Search in sources :

Example 1 with ApiAuthRoleRef

use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.

the class ClouderaManagerSecurityService method setupMonitoringUser.

@Override
public void setupMonitoringUser() throws CloudbreakException {
    Cluster cluster = stack.getCluster();
    String user = cluster.getCloudbreakAmbariUser();
    String password = cluster.getCloudbreakAmbariPassword();
    try {
        ApiClient client = getClient(stack.getGatewayPort(), user, password, clientConfig);
        UsersResourceApi usersResourceApi = clouderaManagerApiFactory.getUserResourceApi(client);
        String monitoringUser = cluster.getCloudbreakClusterManagerMonitoringUser();
        String monitoringPassword = cluster.getCloudbreakClusterManagerMonitoringPassword();
        ApiUser2List userList = usersResourceApi.readUsers2("SUMMARY");
        Optional<ApiUser2> mUser = userList.getItems().stream().filter(apiUser2 -> apiUser2.getName().equals(monitoringUser)).findFirst();
        if (mUser.isPresent()) {
            LOGGER.info("Monitoring user '{}' already exists. Skipping user generation", monitoringUser);
        } else {
            List<ApiAuthRoleRef> authRoles = new ArrayList<>();
            ApiAuthRoleRef apiAuthRoleRef = new ApiAuthRoleRef();
            apiAuthRoleRef.setName("ROLE_ADMIN");
            authRoles.add(apiAuthRoleRef);
            createNewUser(usersResourceApi, authRoles, monitoringUser, monitoringPassword, userList);
        }
    } catch (ApiException | ClouderaManagerClientInitException e) {
        throw new CloudbreakException("Can't replace admin password due to: " + e.getMessage());
    }
}
Also used : UsersResourceApi(com.cloudera.api.swagger.UsersResourceApi) ApiUser2List(com.cloudera.api.swagger.model.ApiUser2List) Stack(com.sequenceiq.cloudbreak.domain.stack.Stack) Cluster(com.sequenceiq.cloudbreak.domain.stack.cluster.Cluster) CloudbreakException(com.sequenceiq.cloudbreak.service.CloudbreakException) KeyPair(java.security.KeyPair) ApiBatchRequestElement(com.cloudera.api.swagger.model.ApiBatchRequestElement) ApiCommand(com.cloudera.api.swagger.model.ApiCommand) ClusterClientInitException(com.sequenceiq.cloudbreak.cluster.service.ClusterClientInitException) ApiClient(com.cloudera.api.swagger.client.ApiClient) LoggerFactory(org.slf4j.LoggerFactory) ToolsResourceApi(com.cloudera.api.swagger.ToolsResourceApi) ApiHostList(com.cloudera.api.swagger.model.ApiHostList) ClouderaManagerClientInitException(com.sequenceiq.cloudbreak.cm.client.ClouderaManagerClientInitException) StringUtils(org.apache.commons.lang3.StringUtils) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) Scope(org.springframework.context.annotation.Scope) ApiException(com.cloudera.api.swagger.client.ApiException) ClouderaManagerPollingServiceProvider(com.sequenceiq.cloudbreak.cm.polling.ClouderaManagerPollingServiceProvider) ArrayList(java.util.ArrayList) Inject(javax.inject.Inject) BigDecimal(java.math.BigDecimal) ClouderaManagerApiClientProvider(com.sequenceiq.cloudbreak.cm.client.ClouderaManagerApiClientProvider) UsersResourceApi(com.cloudera.api.swagger.UsersResourceApi) BatchResourceApi(com.cloudera.api.swagger.BatchResourceApi) Service(org.springframework.stereotype.Service) LdapView(com.sequenceiq.cloudbreak.dto.LdapView) ApiBatchRequest(com.cloudera.api.swagger.model.ApiBatchRequest) Retryable(org.springframework.retry.annotation.Retryable) Logger(org.slf4j.Logger) VirtualGroupRequest(com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest) HostsResourceApi(com.cloudera.api.swagger.HostsResourceApi) ApiBatchResponse(com.cloudera.api.swagger.model.ApiBatchResponse) ApiUser2List(com.cloudera.api.swagger.model.ApiUser2List) ExtendedPollingResult(com.sequenceiq.cloudbreak.polling.ExtendedPollingResult) URLUtils(com.sequenceiq.cloudbreak.util.URLUtils) ClusterSecurityService(com.sequenceiq.cloudbreak.cluster.api.ClusterSecurityService) ApiGenerateHostCertsArguments(com.cloudera.api.swagger.model.ApiGenerateHostCertsArguments) HttpClientConfig(com.sequenceiq.cloudbreak.client.HttpClientConfig) Collectors(java.util.stream.Collectors) ApiUser2(com.cloudera.api.swagger.model.ApiUser2) Json(com.sequenceiq.cloudbreak.common.json.Json) List(java.util.List) HTTPMethod(com.cloudera.api.swagger.model.HTTPMethod) PkiUtil(com.sequenceiq.cloudbreak.certificate.PkiUtil) DatalakeDto(com.sequenceiq.cloudbreak.dto.datalake.DatalakeDto) Optional(java.util.Optional) CancellationException(com.sequenceiq.cloudbreak.cloud.scheduler.CancellationException) ClouderaManagerApiFactory(com.sequenceiq.cloudbreak.cm.client.retry.ClouderaManagerApiFactory) ArrayList(java.util.ArrayList) Cluster(com.sequenceiq.cloudbreak.domain.stack.cluster.Cluster) ClouderaManagerClientInitException(com.sequenceiq.cloudbreak.cm.client.ClouderaManagerClientInitException) ApiClient(com.cloudera.api.swagger.client.ApiClient) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) CloudbreakException(com.sequenceiq.cloudbreak.service.CloudbreakException) ApiUser2(com.cloudera.api.swagger.model.ApiUser2) ApiException(com.cloudera.api.swagger.client.ApiException)

