diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ProvisionClusterRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ProvisionClusterRequest.java index 01ba9157c07..70b8ab54b34 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ProvisionClusterRequest.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ProvisionClusterRequest.java @@ -199,18 +199,18 @@ public ProvisionClusterRequest(Map properties, SecurityConfigura throw new InvalidTopologyTemplateException("The specified blueprint doesn't exist: " + e, e); } - this.securityConfiguration = securityConfiguration; - this.credentialsMap = parseCredentials(properties); - if (securityConfiguration != null && securityConfiguration.getType() == SecurityType.KERBEROS && getCredentialsMap().get(KDC_ADMIN_CREDENTIAL) == null) { - throw new InvalidTopologyTemplateException(KDC_ADMIN_CREDENTIAL + " is missing from request."); - } - Configuration configuration = configurationFactory.getConfiguration((Collection>) properties.get(CONFIGURATIONS_PROPERTY)); configuration.setParentConfiguration(blueprint.getConfiguration()); setConfiguration(configuration); parseHostGroupInfo(properties); + this.securityConfiguration = securityConfiguration; + this.credentialsMap = parseCredentials(properties); + if (securityConfiguration != null && securityConfiguration.getType() == SecurityType.KERBEROS && getCredentialsMap().get(KDC_ADMIN_CREDENTIAL) == null) { + throw new InvalidTopologyTemplateException(KDC_ADMIN_CREDENTIAL + " is missing from request."); + } + this.configRecommendationStrategy = parseConfigRecommendationStrategy(properties); setProvisionAction(parseProvisionAction(properties)); diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java index e68798334cb..5e1ba49baab 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java @@ -170,33 +170,6 @@ public void testCreateResource_blueprint_With_ProvisionAction() throws Exception verifyAll(); } - @Test(expected = IllegalArgumentException.class) - public void testCreateResource_blueprint_withInvalidSecurityConfiguration() throws Exception { - Set> requestProperties = createBlueprintRequestProperties(CLUSTER_NAME, BLUEPRINT_NAME); - Map properties = requestProperties.iterator().next(); - Map requestInfoProperties = new HashMap<>(); - requestInfoProperties.put(Request.REQUEST_INFO_BODY_PROPERTY, "{\"security\" : {\n\"type\" : \"NONE\"," + - "\n\"kerberos_descriptor_reference\" : " + "\"testRef\"\n}}"); - SecurityConfiguration blueprintSecurityConfiguration = new SecurityConfiguration(SecurityType.KERBEROS, "testRef", - null); - SecurityConfiguration securityConfiguration = new SecurityConfiguration(SecurityType.NONE, null, null); - - // set expectations - expect(request.getProperties()).andReturn(requestProperties).anyTimes(); - expect(request.getRequestInfoProperties()).andReturn(requestInfoProperties).anyTimes(); - - expect(securityFactory.createSecurityConfigurationFromRequest(EasyMock.anyObject(), anyBoolean())).andReturn - (securityConfiguration).once(); - expect(topologyFactory.createProvisionClusterRequest(properties, securityConfiguration)).andReturn(topologyRequest).once(); - expect(topologyRequest.getBlueprint()).andReturn(blueprint).anyTimes(); - expect(blueprint.getSecurity()).andReturn(blueprintSecurityConfiguration).anyTimes(); - expect(requestStatusResponse.getRequestId()).andReturn(5150L).anyTimes(); - - replayAll(); - SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator()); - RequestStatus requestStatus = provider.createResources(request); - } - @Test public void testCreateResource_blueprint_withSecurityConfiguration() throws Exception { Set> requestProperties = createBlueprintRequestProperties(CLUSTER_NAME, BLUEPRINT_NAME); diff --git a/ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintBasedClusterProvisionRequestTest.java b/ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintBasedClusterProvisionRequestTest.java new file mode 100644 index 00000000000..e0f6549ccb7 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintBasedClusterProvisionRequestTest.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.server.topology; + +import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.replay; + +import java.util.Set; + +import org.apache.ambari.server.controller.internal.ProvisionClusterRequest; +import org.apache.ambari.server.controller.internal.StackDefinition; +import org.apache.ambari.server.state.SecurityType; +import org.apache.ambari.server.state.StackId; +import org.junit.Test; + +import com.google.common.collect.ImmutableSet; + +public class BlueprintBasedClusterProvisionRequestTest { + + private static final StackId STACK_ID = new StackId("HDP-2.6"); + private static final Set STACK_IDS = ImmutableSet.of(STACK_ID); + + @Test(expected = IllegalArgumentException.class) // THEN + public void clusterCannotRelaxBlueprintSecurity() { + // GIVEN + AmbariContext context = createNiceMock(AmbariContext.class); + StackDefinition stack = createNiceMock(StackDefinition.class); + expect(context.composeStacks(STACK_IDS)).andReturn(stack).anyTimes(); + + Blueprint blueprint = secureBlueprint(STACK_IDS); + ProvisionClusterRequest request = insecureCluster(); + + replay(context, stack, blueprint, request); + + // WHEN + new BlueprintBasedClusterProvisionRequest(context, null, blueprint, request); + } + + private ProvisionClusterRequest insecureCluster() { + ProvisionClusterRequest request = createNiceMock(ProvisionClusterRequest.class); + expect(request.getSecurityConfiguration()).andReturn(SecurityConfiguration.NONE).anyTimes(); + expect(request.getStackIds()).andReturn(ImmutableSet.of()).anyTimes(); + expect(request.getMpacks()).andReturn(ImmutableSet.of()).anyTimes(); + return request; + } + + private Blueprint secureBlueprint(Set stackIds) { + Blueprint blueprint = createNiceMock(Blueprint.class); + SecurityConfiguration secure = new SecurityConfiguration(SecurityType.KERBEROS); + expect(blueprint.getSecurity()).andReturn(secure).anyTimes(); + expect(blueprint.getStackIds()).andReturn(stackIds).anyTimes(); + expect(blueprint.getMpacks()).andReturn(ImmutableSet.of()).anyTimes(); + return blueprint; + } + +}