/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.ambari.server.security; import java.util.Collection; import java.util.Collections; import java.util.EnumSet; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.security.authorization.RoleAuthorization; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; public class TestAuthenticationFactory { public static Authentication createAdministrator() { return createAdministrator("admin"); } public static Authentication createAdministrator(String name) { return new TestAuthorization(name, Collections.singleton(createAdministratorGrantedAuthority())); } public static Authentication createClusterAdministrator() { return createClusterAdministrator("clusterAdmin", 4L); } public static Authentication createClusterOperator() { return createClusterOperator("clusterOp", 4L); } public static Authentication createClusterAdministrator(String name, Long clusterResourceId) { return new TestAuthorization(name, Collections.singleton(createClusterAdministratorGrantedAuthority(clusterResourceId))); } public static Authentication createClusterOperator(String name, Long clusterResourceId) { return new TestAuthorization(name, Collections.singleton(createClusterOperatorGrantedAuthority(clusterResourceId))); } public static Authentication createServiceAdministrator() { return createServiceAdministrator("serviceAdmin", 4L); } public static Authentication createServiceAdministrator(String name, Long clusterResourceId) { return new TestAuthorization(name, Collections.singleton(createServiceAdministratorGrantedAuthority(clusterResourceId))); } public static Authentication createServiceOperator() { return createServiceOperator("serviceOp", 4L); } public static Authentication createServiceOperator(String name, Long clusterResourceId) { return new TestAuthorization(name, Collections.singleton(createServiceOperatorGrantedAuthority(clusterResourceId))); } public static Authentication createClusterUser() { return createClusterUser("clusterUser", 4L); } public static Authentication createClusterUser(String name, Long clusterResourceId) { return new TestAuthorization(name, Collections.singleton(createClusterUserGrantedAuthority(clusterResourceId))); } public static Authentication createViewUser(Long viewResourceId) { return createViewUser("viewUser", viewResourceId); } public static Authentication createViewUser(String name, Long viewResourceId) { return new TestAuthorization(name, Collections.singleton(createViewUserGrantedAuthority(viewResourceId))); } private static GrantedAuthority createAdministratorGrantedAuthority() { return new AmbariGrantedAuthority(createAdministratorPrivilegeEntity()); } private static GrantedAuthority createClusterAdministratorGrantedAuthority(Long clusterResourceId) { return new AmbariGrantedAuthority(createClusterAdministratorPrivilegeEntity(clusterResourceId)); } private static GrantedAuthority createClusterOperatorGrantedAuthority(Long clusterResourceId) { return new AmbariGrantedAuthority(createClusterOperatorPrivilegeEntity(clusterResourceId)); } private static GrantedAuthority createServiceAdministratorGrantedAuthority(Long clusterResourceId) { return new AmbariGrantedAuthority(createServiceAdministratorPrivilegeEntity(clusterResourceId)); } private static GrantedAuthority createServiceOperatorGrantedAuthority(Long clusterResourceId) { return new AmbariGrantedAuthority(createServiceOperatorPrivilegeEntity(clusterResourceId)); } private static GrantedAuthority createClusterUserGrantedAuthority(Long clusterResourceId) { return new AmbariGrantedAuthority(createClusterUserPrivilegeEntity(clusterResourceId)); } private static GrantedAuthority createViewUserGrantedAuthority(Long resourceId) { return new AmbariGrantedAuthority(createViewUserPrivilegeEntity(resourceId)); } public static PrivilegeEntity createPrivilegeEntity(ResourceEntity resourceEntity, PermissionEntity permissionEntity, PrincipalEntity principalEntity) { PrivilegeEntity privilegeEntity = new PrivilegeEntity(); privilegeEntity.setResource(resourceEntity); privilegeEntity.setPermission(permissionEntity); privilegeEntity.setPrincipal(principalEntity); return privilegeEntity; } private static PrivilegeEntity createAdministratorPrivilegeEntity() { return createPrivilegeEntity(createAmbariResourceEntity(), createAdministratorPermission(), null); } private static PrivilegeEntity createClusterAdministratorPrivilegeEntity(Long clusterResourceId) { return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterAdministratorPermission(), null); } private