use of com.cloudera.api.swagger.model.ApiAuthRoleMetadata in project cloudbreak by hortonworks.
the class ClouderaManagerLdapService method setupLdap.
public void setupLdap(Stack stack, Cluster cluster, HttpClientConfig clientConfig, LdapView ldapView, VirtualGroupRequest virtualGroupRequest) throws ApiException, ClouderaManagerClientInitException {
if (ldapView != null) {
String user = cluster.getCloudbreakAmbariUser();
String password = cluster.getCloudbreakAmbariPassword();
ApiClient client = clouderaManagerApiClientProvider.getV31Client(stack.getGatewayPort(), user, password, clientConfig);
LOGGER.debug("Setup LDAP on ClouderaManager API for stack: {}", stack.getId());
ExternalUserMappingsResourceApi externalUserMappingsResourceApi = clouderaManagerApiFactory.getExternalUserMappingsResourceApi(client);
AuthRolesResourceApi authRolesResourceApi = clouderaManagerApiFactory.getAuthRolesResourceApi(client);
ApiAuthRoleMetadataList roleMetadataList = authRolesResourceApi.readAuthRolesMetadata(null);
if (roleMetadataList.getItems() != null) {
Optional<ApiAuthRoleMetadata> dashboardUserRoleOpt = findRole(roleMetadataList, dashboardUserRole);
Optional<ApiAuthRoleMetadata> limitedAdminRoleOpt = findRole(roleMetadataList, limitedAdminRole);
Optional<ApiAuthRoleMetadata> role = limitedAdminRoleOpt.isPresent() ? limitedAdminRoleOpt : findRole(roleMetadataList, adminRole);
if (role.isPresent()) {
String virtualGroup = virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN);
addGroupMapping(externalUserMappingsResourceApi, role.get(), dashboardUserRoleOpt, virtualGroup);
} else {
LOGGER.info("Cannot setup admin group mapping. Admin roles ({}, {}) are not found", adminRole, limitedAdminRole);
}
Optional<ApiAuthRoleMetadata> userMetadata = roleMetadataList.getItems().stream().filter(toRole(userRole)).findFirst();
if (userMetadata.isPresent() && StringUtils.isNotBlank(ldapView.getUserGroup())) {
addGroupMapping(externalUserMappingsResourceApi, userMetadata.get(), dashboardUserRoleOpt, ldapView.getUserGroup());
} else {
LOGGER.info("Cannot setup user group mapping. User metadata present: [{}] User group: [{}]", userMetadata.isPresent(), ldapView.getUserGroup());
}
}
}
}
use of com.cloudera.api.swagger.model.ApiAuthRoleMetadata in project cloudbreak by hortonworks.
the class ClouderaManagerLdapServiceTest method testSetupLdapWithNoRoleAdmin.
@Test
public void testSetupLdapWithNoRoleAdmin() throws ApiException, ClouderaManagerClientInitException {
// GIVEN
ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_CONFIGURATOR");
ReflectionTestUtils.setField(underTest, "limitedAdminRole", "ROLE_CONFIGURATOR_2");
ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
LdapView ldapConfig = getLdapConfig();
when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("role").uuid("uuid").role("NO_ROLE_ADMIN")));
// WHEN
underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, null);
// THEN
verify(externalUserMappingsResourceApi, never()).createExternalUserMappings(any(ApiExternalUserMappingList.class));
}
use of com.cloudera.api.swagger.model.ApiAuthRoleMetadata in project cloudbreak by hortonworks.
the class ClouderaManagerLdapServiceTest method testSetupLdapWithFullAdminGroupMapping.
@Test
public void testSetupLdapWithFullAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
// GIVEN
ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
ReflectionTestUtils.setField(underTest, "limitedAdminRole", "NO_ROLE_LIMITED_CLUSTER_ADMIN");
ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
LdapView ldapConfig = getLdapConfig();
VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_DASHBOARD_USER").uuid("uuid").role("ROLE_DASHBOARD_USER"));
when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
// WHEN
underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
// THEN
ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
assertEquals("ROLE_ADMIN", authRole.getDisplayName());
assertEquals("uuid", authRole.getUuid());
assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
use of com.cloudera.api.swagger.model.ApiAuthRoleMetadata in project cloudbreak by hortonworks.
the class ClouderaManagerLdapServiceTest method testSetupLdapWithLimitedAdminGroupMapping.
@Test
public void testSetupLdapWithLimitedAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
// GIVEN
ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
ReflectionTestUtils.setField(underTest, "limitedAdminRole", "ROLE_LIMITED_CLUSTER_ADMIN");
ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
LdapView ldapConfig = getLdapConfig();
VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
// WHEN
underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
// THEN
ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
assertEquals("ROLE_LIMITED_CLUSTER_ADMIN", authRole.getDisplayName());
assertEquals("uuid", authRole.getUuid());
assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
use of com.cloudera.api.swagger.model.ApiAuthRoleMetadata in project cloudbreak by hortonworks.
the class ClouderaManagerLdapService method addGroupMapping.
private void addGroupMapping(ExternalUserMappingsResourceApi cmApi, ApiAuthRoleMetadata adminRole, Optional<ApiAuthRoleMetadata> dashboardUserRoleOpt, String ldapGroup) throws ApiException {
LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, adminRole.getDisplayName());
ApiExternalUserMappingList apiExternalUserMappingList = new ApiExternalUserMappingList().addItemsItem(new ApiExternalUserMapping().name(ldapGroup).type(ApiExternalUserMappingType.LDAP).addAuthRolesItem(new ApiAuthRoleRef().displayName(adminRole.getDisplayName()).uuid(adminRole.getUuid())));
if (dashboardUserRoleOpt.isPresent()) {
ApiAuthRoleMetadata dashboardUserRole = dashboardUserRoleOpt.get();
LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, dashboardUserRole.getDisplayName());
apiExternalUserMappingList.getItems().get(0).addAuthRolesItem(new ApiAuthRoleRef().displayName(dashboardUserRole.getDisplayName()).uuid(dashboardUserRole.getUuid()));
}
cmApi.createExternalUserMappings(apiExternalUserMappingList);
}
Aggregations