/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java

https://github.com/sonia-garudi/ambari · Java · 211 lines · 145 code · 42 blank · 24 comment · 0 complexity · 8b4b9744054694832e61972ed93c6f6e MD5 · raw file 

    

  1. /*
    2. 

  2.  * Licensed to the Apache Software Foundation (ASF) under one
    3. 

  3.  * or more contributor license agreements.  See the NOTICE file
    4. 

  4.  * distributed with this work for additional information
    5. 

  5.  * regarding copyright ownership.  The ASF licenses this file
    6. 

  6.  * to you under the Apache License, Version 2.0 (the
    7. 

  7.  * "License"); you may not use this file except in compliance
    8. 

  8.  * with the License.  You may obtain a copy of the License at
    9. 

  9.  *
    10. 

  10.  *     http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11.  *
    12. 

  12.  * Unless required by applicable law or agreed to in writing, software
    13. 

  13.  * distributed under the License is distributed on an "AS IS" BASIS,
    14. 

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15. 

  15.  * See the License for the specific language governing permissions and
    16. 

  16.  * limitations under the License.
    17. 

  17.  */
    18. 

  18. 

  19. package org.apache.ambari.server.security.authorization;
    20. 

  20. 

  21. import static org.easymock.EasyMock.anyObject;
    22. 

  22. import static org.easymock.EasyMock.anyString;
    23. 

  23. import static org.easymock.EasyMock.capture;
    24. 

  24. import static org.easymock.EasyMock.eq;
    25. 

  25. import static org.easymock.EasyMock.expect;
    26. 

  26. import static org.easymock.EasyMock.expectLastCall;
    27. 

  27. import static org.easymock.EasyMock.newCapture;
    28. 

  28. 

  29. import java.util.ArrayList;
    30. 

  30. import java.util.Collection;
    31. 

  31. import java.util.Collections;
    32. 

  32. import java.util.List;
    33. 

  33. 

  34. import javax.annotation.Nullable;
    35. 

  35. import javax.persistence.EntityManager;
    36. 

  36. 

  37. import org.apache.ambari.server.AmbariException;
    38. 

  38. import org.apache.ambari.server.configuration.Configuration;
    39. 

  39. import org.apache.ambari.server.hooks.HookContextFactory;
    40. 

  40. import org.apache.ambari.server.hooks.HookService;
    41. 

  41. import org.apache.ambari.server.orm.DBAccessor;
    42. 

  42. import org.apache.ambari.server.orm.dao.MemberDAO;
    43. 

  43. import org.apache.ambari.server.orm.dao.PrincipalDAO;
    44. 

  44. import org.apache.ambari.server.orm.dao.PrivilegeDAO;
    45. 

  45. import org.apache.ambari.server.orm.dao.UserDAO;
    46. 

  46. import org.apache.ambari.server.orm.entities.GroupEntity;
    47. 

  47. import org.apache.ambari.server.orm.entities.MemberEntity;
    48. 

  48. import org.apache.ambari.server.orm.entities.PermissionEntity;
    49. 

  49. import org.apache.ambari.server.orm.entities.PrincipalEntity;
    50. 

  50. import org.apache.ambari.server.orm.entities.PrivilegeEntity;
    51. 

  51. import org.apache.ambari.server.orm.entities.UserEntity;
    52. 

  52. import org.apache.ambari.server.state.stack.OsFamily;
    53. 

  53. import org.easymock.Capture;
    54. 

  54. import org.easymock.EasyMock;
    55. 

  55. import org.easymock.EasyMockSupport;
    56. 

  56. import org.junit.Test;
    57. 

  57. import org.springframework.security.crypto.password.PasswordEncoder;
    58. 

  58. 

  59. import com.google.inject.AbstractModule;
    60. 

  60. import com.google.inject.Guice;
    61. 

  61. import com.google.inject.Injector;
    62. 

  62. 

  63. import junit.framework.Assert;
    64. 

  64. 

  65. public class UsersTest extends EasyMockSupport {
    66. 

  66. 

  67.   public static final String SERVICEOP_USER_NAME = "serviceopuser";
    68. 

  68.   private Injector injector;
    69. 

  69. 

  70.   @Test
    71. 

  71.   public void testGetUserAuthorities() throws Exception {
    72. 

  72.     createInjector();
    73. 

  73. 

  74.     PrincipalEntity userPrincipalEntity = createMock(PrincipalEntity.class);
    75. 

  75. 

  76.     UserEntity userEntity = createMock(UserEntity.class);
    77. 

  77.     expect(userEntity.getPrincipal()).andReturn(userPrincipalEntity).times(1);
    78. 

  78. 

