AMBARI-6984. Completely remove admin role from ambari.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/73819ca3 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/73819ca3 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/73819ca3 Branch: refs/heads/branch-alerts-dev Commit: 73819ca33f22556194bf59440403a35571a8ed18 Parents: 9506a6b Author: Siddharth Wagle <swa...@hortonworks.com> Authored: Thu Aug 21 23:00:22 2014 -0700 Committer: Siddharth Wagle <swa...@hortonworks.com> Committed: Fri Aug 22 09:13:38 2014 -0700 ---------------------------------------------------------------------- .../server/configuration/Configuration.java | 8 - .../ambari/server/controller/AmbariServer.java | 3 +- .../ambari/server/orm/dao/PrincipalDAO.java | 16 +- .../apache/ambari/server/orm/dao/RoleDAO.java | 69 ------ .../apache/ambari/server/orm/dao/UserDAO.java | 8 - .../server/orm/entities/PrincipalEntity.java | 5 + .../ambari/server/orm/entities/RoleEntity.java | 70 ------ .../ambari/server/orm/entities/UserEntity.java | 11 - .../AmbariLdapAuthoritiesPopulator.java | 134 +----------- .../AmbariLocalUserDetailsService.java | 8 +- .../server/security/authorization/User.java | 9 - .../server/security/authorization/Users.java | 147 +------------ .../server/upgrade/UpgradeCatalog170.java | 45 ++-- .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 12 -- .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 12 -- .../resources/Ambari-DDL-Postgres-CREATE.sql | 14 -- .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 16 -- .../src/main/resources/META-INF/persistence.xml | 1 - .../AmbariManagementControllerTest.java | 25 +-- .../apache/ambari/server/orm/OrmTestHelper.java | 26 +-- .../ambari/server/orm/dao/UserDAOTest.java | 40 +--- ...uthenticationProviderForDNWithSpaceTest.java | 38 ---- .../AmbariLdapAuthenticationProviderTest.java | 39 ---- .../AmbariLdapDataPopulatorTest.java | 2 - .../AmbariLocalUserDetailsServiceTest.java | 7 - .../TestAmbariLdapAuthoritiesPopulator.java | 212 +------------------ .../security/authorization/TestUsers.java | 87 -------- .../server/upgrade/UpgradeCatalog170Test.java | 8 +- .../ambari/server/upgrade/UpgradeTest.java | 8 - 29 files changed, 93 insertions(+), 987 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java index b378970..d23ac6c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java @@ -149,10 +149,6 @@ public class Configuration { "authorization.ldap.adminGroupMappingRules"; public static final String LDAP_GROUP_SEARCH_FILTER_KEY = "authorization.ldap.groupSearchFilter"; - public static final String USER_ROLE_NAME_KEY = - "authorization.userRoleName"; - public static final String ADMIN_ROLE_NAME_KEY = - "authorization.adminRoleName"; public static final String SERVER_EC_CACHE_SIZE = "server.ecCacheSize"; public static final String SERVER_STALE_CONFIG_CACHE_ENABLED_KEY = "server.cache.isStale.enabled"; @@ -349,10 +345,6 @@ public class Configuration { PASSPHRASE_ENV_KEY, PASSPHRASE_ENV_DEFAULT)); configsMap.put(PASSPHRASE_KEY, System.getenv(configsMap.get( PASSPHRASE_ENV_KEY))); - configsMap.put(USER_ROLE_NAME_KEY, properties.getProperty( - USER_ROLE_NAME_KEY, USER_ROLE_NAME_DEFAULT)); - configsMap.put(ADMIN_ROLE_NAME_KEY, properties.getProperty( - ADMIN_ROLE_NAME_KEY, ADMIN_ROLE_NAME_DEFAULT)); configsMap.put(RESOURCES_DIR_KEY, properties.getProperty( RESOURCES_DIR_KEY, RESOURCES_DIR_DEFAULT)); configsMap.put(SRVR_CRT_PASS_LEN_KEY, properties.getProperty( http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index e0049ec..07de5cb 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -457,7 +457,7 @@ public class AmbariServer { } /** - * Creates default users and roles if in-memory database is used + * Creates default users if in-memory database is used */ @Transactional protected void initDB() { @@ -465,7 +465,6 @@ public class AmbariServer { LOG.info("Database init needed - creating default data"); Users users = injector.getInstance(Users.class); - users.createDefaultRoles(); users.createUser("admin", "admin", true, true); users.createUser("user", "user", true, false); http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java index 13ebf09..334e978 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java @@ -22,10 +22,11 @@ import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; import com.google.inject.persist.Transactional; -import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; + import java.util.List; /** @@ -44,7 +45,6 @@ public class PrincipalDAO { /** * Find a principal with the given id. * - * * @param id type id * * @return a matching principal type or null @@ -64,6 +64,18 @@ public class PrincipalDAO { } /** + * Find principals having specified permission. + * + * @param id permission id + * @return all principals having specified permission + */ + public List<PrincipalEntity> findByPermissionId(Integer id) { + TypedQuery<PrincipalEntity> query = entityManagerProvider.get().createNamedQuery("principalByPrivilegeId", PrincipalEntity.class); + query.setParameter("permission_id", id); + return daoUtils.selectList(query); + } + + /** * Make an instance managed and persistent. * * @param entity entity to store http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java deleted file mode 100644 index d8e17e8..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java +++ /dev/null @@ -1,69 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.ambari.server.orm.dao; - -import com.google.inject.Inject; -import com.google.inject.Provider; -import com.google.inject.Singleton; -import com.google.inject.persist.Transactional; -import org.apache.ambari.server.orm.RequiresSession; -import org.apache.ambari.server.orm.entities.RoleEntity; - -import javax.persistence.EntityManager; -import java.util.List; - -@Singleton -public class RoleDAO { - - @Inject - Provider<EntityManager> entityManagerProvider; - @Inject - DaoUtils daoUtils; - - @RequiresSession - public RoleEntity findByName(String roleName) { - return entityManagerProvider.get().find(RoleEntity.class, roleName.toLowerCase()); - } - - @RequiresSession - public List<RoleEntity> findAll() { - return daoUtils.selectAll(entityManagerProvider.get(), RoleEntity.class); - } - - @Transactional - public void create(RoleEntity role) { - role.setRoleName(role.getRoleName().toLowerCase()); - entityManagerProvider.get().persist(role); - } - - @Transactional - public RoleEntity merge(RoleEntity role) { - return entityManagerProvider.get().merge(role); - } - - @Transactional - public void remove(RoleEntity role) { - entityManagerProvider.get().remove(merge(role)); - } - - @Transactional - public void removeByName(String roleName) { - remove(findByName(roleName)); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java index 55c2560..0aa7216 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java @@ -30,7 +30,6 @@ import javax.persistence.NoResultException; import javax.persistence.TypedQuery; import java.util.Collections; import java.util.List; -import org.apache.ambari.server.orm.entities.RoleEntity; @Singleton public class UserDAO { @@ -52,13 +51,6 @@ public class UserDAO { } @RequiresSession - public List<UserEntity> findAllLocalUsersByRole(RoleEntity roleEntity) { - TypedQuery<UserEntity> query = entityManagerProvider.get().createQuery("SELECT role.userEntities FROM RoleEntity role WHERE role = :roleEntity", UserEntity.class); - query.setParameter("roleEntity", roleEntity); - return query.getResultList(); - } - - @RequiresSession public UserEntity findLocalUserByName(String userName) { TypedQuery<UserEntity> query = entityManagerProvider.get().createNamedQuery("localUserByName", UserEntity.class); query.setParameter("username", userName.toLowerCase()); http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java index e0767a3..d05ff5c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java @@ -29,6 +29,8 @@ import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.JoinColumns; import javax.persistence.ManyToOne; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; import javax.persistence.OneToMany; import javax.persistence.Table; import javax.persistence.TableGenerator; @@ -44,6 +46,9 @@ import javax.persistence.TableGenerator; , initialValue = 2 , allocationSize = 1 ) +@NamedQueries({ + @NamedQuery(name = "principalByPrivilegeId", query = "SELECT principal FROM PrincipalEntity principal JOIN principal.privileges privilege WHERE privilege.permission.id=:permission_id") +}) public class PrincipalEntity { /** http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java deleted file mode 100644 index 98fcd76..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java +++ /dev/null @@ -1,70 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.orm.entities; - -import javax.persistence.*; -import java.util.Set; - -@javax.persistence.Table(name = "roles") -@Entity -public class RoleEntity { - - @Column(name = "role_name") - @Id - private String roleName; - - @JoinTable(name = "user_roles", - joinColumns = {@JoinColumn(name = "role_name", referencedColumnName = "role_name")}, - inverseJoinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "user_id")}) - @ManyToMany(cascade = CascadeType.ALL) - private Set<UserEntity> userEntities; - - public String getRoleName() { - return roleName; - } - - public void setRoleName(String roleName) { - this.roleName = roleName; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - - RoleEntity that = (RoleEntity) o; - - if (roleName != null ? !roleName.equals(that.roleName) : that.roleName != null) return false; - - return true; - } - - @Override - public int hashCode() { - return roleName != null ? roleName.hashCode() : 0; - } - - public Set<org.apache.ambari.server.orm.entities.UserEntity> getUserEntities() { - return userEntities; - } - - public void setUserEntities(Set<org.apache.ambari.server.orm.entities.UserEntity> userEntities) { - this.userEntities = userEntities; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java index a6c5548..4e1f1f3 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java @@ -59,9 +59,6 @@ public class UserEntity { @Column(name = "active") private Integer active = 1; - @ManyToMany(mappedBy = "userEntities") - private Set<RoleEntity> roleEntities; - @OneToMany(mappedBy = "user", cascade = CascadeType.ALL) private Set<MemberEntity> memberEntities; @@ -118,14 +115,6 @@ public class UserEntity { this.createTime = createTime; } - public Set<RoleEntity> getRoleEntities() { - return roleEntities; - } - - public void setRoleEntities(Set<RoleEntity> roleEntities) { - this.roleEntities = roleEntities; - } - public Set<MemberEntity> getMemberEntities() { return memberEntities; } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java index 0b65d05..487e703 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java @@ -18,19 +18,12 @@ package org.apache.ambari.server.security.authorization; import com.google.inject.Inject; -import com.google.inject.persist.Transactional; -import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.dao.MemberDAO; -import org.apache.ambari.server.orm.dao.PrincipalDAO; -import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; -import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -39,6 +32,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; import java.util.Collection; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -48,61 +42,31 @@ import java.util.List; public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { private static final Logger log = LoggerFactory.getLogger(AmbariLdapAuthoritiesPopulator.class); - Configuration configuration; private AuthorizationHelper authorizationHelper; UserDAO userDAO; - RoleDAO roleDAO; - PrincipalDAO principalDAO; - PrincipalTypeDAO principalTypeDAO; MemberDAO memberDAO; PrivilegeDAO privilegeDAO; - private static final String AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY = "ambari_admin"; - @Inject - public AmbariLdapAuthoritiesPopulator(Configuration configuration, AuthorizationHelper authorizationHelper, - UserDAO userDAO, RoleDAO roleDAO, - PrincipalDAO principalDAO, PrincipalTypeDAO principalTypeDAO, - MemberDAO memberDAO, PrivilegeDAO privilegeDAO) { - this.configuration = configuration; + public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper, + UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) { this.authorizationHelper = authorizationHelper; this.userDAO = userDAO; - this.roleDAO = roleDAO; - this.principalDAO = principalDAO; - this.principalTypeDAO = principalTypeDAO; this.memberDAO = memberDAO; this.privilegeDAO = privilegeDAO; } @Override public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) { - log.info("Get roles for user " + username + " from local DB"); + log.info("Get authorities for user " + username + " from local DB"); UserEntity user; user = userDAO.findLdapUserByName(username); if (user == null) { - log.info("User " + username + " not present in local DB - creating"); - - createLdapUser(username); - user = userDAO.findLdapUserByName(username); - } - - //don't remove admin role from user if group mapping was not configured - if (configuration.getLdapServerProperties().isGroupMappingEnabled()) { - //Adding an "admin" user role if user is a member of ambari administrators - // LDAP group - Boolean isAdmin = - (Boolean) userData.getObjectAttribute(AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY); - if ((isAdmin != null) && isAdmin) { - log.info("Adding admin role to LDAP user " + username); - addRole(user, configuration.getConfigsMap(). - get(Configuration.ADMIN_ROLE_NAME_KEY)); - } else { - removeRole(user, configuration.getConfigsMap(). - get(Configuration.ADMIN_ROLE_NAME_KEY)); - } + log.error("Can't get authorities for user " + username + ", he is not present in local DB"); + return Collections.emptyList(); } // get all of the privileges for the user @@ -120,90 +84,4 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities); } - - /** - * Creates record in local DB for LDAP user - * @param username - name of user to create - */ - @Transactional - void createLdapUser(String username) { - // create an admin principal to represent this user - PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findById(PrincipalTypeEntity.USER_PRINCIPAL_TYPE); - if (principalTypeEntity == null) { - principalTypeEntity = new PrincipalTypeEntity(); - principalTypeEntity.setId(PrincipalTypeEntity.USER_PRINCIPAL_TYPE); - principalTypeEntity.setName(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME); - principalTypeDAO.create(principalTypeEntity); - } - PrincipalEntity principalEntity = new PrincipalEntity(); - principalEntity.setPrincipalType(principalTypeEntity); - principalDAO.create(principalEntity); - - UserEntity newUser = new UserEntity(); - newUser.setLdapUser(true); - newUser.setUserName(username); - newUser.setPrincipal(principalEntity); - - userDAO.create(newUser); - - //Adding a default "user" role - addRole(newUser, configuration.getConfigsMap(). - get(Configuration.USER_ROLE_NAME_KEY)); - } - - /** - * Adds role to user's role entities - * Adds user to roleName's user entities - * - * @param user - the user entity to be modified - * @param roleName - the role to add to user's roleEntities - */ - @Transactional - void addRole(UserEntity user, String roleName) { - log.info("Using default role name " + roleName); - - RoleEntity roleEntity = roleDAO.findByName(roleName); - - if (roleEntity == null) { - log.info("Role " + roleName + " not present in local DB - creating"); - roleEntity = new RoleEntity(); - roleEntity.setRoleName(roleName); - roleDAO.create(roleEntity); - roleEntity = roleDAO.findByName(roleEntity.getRoleName()); - } - - UserEntity userEntity = userDAO.findLdapUserByName(user.getUserName()); - if (userEntity == null) { - userDAO.create(user); - userEntity = userDAO.findLdapUserByName(user.getUserName()); - } - - if (!userEntity.getRoleEntities().contains(roleEntity)) { - userEntity.getRoleEntities().add(roleEntity); - roleEntity.getUserEntities().add(userEntity); - roleDAO.merge(roleEntity); - userDAO.merge(userEntity); - } - } - - /** - * Remove role "roleName" from user "user" - * - * @param user the user entity - * @param roleName the role name - */ - @Transactional - void removeRole(UserEntity user, String roleName) { - UserEntity userEntity = userDAO.findByPK(user.getUserId()); - RoleEntity roleEntity = roleDAO.findByName(roleName); - - if (userEntity.getRoleEntities().contains(roleEntity)) { - log.info("Removing admin role from LDAP user " + user.getUserName()); - userEntity.getRoleEntities().remove(roleEntity); - roleEntity.getUserEntities().remove(userEntity); - userDAO.merge(userEntity); - roleDAO.merge(roleEntity); - } - - } } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java index af663bf..55707f8 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java @@ -22,7 +22,6 @@ import com.google.inject.Injector; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.dao.MemberDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; @@ -46,19 +45,17 @@ public class AmbariLocalUserDetailsService implements UserDetailsService { Configuration configuration; private AuthorizationHelper authorizationHelper; UserDAO userDAO; - RoleDAO roleDAO; MemberDAO memberDAO; PrivilegeDAO privilegeDAO; @Inject public AmbariLocalUserDetailsService(Injector injector, Configuration configuration, AuthorizationHelper authorizationHelper, UserDAO userDAO, - RoleDAO roleDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) { + MemberDAO memberDAO, PrivilegeDAO privilegeDAO) { this.injector = injector; this.configuration = configuration; this.authorizationHelper = authorizationHelper; this.userDAO = userDAO; - this.roleDAO = roleDAO; this.memberDAO = memberDAO; this.privilegeDAO = privilegeDAO; } @@ -79,9 +76,6 @@ public class AmbariLocalUserDetailsService implements UserDetailsService { if (user == null) { log.info("user not found "); throw new UsernameNotFoundException("Username " + username + " not found"); - }else if (user.getRoleEntities().isEmpty()) { - log.info("No authorities for user"); - throw new UsernameNotFoundException("Username " + username + " has no roles"); } // get all of the privileges for the user http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java index 00f1ee1..db8ad19 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java @@ -24,7 +24,6 @@ import java.util.Date; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; /** @@ -36,7 +35,6 @@ public class User { final boolean ldapUser; final Date createTime; final boolean active; - final Collection<String> roles = new ArrayList<String>(); final Collection<String> groups = new ArrayList<String>(); boolean admin = false; @@ -46,9 +44,6 @@ public class User { createTime = userEntity.getCreateTime(); ldapUser = userEntity.getLdapUser(); active = userEntity.getActive(); - for (RoleEntity roleEntity : userEntity.getRoleEntities()) { - roles.add(roleEntity.getRoleName()); - } for (MemberEntity memberEntity : userEntity.getMemberEntities()) { groups.add(memberEntity.getGroup().getGroupName()); } @@ -84,10 +79,6 @@ public class User { return admin; } - public Collection<String> getRoles() { - return roles; - } - public Collection<String> getGroups() { return groups; } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java index 2f60571..4fd5f47 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java @@ -32,7 +32,6 @@ import org.apache.ambari.server.orm.dao.PrincipalDAO; import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.MemberEntity; @@ -40,7 +39,6 @@ import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -65,8 +63,6 @@ public class Users { @Inject protected UserDAO userDAO; @Inject - protected RoleDAO roleDAO; - @Inject protected GroupDAO groupDAO; @Inject protected MemberDAO memberDAO; @@ -260,27 +256,16 @@ public class Users { UserEntity userEntity = new UserEntity(); userEntity.setUserName(userName); userEntity.setUserPassword(passwordEncoder.encode(password)); - userEntity.setRoleEntities(new HashSet<RoleEntity>()); userEntity.setPrincipal(principalEntity); if (active != null) { userEntity.setActive(active); } - RoleEntity roleEntity = roleDAO.findByName(getUserRole()); - if (roleEntity == null) { - createRole(getUserRole()); - } - roleEntity = roleDAO.findByName(getUserRole()); - - userEntity.getRoleEntities().add(roleEntity); userDAO.create(userEntity); if (admin != null && admin) { grantAdminPrivilege(userEntity.getUserId()); } - - roleEntity.getUserEntities().add(userEntity); - roleDAO.merge(roleEntity); } @Transactional @@ -289,7 +274,7 @@ public class Users { if (userEntity != null) { if (!isUserCanBeRemoved(userEntity)){ throw new AmbariException("Could not remove user " + userEntity.getUserName() + - ". System should have at least one user with administrator role."); + ". System should have at least one administrator."); } userDAO.remove(userEntity); } else { @@ -430,58 +415,6 @@ public class Users { } } - /** - * Grants ADMIN role to provided user - * @throws AmbariException - */ - public synchronized void promoteToAdmin(User user) throws AmbariException{ - addRoleToUser(user, getAdminRole()); - } - - /** - * Removes ADMIN role form provided user - * @throws AmbariException - */ - public synchronized void demoteAdmin(User user) throws