AMBARI-15162. UpgradeCatalog230 is not idempotent (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/orm/DBAccessor.java

@@ -212,6 +212,18 @@ public interface DBAccessor {
    */
   boolean insertRow(String tableName, String[] columnNames, String[] values, boolean ignoreFailure) throws SQLException;
 
+  /**
+   * Conditionally insert row into table if it does not already exist
+   *
+   * @param tableName
+   * @param columnNames
+   * @param values
+   * @param ignoreFailure
+   * @return
+   * @throws SQLException
+   */
+  boolean insertRowIfMissing(String tableName, String[] columnNames, String[] values, boolean ignoreFailure) throws SQLException;
+
   /**
    * Simple update operation on table
    * @param tableName

ambari-server/src/main/java/org/apache/ambari/server/orm/DBAccessorImpl.java

@@ -655,6 +655,51 @@ public class DBAccessorImpl implements DBAccessor {
     return rowsUpdated != 0;
   }
 
+  @Override
+  public boolean insertRowIfMissing(String tableName, String[] columnNames, String[] values, boolean ignoreFailure) throws SQLException {
+    if (columnNames.length == 0) {
+      return false;
+    }
+
+    if (columnNames.length != values.length) {
+      throw new IllegalArgumentException("number of columns should be equal to number of values");
+    }
+
+    StringBuilder builder = new StringBuilder();
+    builder.append("SELECT COUNT(*) FROM ").append(tableName);
+
+    builder.append(" WHERE ").append(columnNames[0]).append("=").append(values[0]);
+    for (int i = 1; i < columnNames.length; i++) {
+      builder.append(" AND ").append(columnNames[i]).append("=").append(values[i]);
+    }
+
+    Statement statement = getConnection().createStatement();
+    ResultSet resultSet = null;
+    int count = -1;
+    String query = builder.toString();
+    try {
+      resultSet = statement.executeQuery(query);
+
+      if ((resultSet != null) && (resultSet.next())) {
+        count = resultSet.getInt(1);
+      }
+    } catch (SQLException e) {
+      LOG.warn("Unable to execute query: " + query, e);
+      if (!ignoreFailure) {
+        throw e;
+      }
+    } finally {
+      if (resultSet != null) {
+        resultSet.close();
+      }
+      if (statement != null) {
+        statement.close();
+      }
+    }
+
+    return (count == 0) && insertRow(tableName, columnNames, values, ignoreFailure);
+  }
+
   @Override
   public int updateTable(String tableName, String columnName, Object value,
           String whereClause) throws SQLException {

ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java

@@ -21,6 +21,7 @@ package org.apache.ambari.server.orm.dao;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
 import org.apache.ambari.server.orm.RequiresSession;
 import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
 
@@ -43,6 +44,16 @@ public class RoleAuthorizationDAO {
   @Inject
   DaoUtils daoUtils;
 
+  /**
+   * Create a new role authorization.
+   *
+   * @param roleAuthorizationEntity  entity to store
+   */
+  @Transactional
+  public void create(RoleAuthorizationEntity roleAuthorizationEntity) {
+    entityManagerProvider.get().persist(roleAuthorizationEntity);
+  }
+
   /**
    * Find a authorization entity with the given id.
    *

ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java

@@ -30,7 +30,10 @@ import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
 import org.apache.ambari.server.orm.dao.DaoUtils;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -134,85 +137,103 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog {
 
     PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
     ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
-    PermissionEntity permissionEntity = new PermissionEntity();
+    ResourceTypeEntity clusterResourceTypeEntity = resourceTypeDAO.findByName("CLUSTER");
 
     // CLUSTER.OPERATOR: Cluster Operator
-    permissionEntity.setId(null);
-    permissionEntity.setPermissionName("CLUSTER.OPERATOR");
-    permissionEntity.setPermissionLabel("Cluster Operator");
-    permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
-    permissionDAO.create(permissionEntity);
+    if(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResourceTypeEntity) == null) {
+      PermissionEntity permissionEntity = new PermissionEntity();
+      permissionEntity.setId(null);
+      permissionEntity.setPermissionName("CLUSTER.OPERATOR");
+      permissionEntity.setPermissionLabel("Cluster Operator");
+      permissionEntity.setResourceType(clusterResourceTypeEntity);
+      permissionDAO.create(permissionEntity);
+    }
 
