createAdministrator());
+   }
+
+   @Test(expected = AuthorizationException.class)
+   public void testCreateResourcesWithNonManagedOSAsClusterAdministrator() throws Exception
{
+     testCreateResourcesWithNonManagedOS(TestAuthenticationFactory.createClusterAdministrator());
+   }
+
+   private void testCreateResourcesWithNonManagedOS(Authentication authentication) throws
Exception {
     JsonArray json = new JsonParser().parse(OS_JSON).getAsJsonArray();
 
     JsonObject jsonObj = json.get(0).getAsJsonObject();
@@ -999,6 +1036,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getCreateRequest(propertySet, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     RequestStatus status = provider.createResources(request);
     Assert.assertNotNull(status);
 
@@ -1014,12 +1053,17 @@ public class ClusterStackVersionResourceProviderTest {
     Assert.assertEquals("[]", executionCommand.getRoleParams().get("base_urls"));
   }
 
-  /**
-   * Tests manual finalization scenario
-   * @throws Exception
-   */
-  @Test
-  public void testUpdateResources() throws Exception {
+   @Test
+   public void testUpdateResourcesAsAdministrator() throws Exception {
+     testUpdateResources(TestAuthenticationFactory.createAdministrator());
+   }
+
+   @Test(expected = AuthorizationException.class)
+   public void testUpdateResourcesAsClusterAdministrator() throws Exception {
+     testUpdateResources(TestAuthenticationFactory.createClusterAdministrator());
+   }
+
+   private void testUpdateResources(Authentication authentication) throws Exception {
     Resource.Type type = Resource.Type.ClusterStackVersion;
     String clusterName = "Cluster100";
 
@@ -1150,6 +1194,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getUpdateRequest(properties, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     provider.updateResources(request, null);
 
     // verify
@@ -1158,14 +1204,17 @@ public class ClusterStackVersionResourceProviderTest {
             new StackId(newDesiredStack.getStackName(), newDesiredStack.getStackVersion()));
   }
 
-  /**
-   * Tests manual finalization scenario
-   * @throws Exception
-   */
-  @Test
-  public void testUpdateResourcesWithForce() throws Exception {
+   @Test
+   public void testUpdateResourcesWithForceAsAdministrator() throws Exception {
+     testUpdateResourcesWithForce(TestAuthenticationFactory.createAdministrator());
+   }
 
+   @Test(expected = AuthorizationException.class)
+   public void testUpdateResourcesWithForceAsClusterAdministrator() throws Exception {
+     testUpdateResourcesWithForce(TestAuthenticationFactory.createClusterAdministrator());
+   }
 
+   private void testUpdateResourcesWithForce(Authentication authentication) throws Exception
{
     Resource.Type type = Resource.Type.ClusterStackVersion;
     String clusterName = "Cluster100";
 
@@ -1297,6 +1346,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getUpdateRequest(properties, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     provider.updateResources(request, null);
 
     // verify
@@ -1305,8 +1356,17 @@ public class ClusterStackVersionResourceProviderTest {
             new StackId(newDesiredStack.getStackName(), newDesiredStack.getStackVersion()));
   }
 
-  @Test
-  public void testCreateResourcesMixed() throws Exception {
+   @Test
+   public void testCreateResourcesMixedAsAdministrator() throws Exception {
+     testCreateResourcesMixed(TestAuthenticationFactory.createAdministrator());
+   }
+
+   @Test(expected = AuthorizationException.class)
+   public void testCreateResourcesMixedAsClusterAdministrator() throws Exception {
+     testCreateResourcesMixed(TestAuthenticationFactory.createClusterAdministrator());
+   }
+
+   private void testCreateResourcesMixed(Authentication authentication) throws Exception
{
     Resource.Type type = Resource.Type.ClusterStackVersion;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -1494,6 +1554,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getCreateRequest(propertySet, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     try {
       provider.createResources(request);
       Assert.fail("Expecting the create to fail due to an already installed version");
@@ -1503,8 +1565,17 @@ public class ClusterStackVersionResourceProviderTest {
 
   }
 
-  @Test
-  public void testCreateResourcesExistingUpgrade() throws Exception {
+   @Test
+   public void testCreateResourcesExistingUpgradeAsAdministrator() throws Exception {
+     testCreateResourcesExistingUpgrade(TestAuthenticationFactory.createAdministrator());
+   }
+
+   @Test(expected = AuthorizationException.class)
+   public void testCreateResourcesExistingUpgradeAsClusterAdministrator() throws Exception
{
+     testCreateResourcesExistingUpgrade(TestAuthenticationFactory.createClusterAdministrator());
+   }
+
+   private void testCreateResourcesExistingUpgrade(Authentication authentication) throws
Exception {
     Resource.Type type = Resource.Type.ClusterStackVersion;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -1550,6 +1621,8 @@ public class ClusterStackVersionResourceProviderTest {
     // create the request
     Request request = PropertyHelper.getCreateRequest(propertySet, null);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     try {
       provider.createResources(request);
       Assert.fail("Expecting the create to fail due to an already installed version");


Mime
View raw message