#327 Can now deploy privileges with CMA

marklogic · Jan 4, 2019 · f0636dd · f0636dd
1 parent 7b12603
commit f0636dd
Show file tree

Hide file tree

Showing 8 changed files with 110 additions and 5 deletions.
diff --git a/src/main/java/com/marklogic/appdeployer/AppConfig.java b/src/main/java/com/marklogic/appdeployer/AppConfig.java
@@ -70,6 +70,7 @@ public class AppConfig {
     private boolean deployAmpsWithCma = false;
     private boolean deployForestsWithCma = false;
     private boolean deployRolesWithCma = false;
+    private boolean deployPrivilegesWithCma = false;
 
     // Used to construct DatabaseClient instances based on inputs defined in this class
     private ConfiguredDatabaseClientFactory configuredDatabaseClientFactory = new DefaultConfiguredDatabaseClientFactory();
@@ -1269,4 +1270,12 @@ public boolean isDeployRolesWithCma() {
 	public void setDeployRolesWithCma(boolean deployRolesWithCma) {
 		this.deployRolesWithCma = deployRolesWithCma;
 	}
+
+	public boolean isDeployPrivilegesWithCma() {
+		return deployPrivilegesWithCma;
+	}
+
+	public void setDeployPrivilegesWithCma(boolean deployPrivilegesWithCma) {
+		this.deployPrivilegesWithCma = deployPrivilegesWithCma;
+	}
 }
diff --git a/src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java b/src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java
@@ -58,6 +58,11 @@ public void initialize() {
 			config.setDeployForestsWithCma(Boolean.parseBoolean(prop));
 		});
 
+		propertyConsumerMap.put("mlDeployPrivilegesWithCma", (config, prop) -> {
+			logger.info("Deploy privileges" + cmaMessage + prop);
+			config.setDeployPrivilegesWithCma(Boolean.parseBoolean(prop));
+		});
+
 		propertyConsumerMap.put("mlDeployRolesWithCma", (config, prop) -> {
 			logger.info("Deploy roles" + cmaMessage + prop);
 			config.setDeployRolesWithCma(Boolean.parseBoolean(prop));

diff --git a/src/main/java/com/marklogic/appdeployer/command/security/DeployPrivilegesCommand.java b/src/main/java/com/marklogic/appdeployer/command/security/DeployPrivilegesCommand.java
@@ -3,6 +3,10 @@
 import com.marklogic.appdeployer.command.AbstractResourceCommand;
 import com.marklogic.appdeployer.command.CommandContext;
 import com.marklogic.appdeployer.command.SortOrderConstants;
+import com.marklogic.appdeployer.command.SupportsCmaCommand;
+import com.marklogic.mgmt.api.configuration.Configuration;
+import com.marklogic.mgmt.api.security.Privilege;
+import com.marklogic.mgmt.mapper.ResourceMapper;
 import com.marklogic.mgmt.resource.ResourceManager;
 import com.marklogic.mgmt.resource.security.PrivilegeManager;
 
@@ -12,7 +16,7 @@
 
 import java.io.File;
 
-public class DeployPrivilegesCommand extends AbstractResourceCommand {
+public class DeployPrivilegesCommand extends AbstractResourceCommand implements SupportsCmaCommand {
 
     public DeployPrivilegesCommand() {
         setExecuteSortOrder(SortOrderConstants.DEPLOY_PRIVILEGES);
@@ -29,4 +33,13 @@ protected ResourceManager getResourceManager(CommandContext context) {
         return new PrivilegeManager(context.getManageClient());
     }
 
+	@Override
+	public boolean cmaShouldBeUsed(CommandContext context) {
+		return context.getAppConfig().isDeployPrivilegesWithCma();
+	}
+
+	@Override
+	public void addResourceToConfiguration(String payload, ResourceMapper resourceMapper, Configuration configuration) {
+    	configuration.addPrivilege(resourceMapper.readResource(payload, Privilege.class));
+	}
 }
diff --git a/src/main/java/com/marklogic/mgmt/api/configuration/Configuration.java b/src/main/java/com/marklogic/mgmt/api/configuration/Configuration.java
@@ -5,6 +5,7 @@
 import com.marklogic.mgmt.api.forest.Forest;
 import com.marklogic.mgmt.api.group.Group;
 import com.marklogic.mgmt.api.security.Amp;
+import com.marklogic.mgmt.api.security.Privilege;
 import com.marklogic.mgmt.api.security.Role;
 import com.marklogic.mgmt.api.security.User;
 import com.marklogic.mgmt.api.server.Server;
@@ -29,6 +30,9 @@ public class Configuration {
 	@JsonProperty("group")
 	private List<Group> groups;
 
+	@JsonProperty("privilege")
+	private List<Privilege> privileges;
+
 	@JsonProperty("role")
 	private List<Role> roles;
 
