ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dmitriu...@apache.org
Subject [1/2] ambari git commit: AMBARI-19235. 'Cluster User' role issue after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
Date Wed, 21 Dec 2016 16:05:53 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 cafe61c35 -> 585c2b877
  refs/heads/trunk 799036850 -> c08df0ef4


AMBARI-19235. 'Cluster User' role issue after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c08df0ef
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c08df0ef
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c08df0ef

Branch: refs/heads/trunk
Commit: c08df0ef4aa67acba21c057e0b0ffd4cb6f0fde7
Parents: 7990368
Author: Lisnichenko Dmitro <dlysnichenko@hortonworks.com>
Authored: Wed Dec 21 17:48:39 2016 +0200
Committer: Lisnichenko Dmitro <dlysnichenko@hortonworks.com>
Committed: Wed Dec 21 17:49:40 2016 +0200

----------------------------------------------------------------------
 .../AmbariLdapAuthoritiesPopulator.java         | 21 ++-----
 ...ariAuthorizationProviderDisableUserTest.java |  2 +-
 .../TestAmbariLdapAuthoritiesPopulator.java     | 63 ++------------------
 3 files changed, 12 insertions(+), 74 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
index b3be046..92037fc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
@@ -19,14 +19,10 @@ package org.apache.ambari.server.security.authorization;
 
 import java.util.Collection;
 import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
 
 import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 import org.slf4j.Logger;
@@ -47,14 +43,17 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
   UserDAO userDAO;
   MemberDAO memberDAO;
   PrivilegeDAO privilegeDAO;
+  Users users;
 
   @Inject
   public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper,
-                                        UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO
privilegeDAO) {
+                                        UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO
privilegeDAO,
+                                        Users users) {
     this.authorizationHelper = authorizationHelper;
     this.userDAO = userDAO;
     this.memberDAO = memberDAO;
     this.privilegeDAO = privilegeDAO;
+    this.users = users;
   }
 
   @Override
@@ -74,18 +73,8 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
     if(!user.getActive()){
       throw new InvalidUsernamePasswordCombinationException();
     }
-    // get all of the privileges for the user
-    List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
 
-    principalEntities.add(user.getPrincipal());
-
-    List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(user);
-
-    for (MemberEntity memberEntity : memberEntities) {
-      principalEntities.add(memberEntity.getGroup().getPrincipal());
-    }
-
-    List<PrivilegeEntity> privilegeEntities = privilegeDAO.findAllByPrincipal(principalEntities);
+    Collection<PrivilegeEntity> privilegeEntities = users.getUserPrivileges(user);
 
     return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities);
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
index 90d4be0..6b98a5b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
@@ -58,7 +58,7 @@ public class AmbariAuthorizationProviderDisableUserTest {
 
     alup = new AmbariLocalUserProvider(userDAO, users, encoder);
     
-    ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao,
privilegeDao);
+    ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao,
privilegeDao, users);
     
   }
   

http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
index 5715906..cf6cd32 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
@@ -20,18 +20,12 @@ package org.apache.ambari.server.security.authorization;
 import static org.easymock.EasyMock.expect;
 
 import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
 
 import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.GroupEntity;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
-import org.easymock.EasyMock;
 import org.easymock.EasyMockSupport;
 import org.junit.Before;
 import org.junit.Test;
@@ -47,14 +41,11 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport
{
 
   AuthorizationHelper helper = new AuthorizationHelper();
   UserDAO userDAO = createMock(UserDAO.class);
+  Users users = createMock(Users.class);
   MemberDAO memberDAO = createMock(MemberDAO.class);
   PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
   DirContextOperations userData = createMock(DirContextOperations.class);
   UserEntity userEntity = createMock(UserEntity.class);
-  PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
-  PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class);
-  MemberEntity memberEntity = createMock(MemberEntity.class);
-  GroupEntity groupEntity = createMock(GroupEntity.class);
   PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
 
   @Before
@@ -64,21 +55,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport
{
   }
 
   @Test
-  public void testGetGrantedAuthorities_mappingDisabled() throws Exception {
+  public void testGetGrantedAuthorities() throws Exception {
     String username = "user";
 
     AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
-        .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+        .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
 
-    expect(userEntity.getPrincipal()).andReturn(principalEntity);
     expect(userEntity.getActive()).andReturn(true);
-    expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
-    expect(memberEntity.getGroup()).andReturn(groupEntity);
-    expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
-    List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
-    principalEntityList.add(principalEntity);
-    principalEntityList.add(groupPrincipalEntity);
-    expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+    expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
 
     expect(userDAO.findLdapUserByName(username)).andReturn(userEntity);
     replayAll();
@@ -90,34 +74,6 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport
{
   }
 
   @Test
-  public void testGetGrantedAuthorities_mappingEnabled() throws Exception {
-
-    AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
-        .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
-
-    expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
-    expect(userEntity.getActive()).andReturn(true);
-    expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes();
-    expect(memberEntity.getGroup()).andReturn(groupEntity).anyTimes();
-    expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).anyTimes();
-    List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
-    principalEntityList.add(principalEntity);
-    principalEntityList.add(groupPrincipalEntity);
-    expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
-
-    expect(userDAO.findLdapUserByName(EasyMock.<String> anyObject())).andReturn(null).andReturn(userEntity).once();
-
-    replayAll();
-
-    //test with admin user
-    populator.getGrantedAuthorities(userData, "admin");
-    //test with non-admin
-    populator.getGrantedAuthorities(userData, "user");
-
-    verifyAll();
-  }
-
-  @Test
   public void testGetGrantedAuthoritiesWithLoginAlias() throws Exception {
     // Given
     String loginAlias = "testLoginAlias@testdomain.com";
@@ -129,17 +85,10 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport
{
     PowerMock.replay(AuthorizationHelper.class);
 
     AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
-      .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+      .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
 
-    expect(userEntity.getPrincipal()).andReturn(principalEntity);
     expect(userEntity.getActive()).andReturn(true);
-    expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
-    expect(memberEntity.getGroup()).andReturn(groupEntity);
-    expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
-    List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
-    principalEntityList.add(principalEntity);
-    principalEntityList.add(groupPrincipalEntity);
-    expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+    expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
 
     expect(userDAO.findLdapUserByName(ambariUserName)).andReturn(userEntity); // user should
be looked up by user name instead of login alias
 


Mime
View raw message