/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.ambari.server.controller.internal; import static org.easymock.EasyMock.anyObject; import static org.easymock.EasyMock.capture; import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.newCapture; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.TreeMap; import org.apache.ambari.server.api.services.AmbariMetaInfo; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.controller.KerberosHelper; import org.apache.ambari.server.controller.predicate.AndPredicate; import org.apache.ambari.server.controller.spi.NoSuchResourceException; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.spi.ResourceProvider; import org.apache.ambari.server.controller.spi.SystemException; import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.security.SecurePasswordHelper; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.encryption.CredentialStoreService; import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.StackId; import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptor; import org.apache.ambari.server.state.kerberos.KerberosDescriptor; import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory; import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptorTest; import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptorTest; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; import org.easymock.CaptureType; import org.easymock.EasyMockSupport; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import com.google.gson.Gson; import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; import junit.framework.Assert; /** * ClusterKerberosDescriptorResourceProviderTest unit tests. */ @SuppressWarnings("unchecked") public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSupport { private static final Gson GSON = new Gson(); private static final Map<String, Object> STACK_MAP; private static final Map<String, Object> USER_MAP; private static final Map<String, Object> COMPOSITE_MAP; static { TreeMap<String, Object> stackProperties = new TreeMap<>(); stackProperties.put("realm", "EXAMPLE.COM"); stackProperties.put("some.property", "Hello World"); Collection<String> authToLocalRules = new ArrayList<>(); authToLocalRules.add("global.name.rules"); TreeMap<String, Object> stackServices = new TreeMap<>(); stackServices.put((String) KerberosServiceDescriptorTest.MAP_VALUE.get("name"), KerberosServiceDescriptorTest.MAP_VALUE); TreeMap<String, Object> stackClusterConfProperties = new TreeMap<>(); stackClusterConfProperties.put("property1", "red"); TreeMap<String, Object> stackClusterConf = new TreeMap<>(); stackClusterConf.put("cluster-conf", stackClusterConfProperties); TreeMap<String, Object> stackConfigurations = new TreeMap<>(); stackConfigurations.put("cluster-conf", stackClusterConf); TreeMap<String, Object> stackSharedIdentityKeytabOwner = new TreeMap<>(); stackSharedIdentityKeytabOwner.put("name", "root"); stackSharedIdentityKeytabOwner.put("access", "rw"); TreeMap<String, Object> sharedIdentityKeytabGroup = new TreeMap<>(); sharedIdentityKeytabGroup.put("name", "hadoop"); sharedIdentityKeytabGroup.put("access", "r"); TreeMap<String, Object> stackSharedIdentityKeytab = new TreeMap<>(); stackSharedIdentityKeytab.put("file", "/etc/security/keytabs/subject.service.keytab"); stackSharedIdentityKeytab.put("owner", stackSharedIdentityKeytabOwner); stackSharedIdentityKeytab.put("group", sharedIdentityKeytabGroup); stackSharedIdentityKeytab.put("configuration", "service-site/service2.component.keytab.file"); TreeMap<String, Object> stackSharedIdentity = new TreeMap<>(); stackSharedIdentity.put("name", "shared"); stackSharedIdentity.put("principal", new TreeMap<>(KerberosPrincipalDescriptorTest.MAP_VALUE)); stackSharedIdentity.put("keytab", stackSharedIdentityKeytab); TreeMap<String, Object> stackIdentities = new TreeMap<>(); stackIdentities.put("shared", stackSharedIdentity); STACK_MAP = new TreeMap<>(); STACK_MAP.put("properties", stackProperties); STACK_MAP.put(AbstractKerberosDescriptor.Type.AUTH_TO_LOCAL_PROPERTY.getDescriptorPluralName(), authToLocalRules); STACK_MAP.put(AbstractKerberosDescriptor.Type.SERVICE.getDescriptorPluralName(), stackServices.values()); STACK_MAP.put(AbstractKerberosDescriptor.Type.CONFIGURATION.getDescriptorPluralName(), stackConfigurations.values()); STACK_MAP.put(AbstractKerberosDescriptor.Type.IDENTITY.getDescriptorPluralName(), stackIdentities.values()); TreeMap<String, Object> userProperties = new TreeMap<>(); userProperties.put("realm", "HWX.COM"); userProperties.put("some.property", "Hello World"); TreeMap<String, Object> userClusterConfProperties = new TreeMap<>(); userClusterConfProperties.put("property1", "blue"); userClusterConfProperties.put("property2", "orange"); TreeMap<String, Object> userClusterConf = new TreeMap<>(); userClusterConf.put("cluster-conf", userClusterConfProperties); TreeMap<String, Object> userConfigurations = new TreeMap<>(); userConfigurations.put("cluster-conf", userClusterConf); TreeMap<String, Object> userSharedIdentityKeytabOwner = new TreeMap<>(); userSharedIdentityKeytabOwner.put("name", "root"); userSharedIdentityKeytabOwner.put("access", "rw"); TreeMap<String, Object> userSharedIdentityKeytabGroup = new TreeMap<>(); userSharedIdentityKeytabGroup.put("name", "hadoop"); userSharedIdentityKeytabGroup.put("access", "r"); TreeMap<String, Object> userSharedIdentityKeytab = new TreeMap<>(); userSharedIdentityKeytab.put("file", "/etc/security/keytabs/subject.service.keytab"); userSharedIdentityKeytab.put("owner", userSharedIdentityKeytabOwner); userSharedIdentityKeytab.put("group", userSharedIdentityKeytabGroup); userSharedIdentityKeytab.put("configuration", "service-site/service2.component.keytab.file"); TreeMap<String, Object> userSharedIdentity = new TreeMap<>(); userSharedIdentity.put("name", "shared"); userSharedIdentity.put("principal", new TreeMap<>(KerberosPrincipalDescriptorTest.MAP_VALUE)); userSharedIdentity.put("keytab", userSharedIdentityKeytab); TreeMap<String, Object> userIdentities = new TreeMap<>(); userIdentities.put("shared", userSharedIdentity); USER_MAP = new TreeMap<>(); USER_MAP.put("properties", userProperties); USER_MAP.put(AbstractKerberosDescriptor.Type.CONFIGURATION.getDescriptorPluralName(), userConfigurations.values()); USER_MAP.put(AbstractKerberosDescriptor.Type.IDENTITY.getDescriptorPluralName(), userIdentities.values()); COMPOSITE_MAP = new TreeMap<>(); COMPOSITE_MAP.putAll(STACK_MAP); COMPOSITE_MAP.putAll(USER_MAP); } private Injector injector; @Before public void setUp() throws Exception { injector = Guice.createInjector(new AbstractModule() { @Override protected void configure() { Properties properties = new Properties(); bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class); bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper()); bind(Configuration.class).toInstance(new Configuration(properties)); bind(KerberosDescriptorFactory.class).toInstance(new KerberosDescriptorFactory()); } }); } @After public void clearAuthentication() { SecurityContextHolder.getContext().setAuthentication(null); } @Test(expected = SystemException.class) public void testCreateResourcesAsAdministrator() throws Exception { testCreateResources(TestAuthenticationFactory.createAdministrator("admin")); } @Test(expected = SystemException.class) public void testCreateResourcesAsClusterAdministrator() throws Exception { testCreateResources(TestAuthenticationFactory.createClusterAdministrator()); } @Test(expected = SystemException.class) public void testCreateResourcesAsServiceAdministrator() throws Exception { testCreateResources(TestAuthenticationFactory.createServiceAdministrator()); } private void testCreateResources(Authentication authentication) throws Exception { AmbariManagementController managementController = createMock(AmbariManagementController.class); Request request = createMock(Request.class); ClusterKerberosDescriptorResourceProvider resourceProvider = new ClusterKerberosDescriptorResourceProvider(managementController); injector.injectMembers(resourceProvider); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver(); ((ObservableResourceProvider) provider).addObserver(observer); provider.createResources(request); verifyAll(); } @Test public void testGetResourcesAsAdministrator() throws Exception { testGetResources(TestAuthenticationFactory.createAdministrator("admin")); } @Test public void testGetResourcesAsClusterAdministrator() throws Exception { testGetResources(TestAuthenticationFactory.createClusterAdministrator()); } @Test public void testGetResourcesAsClusterOperator() throws Exception { testGetResources(TestAuthenticationFactory.createClusterOperator()); } @Test