AMBARI-20462. Duplicate entries in DB for auto_<view>_instance privileges upon Ambari server restart (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -19,6 +19,8 @@
 package org.apache.ambari.server.orm.entities;
 
 
+import java.util.Objects;
+
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
@@ -161,21 +163,14 @@ public class PrivilegeEntity {
     if (o == null || getClass() != o.getClass()) return false;
 
     PrivilegeEntity that = (PrivilegeEntity) o;
-
-    if (!id.equals(that.id)) return false;
-    if (permission != null ? !permission.equals(that.permission) : that.permission != null) return false;
-    if (principal != null ? !principal.equals(that.principal) : that.principal != null) return false;
-    if (resource != null ? !resource.equals(that.resource) : that.resource != null) return false;
-
-    return true;
+    return Objects.equals(id, that.id) &&
+        Objects.equals(permission, that.permission) &&
+        Objects.equals(principal, that.principal) &&
+        Objects.equals(resource, that.resource);
   }
 
   @Override
   public int hashCode() {
-    int result = id != null ? id.hashCode() : 0;
-    result = 31 * result + (permission != null ? permission.hashCode() : 0);
-    result = 31 * result + (resource != null ? resource.hashCode() : 0);
-    result = 31 * result + (principal != null ? principal.hashCode() : 0);
-    return result;
+    return Objects.hash(id, permission, resource, principal);
   }
 }

ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java

@@ -18,11 +18,6 @@
 
 package org.apache.ambari.server.view;
 
-import javax.inject.Inject;
-import javax.inject.Provider;
-import javax.inject.Singleton;
-import javax.xml.bind.JAXBException;
-
 import java.beans.IntrospectionException;
 import java.io.File;
 import java.io.IOException;
@@ -43,8 +38,11 @@ import java.util.concurrent.LinkedBlockingQueue;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
-import com.google.common.base.Optional;
-import com.google.common.base.Preconditions;
+import javax.inject.Inject;
+import javax.inject.Provider;
+import javax.inject.Singleton;
+import javax.xml.bind.JAXBException;
+
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.ClusterNotFoundException;
 import org.apache.ambari.server.api.resources.ResourceInstanceFactoryImpl;
@@ -127,6 +125,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.SAXException;
 
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
 import com.google.common.collect.Sets;
 import com.google.common.eventbus.AllowConcurrentEvents;
 import com.google.common.eventbus.Subscribe;
@@ -1977,7 +1977,7 @@ public class ViewRegistry {
             if (principalRole == null) {
               LOG.warn("Missing principal ID for role {} encountered while setting access to view {}. Ignoring.",
                 role, viewInstanceEntity.getName());
-            } else {
+            } else if (!privilegeDAO.exists(principalRole, resourceEntity, permissionViewUser)) {
               PrivilegeEntity privilegeEntity = new PrivilegeEntity();
               privilegeEntity.setPermission(permissionViewUser);
               privilegeEntity.setPrincipal(principalRole);

ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java

@@ -856,6 +856,7 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
         injector.getInstance(UserDAO.class),
         injector.getInstance(MemberDAO.class),
         injector.getInstance(PrivilegeDAO.class),
+        injector.getInstance(PermissionDAO.class),
         injector.getInstance(ResourceDAO.class),
         injector.getInstance(ResourceTypeDAO.class),
         injector.getInstance(SecurityHelper.class),

ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java

@@ -90,7 +90,7 @@ public class ViewPrivilegeResourceProviderTest {
   public void resetGlobalMocks() {
 
     ViewRegistry.initInstance(ViewRegistryTest.getRegistry(viewDAO, viewInstanceDAO, userDAO,
-        memberDAO, privilegeDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null));
+        memberDAO, privilegeDAO, permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null));
     reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, handlerList);
   }
 

ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java

@@ -19,6 +19,8 @@
 package org.apache.ambari.server.security;
 
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
@@ -117,67 +119,56 @@ public class TestAuthenticationFactory {
     return new AmbariGrantedAuthority(createViewUserPrivilegeEntity(resourceId));
   }
 
