#393 Can now deploy privileges with roles that haven't been created yet

Author: rjrudin

src/main/java/com/marklogic/appdeployer/command/CommandMapBuilder.java

@@ -62,6 +62,7 @@ public Map<String, List<Command>> buildCommandMap() {
 		securityCommands.add(new InsertCertificateHostsTemplateCommand());
 		securityCommands.add(new DeployExternalSecurityCommand());
 		securityCommands.add(new DeployPrivilegesCommand());
+		securityCommands.add(new DeployPrivilegeRolesCommand());
 		securityCommands.add(new DeployProtectedCollectionsCommand());
 		securityCommands.add(new DeployProtectedPathsCommand());
 		securityCommands.add(new DeployQueryRolesetsCommand());
@@ -158,7 +159,7 @@ public Map<String, List<Command>> buildCommandMap() {
 		List<Command> pluginCommands = new ArrayList<>();
 		pluginCommands.add(new InstallPluginsCommand());
 		map.put("mlPluginCommands", pluginCommands);
-		
+
 		// Tasks
 		List<Command> taskCommands = new ArrayList<Command>();
 		taskCommands.add(new DeployScheduledTasksCommand());

src/main/java/com/marklogic/appdeployer/command/SortOrderConstants.java

@@ -8,6 +8,9 @@ public abstract class SortOrderConstants {
 	public static Integer DEPLOY_QUERY_ROLESETS = 13; // depends on roles
     public static Integer DEPLOY_USERS = 15; // depends on roles
 
+	// After users are deployed so they're not included in combined CMA requests
+	public static Integer DEPLOY_PRIVILEGE_ROLES = 18;
+
 	public static Integer DEPLOY_CERTIFICATE_AUTHORITIES = 20;
 	public static Integer DEPLOY_CERTIFICATE_TEMPLATES = 24;
 	public static Integer GENERATE_TEMPORARY_CERTIFICATE = 25;

src/main/java/com/marklogic/appdeployer/command/security/DeployPrivilegeRolesCommand.java

@@ -0,0 +1,67 @@
+package com.marklogic.appdeployer.command.security;
+
+import com.marklogic.appdeployer.command.AbstractResourceCommand;
+import com.marklogic.appdeployer.command.CommandContext;
+import com.marklogic.appdeployer.command.ResourceReference;
+import com.marklogic.appdeployer.command.SortOrderConstants;
+import com.marklogic.mgmt.api.API;
+import com.marklogic.mgmt.api.security.Privilege;
+import com.marklogic.mgmt.mapper.DefaultResourceMapper;
+import com.marklogic.mgmt.mapper.ResourceMapper;
+import com.marklogic.mgmt.resource.ResourceManager;
+import com.marklogic.mgmt.resource.security.PrivilegeManager;
+
+import java.io.File;
+import java.util.function.BiPredicate;
+
+/**
+ * Intended to run after roles and privileges have been deployed so that any roles associated with privileges can be
+ * safely deployed.
+ */
+public class DeployPrivilegeRolesCommand extends AbstractResourceCommand {
+
+	private ResourceMapper resourceMapper;
+
+	public DeployPrivilegeRolesCommand() {
+		setExecuteSortOrder(SortOrderConstants.DEPLOY_PRIVILEGE_ROLES);
+		setUndoSortOrder(SortOrderConstants.DELETE_PRIVILEGES);
+
+		setSupportsResourceMerging(true);
+		setResourceClassType(Privilege.class);
+	}
+
+	@Override
+	public void undo(CommandContext context) {
+		logger.info("Nothing to do, as DeployPrivilegesCommand is expected to delete privileges");
+	}
+
+	@Override
+	protected File[] getResourceDirs(CommandContext context) {
+		return findResourceDirs(context, configDir -> configDir.getPrivilegesDir());
+	}
+
+	@Override
+	protected ResourceManager getResourceManager(CommandContext context) {
+		return new PrivilegeManager(context.getManageClient());
+	}
+
+	@Override
+	protected String adjustPayloadBeforeSavingResource(CommandContext context, File f, String payload) {
+		payload = super.adjustPayloadBeforeSavingResource(context, f, payload);
+		if (payload != null) {
+			if (resourceMapper == null) {
+				resourceMapper = new DefaultResourceMapper(new API(context.getManageClient()));
+			}
+			Privilege p = resourceMapper.readResource(payload, Privilege.class);
+			if (p.getRole() == null || p.getRole().isEmpty()) {
+				return null;
+			}
+		}
+		return payload;
+	}
+
+	@Override
+	protected BiPredicate<ResourceReference, ResourceReference> getBiPredicateForMergingResources() {
+		return new PrivilegeBiPredicate();
+	}
+}

src/main/java/com/marklogic/appdeployer/command/security/DeployPrivilegesCommand.java