static PrivilegeEntity createClusterOperatorPrivilegeEntity(Long clusterResourceId) { return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterOperatorPermission(), null); } private static PrivilegeEntity createServiceAdministratorPrivilegeEntity(Long clusterResourceId) { return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceAdministratorPermission(), null); } private static PrivilegeEntity createServiceOperatorPrivilegeEntity(Long clusterResourceId) { return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceOperatorPermission(), null); } private static PrivilegeEntity createClusterUserPrivilegeEntity(Long clusterResourceId) { return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterUserPermission(), null); } private static PrivilegeEntity createViewUserPrivilegeEntity(Long resourceId) { return createPrivilegeEntity(createViewResourceEntity(resourceId), createViewUserPermission(), null); } public static PermissionEntity createAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI)); permissionEntity.setPrincipal(createPrincipalEntity(1L)); permissionEntity.addAuthorizations(EnumSet.allOf(RoleAuthorization.class)); return permissionEntity; } public static PermissionEntity createClusterAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(2L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS, RoleAuthorization.CLUSTER_MODIFY_CONFIGS, RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS, RoleAuthorization.CLUSTER_TOGGLE_ALERTS, RoleAuthorization.CLUSTER_MANAGE_ALERTS, RoleAuthorization.CLUSTER_TOGGLE_KERBEROS, RoleAuthorization.CLUSTER_UPGRADE_DOWNGRADE_STACK, RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_METRICS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS, RoleAuthorization.HOST_ADD_DELETE_HOSTS, RoleAuthorization.HOST_TOGGLE_MAINTENANCE, RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_VIEW_METRICS, RoleAuthorization.HOST_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_ADD_DELETE_SERVICES, RoleAuthorization.SERVICE_COMPARE_CONFIGS, RoleAuthorization.SERVICE_DECOMMISSION_RECOMMISSION, RoleAuthorization.SERVICE_ENABLE_HA, RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.SERVICE_MODIFY_CONFIGS, RoleAuthorization.SERVICE_MOVE, RoleAuthorization.SERVICE_RUN_CUSTOM_COMMAND, RoleAuthorization.SERVICE_RUN_SERVICE_CHECK, RoleAuthorization.SERVICE_START_STOP, RoleAuthorization.SERVICE_TOGGLE_ALERTS, RoleAuthorization.SERVICE_TOGGLE_MAINTENANCE, RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, RoleAuthorization.CLUSTER_RUN_CUSTOM_COMMAND, RoleAuthorization.SERVICE_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA)); return permissionEntity; } public static PermissionEntity createClusterOperatorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(5); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(3L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS, RoleAuthorization.HOST_VIEW_METRICS, RoleAuthorization.SERVICE_DECOMMISSION_RECOMMISSION, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.SERVICE_MANAGE_ALERTS, RoleAuthorization.SERVICE_ENABLE_HA, RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_RUN_CUSTOM_COMMAND, RoleAuthorization.HOST_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, RoleAuthorization.SERVICE_COMPARE_CONFIGS, RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS, RoleAuthorization.SERVICE_TOGGLE_ALERTS, RoleAuthorization.SERVICE_MOVE, RoleAuthorization.SERVICE_RUN_SERVICE_CHECK, RoleAuthorization.SERVICE_MODIFY_CONFIGS, RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.HOST_ADD_DELETE_HOSTS, RoleAuthorization.SERVICE_START_STOP, RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.HOST_TOGGLE_MAINTENANCE, RoleAuthorization.SERVICE_TOGGLE_MAINTENANCE, RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, RoleAuthorization.SERVICE_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS)); return permissionEntity; } public static PermissionEntity createServiceAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(5); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(4L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_METRICS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS, RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_VIEW_METRICS, RoleAuthorization.HOST_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_COMPARE_CONFIGS, RoleAuthorization.SERVICE_DECOMMISSION_RECOMMISSION, RoleAuthorization.SERVICE_ENABLE_HA, RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.SERVICE_MODIFY_CONFIGS, RoleAuthorization.SERVICE_MOVE, RoleAuthorization.SERVICE_RUN_CUSTOM_COMMAND, RoleAuthorization.SERVICE_RUN_SERVICE_CHECK, RoleAuthorization.SERVICE_START_STOP, RoleAuthorization.SERVICE_TOGGLE_ALERTS, RoleAuthorization.SERVICE_TOGGLE_MAINTENANCE, RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_VIEW_OPERATIONAL_LOGS, RoleAuthorization.SERVICE_MANAGE_AUTO_START, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA)); return