Example 2 with ApiAuthRoleRef

use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.

the class ClouderaManagerSecurityServiceTest method createApiUser2List.

private ApiUser2List createApiUser2List() {
    ApiUser2List apiUser2List = new ApiUser2List();
    ApiUser2 admin = new ApiUser2();
    admin.setName(ADMIN);
    admin.setAuthRoles(Collections.singletonList(new ApiAuthRoleRef()));
    apiUser2List.setItems(List.of(admin));
    return apiUser2List;
}
Also used : ApiUser2List(com.cloudera.api.swagger.model.ApiUser2List) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) ApiUser2(com.cloudera.api.swagger.model.ApiUser2)

Example 3 with ApiAuthRoleRef

use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.

the class ClouderaManagerLdapServiceTest method testSetupLdapWithFullAdminGroupMapping.

@Test
public void testSetupLdapWithFullAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
    // GIVEN
    ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
    ReflectionTestUtils.setField(underTest, "limitedAdminRole", "NO_ROLE_LIMITED_CLUSTER_ADMIN");
    ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
    ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
    LdapView ldapConfig = getLdapConfig();
    VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
    ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
    apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
    apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_DASHBOARD_USER").uuid("uuid").role("ROLE_DASHBOARD_USER"));
    when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
    when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
    // WHEN
    underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
    // THEN
    ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
    verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
    ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
    ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
    assertEquals("ROLE_ADMIN", authRole.getDisplayName());
    assertEquals("uuid", authRole.getUuid());
    assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
Also used : ApiAuthRoleMetadataList(com.cloudera.api.swagger.model.ApiAuthRoleMetadataList) ApiExternalUserMappingList(com.cloudera.api.swagger.model.ApiExternalUserMappingList) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) VirtualGroupRequest(com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest) ApiAuthRoleMetadata(com.cloudera.api.swagger.model.ApiAuthRoleMetadata) ApiExternalUserMapping(com.cloudera.api.swagger.model.ApiExternalUserMapping) LdapView(com.sequenceiq.cloudbreak.dto.LdapView) Test(org.junit.Test)

Example 4 with ApiAuthRoleRef

use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.

the class ClouderaManagerLdapServiceTest method testSetupLdapWithLimitedAdminGroupMapping.

@Test
public void testSetupLdapWithLimitedAdminGroupMapping() throws ApiException, ClouderaManagerClientInitException {
    // GIVEN
    ReflectionTestUtils.setField(underTest, "adminRole", "ROLE_ADMIN");
    ReflectionTestUtils.setField(underTest, "limitedAdminRole", "ROLE_LIMITED_CLUSTER_ADMIN");
    ReflectionTestUtils.setField(underTest, "userRole", "ROLE_USER");
    ReflectionTestUtils.setField(underTest, "dashboardUserRole", "ROLE_DASHBOARD_USER");
    LdapView ldapConfig = getLdapConfig();
    VirtualGroupRequest virtualGroupRequest = new VirtualGroupRequest(TestConstants.CRN, "");
    ApiAuthRoleMetadataList apiAuthRoleMetadataList = new ApiAuthRoleMetadataList().addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_LIMITED_CLUSTER_ADMIN").uuid("uuid").role("ROLE_LIMITED_CLUSTER_ADMIN"));
    apiAuthRoleMetadataList.addItemsItem(new ApiAuthRoleMetadata().displayName("ROLE_ADMIN").uuid("uuid").role("ROLE_ADMIN"));
    when(authRolesResourceApi.readAuthRolesMetadata(null)).thenReturn(apiAuthRoleMetadataList);
    when(virtualGroupService.createOrGetVirtualGroup(virtualGroupRequest, UmsVirtualGroupRight.CLOUDER_MANAGER_ADMIN)).thenReturn("virtualGroup");
    // WHEN
    underTest.setupLdap(stack, cluster, httpClientConfig, ldapConfig, virtualGroupRequest);
    // THEN
    ArgumentCaptor<ApiExternalUserMappingList> apiExternalUserMappingListArgumentCaptor = ArgumentCaptor.forClass(ApiExternalUserMappingList.class);
    verify(externalUserMappingsResourceApi).createExternalUserMappings(apiExternalUserMappingListArgumentCaptor.capture());
    ApiExternalUserMapping apiExternalUserMapping = apiExternalUserMappingListArgumentCaptor.getValue().getItems().get(0);
    ApiAuthRoleRef authRole = apiExternalUserMapping.getAuthRoles().get(0);
    assertEquals("ROLE_LIMITED_CLUSTER_ADMIN", authRole.getDisplayName());
    assertEquals("uuid", authRole.getUuid());
    assertEquals("virtualGroup", apiExternalUserMapping.getName());
}
Also used : ApiAuthRoleMetadataList(com.cloudera.api.swagger.model.ApiAuthRoleMetadataList) ApiExternalUserMappingList(com.cloudera.api.swagger.model.ApiExternalUserMappingList) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) VirtualGroupRequest(com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest) ApiAuthRoleMetadata(com.cloudera.api.swagger.model.ApiAuthRoleMetadata) ApiExternalUserMapping(com.cloudera.api.swagger.model.ApiExternalUserMapping) LdapView(com.sequenceiq.cloudbreak.dto.LdapView) Test(org.junit.Test)