  79.     UserDAO userDAO = injector.getInstance(UserDAO.class);
    80. 

  80.     expect(userDAO.findUserByNameAndType("user1", UserType.LOCAL)).andReturn(userEntity).times(1);
    81. 

  81. 

  82.     PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class);
    83. 

  83. 

  84.     GroupEntity groupEntity = createMock(GroupEntity.class);
    85. 

  85.     expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).times(1);
    86. 

  86. 

  87.     MemberEntity memberEntity = createMock(MemberEntity.class);
    88. 

  88.     expect(memberEntity.getGroup()).andReturn(groupEntity).times(1);
    89. 

  89. 

  90.     MemberDAO memberDAO = injector.getInstance(MemberDAO.class);
    91. 

  91.     expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).times(1);
    92. 

  92. 

  93.     PrincipalEntity clusterUserPrivilegePermissionPrincipalEntity = createMock(PrincipalEntity.class);
    94. 

  94. 

  95.     PermissionEntity clusterUserPrivilegePermissionEntity = createMock(PermissionEntity.class);
    96. 

  96.     expect(clusterUserPrivilegePermissionEntity.getPrincipal()).andReturn(clusterUserPrivilegePermissionPrincipalEntity).times(1);
    97. 

  97. 

  98.     PrivilegeEntity clusterUserPrivilegeEntity = createMock(PrivilegeEntity.class);
    99. 

  99.     expect(clusterUserPrivilegeEntity.getPermission()).andReturn(clusterUserPrivilegePermissionEntity).times(1);
    100. 

  100. 

  101.     PrincipalEntity clusterOperatorPrivilegePermissionPrincipalEntity = createMock(PrincipalEntity.class);
    102. 

  102. 

  103.     PermissionEntity clusterOperatorPrivilegePermissionEntity = createMock(PermissionEntity.class);
    104. 

  104.     expect(clusterOperatorPrivilegePermissionEntity.getPrincipal()).andReturn(clusterOperatorPrivilegePermissionPrincipalEntity).times(1);
    105. 

  105. 

  106.     PrivilegeEntity clusterOperatorPrivilegeEntity = createMock(PrivilegeEntity.class);
    107. 

  107.     expect(clusterOperatorPrivilegeEntity.getPermission()).andReturn(clusterOperatorPrivilegePermissionEntity).times(1);
    108. 

  108. 

  109.     List<PrivilegeEntity> privilegeEntities = new ArrayList<>();
    110. 

  110.     privilegeEntities.add(clusterUserPrivilegeEntity);
    111. 

  111.     privilegeEntities.add(clusterOperatorPrivilegeEntity);
    112. 

  112. 

  113.     PrivilegeEntity clusterUserViewUserPrivilegeEntity = createMock(PrivilegeEntity.class);
    114. 

  114. 

  115.     List<PrivilegeEntity> rolePrivilegeEntities = new ArrayList<>();
    116. 

  116.     rolePrivilegeEntities.add(clusterUserViewUserPrivilegeEntity);
    117. 

  117. 

  118.     Capture<? extends List<PrincipalEntity>> principalEntitiesCapture = newCapture();
    119. 

  119.     Capture<? extends List<PrincipalEntity>> rolePrincipalEntitiesCapture = newCapture();
    120. 

  120. 

  121.     PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
    122. 

  122.     expect(privilegeDAO.findAllByPrincipal(capture(principalEntitiesCapture))).andReturn(privilegeEntities).times(1);
    123. 

  123.     expect(privilegeDAO.findAllByPrincipal(capture(rolePrincipalEntitiesCapture))).andReturn(rolePrivilegeEntities).times(1);
    124. 

  124. 

  125. 

  126.     replayAll();
    127. 

  127. 

  128.     Users user = injector.getInstance(Users.class);
    129. 

  129.     Collection<AmbariGrantedAuthority> authorities = user.getUserAuthorities("user1", UserType.LOCAL);
    130. 

  130. 

  131.     verifyAll();
    132. 

  132. 

  133.     Assert.assertEquals(2, principalEntitiesCapture.getValue().size());
    134. 

  134.     Assert.assertTrue(principalEntitiesCapture.getValue().contains(userPrincipalEntity));
    135. 

  135.     Assert.assertTrue(principalEntitiesCapture.getValue().contains(groupPrincipalEntity));
    136. 

  136. 

  137.     Assert.assertEquals(2, rolePrincipalEntitiesCapture.getValue().size());
    138. 

  138.     Assert.assertTrue(rolePrincipalEntitiesCapture.getValue().contains(clusterUserPrivilegePermissionPrincipalEntity));
    139. 