AmbariException { - removeRoleFromUser(user, getAdminRole()); - } - - @Transactional - public synchronized void addRoleToUser(User user, String role) - throws AmbariException { - - if (configuration.getLdapServerProperties().isGroupMappingEnabled() && - userDAO.findLdapUserByName(user.getUserName()) != null) { - LOG.warn("Trying to add a role to the LDAP user" - + ", user=" + user.getUserName()); - throw new AmbariException("Ldap group mapping is enabled, " + - "roles for LDAP users should be managed on LDAP server"); - } - - UserEntity userEntity = userDAO.findByPK(user.getUserId()); - if (userEntity == null) { - throw new AmbariException("User " + user + " doesn't exist"); - } - - RoleEntity roleEntity = roleDAO.findByName(role); - if (roleEntity == null) { - LOG.warn("Trying to add user to non-existent role" - + ", user=" + user.getUserName() - + ", role=" + role); - throw new AmbariException("Role " + role + " doesn't exist"); - } - - if (!userEntity.getRoleEntities().contains(roleEntity)) { - userEntity.getRoleEntities().add(roleEntity); - roleEntity.getUserEntities().add(userEntity); - userDAO.merge(userEntity); - roleDAO.merge(roleEntity); - } else { - throw new AmbariException("User " + user + " already owns role " + role); - } - - } - @Transactional public synchronized void addMemberToGroup(String groupName, String userName) throws AmbariException { @@ -514,45 +447,6 @@ public class Users { } @Transactional - public synchronized void removeRoleFromUser(User user, String role) - throws AmbariException { - - if (configuration.getLdapServerProperties().isGroupMappingEnabled() && - userDAO.findLdapUserByName(user.getUserName()) != null) { - LOG.warn("Trying to add a role to the LDAP user" - + ", user=" + user.getUserName()); - throw new AmbariException("Ldap group mapping is enabled, " + - "roles for LDAP users should be managed on LDAP server"); - } - - UserEntity userEntity = userDAO.findByPK(user.getUserId()); - if (userEntity == null) { - throw new AmbariException("User " + user + " doesn't exist"); - } - - RoleEntity roleEntity = roleDAO.findByName(role); - if (roleEntity == null) { - throw new AmbariException("Role " + role + " doesn't exist"); - } - if (role.equals(getAdminRole())){ - if (!isUserCanBeRemoved(userEntity)){ - throw new AmbariException("Could not remove admin role from user " + userEntity.getUserName() + - ". System should have at least one user with administrator role."); - } - } - - if (userEntity.getRoleEntities().contains(roleEntity)) { - userEntity.getRoleEntities().remove(roleEntity); - roleEntity.getUserEntities().remove(userEntity); - userDAO.merge(userEntity); - roleDAO.merge(roleEntity); - } else { - throw new AmbariException("User " + user + " doesn't own role " + role); - } - - } - - @Transactional public synchronized void removeMemberFromGroup(String groupName, String userName) throws AmbariException { @@ -588,10 +482,15 @@ public class Users { } + /** + * Performs a check if the user can be removed. Do not allow removing all admins from database. + * + * @param userEntity user to be checked + * @return true if user can be removed + */ public synchronized boolean isUserCanBeRemoved(UserEntity userEntity){ - RoleEntity roleEntity = new RoleEntity(); - roleEntity.setRoleName(getAdminRole()); - Set<UserEntity> userEntitysSet = new HashSet<UserEntity>(userDAO.findAllLocalUsersByRole(roleEntity)); + List<PrincipalEntity> adminPrincipals = principalDAO.findByPermissionId(PermissionEntity.AMBARI_ADMIN_PERMISSION); + Set<UserEntity> userEntitysSet = new HashSet<UserEntity>(userDAO.findUsersByPrincipal(adminPrincipals)); return (userEntitysSet.contains(userEntity) && userEntitysSet.size() < 2) ? false : true; } @@ -611,32 +510,4 @@ public class Users { return false; } - public String getUserRole() { - return configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY); - } - - public String getAdminRole() { - return configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY); - } - - /** - * Creates new role - */ - public void createRole(String role) { - RoleEntity roleEntity = new RoleEntity(); - roleEntity.setRoleName(role); - roleDAO.create(roleEntity); - } - - /** - * Creates ADMIN adn USER roles if not present - */ - public synchronized void createDefaultRoles() { - if (roleDAO.findByName(getUserRole()) == null) { - createRole(getUserRole()); - } - if (roleDAO.findByName(getAdminRole()) == null) { - createRole(getAdminRole()); - } - } } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java index eb3a578..33f79f4 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java @@ -66,7 +66,6 @@ import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.orm.entities.ViewEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntity; @@ -503,8 +502,6 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { - String dbType = getDbType(); - // Update historic records with the log paths, but only enough so as to not prolong the upgrade process executeInTransaction(new Runnable() { @Override @@ -897,7 +894,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog { return result; } - private void upgradePermissionModel() { + private void upgradePermissionModel() throws SQLException { final UserDAO userDAO = injector.getInstance(UserDAO.class); final PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class); final PrincipalTypeDAO principalTypeDAO = injector.getInstance(PrincipalTypeDAO.class); @@ -949,17 +946,32 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog { final PermissionEntity clusterOperatePermission = permissionDAO.findClusterOperatePermission(); final PermissionEntity clusterReadPermission = permissionDAO.findClusterReadPermission(); final ResourceEntity ambariResource = resourceDAO.findAmbariResource(); - for (UserEntity user: userDAO.findAll()) { - boolean hasAdminRole = false; - boolean hasUserRole = false; - for (RoleEntity role: user.getRoleEntities()) { - if (role.getRoleName().equals("admin")) { - hasAdminRole = true; - } - if (role.getRoleName().equals("user")) { - hasUserRole = true; + + final Map<UserEntity, List<String>> roles = new HashMap<UserEntity, List<String>>(); + ResultSet resultSet = null; + try { + resultSet = dbAccessor.executeSelect("SELECT role_name, user_id FROM user_roles"); + while (resultSet.next()) { + final String roleName = resultSet.getString(1); + final int userId = resultSet.getInt(2); + + final UserEntity user = userDAO.findByPK(userId); + List<String> userRoles = roles.get(user); + if (userRoles == null) { + userRoles = new ArrayList<String>(); + roles.put(user, userRoles); } - if (hasAdminRole) { + userRoles.add(roleName); + } + } finally { + if (resultSet != null) { + resultSet.close(); + } + } + + for (UserEntity user: userDAO.findAll()) { + for (String role: roles.get(user)) { + if (role.equals("admin")) { final PrivilegeEntity privilege = new PrivilegeEntity(); privilege.setPermission(adminPermission); privilege.setPrincipal(user.getPrincipal()); @@ -975,7 +987,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog { user.getPrincipal().getPrivileges().add(clusterPrivilege); } userDAO.merge(user); - } else