     // SERVICE.ADMINISTRATOR: Service Administrator
-    permissionEntity.setId(null);
-    permissionEntity.setPermissionName("SERVICE.ADMINISTRATOR");
-    permissionEntity.setPermissionLabel("Service Administrator");
-    permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
-    permissionDAO.create(permissionEntity);
+    if(permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", clusterResourceTypeEntity) == null) {
+      PermissionEntity permissionEntity = new PermissionEntity();
+      permissionEntity.setId(null);
+      permissionEntity.setPermissionName("SERVICE.ADMINISTRATOR");
+      permissionEntity.setPermissionLabel("Service Administrator");
+      permissionEntity.setResourceType(clusterResourceTypeEntity);
+      permissionDAO.create(permissionEntity);
+    }
 
     // SERVICE.OPERATOR: Service Operator
-    permissionEntity.setId(null);
-    permissionEntity.setPermissionName("SERVICE.OPERATOR");
-    permissionEntity.setPermissionLabel("Service Operator");
-    permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
-    permissionDAO.create(permissionEntity);
+    if(permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", clusterResourceTypeEntity) == null) {
+      PermissionEntity permissionEntity = new PermissionEntity();
+      permissionEntity.setId(null);
+      permissionEntity.setPermissionName("SERVICE.OPERATOR");
+      permissionEntity.setPermissionLabel("Service Operator");
+      permissionEntity.setResourceType(clusterResourceTypeEntity);
+      permissionDAO.create(permissionEntity);
+    }
   }
 
 
   private void createRoleAuthorizations() throws SQLException {
     LOG.info("Adding authorizations");
 
-    String[] columnNames = new String[]{ROLE_AUTHORIZATION_ID_COL, ROLE_AUTHORIZATION_NAME_COL};
-
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'VIEW.USE'", "'Use View'"}, false);
-
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_METRICS'", "'View metrics'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_STATUS_INFO'", "'View status information'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_CONFIGS'", "'View configurations'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.COMPARE_CONFIGS'", "'Compare configurations'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_ALERTS'", "'View service-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.START_STOP'", "'Start/Stop/Restart Service'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.DECOMMISSION_RECOMMISSION'", "'Decommission/recommission'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_SERVICE_CHECK'", "'Run service checks'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_CUSTOM_COMMAND'", "'Perform service-specific tasks'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MODIFY_CONFIGS'", "'Modify configurations'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MANAGE_CONFIG_GROUPS'", "'Manage configuration groups'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MANAGE_ALERTS'", "'Manage service-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MOVE'", "'Move to another host'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ENABLE_HA'", "'Enable HA'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_ALERTS'", "'Enable/disable service-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ADD_DELETE_SERVICES'", "'Add Service to cluster'"}, false);
-
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_METRICS'", "'View metrics'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_STATUS_INFO'", "'View status information'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_CONFIGS'", "'View configuration'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_COMPONENTS'", "'Install components'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_HOSTS'", "'Add/Delete hosts'"}, false);
-
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_METRICS'", "'View metrics'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STATUS_INFO'", "'View status information'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_CONFIGS'", "'View configuration'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STACK_DETAILS'", "'View stack version details'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_ALERTS'", "'View cluster-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.MANAGE_CREDENTIALS'", "'Manage external credentials'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.MODIFY_CONFIGS'", "'Modify cluster configurations'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.MANAGE_CONFIG_GROUPS'", "'Manage cluster configuration groups'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.MANAGE_ALERTS'", "'Manage cluster-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_ALERTS'", "'Enable/disable cluster-level alerts'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_KERBEROS'", "'Enable/disable Kerberos'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.UPGRADE_DOWNGRADE_STACK'", "'Upgrade/downgrade stack'"}, false);
-
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ADD_DELETE_CLUSTERS'", "'Create new clusters'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.SET_SERVICE_USERS_GROUPS'", "'Set service users and groups'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.RENAME_CLUSTER'", "'Rename clusters'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_USERS'", "'Manage users'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_GROUPS'", "'Manage groups'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_VIEWS'", "'Manage Ambari Views'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ASSIGN_ROLES'", "'Assign roles'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_STACK_VERSIONS'", "'Manage stack versions'"}, false);
-    dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.EDIT_STACK_REPOS'", "'Edit stack repository URLs'"}, false);
+    RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class);
+
+    createRoleAuthorization(roleAuthorizationDAO, "VIEW.USE", "Use View");
+
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.VIEW_METRICS", "View metrics");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.VIEW_STATUS_INFO", "View status information");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.VIEW_CONFIGS", "View configurations");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.COMPARE_CONFIGS", "Compare configurations");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.VIEW_ALERTS", "View service-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.START_STOP", "Start/Stop/Restart Service");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.RUN_SERVICE_CHECK", "Run service checks");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MODIFY_CONFIGS", "Modify configurations");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MANAGE_ALERTS", "Manage service-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MOVE", "Move to another host");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.ENABLE_HA", "Enable HA");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.TOGGLE_ALERTS", "Enable/disable service-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster");
+
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_METRICS", "View metrics");
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_STATUS_INFO", "View status information");
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_CONFIGS", "View configuration");
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode");
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.ADD_DELETE_COMPONENTS", "Install components");
+    createRoleAuthorization(roleAuthorizationDAO, "HOST.ADD_DELETE_HOSTS", "Add/Delete hosts");
+
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.VIEW_METRICS", "View metrics");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.VIEW_STATUS_INFO", "View status information");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.VIEW_CONFIGS", "View configuration");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.VIEW_STACK_DETAILS", "View stack version details");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.VIEW_ALERTS", "View cluster-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.MANAGE_CREDENTIALS", "Manage external credentials");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.MODIFY_CONFIGS", "Modify cluster configurations");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.MANAGE_CONFIG_GROUPS", "Manage cluster configuration groups");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.MANAGE_ALERTS", "Manage cluster-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.TOGGLE_ALERTS", "Enable/disable cluster-level alerts");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos");
+    createRoleAuthorization(roleAuthorizationDAO, "CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack");
+
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.RENAME_CLUSTER", "Rename clusters");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.MANAGE_USERS", "Manage users");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.MANAGE_GROUPS", "Manage groups");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.MANAGE_VIEWS", "Manage Ambari Views");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.ASSIGN_ROLES", "Assign roles");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions");
+    createRoleAuthorization(roleAuthorizationDAO, "AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs");
+  }
+
+  private void createRoleAuthorization(RoleAuthorizationDAO roleAuthorizationDAO, String id, String name) {
+    if(roleAuthorizationDAO.findById(id) == null) {
+      RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity();
+      roleAuthorizationEntity.setAuthorizationId(id);
+      roleAuthorizationEntity.setAuthorizationName(name);
+      roleAuthorizationDAO.create(roleAuthorizationEntity);
+    }
   }
 