public void testGetResourcesAsServiceAdministrator() throws Exception { testGetResources(TestAuthenticationFactory.createServiceAdministrator()); } @Test public void testGetResourcesAsServiceOperator() throws Exception { testGetResources(TestAuthenticationFactory.createServiceOperator()); } @Test public void testGetResourcesAsClusterUser() throws Exception { testGetResources(TestAuthenticationFactory.createClusterUser()); } private void testGetResources(Authentication authentication) throws Exception { Cluster cluster = createMock(Cluster.class); expect(cluster.getResourceId()).andReturn(4L).atLeastOnce(); Clusters clusters = createMock(Clusters.class); expect(clusters.getCluster("c1")).andReturn(cluster).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); Request request = createMock(Request.class); expect(request.getPropertyIds()).andReturn(null).once(); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Predicate predicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID).equals("c1") .toPredicate(); Set<Resource> results = provider.getResources(request, predicate); Assert.assertEquals(3, results.size()); verifyAll(); } @Test public void testGetResourcesWithPredicateAsAdministrator() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createAdministrator("admin")); } @Test public void testGetResourcesWithPredicateAsClusterAdministrator() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterAdministrator()); } @Test public void testGetResourcesWithPredicateAsClusterOperator() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterOperator()); } @Test public void testGetResourcesWithPredicateAsServiceAdministrator() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createServiceAdministrator()); } @Test public void testGetResourcesWithPredicateAsServiceOperator() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createServiceOperator()); } @Test public void testGetResourcesWithPredicateAsClusterUser() throws Exception { testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterUser()); } private void testGetResourcesWithPredicate(Authentication authentication) throws Exception { Cluster cluster = createMock(Cluster.class); expect(cluster.getResourceId()).andReturn(4L).atLeastOnce(); Clusters clusters = createMock(Clusters.class); expect(clusters.getCluster("c1")).andReturn(cluster).atLeastOnce(); KerberosDescriptorFactory kerberosDescriptorFactory = injector.getInstance(KerberosDescriptorFactory.class); KerberosDescriptor stackKerberosDescriptor = kerberosDescriptorFactory.createInstance(STACK_MAP); KerberosDescriptor userKerberosDescriptor = kerberosDescriptorFactory.createInstance(USER_MAP); KerberosDescriptor compositeKerberosDescriptor = kerberosDescriptorFactory.createInstance(STACK_MAP); compositeKerberosDescriptor.update(userKerberosDescriptor); KerberosHelper kerberosHelper = createMock(KerberosHelper.class); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(false), anyObject(Collection.class))) .andReturn(stackKerberosDescriptor).atLeastOnce(); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(false), anyObject(Collection.class))) .andReturn(userKerberosDescriptor).atLeastOnce(); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(false), anyObject(Collection.class))) .andReturn(compositeKerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); expect(managementController.getKerberosHelper()).andReturn(kerberosHelper).atLeastOnce(); Request request = createMock(Request.class); expect(request.getPropertyIds()).andReturn(null).atLeastOnce(); expect(request.getRequestInfoProperties()).andReturn(Collections.<String, String>emptyMap()).atLeastOnce(); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Predicate clusterPredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID).equals("c1") .toPredicate(); Predicate typePredicate; Set<Resource> results; // -------------- // Get the STACK Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("STACK") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); testResults("STACK", STACK_MAP, results); // -------------- // Get the USER Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("USER") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); testResults("USER", USER_MAP, results); // -------------- // Get the