@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import com.marklogic.appdeployer.command.*;
+import com.marklogic.mgmt.PayloadParser;
 import com.marklogic.mgmt.api.configuration.Configuration;
 import com.marklogic.mgmt.api.security.Privilege;
 import com.marklogic.mgmt.resource.ResourceManager;
@@ -13,6 +14,8 @@
 
 public class DeployPrivilegesCommand extends AbstractResourceCommand implements SupportsCmaCommand {
 
+	private boolean removeRolesBeforeSaving = true;
+
 	public DeployPrivilegesCommand() {
 		setExecuteSortOrder(SortOrderConstants.DEPLOY_PRIVILEGES);
 		setUndoSortOrder(SortOrderConstants.DELETE_PRIVILEGES);
@@ -31,13 +34,23 @@ protected ResourceManager getResourceManager(CommandContext context) {
 		return new PrivilegeManager(context.getManageClient());
 	}
 
+	@Override
+	protected String adjustPayloadBeforeSavingResource(CommandContext context, File f, String payload) {
+		payload = super.adjustPayloadBeforeSavingResource(context, f, payload);
+		return removeRolesBeforeSaving ? new PayloadParser().excludeProperties(payload, "role") : payload;
+	}
+
 	@Override
 	public boolean cmaShouldBeUsed(CommandContext context) {
 		return context.getAppConfig().getCmaConfig().isDeployPrivileges();
 	}
 
 	@Override
 	public void addResourceToConfiguration(ObjectNode resource, Configuration configuration) {
+		if (removeRolesBeforeSaving && resource != null && resource.has("role")) {
+			resource.remove("role");
+		}
+
 		configuration.addPrivilege(resource);
 	}
 
@@ -53,16 +66,29 @@ protected void deployConfiguration(CommandContext context, Configuration config)
 
 	@Override
 	protected BiPredicate<ResourceReference, ResourceReference> getBiPredicateForMergingResources() {
-		return (reference1, reference2) -> {
-			EqualsBuilder b = new EqualsBuilder();
+		return new PrivilegeBiPredicate();
+	}
+
+	public boolean isRemoveRolesBeforeSaving() {
+		return removeRolesBeforeSaving;
+	}
+
+	public void setRemoveRolesBeforeSaving(boolean removeRolesBeforeSaving) {
+		this.removeRolesBeforeSaving = removeRolesBeforeSaving;
+	}
+}
+
+class PrivilegeBiPredicate implements BiPredicate<ResourceReference, ResourceReference> {
+	@Override
+	public boolean test(ResourceReference reference1, ResourceReference reference2) {
+		EqualsBuilder b = new EqualsBuilder();
 
-			final ObjectNode node1 = reference1.getObjectNode();
-			final ObjectNode node2 = reference2.getObjectNode();
+		final ObjectNode node1 = reference1.getObjectNode();
+		final ObjectNode node2 = reference2.getObjectNode();
 
-			b.append(node1.get("privilege-name").asText(), node2.get("privilege-name").asText());
-			b.append(node1.has("kind") ? node1.get("kind").asText() : null, node2.has("kind") ? node2.get("kind").asText() : null);
+		b.append(node1.get("privilege-name").asText(), node2.get("privilege-name").asText());
+		b.append(node1.has("kind") ? node1.get("kind").asText() : null, node2.has("kind") ? node2.get("kind").asText() : null);
 
-			return b.isEquals();
-		};
+		return b.isEquals();
 	}
 }

src/main/java/com/marklogic/mgmt/api/security/Privilege.java

@@ -1,76 +1,82 @@
 package com.marklogic.mgmt.api.security;
 
-import com.marklogic.mgmt.resource.ResourceManager;
 import com.marklogic.mgmt.api.API;
 import com.marklogic.mgmt.api.Resource;
+import com.marklogic.mgmt.resource.ResourceManager;
 import com.marklogic.mgmt.resource.security.PrivilegeManager;
 
+import javax.xml.bind.annotation.*;
 import java.util.ArrayList;
 import java.util.List;
 
+@XmlRootElement(name = "privilege-properties")
+@XmlAccessorType(XmlAccessType.FIELD)
 public class Privilege extends Resource {
 