   private void createPermissionRoleAuthorizationMap() throws SQLException {
@@ -315,8 +336,8 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog {
       String authorizationId = entry.getKey();
 
       for(String permissionId : entry.getValue()) {
-        dbAccessor.insertRow(PERMISSION_ROLE_AUTHORIZATION_TABLE, columnNames,
-            new String[]{permissionId, "'" + authorizationId + "'"}, false);
+        dbAccessor.insertRowIfMissing(PERMISSION_ROLE_AUTHORIZATION_TABLE, columnNames,
+            new String[]{"'" + permissionId + "'", "'" + authorizationId + "'"}, false);
       }
     }
   }

ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java

@@ -34,11 +34,12 @@ import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.controller.AmbariManagementController;
 import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
-import org.apache.ambari.server.orm.dao.DaoUtils;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
 import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.RepositoryType;
@@ -72,9 +73,6 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   protected static final String UPGRADE_TABLE = "upgrade";
   protected static final String STACK_TABLE = "stack";
 
-  @Inject
-  DaoUtils daoUtils;
-
   @Inject
   PermissionDAO permissionDAO;
 
@@ -166,19 +164,19 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   }
 
   protected void addSettingPermission() throws SQLException {
-    String administratorPermissionId =
-            permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", resourceTypeDAO.findByName("AMBARI")).getId().toString();
-    String selectRoleSql = "select * from roleauthorization where authorization_id = 'AMBARI.MANAGE_SETTINGS'";
-    if (executeAndCheckEmptyResult(selectRoleSql)) {
-      dbAccessor.insertRow("roleauthorization", new String[]{"authorization_id", "authorization_name"},
-              new String[]{"'AMBARI.MANAGE_SETTINGS'", "'Manage settings'"}, false);
-    }
+    RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class);
 
-    String selectPermissionSql = "select * from permission_roleauthorization where authorization_id = 'AMBARI.MANAGE_SETTINGS'";
-    if (executeAndCheckEmptyResult(selectPermissionSql)) {
-      dbAccessor.insertRow("permission_roleauthorization", new String[]{"permission_id", "authorization_id"},
-              new String[]{administratorPermissionId, "'AMBARI.MANAGE_SETTINGS'"}, false);
+    if (roleAuthorizationDAO.findById("AMBARI.MANAGE_SETTINGS") == null) {
+      RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity();
+      roleAuthorizationEntity.setAuthorizationId("AMBARI.MANAGE_SETTINGS");
+      roleAuthorizationEntity.setAuthorizationName("Manage settings");
+      roleAuthorizationDAO.create(roleAuthorizationEntity);
     }
+
+    String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR",
+        resourceTypeDAO.findByName("AMBARI")).getId().toString();
+    dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"},
+        new String[]{"'" + administratorPermissionId + "'", "'AMBARI.MANAGE_SETTINGS'"}, false);
   }
 
   protected void updateAlerts() {
@@ -249,17 +247,6 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
     }
   }
 