COMPOSITE Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("COMPOSITE") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); testResults("COMPOSITE", COMPOSITE_MAP, results); verifyAll(); } @Test public void testGetResourcesWithPredicateAndDirectivesAsAdministrator() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createAdministrator("admin")); } @Test public void testGetResourcesWithPredicateAndDirectivesAsClusterAdministrator() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createClusterAdministrator()); } @Test public void testGetResourcesWithPredicateAndDirectivesAsClusterOperator() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createClusterOperator()); } @Test public void testGetResourcesWithPredicateAndDirectivesAsServiceAdministrator() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createServiceAdministrator()); } @Test public void testGetResourcesWithPredicateAndDirectivesAsServiceOperator() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createServiceOperator()); } @Test public void testGetResourcesWithPredicateAndDirectivesAsClusterUser() throws Exception { testGetResourcesWithPredicateAndDirectives(TestAuthenticationFactory.createClusterUser()); } private void testGetResourcesWithPredicateAndDirectives(Authentication authentication) throws Exception { Cluster cluster = createMock(Cluster.class); expect(cluster.getResourceId()).andReturn(4L).atLeastOnce(); Clusters clusters = createMock(Clusters.class); expect(clusters.getCluster("c1")).andReturn(cluster).atLeastOnce(); KerberosDescriptorFactory kerberosDescriptorFactory = injector.getInstance(KerberosDescriptorFactory.class); KerberosDescriptor stackKerberosDescriptor = kerberosDescriptorFactory.createInstance(STACK_MAP); KerberosDescriptor userKerberosDescriptor = kerberosDescriptorFactory.createInstance(USER_MAP); KerberosDescriptor compositeKerberosDescriptor = kerberosDescriptorFactory.createInstance(STACK_MAP); compositeKerberosDescriptor.update(userKerberosDescriptor); Capture<? extends Collection<String>> captureAdditionalServices = newCapture(CaptureType.ALL); KerberosHelper kerberosHelper = createMock(KerberosHelper.class); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(true), capture(captureAdditionalServices))) .andReturn(stackKerberosDescriptor).atLeastOnce(); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(true), capture(captureAdditionalServices))) .andReturn(userKerberosDescriptor).atLeastOnce(); expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(true), capture(captureAdditionalServices))) .andReturn(compositeKerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); expect(managementController.getKerberosHelper()).andReturn(kerberosHelper).atLeastOnce(); Map<String, String> requestInfoProperties = new HashMap<>(); requestInfoProperties.put(ClusterKerberosDescriptorResourceProvider.DIRECTIVE_EVALUATE_WHEN_CLAUSE, "true"); requestInfoProperties.put(ClusterKerberosDescriptorResourceProvider.DIRECTIVE_ADDITIONAL_SERVICES, "HIVE, TEZ,PIG"); Request request = createMock(Request.class); expect(request.getPropertyIds()).andReturn(null).atLeastOnce(); expect(request.getRequestInfoProperties()).andReturn(requestInfoProperties).atLeastOnce(); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Predicate clusterPredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID).equals("c1") .toPredicate(); Predicate typePredicate; Set<Resource> results; // -------------- // Get the STACK Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("STACK") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); for (Resource result : results) { Assert.assertEquals("c1", result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID)); Assert.assertEquals("STACK", result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID)); // Reconstruct the deconstructed Kerberos Descriptor Map partial1 = result.getPropertiesMap().get(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_DESCRIPTOR_PROPERTY_ID); Map partial2 = result.getPropertiesMap().get("KerberosDescriptor/kerberos_descriptor/properties"); partial1.put("properties", partial2); Assert.assertEquals(GSON.toJson(STACK_MAP), GSON.toJson(partial1)); } // -------------- // Get the USER Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("USER") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); for (Resource result : results) { Assert.assertEquals("c1", result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID)); Assert.assertEquals("USER", result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID)); // Reconstruct the deconstructed Kerberos Descriptor Map partial1 = result.getPropertiesMap().get(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_DESCRIPTOR_PROPERTY_ID); Map partial2 = result.getPropertiesMap().get("KerberosDescriptor/kerberos_descriptor/properties"); partial1.put("properties", partial2); Assert.assertEquals(GSON.toJson(USER_MAP), GSON.toJson(partial1)); } // -------------- // Get the COMPOSITE Kerberos Descriptor typePredicate = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("COMPOSITE") .toPredicate(); results = provider.getResources(request, new AndPredicate(clusterPredicate, typePredicate)); Assert.assertEquals(1, results.size()); testResults("COMPOSITE", COMPOSITE_MAP, results); verifyAll(); List<? extends Collection<String>> capturedValues = captureAdditionalServices.getValues(); Assert.assertEquals(3, capturedValues.size()); for (Collection<String> capturedValue : capturedValues) { Assert.assertEquals(3, capturedValue.size()); Assert.assertTrue(capturedValue.contains("HIVE")); Assert.assertTrue(capturedValue.contains("PIG")); Assert.assertTrue(capturedValue.contains("TEZ")); } } @Test(expected = IllegalArgumentException.class) public void testGetResourcesWithInvalidKerberosDescriptorTypeAsAdministrator() throws Exception { testGetResourcesWithInvalidKerberosDescriptorType(TestAuthenticationFactory.createAdministrator("admin")); } @Test(expected = IllegalArgumentException.class) public void testGetResourcesWithInvalidKerberosDescriptorTypeAsClusterAdministrator() throws Exception { testGetResourcesWithInvalidKerberosDescriptorType(TestAuthenticationFactory.createClusterAdministrator()); } @Test(expected = IllegalArgumentException.class) public void testGetResourcesWithInvalidKerberosDescriptorTypeAsServiceAdministrator() throws Exception { testGetResourcesWithInvalidKerberosDescriptorType(TestAuthenticationFactory.createServiceAdministrator()); } private void testGetResourcesWithInvalidKerberosDescriptorType(Authentication authentication) throws Exception { StackId stackVersion = createMock(StackId.class); expect(stackVersion.getStackName()).andReturn("stackName").atLeastOnce(); expect(stackVersion.getStackVersion()).andReturn("stackVersion").atLeastOnce(); Cluster cluster = createMock(Cluster.class); expect(cluster.getResourceId()).andReturn(4L).atLeastOnce(); expect(cluster.getCurrentStackVersion()).andReturn(stackVersion).atLeastOnce(); Clusters clusters = createMock(Clusters.class); expect(clusters.getCluster("c1")).andReturn(cluster).atLeastOnce(); KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.toMap()).andReturn(STACK_MAP).atLeastOnce(); AmbariMetaInfo metaInfo = createMock(AmbariMetaInfo.class); expect(metaInfo.getKerberosDescriptor("stackName", "stackVersion")).andReturn(kerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); expect(managementController.getAmbariMetaInfo()).andReturn(metaInfo).atLeastOnce(); Request request = createMock(Request.class); expect(request.getPropertyIds()).andReturn(null).once(); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Predicate predicate1 = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID).equals("c1") .toPredicate(); Predicate predicate2 = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("BOGUS") .toPredicate(); Predicate predicate = new AndPredicate(predicate1, predicate2); try { provider.getResources(request, predicate); Assert.fail("Expected NoSuchResourceException not thrown"); } catch (NoSuchResourceException e) { // expected } verifyAll(); } @Test public void testGetResourcesWithoutPredicateAsAdministrator() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createAdministrator("admin")); } @Test public void testGetResourcesWithoutPredicateAsClusterAdministrator() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterAdministrator()); } @Test public void testGetResourcesWithoutPredicateAsClusterOperator() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterOperator()); } @Test public void testGetResourcesWithoutPredicateAsServiceAdministrator() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createServiceAdministrator()); } @Test public void