if (hasUserRole) { + } else if (role.equals("user")) { for (ClusterEntity cluster: clusterDAO.findAll()) { final PrivilegeEntity privilege = new PrivilegeEntity(); privilege.setPermission(clusterReadPermission); @@ -988,6 +1000,9 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog { } } } + + dbAccessor.dropTable("user_roles"); + dbAccessor.dropTable("roles"); } protected void addJobsViewPermissions() { http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index dec0fcd..f513711 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -39,7 +39,6 @@ CREATE TABLE hosts (host_name VARCHAR(255) NOT NULL, cpu_count INTEGER NOT NULL, CREATE TABLE hoststate (agent_version VARCHAR(255) NOT NULL, available_mem BIGINT NOT NULL, current_state VARCHAR(255) NOT NULL, health_status VARCHAR(255), host_name VARCHAR(255) NOT NULL, time_in_state BIGINT NOT NULL, maintenance_state VARCHAR(512), PRIMARY KEY (host_name)); CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR(255) NOT NULL, cluster_id BIGINT NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, PRIMARY KEY (component_name, cluster_id, service_name)); CREATE TABLE servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL DEFAULT 'ACTIVE', PRIMARY KEY (cluster_id, service_name)); -CREATE TABLE roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name)); CREATE TABLE users (user_id INTEGER, principal_id BIGINT NOT NULL, create_time TIMESTAMP DEFAULT NOW(), ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, user_password VARCHAR(255), active INTEGER NOT NULL DEFAULT 1, PRIMARY KEY (user_id)); CREATE TABLE groups (group_id INTEGER, principal_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, ldap_group INTEGER NOT NULL DEFAULT 0, PRIMARY KEY (group_id)); CREATE TABLE members (member_id INTEGER, group_id INTEGER NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (member_id)); @@ -55,7 +54,6 @@ CREATE TABLE clusterconfigmapping (type_name VARCHAR(255) NOT NULL, create_times CREATE TABLE hostconfigmapping (create_timestamp BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, cluster_id BIGINT NOT NULL, type_name VARCHAR(255) NOT NULL, selected INTEGER NOT NULL DEFAULT 0, service_name VARCHAR(255), version_tag VARCHAR(255) NOT NULL, user_name VARCHAR(255) NOT NULL DEFAULT '_db', PRIMARY KEY (create_timestamp, host_name, cluster_id, type_name)); CREATE TABLE metainfo (`metainfo_key` VARCHAR(255), `metainfo_value` LONGTEXT, PRIMARY KEY (`metainfo_key`)); CREATE TABLE ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name)); -CREATE TABLE user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id)); CREATE TABLE ambari_sequences (sequence_name VARCHAR(255), sequence_value DECIMAL(38) NOT NULL, PRIMARY KEY (sequence_name)); CREATE TABLE confgroupclusterconfigmapping (config_group_id BIGINT NOT NULL, cluster_id BIGINT NOT NULL, config_type VARCHAR(255) NOT NULL, version_tag VARCHAR(255) NOT NULL, user_name VARCHAR(255) DEFAULT '_db', create_timestamp BIGINT NOT NULL, PRIMARY KEY(config_group_id, cluster_id, config_type)); CREATE TABLE configgroup (group_id BIGINT, cluster_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, tag VARCHAR(1024) NOT NULL, description VARCHAR(1024), create_timestamp BIGINT NOT NULL, PRIMARY KEY(group_id)); @@ -114,8 +112,6 @@ ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) RE ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id); ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name); ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id); @@ -287,11 +283,6 @@ insert into adminresourcetype (resource_type_id, resource_type_name) insert into adminresource (resource_id, resource_type_id) select 1, 1; -insert into roles(role_name) - select 'admin' - union all - select 'user'; - insert into adminprincipaltype (principal_type_id, principal_type_name) select 1, 'USER' union all @@ -303,9 +294,6 @@ insert into adminprincipal (principal_id, principal_type_id) insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; -insert into user_roles(role_name, user_id) - select 'admin',1; - insert into adminpermission(permission_id, permission_name, resource_type_id) select 1, 'AMBARI.ADMIN', 1 union all http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index 0c35023..7ac557d 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -30,7 +30,6 @@ CREATE TABLE hosts (host_name VARCHAR2(255) NOT NULL, cpu_count INTEGER NOT NULL CREATE TABLE hoststate (agent_version VARCHAR2(255) NULL, available_mem NUMBER(19) NOT NULL, current_state VARCHAR2(255) NOT NULL, health_status VARCHAR2(255) NULL, host_name VARCHAR2(255) NOT NULL, time_in_state NUMBER(19) NOT NULL, maintenance_state VARCHAR2(512), PRIMARY KEY (host_name)); CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR2(255) NOT NULL, cluster_id NUMBER(19) NOT NULL, desired_stack_version VARCHAR2(255) NULL, desired_state VARCHAR2(255) NOT NULL, service_name VARCHAR2(255) NOT NULL, PRIMARY KEY (component_name, cluster_id, service_name)); CREATE TABLE servicedesiredstate (cluster_id NUMBER(19) NOT NULL, desired_host_role_mapping NUMBER(10) NOT NULL, desired_stack_version VARCHAR2(255) NULL, desired_state VARCHAR2(255) NOT NULL, service_name VARCHAR2(255) NOT NULL, maintenance_state VARCHAR2(32) NOT NULL, PRIMARY KEY (cluster_id, service_name)); -CREATE TABLE roles (role_name VARCHAR2(255) NOT NULL, PRIMARY KEY (role_name)); CREATE TABLE users (user_id NUMBER(10) NOT NULL, principal_id NUMBER(19) NOT NULL, create_time TIMESTAMP NULL, ldap_user NUMBER(10) DEFAULT 0, user_name VARCHAR2(255) NULL, user_password VARCHAR2(255) NULL, active INTEGER DEFAULT 1 NOT NULL, PRIMARY KEY (user_id)); CREATE TABLE groups (group_id NUMBER(10) NOT NULL, principal_id NUMBER(19) NOT NULL, group_name VARCHAR2(255) NOT NULL, ldap_group NUMBER(10) DEFAULT 0, PRIMARY KEY (group_id)); CREATE TABLE members (member_id NUMBER(10), group_id NUMBER(10) NOT NULL, user_id NUMBER(10) NOT NULL, PRIMARY KEY (member_id)); @@ -46,7 +45,6 @@ CREATE TABLE clusterconfigmapping (type_name VARCHAR2(255) NOT NULL, create_time CREATE TABLE hostconfigmapping (create_timestamp NUMBER(19) NOT NULL, host_name VARCHAR2(255) NOT NULL, cluster_id NUMBER(19) NOT NULL, type_name VARCHAR2(255) NOT NULL, selected NUMBER(10) NOT NULL, service_name VARCHAR2(255) NULL, version_tag VARCHAR2(255) NOT NULL, user_name VARCHAR(255) DEFAULT '_db', PRIMARY KEY (create_timestamp, host_name, cluster_id, type_name)); CREATE TABLE metainfo ("metainfo_key" VARCHAR2(255) NOT NULL, "metainfo_value" CLOB NULL, PRIMARY KEY ("metainfo_key")); CREATE TABLE ClusterHostMapping (cluster_id NUMBER(19) NOT NULL, host_name VARCHAR2(255) NOT NULL, PRIMARY KEY (cluster_id, host_name)); -CREATE TABLE user_roles (role_name VARCHAR2(255) NOT NULL, user_id NUMBER(10) NOT NULL, PRIMARY KEY (role_name, user_id)); CREATE TABLE ambari_sequences (sequence_name VARCHAR2(50) NOT NULL, sequence_value NUMBER(38) NULL, PRIMARY KEY (sequence_name)); CREATE TABLE configgroup (group_id NUMBER(19), cluster_id NUMBER(19) NOT NULL, group_name VARCHAR2(255) NOT NULL, tag