permissionEntity; } public static PermissionEntity createServiceOperatorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(6); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(5L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_COMPARE_CONFIGS, RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.SERVICE_START_STOP, RoleAuthorization.SERVICE_DECOMMISSION_RECOMMISSION, RoleAuthorization.SERVICE_RUN_CUSTOM_COMMAND, RoleAuthorization.SERVICE_RUN_SERVICE_CHECK, RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_VIEW_METRICS, RoleAuthorization.HOST_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA )); return permissionEntity; } public static PermissionEntity createClusterUserPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.CLUSTER_USER_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(6L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, RoleAuthorization.SERVICE_VIEW_STATUS_INFO, RoleAuthorization.SERVICE_COMPARE_CONFIGS, RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_VIEW_METRICS, RoleAuthorization.HOST_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA )); return permissionEntity; } public static PermissionEntity createViewUserPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.VIEW_USER_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setPrincipal(createPrincipalEntity(7L)); permissionEntity.addAuthorizations(EnumSet.of(RoleAuthorization.VIEW_USE)); return permissionEntity; } private static ResourceEntity createAmbariResourceEntity() { ResourceEntity resourceEntity = new ResourceEntity(); resourceEntity.setId(null); resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI)); return resourceEntity; } private static ResourceEntity createClusterResourceEntity(Long clusterResourceId) { return createResourceEntity(ResourceType.CLUSTER, clusterResourceId); } private static ResourceEntity createResourceEntity(ResourceType resourceType, Long resourceId) { ResourceEntity resourceEntity = new ResourceEntity(); resourceEntity.setId(resourceId); resourceEntity.setResourceType(createResourceTypeEntity(resourceType)); return resourceEntity; } private static ResourceEntity createViewResourceEntity(Long resourceId) { ResourceEntity resourceEntity = new ResourceEntity(); resourceEntity.setId(resourceId); if (resourceId != null) { resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.VIEW.name(), resourceId.intValue())); } return resourceEntity; } private static ResourceTypeEntity createResourceTypeEntity(ResourceType resourceType) { return createResourceTypeEntity(resourceType.name(), resourceType.getId()); } private static ResourceTypeEntity createResourceTypeEntity(String resourceName, Integer resourceId) { ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity(); resourceTypeEntity.setId(resourceId); resourceTypeEntity.setName(resourceName); return resourceTypeEntity; } private static PrincipalEntity createPrincipalEntity(Long principalId) { PrincipalEntity principalEntity = new PrincipalEntity(); principalEntity.setId(principalId); principalEntity.setPrincipalType(createPrincipalTypeEntity()); return principalEntity; } private static PrincipalTypeEntity createPrincipalTypeEntity() { PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity(); principalTypeEntity.setId(1); principalTypeEntity.setName("ROLE"); return principalTypeEntity; } private static class TestAuthorization implements Authentication { private final String name; private final Collection<? extends GrantedAuthority> authorities; private TestAuthorization(String name, Collection<? extends GrantedAuthority> authorities) { this.name = name; this.authorities = authorities; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { return authorities; } @Override public Object getCredentials() { return null; } @Override public Object getDetails() { return null; } @Override public Object getPrincipal() { return null; } @Override public boolean isAuthenticated() { return true; } @Override public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { } @Override public String getName() { return name; } } }