testGetResourcesWithoutPredicateAsServiceOperator() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createServiceOperator()); } @Test public void testGetResourcesWithoutPredicateAsClusterUser() throws Exception { testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterUser()); } private void testGetResourcesWithoutPredicate(Authentication authentication) throws Exception { Clusters clusters = createMock(Clusters.class); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); Request request = createMock(Request.class); expect(request.getPropertyIds()).andReturn(null).once(); replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Set<Resource> results = provider.getResources(request, null); Assert.assertTrue(results.isEmpty()); verifyAll(); } @Test(expected = SystemException.class) public void testUpdateResourcesAsAdministrator() throws Exception { testUpdateResources(TestAuthenticationFactory.createAdministrator("admin")); } @Test(expected = SystemException.class) public void testUpdateResourcesAsClusterAdministrator() throws Exception { testUpdateResources(TestAuthenticationFactory.createClusterAdministrator()); } @Test(expected = SystemException.class) public void testUpdateResourcesAsServiceAdministrator() throws Exception { testUpdateResources(TestAuthenticationFactory.createServiceAdministrator()); } private void testUpdateResources(Authentication authentication) throws Exception { AmbariManagementController managementController = createMock(AmbariManagementController.class); Request request = createMock(Request.class); ClusterKerberosDescriptorResourceProvider resourceProvider = new ClusterKerberosDescriptorResourceProvider(managementController); injector.injectMembers(resourceProvider); replayAll(); // end expectations SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); provider.createResources(request); verifyAll(); } @Test(expected = SystemException.class) public void testDeleteResourcesAsAdministrator() throws Exception { testDeleteResources(TestAuthenticationFactory.createAdministrator("admin")); } @Test(expected = SystemException.class) public void testDeleteResourcesAsClusterAdministrator() throws Exception { testDeleteResources(TestAuthenticationFactory.createClusterAdministrator()); } @Test(expected = SystemException.class) public void testDeleteResourcesAsServiceAdministrator() throws Exception { testDeleteResources(TestAuthenticationFactory.createServiceAdministrator()); } private void testDeleteResources(Authentication authentication) throws Exception { AmbariManagementController managementController = createMock(AmbariManagementController.class); ClusterKerberosDescriptorResourceProvider resourceProvider = new ClusterKerberosDescriptorResourceProvider(managementController); injector.injectMembers(resourceProvider); replayAll(); // end expectations SecurityContextHolder.getContext().setAuthentication(authentication); ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider( Resource.Type.ClusterKerberosDescriptor, PropertyHelper.getPropertyIds(Resource.Type.ClusterKerberosDescriptor), PropertyHelper.getKeyPropertyIds(Resource.Type.ClusterKerberosDescriptor), managementController); Predicate predicate1 = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID).equals("c1") .toPredicate(); Predicate predicate2 = new PredicateBuilder() .property(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID).equals("alias1") .toPredicate(); Predicate predicate = new AndPredicate(predicate1, predicate2); provider.deleteResources(new RequestImpl(null, null, null, null), predicate); verifyAll(); } private void testResults(String type, Map<String, Object> expectedData, Set<Resource> results) { for (Resource result : results) { Assert.assertEquals("c1", result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_CLUSTER_NAME_PROPERTY_ID)); Assert.assertEquals(type, result.getPropertyValue(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_TYPE_PROPERTY_ID)); // Reconstruct the deconstructed Kerberos Descriptor Map partial1 = result.getPropertiesMap().get(ClusterKerberosDescriptorResourceProvider.CLUSTER_KERBEROS_DESCRIPTOR_DESCRIPTOR_PROPERTY_ID); Map partial2 = result.getPropertiesMap().get("KerberosDescriptor/kerberos_descriptor/properties"); partial1.put("properties", partial2); Assert.assertEquals(GSON.toJson(expectedData), GSON.toJson(partial1)); } } }