VARCHAR2(1024) NOT NULL, description VARCHAR2(1024), create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY(group_id)); CREATE TABLE confgroupclusterconfigmapping (config_group_id NUMBER(19) NOT NULL, cluster_id NUMBER(19) NOT NULL, config_type VARCHAR2(255) NOT NULL, version_tag VARCHAR2(255) NOT NULL, user_name VARCHAR2(255) DEFAULT '_db', create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY(config_group_id, cluster_id, config_type)); @@ -106,8 +104,6 @@ ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) RE ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id); ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name); ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id); @@ -281,11 +277,6 @@ insert into adminresourcetype (resource_type_id, resource_type_name) insert into adminresource (resource_id, resource_type_id) select 1, 1 from dual; -insert into Roles(role_name) -select 'admin' from dual -union all -select 'user' from dual; - insert into adminprincipaltype (principal_type_id, principal_type_name) select 1, 'USER' from dual union all @@ -297,9 +288,6 @@ insert into adminprincipal (principal_id, principal_type_id) insert into users(user_id, principal_id, user_name, user_password) select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual; -insert into user_roles(role_name, user_id) -select 'admin',1 from dual; - insert into adminpermission(permission_id, permission_name, resource_type_id) select 1, 'AMBARI.ADMIN', 1 from dual union all http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 9b5e8bd..aa742f7 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -45,8 +45,6 @@ CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR(255) NOT NULL, CREATE TABLE servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL, PRIMARY KEY (cluster_id, service_name)); -CREATE TABLE roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name)); - CREATE TABLE users (user_id INTEGER, principal_id BIGINT NOT NULL, ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, create_time TIMESTAMP DEFAULT NOW(), user_password VARCHAR(255), PRIMARY KEY (user_id), active INTEGER NOT NULL DEFAULT 1, UNIQUE (ldap_user, user_name)); CREATE TABLE groups (group_id INTEGER, principal_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, ldap_group INTEGER NOT NULL DEFAULT 0, PRIMARY KEY (group_id), UNIQUE (ldap_group, group_name)); @@ -69,8 +67,6 @@ CREATE TABLE requestoperationlevel (operation_level_id BIGINT NOT NULL, request_ CREATE TABLE ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name)); -CREATE TABLE user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id)); - CREATE TABLE key_value_store ("key" VARCHAR(255), "value" VARCHAR, PRIMARY KEY ("key")); CREATE TABLE hostconfigmapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, type_name VARCHAR(255) NOT NULL, version_tag VARCHAR(255) NOT NULL, service_name VARCHAR(255), create_timestamp BIGINT NOT NULL, selected INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL DEFAULT '_db', PRIMARY KEY (cluster_id, host_name, type_name, create_timestamp)); @@ -139,8 +135,6 @@ ALTER TABLE role_success_criteria ADD CONSTRAINT role_success_criteria_stage_id ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) REFERENCES request (request_id); ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id); ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id); -ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name); ALTER TABLE configgroup ADD CONSTRAINT FK_configgroup_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id); @@ -339,11 +333,6 @@ BEGIN; INSERT INTO adminresource (resource_id, resource_type_id) SELECT 1, 1; - INSERT INTO Roles (role_name) - SELECT 'admin' - UNION ALL - SELECT 'user'; - INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) SELECT 1, 'USER' UNION ALL @@ -355,9 +344,6 @@ BEGIN; INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; - INSERT INTO user_roles (role_name, user_id) - SELECT 'admin', 1; - INSERT INTO adminpermission(permission_id, permission_name, resource_type_id) SELECT 1, 'AMBARI.ADMIN', 1 UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index b927672..c421cc9 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -70,9 +70,6 @@ GRANT ALL PRIVILEGES ON TABLE ambari.servicecomponentdesiredstate TO :username; CREATE TABLE ambari.servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL, PRIMARY KEY (cluster_id, service_name)); GRANT ALL PRIVILEGES ON TABLE ambari.servicedesiredstate TO :username; -CREATE TABLE ambari.roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name)); -GRANT ALL PRIVILEGES ON TABLE ambari.roles TO :username; - CREATE TABLE ambari.users (user_id INTEGER, principal_id BIGINT NOT NULL, ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, create_time TIMESTAMP DEFAULT NOW(), user_password VARCHAR(255), active INTEGER NOT NULL DEFAULT 1, PRIMARY KEY (user_id), UNIQUE (ldap_user, user_name)); GRANT ALL PRIVILEGES ON TABLE ambari.users TO :username; @@ -106,9 +103,6 @@ GRANT ALL PRIVILEGES ON TABLE ambari.requestoperationlevel TO :username; CREATE TABLE ambari.ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name)); GRANT ALL PRIVILEGES ON TABLE ambari.ClusterHostMapping TO :username; -CREATE TABLE ambari.user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id)); -GRANT ALL PRIVILEGES ON TABLE ambari.user_roles TO :username; - CREATE TABLE ambari.key_value_store ("key" VARCHAR(255), "value" VARCHAR, PRIMARY KEY ("key")); GRANT ALL PRIVILEGES ON TABLE ambari.key_value_store TO :username; @@ -205,8 +199,6 @@ ALTER TABLE ambari.stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request ALTER TABLE ambari.request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES ambari.requestschedule (schedule_id); ALTER TABLE ambari.ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name); ALTER TABLE ambari.ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id); -ALTER TABLE ambari.user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES ambari.users (user_id); -ALTER TABLE ambari.user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES ambari.roles (role_name); ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id); ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name); ALTER TABLE ambari.configgroup ADD CONSTRAINT FK_configgroup_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id); @@ -414,11 +406,6 @@ INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name) INSERT INTO ambari.adminresource (resource_id, resource_type_id) SELECT 1, 1; -INSERT INTO ambari.Roles (role_name) - SELECT 'admin' - UNION ALL - SELECT 'user'; - INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) SELECT 1, 'USER' UNION ALL @@ -430,9 +417,6 @@ INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; -INSERT INTO ambari.user_roles (role_name, user_id) - SELECT 'admin', 1; - INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id) SELECT 1, 'AMBARI.ADMIN', 1 UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/META-INF/persistence.