use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.
the class ClouderaManagerSecurityService method setupMonitoringUser.
@Override
public void setupMonitoringUser() throws CloudbreakException {
Cluster cluster = stack.getCluster();
String user = cluster.getCloudbreakAmbariUser();
String password = cluster.getCloudbreakAmbariPassword();
try {
ApiClient client = getClient(stack.getGatewayPort(), user, password, clientConfig);
UsersResourceApi usersResourceApi = clouderaManagerApiFactory.getUserResourceApi(client);
String monitoringUser = cluster.getCloudbreakClusterManagerMonitoringUser();
String monitoringPassword = cluster.getCloudbreakClusterManagerMonitoringPassword();
ApiUser2List userList = usersResourceApi.readUsers2("SUMMARY");
Optional<ApiUser2> mUser = userList.getItems().stream().filter(apiUser2 -> apiUser2.getName().equals(monitoringUser)).findFirst();
if (mUser.isPresent()) {
LOGGER.info("Monitoring user '{}' already exists. Skipping user generation", monitoringUser);
} else {
List<ApiAuthRoleRef> authRoles = new ArrayList<>();
ApiAuthRoleRef apiAuthRoleRef = new ApiAuthRoleRef();
apiAuthRoleRef.setName("ROLE_ADMIN");
authRoles.add(apiAuthRoleRef);
createNewUser(usersResourceApi, authRoles, monitoringUser, monitoringPassword, userList);
}
} catch (ApiException | ClouderaManagerClientInitException e) {
throw new CloudbreakException("Can't replace admin password due to: " + e.getMessage());
}
}
use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.
the class ClouderaManagerSecurityServiceTest method createApiUser2List.
private ApiUser2List createApiUser2List() {
ApiUser2List apiUser2List = new ApiUser2List();
ApiUser2 admin = new ApiUser2();
admin.setName(ADMIN);
admin.setAuthRoles(Collections.singletonList(new ApiAuthRoleRef()));
apiUser2List.setItems(List.of(admin));
return apiUser2List;
}
use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.
the class ClouderaManagerLdapServiceTest method testSetupLdapWithFullAdminGroupMapping.
@Test
public void testSetupLdapWithFullAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
// GIVEN
ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
ReflectionTestUtils.setField(underTest, "limitedAdminRole", "NO_ROLE_LIMITED_CLUSTER_ADMIN");
ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
LdapView ldapConfig = getLdapConfig();
VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_DASHBOARD_USER").uuid("uuid").role("ROLE_DASHBOARD_USER"));
when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
// WHEN
underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
// THEN
ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
assertEquals("ROLE_ADMIN", authRole.getDisplayName());
assertEquals("uuid", authRole.getUuid());
assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.
the class ClouderaManagerLdapServiceTest method testSetupLdapWithLimitedAdminGroupMapping.
@Test
public void testSetupLdapWithLimitedAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
// GIVEN
ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
ReflectionTestUtils.setField(underTest, "limitedAdminRole", "ROLE_LIMITED_CLUSTER_ADMIN");
ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
LdapView ldapConfig = getLdapConfig();
VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
// WHEN
underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
// THEN
ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
assertEquals("ROLE_LIMITED_CLUSTER_ADMIN", authRole.getDisplayName());
assertEquals("uuid", authRole.getUuid());
assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.
the class ClouderaManagerLdapService method addGroupMapping.
private void addGroupMapping(ExternalUserMappingsResourceApi cmApi, ApiAuthRoleMetadata adminRole, Optional<ApiAuthRoleMetadata> dashboardUserRoleOpt, String ldapGroup) throws ApiException {
LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, adminRole.getDisplayName());
ApiExternalUserMappingList apiExternalUserMappingList = new ApiExternalUserMappingList().addItemsItem(new ApiExternalUserMapping().name(ldapGroup).type(ApiExternalUserMappingType.LDAP).addAuthRolesItem(new ApiAuthRoleRef().displayName(adminRole.getDisplayName()).uuid(adminRole.getUuid())));
if (dashboardUserRoleOpt.isPresent()) {
ApiAuthRoleMetadata dashboardUserRole = dashboardUserRoleOpt.get();
LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, dashboardUserRole.getDisplayName());
apiExternalUserMappingList.getItems().get(0).addAuthRolesItem(new ApiAuthRoleRef().displayName(dashboardUserRole.getDisplayName()).uuid(dashboardUserRole.getUuid()));
}
cmApi.createExternalUserMappings(apiExternalUserMappingList);
}
Aggregations