-    private String privilegeName;
-    private String action;
-    private String kind;
-    private List<String> role;
-
-    public Privilege() {
-        super();
-    }
-
-    public Privilege(API api, String privilegeName) {
-        super(api);
-        this.privilegeName = privilegeName;
-    }
-
-    public void addRole(String r) {
-        if (role == null) {
-            role = new ArrayList<String>();
-        }
-        role.add(r);
-    }
-
-    @Override
-    protected ResourceManager getResourceManager() {
-        return new PrivilegeManager(getClient());
-    }
-
-    @Override
-    protected String getResourceId() {
-        return privilegeName;
-    }
-
-    public String getPrivilegeName() {
-        return privilegeName;
-    }
-
-    public void setPrivilegeName(String privilegeName) {
-        this.privilegeName = privilegeName;
-    }
-
-    public String getAction() {
-        return action;
-    }
-
-    public void setAction(String action) {
-        this.action = action;
-    }
-
-    public String getKind() {
-        return kind;
-    }
-
-    public void setKind(String kind) {
-        this.kind = kind;
-    }
-
-    public List<String> getRole() {
-        return role;
-    }
-
-    public void setRole(List<String> role) {
-        this.role = role;
-    }
+	@XmlElement(name = "privilege-name")
+	private String privilegeName;
+	private String action;
+	private String kind;
+
+	@XmlElementWrapper(name = "roles")
+	private List<String> role;
+
+	public Privilege() {
+		super();
+	}
+
+	public Privilege(API api, String privilegeName) {
+		super(api);
+		this.privilegeName = privilegeName;
+	}
+
+	public void addRole(String r) {
+		if (role == null) {
+			role = new ArrayList<>();
+		}
+		role.add(r);
+	}
+
+	@Override
+	protected ResourceManager getResourceManager() {
+		return new PrivilegeManager(getClient());
+	}
+
+	@Override
+	protected String getResourceId() {
+		return privilegeName;
+	}
+
+	public String getPrivilegeName() {
+		return privilegeName;
+	}
+
+	public void setPrivilegeName(String privilegeName) {
+		this.privilegeName = privilegeName;
+	}
+
+	public String getAction() {
+		return action;
+	}
+
+	public void setAction(String action) {
+		this.action = action;
+	}
+
+	public String getKind() {
+		return kind;
+	}
+
+	public void setKind(String kind) {
+		this.kind = kind;
+	}
+
+	public List<String> getRole() {
+		return role;
+	}
+
+	public void setRole(List<String> role) {
+		this.role = role;
+	}
 
 }

src/test/java/com/marklogic/appdeployer/command/security/ManagePrivilegesTest.java

@@ -1,28 +1,60 @@
 package com.marklogic.appdeployer.command.security;
 
+import com.marklogic.appdeployer.ConfigDir;
 import com.marklogic.appdeployer.command.AbstractManageResourceTest;
 import com.marklogic.appdeployer.command.Command;
+import com.marklogic.mgmt.api.API;
+import com.marklogic.mgmt.api.security.Privilege;
+import com.marklogic.mgmt.mapper.DefaultResourceMapper;
 import com.marklogic.mgmt.resource.ResourceManager;
 import com.marklogic.mgmt.resource.security.PrivilegeManager;
+import org.junit.Test;
+
+import java.io.File;
 
 /**
  * TODO Unable to update a privilege of kind "uri".
  */
 public class ManagePrivilegesTest extends AbstractManageResourceTest {
 
-    @Override
-    protected ResourceManager newResourceManager() {
-        return new PrivilegeManager(manageClient);
-    }
+	@Override
+	protected ResourceManager newResourceManager() {
+		return new PrivilegeManager(manageClient);
+	}
+
+	@Override
+	protected Command newCommand() {
+		return new DeployPrivilegesCommand();
+	}
+
+	@Override
+	protected String[] getResourceNames() {
+		return new String[]{"sample-app-execute-1", "sample-app-execute-2"};
+	}
+
+	@Test
+	public void privilegeWithRole() {
+		appConfig.setConfigDir(new ConfigDir(new File("src/test/resources/sample-app/privileges-with-roles")));
+
+		initializeAppDeployer(new DeployPrivilegesCommand(), new DeployRolesCommand(), new DeployPrivilegeRolesCommand());
+		try {
+			deploySampleApp();
 
-    @Override
-    protected Command newCommand() {
-        return new DeployPrivilegesCommand();
-    }
+			String json = new PrivilegeManager(manageClient).getPropertiesAsJson("sample-app-execute-1", "kind", "execute");
+			Privilege p = new DefaultResourceMapper(new API(manageClient)).readResource(json, Privilege.class);
+			assertEquals("sample-app-role1", p.getRole().get(0));
+			assertEquals("manage-user", p.getRole().get(1));
 
-    @Override
-    protected String[] getResourceNames() {
-        return new String[] { "sample-app-execute-1", "sample-app-execute-2" };
-    }
+			json = new PrivilegeManager(manageClient).getPropertiesAsJson("sample-app-xml-privilege", "kind", "execute");
+			p = new DefaultResourceMapper(new API(manageClient)).readResource(json, Privilege.class);
+			assertEquals("sample-app-role1", p.getRole().get(0));
+			assertEquals("rest-admin", p.getRole().get(1));
 
+			json = new PrivilegeManager(manageClient).getPropertiesAsJson("sample-app-execute-3", "kind", "execute");
+			p = new DefaultResourceMapper(new API(manageClient)).readResource(json, Privilege.class);
+			assertNull(p.getRole());
+		} finally {
+			undeploySampleApp();
+		}
+	}
 }