  139.     Assert.assertTrue(rolePrincipalEntitiesCapture.getValue().contains(clusterOperatorPrivilegePermissionPrincipalEntity));
    140. 

  140. 

  141. 

  142.     Assert.assertEquals(3, authorities.size());
    143. 

  143.     Assert.assertTrue(authorities.contains(new AmbariGrantedAuthority(clusterUserPrivilegeEntity)));
    144. 

  144.     Assert.assertTrue(authorities.contains(new AmbariGrantedAuthority(clusterOperatorPrivilegeEntity)));
    145. 

  145.     Assert.assertTrue(authorities.contains(new AmbariGrantedAuthority(clusterUserViewUserPrivilegeEntity)));
    146. 

  146.   }
    147. 

  147. 

  148.   /**
    149. 

  149.    * User creation should complete without exception in case of unique user name
    150. 

  150.    */
    151. 

  151.   @Test
    152. 

  152.   public void testCreateUser_NoDuplicates() throws Exception {
    153. 

  153.     initForCreateUser(null);
    154. 

  154.     Users users = injector.getInstance(Users.class);
    155. 

  155.     users.createUser(SERVICEOP_USER_NAME, "qwert");
    156. 

  156.   }
    157. 

  157. 

  158.   /**
    159. 

  159.    * User creation should throw {@link AmbariException} in case another user exists with the same name but
    160. 

  160.    * different user type.
    161. 

  161.    */
    162. 

  162.   @Test(expected = AmbariException.class)
    163. 

  163.   public void testCreateUser_Duplicate() throws Exception {
    164. 

  164.     UserEntity existing = new UserEntity();
    165. 

  165.     existing.setUserName(UserName.fromString(SERVICEOP_USER_NAME));
    166. 

  166.     existing.setUserType(UserType.LDAP);
    167. 

  167.     existing.setUserId(1);
    168. 

  168.     existing.setMemberEntities(Collections.emptySet());
    169. 

  169.     PrincipalEntity principal = new PrincipalEntity();
    170. 

  170.     principal.setPrivileges(Collections.emptySet());
    171. 

  171.     existing.setPrincipal(principal);
    172. 

  172.     initForCreateUser(existing);
    173. 

  173. 

  174.     Users users = injector.getInstance(Users.class);
    175. 

  175.     users.createUser(SERVICEOP_USER_NAME, "qwert");
    176. 

  176.   }
    177. 

  177. 

  178.   private void initForCreateUser(@Nullable UserEntity existingUser) {
    179. 

  179.     UserDAO userDao = createStrictMock(UserDAO.class);
    180. 

  180.     expect(userDao.findSingleUserByName(anyString())).andReturn(existingUser);
    181. 

  181.     userDao.create(anyObject(UserEntity.class));
    182. 

  182.     expectLastCall();
    183. 

  183.     EntityManager entityManager = createNiceMock(EntityManager.class);
    184. 

  184.     expect(entityManager.find(eq(PrincipalEntity.class), EasyMock.anyObject())).andReturn(null);
    185. 

  185.     replayAll();
    186. 

  186.     createInjector(userDao, entityManager);
    187. 

  187.   }
    188. 

  188. 

  189.   private void createInjector() {
    190. 

  190.     createInjector(createMock(UserDAO.class), createMock(EntityManager.class));
    191. 

  191.   }
    192. 

  192. 

  193.   private void createInjector(final UserDAO mockUserDao, final EntityManager mockEntityManager) {
    194. 

  194.     injector = Guice.createInjector(new AbstractModule() {
    195. 

  195.       @Override
    196. 

  196.       protected void configure() {
    197. 

  197.         bind(EntityManager.class).toInstance(mockEntityManager);
    198. 

  198.         bind(DBAccessor.class).toInstance(createMock(DBAccessor.class));
    199. 

  199.         bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
    200. 

  200.         bind(UserDAO.class).toInstance(mockUserDao);
    201. 

  201.         bind(MemberDAO.class).toInstance(createMock(MemberDAO.class));
    202. 

  202.         bind(PrivilegeDAO.class).toInstance(createMock(PrivilegeDAO.class));
    203. 

  203.         bind(PasswordEncoder.class).toInstance(createMock(PasswordEncoder.class));
    204. 

  204.         bind(HookService.class).toInstance(createMock(HookService.class));
    205. 

  205.         bind(HookContextFactory.class).toInstance(createMock(HookContextFactory.class));
    206. 

  206.         bind(PrincipalDAO.class).toInstance(createMock(PrincipalDAO.class));
    207. 

  207.         bind(Configuration.class).toInstance(createNiceMock(Configuration.class));
    208. 

  208.       }
    209. 

  209.     });
    210. 

  210.   }
    211. 

  211. }
    212.