-  private boolean executeAndCheckEmptyResult(String sql) throws SQLException {
-    try(Statement statement = dbAccessor.getConnection().createStatement();
-        ResultSet resultSet = statement.executeQuery(sql)) {
-      if (resultSet != null && resultSet.next()) {
-        return false;
-      } else {
-        return true;
-      }
-    }
-  }
-
   protected String addParam(String source, List<String> params) {
     JsonObject sourceJson = new JsonParser().parse(source).getAsJsonObject();
     JsonArray parametersJson = sourceJson.getAsJsonArray("parameters");

ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java

@@ -60,11 +60,11 @@ public class UpgradeCatalog230Test extends EasyMockSupport {
     Module module = new Module() {
       @Override
       public void configure(Binder binder) {
-        binder.bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+        binder.bind(DBAccessor.class).toInstance(createMock(DBAccessor.class));
         binder.bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
         binder.bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
         binder.bind(DaoUtils.class).toInstance(createNiceMock(DaoUtils.class));
-        binder.bind(PermissionDAO.class).toInstance(createNiceMock(PermissionDAO.class));
+        binder.bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
         binder.bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class));
       }
     };
@@ -81,6 +81,7 @@ public class UpgradeCatalog230Test extends EasyMockSupport {
     expect(configuration.getDatabaseUrl()).andReturn(Configuration.JDBC_IN_MEMORY_URL).anyTimes();
 
     Capture<DBAccessor.DBColumnInfo> columnCapture = EasyMock.newCapture();
+    Capture<DBAccessor.DBColumnInfo> columnCaptureUserType = EasyMock.newCapture();
     Capture<DBAccessor.DBColumnInfo> columnCapturePermissionLabel = EasyMock.newCapture();
     Capture<List<DBAccessor.DBColumnInfo>> columnsCaptureRoleAuthorization = EasyMock.newCapture();
     Capture<List<DBAccessor.DBColumnInfo>> columnsCapturePermissionRoleAuthorization = EasyMock.newCapture();
@@ -88,6 +89,15 @@ public class UpgradeCatalog230Test extends EasyMockSupport {
     dbAccessor.alterColumn(eq("host_role_command"), capture(columnCapture));
     expectLastCall();
 
+    dbAccessor.executeQuery("UPDATE users SET user_type='LDAP' WHERE ldap_user=1");
+    expectLastCall();
+
+    dbAccessor.addUniqueConstraint("users", "UNQ_users_0", "user_name", "user_type");
+    expectLastCall();
+
+    dbAccessor.addColumn(eq("users"), capture(columnCaptureUserType));
+    expectLastCall();
+
     dbAccessor.addColumn(eq("adminpermission"), capture(columnCapturePermissionLabel));
     expectLastCall();
 
@@ -117,6 +127,12 @@ public class UpgradeCatalog230Test extends EasyMockSupport {
 
     assertTrue(columnCapture.getValue().isNullable());
 
+    assertEquals(columnCaptureUserType.getValue().getName(), "user_type");
+    assertEquals(columnCaptureUserType.getValue().getType(), String.class);
+    assertEquals(columnCaptureUserType.getValue().getLength(), null);
+    assertEquals(columnCaptureUserType.getValue().getDefaultValue(), "LOCAL");
+    assertEquals(columnCaptureUserType.getValue().isNullable(), true);
+
     assertEquals(columnCapturePermissionLabel.getValue().getName(), "permission_label");
     assertEquals(columnCapturePermissionLabel.getValue().getType(), String.class);
     assertEquals(columnCapturePermissionLabel.getValue().getLength(), Integer.valueOf(255));
@@ -249,6 +265,10 @@ public class UpgradeCatalog230Test extends EasyMockSupport {
         PermissionEntity.VIEW_USER_PERMISSION_NAME, PermissionEntity.VIEW_USER_PERMISSION)))
         .andReturn(1).once();
 
+    expect(dbAccessor.insertRowIfMissing(anyString(), anyObject(String[].class), anyObject(String[].class), eq(false)))
+        .andReturn(true)
+        .atLeastOnce();
+
     replayAll();
     upgradeCatalog.executeDMLUpdates();
     verifyAll();