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/META-INF/persistence.xml b/ambari-server/src/main/resources/META-INF/persistence.xml index 3fb5ef9..dfbf93e 100644 --- a/ambari-server/src/main/resources/META-INF/persistence.xml +++ b/ambari-server/src/main/resources/META-INF/persistence.xml @@ -24,7 +24,6 @@ <class>org.apache.ambari.server.orm.entities.HostStateEntity</class> <class>org.apache.ambari.server.orm.entities.ServiceComponentDesiredStateEntity</class> <class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class> - <class>org.apache.ambari.server.orm.entities.RoleEntity</class> <class>org.apache.ambari.server.orm.entities.UserEntity</class> <class>org.apache.ambari.server.orm.entities.GroupEntity</class> <class>org.apache.ambari.server.orm.entities.MemberEntity</class> http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java index 9ca5348..3aafb9a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java @@ -88,9 +88,7 @@ import org.apache.ambari.server.orm.GuiceJpaInitializer; import org.apache.ambari.server.orm.InMemoryDefaultTestModule; import org.apache.ambari.server.orm.dao.ExecutionCommandDAO; import org.apache.ambari.server.orm.dao.HostDAO; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.entities.ExecutionCommandEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.security.authorization.Users; import org.apache.ambari.server.serveraction.ServerAction; import org.apache.ambari.server.serveraction.ServerActionManager; @@ -4593,7 +4591,6 @@ public class AmbariManagementControllerTest { @Test public void testUpdateUsers() throws Exception { createUser("user1"); - users.createDefaultRoles(); UserRequest request = new UserRequest("user1"); @@ -4606,8 +4603,6 @@ public class AmbariManagementControllerTest { public void testDeleteUsers() throws Exception { createUser("user1"); - users.createDefaultRoles(); - UserRequest request = new UserRequest("user1"); controller.updateUsers(Collections.singleton(request)); @@ -4618,12 +4613,6 @@ public class AmbariManagementControllerTest { Collections.singleton(new UserRequest(null))); Assert.assertEquals(0, responses.size()); - - RoleDAO roleDao = injector.getInstance(RoleDAO.class); - RoleEntity re1 = roleDao.findByName("user"); - RoleEntity re2 = roleDao.findByName("admin"); - Assert.assertNotNull(re1); - Assert.assertNotNull(re2); } @Test @@ -10329,7 +10318,7 @@ public class AmbariManagementControllerTest { // Start startService(clusterName, serviceName, false, false); - + ServiceComponentHostRequest req = new ServiceComponentHostRequest(clusterName, serviceName, componentName1, host1, "INSTALLED"); @@ -10339,24 +10328,24 @@ public class AmbariManagementControllerTest { // succeed in creating a task assertNotNull(resp); - + // manually change live state to stopped as no running action manager for (ServiceComponentHost sch : clusters.getCluster(clusterName).getServiceComponentHosts(host1)) { sch.setState(State.INSTALLED); } - + // no new commands since no targeted info resp = controller.updateHostComponents(Collections.singleton(req), new HashMap<String, String>(), false); assertNull(resp); - + // role commands added for targeted command resp = controller.updateHostComponents(Collections.singleton(req), requestProperties, false); assertNotNull(resp); - + } - - + + } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java b/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java index 7d84823..526104f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java @@ -39,7 +39,6 @@ import org.apache.ambari.server.orm.dao.HostDAO; import org.apache.ambari.server.orm.dao.HostRoleCommandDAO; import org.apache.ambari.server.orm.dao.RequestDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.StageDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.AlertDefinitionEntity; @@ -55,7 +54,6 @@ import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.RequestEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.StageEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.state.HostState; @@ -82,9 +80,6 @@ public class OrmTestHelper { public UserDAO userDAO; @Inject - public RoleDAO roleDAO; - - @Inject public AlertDefinitionDAO alertDefinitionDAO; @Inject @@ -175,25 +170,16 @@ public class OrmTestHelper { PasswordEncoder encoder = injector.getInstance(PasswordEncoder.class); - RoleEntity adminRole = new RoleEntity(); - adminRole.setRoleName("admin"); - UserEntity admin = new UserEntity(); admin.setUserName("administrator"); admin.setUserPassword(encoder.encode("admin")); admin.setPrincipal(principalEntity); - Set<RoleEntity> roles = new HashSet<RoleEntity>(); Set<UserEntity> users = new HashSet<UserEntity>(); - roles.add(adminRole); users.add(admin); - admin.setRoleEntities(roles); - adminRole.setUserEntities(users); - userDAO.create(admin); - roleDAO.create(adminRole); principalEntity = new PrincipalEntity(); principalEntity.setPrincipalType(principalTypeEntity); @@ -274,7 +260,7 @@ public class OrmTestHelper { /** * Creates an empty cluster with an ID. - * + * * @return the cluster ID. */ @Transactional @@ -306,7 +292,7 @@ public class OrmTestHelper { /** * Creates an alert target. - * + * * @return */ @Transactional @@ -320,10 +306,10 @@ public class OrmTestHelper { alertDispatchDAO.create(target); return alertDispatchDAO.findTargetById(target.getTargetId()); } - + /** * Creates an alert definition. - * + * * @param clusterId * @return * @throws Exception @@ -342,14 +328,14 @@ public class OrmTestHelper { definition.setScope(Scope.SERVICE); definition.setSource("Source " + System.currentTimeMillis()); definition.setSourceType("SCRIPT"); - + alertDefinitionDAO.create(definition); return alertDefinitionDAO.findById(definition.getDefinitionId()); } /** * Creates an alert group. - * + * * @param clusterId * @param targets * @return http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java b/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java index a123507..b46f816 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java @@ -21,25 +21,14 @@ package org.apache.ambari.server.orm.dao; import com.google.inject.Inject; import com.google.inject.Provider; import org.junit.Before; -import org.junit.Test; import static org.easymock.EasyMock.createStrictMock; -import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.reset; -import static org.easymock.EasyMock.verify; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertSame; - import javax.persistence.EntityManager; -import javax.persistence.TypedQuery; -import java.util.Collections; -import java.util.List; -import org.apache.ambari.server.orm.entities.RoleEntity; -import org.apache.ambari.server.orm.entities.UserEntity; /** - * BlueprintDAO unit tests. + * UserDAO unit tests. */ public class UserDAOTest { @@ -56,31 +45,4 @@ public class UserDAOTest { replay(entityManagerProvider); } - - @Test - public void testfindAllLocalUsersByRole() { - UserEntity entity = new UserEntity(); - RoleEntity roleEntity = new RoleEntity(); - TypedQuery<UserEntity> query = createStrictMock(TypedQuery.class); - - // set expectations - expect(entityManager.createQuery(eq("SELECT role.userEntities FROM RoleEntity role WHERE role = :roleEntity"), eq(UserEntity.class))).andReturn(query); - roleEntity.setRoleName("admin"); - expect(query.setParameter("roleEntity", roleEntity)).andReturn(query); - expect(query.getResultList()).andReturn(Collections.singletonList(entity)); - - replay(entityManager, query); - - UserDAO dao = new UserDAO(); - dao.entityManagerProvider = entityManagerProvider; - roleEntity.setRoleName("admin"); - - List<UserEntity> results = dao.findAllLocalUsersByRole(roleEntity); - - assertEquals(1, results.size()); - assertSame(entity, results.get(0)); - - verify(entityManagerProvider, entityManager, query); - } - } http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java index c904774..ae8054b 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java @@ -23,9 +23,7 @@ import com.google.inject.Injector; import com.google.inject.persist.PersistService; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.GuiceJpaInitializer; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; import org.junit.