@@ -72,7 +76,12 @@ public void addUser(User u) {
 		if (users == null) users = new ArrayList<>();
 		users.add(u);
 	}
-
+
+	public void addPrivilege(Privilege p) {
+		if (privileges == null) privileges = new ArrayList<>();
+		privileges.add(p);
+	}
+
 	public List<Amp> getAmps() {
 		return amps;
 	}
@@ -128,4 +137,12 @@ public List<User> getUsers() {
 	public void setUsers(List<User> users) {
 		this.users = users;
 	}
+
+	public List<Privilege> getPrivileges() {
+		return privileges;
+	}
+
+	public void setPrivileges(List<Privilege> privileges) {
+		this.privileges = privileges;
+	}
 }
diff --git a/src/main/java/com/marklogic/mgmt/api/configuration/Configurations.java b/src/main/java/com/marklogic/mgmt/api/configuration/Configurations.java
@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.marklogic.mgmt.ManageClient;
 import com.marklogic.mgmt.api.ApiObject;
+import com.marklogic.mgmt.cma.ConfigurationManager;
 import com.marklogic.mgmt.util.ObjectMapperFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -51,7 +52,7 @@ public void submit(ManageClient manageClient) {
 				logger.info("Submitting configuration: " + json);
 			}
 		}
-		manageClient.postJson("/manage/v3", json);
+		new ConfigurationManager(manageClient).submit(json);
 		if (logger.isInfoEnabled()) {
 			logger.info("Successfully submitted configuration");
 		}

diff --git a/src/main/java/com/marklogic/mgmt/cma/ConfigurationManager.java b/src/main/java/com/marklogic/mgmt/cma/ConfigurationManager.java
@@ -25,6 +25,11 @@ public ConfigurationManager(ManageClient manageClient) {
 		this.manageClient = manageClient;
 	}
 
+	@Override
+	protected boolean useSecurityUser() {
+		return true;
+	}
+
 	/**
 	 * Returns true if the CMA endpoint exists. This temporarily disables logging in MgmtResponseErrorHandler so that
 	 * a client doesn't see the 404 error being logged, which could be mistakenly perceived as a real error.
@@ -36,7 +41,8 @@ public boolean endpointExists() {
 			if (logger.isInfoEnabled()) {
 				logger.info("Checking to see if Configuration Management API is available at: " + PATH);
 			}
-			manageClient.postJson(PATH, "{}");
+			final String emptyPayload = "{}";
+			submit(emptyPayload);
 			return true;
 		} catch (HttpClientErrorException ex) {
 			return false;
@@ -45,6 +51,12 @@ public boolean endpointExists() {
 		}
 	}
 
+	/**
+	 * Submits the configuration, with some logging before and after.
+	 *
+	 * @param payload
+	 * @return
+	 */
 	public SaveReceipt save(String payload) {
 		String configurationName = payloadParser.getPayloadFieldValue(payload, "name", false);
 		if (configurationName == null) {
@@ -55,12 +67,17 @@ public SaveReceipt save(String payload) {
 			logger.info("Applying configuration " + configurationName);
 		}
 
-		ResponseEntity<String> response = postPayload(manageClient, PATH, payload);
+		SaveReceipt receipt = submit(payload);
 
 		if (logger.isInfoEnabled()) {
 			logger.info("Applied configuration " + configurationName);
 		}
 
+		return receipt;
+	}
+
+	public SaveReceipt submit(String payload) {
+		ResponseEntity<String> response = postPayload(manageClient, PATH, payload);
 		return new SaveReceipt(null, payload, PATH, response);
 	}
 

diff --git a/src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java b/src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java
@@ -110,6 +110,7 @@ public void allProperties() {
 
 	    p.setProperty("mlDeployAmpsWithCma", "true");
 	    p.setProperty("mlDeployForestsWithCma", "true");
+	    p.setProperty("mlDeployPrivilegesWithCma", "true");
 	    p.setProperty("mlDeployRolesWithCma", "true");
 
 	    p.setProperty("mlHost", "prophost");
@@ -211,6 +212,7 @@ public void allProperties() {
 
         assertTrue(config.isDeployAmpsWithCma());
 	    assertTrue(config.isDeployForestsWithCma());
+	    assertTrue(config.isDeployPrivilegesWithCma());
 	    assertTrue(config.isDeployRolesWithCma());
 
         assertEquals("prophost", config.getHost());

diff --git a/src/test/java/com/marklogic/appdeployer/command/security/DeployPrivilegesWithCmaTest.java b/src/test/java/com/marklogic/appdeployer/command/security/DeployPrivilegesWithCmaTest.java
@@ -0,0 +1,41 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.AbstractAppDeployerTest;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.PrivilegeManager;
+import org.junit.Test;
+
+public class DeployPrivilegesWithCmaTest extends AbstractAppDeployerTest {
+
+	@Test
+	public void test() {
+		initializeAppDeployer(new TestDeployPrivilegesCommand());
+
+		PrivilegeManager mgr = new PrivilegeManager(manageClient);
+		appConfig.setDeployPrivilegesWithCma(true);
+
+		try {
+			deploySampleApp();
+			assertTrue(mgr.exists("sample-app-execute-1"));
+			assertTrue(mgr.exists("sample-app-execute-1"));
+
+			deploySampleApp();
+			assertTrue(mgr.exists("sample-app-execute-1"));
+			assertTrue(mgr.exists("sample-app-execute-1"));
+		} finally {
+			initializeAppDeployer(new DeployPrivilegesCommand());
+
+			undeploySampleApp();
+			assertFalse(mgr.exists("sample-app-execute-1"));
+			assertFalse(mgr.exists("sample-app-execute-1"));
+		}
+	}
+}
+
+class TestDeployPrivilegesCommand extends DeployPrivilegesCommand {
+	@Override
+	protected ResourceManager getResourceManager(CommandContext context) {
+		throw new RuntimeException("This should not be called when deploying with CMA");
+	}
+}