Example 5 with ApiAuthRoleRef

use of com.cloudera.api.swagger.model.ApiAuthRoleRef in project cloudbreak by hortonworks.

the class ClouderaManagerLdapService method addGroupMapping.

private void addGroupMapping(ExternalUserMappingsResourceApi cmApi, ApiAuthRoleMetadata adminRole, Optional<ApiAuthRoleMetadata> dashboardUserRoleOpt, String ldapGroup) throws ApiException {
    LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, adminRole.getDisplayName());
    ApiExternalUserMappingList apiExternalUserMappingList = new ApiExternalUserMappingList().addItemsItem(new ApiExternalUserMapping().name(ldapGroup).type(ApiExternalUserMappingType.LDAP).addAuthRolesItem(new ApiAuthRoleRef().displayName(adminRole.getDisplayName()).uuid(adminRole.getUuid())));
    if (dashboardUserRoleOpt.isPresent()) {
        ApiAuthRoleMetadata dashboardUserRole = dashboardUserRoleOpt.get();
        LOGGER.info("Associating virtual group '{}' to CM role '{}'", ldapGroup, dashboardUserRole.getDisplayName());
        apiExternalUserMappingList.getItems().get(0).addAuthRolesItem(new ApiAuthRoleRef().displayName(dashboardUserRole.getDisplayName()).uuid(dashboardUserRole.getUuid()));
    }
    cmApi.createExternalUserMappings(apiExternalUserMappingList);
}
Also used : ApiExternalUserMappingList(com.cloudera.api.swagger.model.ApiExternalUserMappingList) ApiAuthRoleRef(com.cloudera.api.swagger.model.ApiAuthRoleRef) ApiAuthRoleMetadata(com.cloudera.api.swagger.model.ApiAuthRoleMetadata) ApiExternalUserMapping(com.cloudera.api.swagger.model.ApiExternalUserMapping)

Aggregations

ApiAuthRoleRef (com.cloudera.api.swagger.model.ApiAuthRoleRef)5 ApiAuthRoleMetadata (com.cloudera.api.swagger.model.ApiAuthRoleMetadata)3 ApiExternalUserMapping (com.cloudera.api.swagger.model.ApiExternalUserMapping)3 ApiExternalUserMappingList (com.cloudera.api.swagger.model.ApiExternalUserMappingList)3 VirtualGroupRequest (com.sequenceiq.cloudbreak.auth.altus.VirtualGroupRequest)3 LdapView (com.sequenceiq.cloudbreak.dto.LdapView)3 ApiAuthRoleMetadataList (com.cloudera.api.swagger.model.ApiAuthRoleMetadataList)2 ApiUser2 (com.cloudera.api.swagger.model.ApiUser2)2 ApiUser2List (com.cloudera.api.swagger.model.ApiUser2List)2 Test (org.junit.Test)2 BatchResourceApi (com.cloudera.api.swagger.BatchResourceApi)1 HostsResourceApi (com.cloudera.api.swagger.HostsResourceApi)1 ToolsResourceApi (com.cloudera.api.swagger.ToolsResourceApi)1 UsersResourceApi (com.cloudera.api.swagger.UsersResourceApi)1 ApiClient (com.cloudera.api.swagger.client.ApiClient)1 ApiException (com.cloudera.api.swagger.client.ApiException)1 ApiBatchRequest (com.cloudera.api.swagger.model.ApiBatchRequest)1 ApiBatchRequestElement (com.cloudera.api.swagger.model.ApiBatchRequestElement)1 ApiBatchResponse (com.cloudera.api.swagger.model.ApiBatchResponse)1 ApiCommand (com.cloudera.api.swagger.model.ApiCommand)1