*; @@ -45,8 +43,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest { @Inject private UserDAO userDAO; @Inject - private RoleDAO roleDAO; - @Inject Configuration configuration; @BeforeClass @@ -81,7 +77,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest { Authentication authentication = new UsernamePasswordAuthenticationToken("the allowedUser", "password"); Authentication result = authenticationProvider.authenticate(authentication); assertTrue(result.isAuthenticated()); - assertNotNull("User was not created", userDAO.findLdapUserByName("the allowedUser")); result = authenticationProvider.authenticate(authentication); assertTrue(result.isAuthenticated()); } @@ -94,39 +89,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest { assertTrue(auth == null); } - @Test - public void testLdapAdminGroupToRolesMapping() throws Exception { - - Authentication authentication; - - authentication = - new UsernamePasswordAuthenticationToken("allowedAdmin", "password"); - Authentication result = authenticationProvider.authenticate(authentication); - assertTrue(result.isAuthenticated()); - - UserEntity allowedAdminEntity = userDAO.findLdapUserByName("allowedAdmin"); - - authentication = - new UsernamePasswordAuthenticationToken("the allowedUser", "password"); - authenticationProvider.authenticate(authentication); - UserEntity allowedUserEntity = userDAO.findLdapUserByName("the allowedUser"); - - - RoleEntity adminRole = roleDAO.findByName( - configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY)); - RoleEntity userRole = roleDAO.findByName( - configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY)); - - - assertTrue(allowedAdminEntity.getRoleEntities().contains(userRole)); - assertTrue(allowedAdminEntity.getRoleEntities().contains(adminRole)); - - assertTrue(allowedUserEntity.getRoleEntities().contains(userRole)); - assertFalse(allowedUserEntity.getRoleEntities().contains(adminRole)); - - - } - @AfterClass public static void afterClass() { apacheDSContainer.stop(); http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java index 93d4f5f..2a2d3dd 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java @@ -25,10 +25,7 @@ import com.google.inject.Inject; import com.google.inject.Injector; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.GuiceJpaInitializer; -import org.apache.ambari.server.orm.dao.RoleDAO; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.RoleEntity; -import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; import org.easymock.EasyMockSupport; import org.easymock.IAnswer; @@ -56,8 +53,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport { @Inject private UserDAO userDAO; @Inject - private RoleDAO roleDAO; - @Inject Configuration configuration; @BeforeClass @@ -161,7 +156,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport { Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password"); Authentication result = authenticationProvider.authenticate(authentication); assertTrue(result.isAuthenticated()); - assertNotNull("User was not created", userDAO.findLdapUserByName("allowedUser")); result = authenticationProvider.authenticate(authentication); assertTrue(result.isAuthenticated()); } @@ -174,39 +168,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport { Assert.assertTrue(auth == null); } - @Test - public void testLdapAdminGroupToRolesMapping() throws Exception { - - Authentication authentication; - - authentication = - new UsernamePasswordAuthenticationToken("allowedAdmin", "password"); - Authentication result = authenticationProvider.authenticate(authentication); - assertTrue(result.isAuthenticated()); - - UserEntity allowedAdminEntity = userDAO.findLdapUserByName("allowedAdmin"); - - authentication = - new UsernamePasswordAuthenticationToken("allowedUser", "password"); - authenticationProvider.authenticate(authentication); - UserEntity allowedUserEntity = userDAO.findLdapUserByName("allowedUser"); - - - RoleEntity adminRole = roleDAO.findByName( - configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY)); - RoleEntity userRole = roleDAO.findByName( - configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY)); - - - assertTrue(allowedAdminEntity.getRoleEntities().contains(userRole)); - assertTrue(allowedAdminEntity.getRoleEntities().contains(adminRole)); - - assertTrue(allowedUserEntity.getRoleEntities().contains(userRole)); - assertFalse(allowedUserEntity.getRoleEntities().contains(adminRole)); - - - } - @AfterClass public static void afterClass() { apacheDSContainer.stop(); http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java index e8f0525..868df06 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java @@ -34,7 +34,6 @@ import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.RoleEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.easymock.Capture; import org.easymock.EasyMock; @@ -229,7 +228,6 @@ public class AmbariLdapDataPopulatorTest { userEntity.setLdapUser(ldapUser); userEntity.setActive(true); userEntity.setMemberEntities(new HashSet<MemberEntity>()); - userEntity.setRoleEntities(new HashSet<RoleEntity>()); final PrincipalEntity principalEntity = new PrincipalEntity(); principalEntity.setPrivileges(new HashSet<PrivilegeEntity>()); userEntity.setPrincipal(principalEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java index 4843a8f..c410f5b 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java @@ -23,7 +23,6 @@ import com.google.inject.Injector; import org.apache.ambari.server.orm.GuiceJpaInitializer; import org.apache.ambari.server.orm.OrmTestHelper; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.UserEntity; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; @@ -70,10 +69,4 @@ public class AmbariLocalUserDetailsServiceTest { public void testUsernameNotFound() throws Exception { userDetailsService.loadUserByUsername("notExists_123123123"); } - - @Test(expected = UsernameNotFoundException.class) - public void testEmptyRoles() throws Exception { - UserEntity user = userDAO.findLocalUserByName("userWithoutRoles"); - userDetailsService.loadUserByUsername(user.getUserName()); - } }