-  private static PrivilegeEntity createAdministratorPrivilegeEntity() {
+  public static PrivilegeEntity createPrivilegeEntity(ResourceEntity resourceEntity, PermissionEntity permissionEntity, PrincipalEntity principalEntity) {
     PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createAmbariResourceEntity());
-    privilegeEntity.setPermission(createAdministratorPermission());
+    privilegeEntity.setResource(resourceEntity);
+    privilegeEntity.setPermission(permissionEntity);
+    privilegeEntity.setPrincipal(principalEntity);
     return privilegeEntity;
   }
 
+  private static PrivilegeEntity createAdministratorPrivilegeEntity() {
+    return createPrivilegeEntity(createAmbariResourceEntity(), createAdministratorPermission(), null);
+  }
+
   private static PrivilegeEntity createClusterAdministratorPrivilegeEntity(Long clusterResourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId));
-    privilegeEntity.setPermission(createClusterAdministratorPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterAdministratorPermission(), null);
   }
 
   private static PrivilegeEntity createClusterOperatorPrivilegeEntity(Long clusterResourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId));
-    privilegeEntity.setPermission(createClusterOperatorPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterOperatorPermission(), null);
   }
 
   private static PrivilegeEntity createServiceAdministratorPrivilegeEntity(Long clusterResourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId));
-    privilegeEntity.setPermission(createServiceAdministratorPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceAdministratorPermission(), null);
   }
 
   private static PrivilegeEntity createServiceOperatorPrivilegeEntity(Long clusterResourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId));
-    privilegeEntity.setPermission(createServiceOperatorPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceOperatorPermission(), null);
   }
 
   private static PrivilegeEntity createClusterUserPrivilegeEntity(Long clusterResourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId));
-    privilegeEntity.setPermission(createClusterUserPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterUserPermission(), null);
   }
 
   private static PrivilegeEntity createViewUserPrivilegeEntity(Long resourceId) {
-    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-    privilegeEntity.setResource(createViewResourceEntity(resourceId));
-    privilegeEntity.setPermission(createViewUserPermission());
-    return privilegeEntity;
+    return createPrivilegeEntity(createViewResourceEntity(resourceId), createViewUserPermission(), null);
   }
 
-  private static PermissionEntity createAdministratorPermission() {
+  public static PermissionEntity createAdministratorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI));
+    permissionEntity.setPrincipal(createPrincipalEntity(1L));
     permissionEntity.addAuthorizations(EnumSet.allOf(RoleAuthorization.class));
     return permissionEntity;
   }
 
-  private static PermissionEntity createClusterAdministratorPermission() {
+  public static PermissionEntity createClusterAdministratorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(2L));
     permissionEntity.addAuthorizations(EnumSet.of(
         RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS,
         RoleAuthorization.CLUSTER_MODIFY_CONFIGS,
@@ -221,10 +212,11 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
-  private static PermissionEntity createClusterOperatorPermission() {
+  public static PermissionEntity createClusterOperatorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(5);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(3L));
     permissionEntity.addAuthorizations(EnumSet.of(
         RoleAuthorization.HOST_VIEW_CONFIGS,
         RoleAuthorization.HOST_ADD_DELETE_COMPONENTS,
@@ -262,10 +254,11 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
-  private static PermissionEntity createServiceAdministratorPermission() {
+  public static PermissionEntity createServiceAdministratorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(5);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(4L));
     permissionEntity.addAuthorizations(EnumSet.of(
         RoleAuthorization.CLUSTER_VIEW_ALERTS,
         RoleAuthorization.CLUSTER_VIEW_CONFIGS,
@@ -297,10 +290,11 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
-  private static PermissionEntity createServiceOperatorPermission() {
+  public static PermissionEntity createServiceOperatorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(6);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(5L));
     permissionEntity.addAuthorizations(EnumSet.of(
         RoleAuthorization.SERVICE_VIEW_CONFIGS,
         RoleAuthorization.SERVICE_VIEW_METRICS,
@@ -323,10 +317,11 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
-  private static PermissionEntity createClusterUserPermission() {
+  public static PermissionEntity createClusterUserPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(PermissionEntity.CLUSTER_USER_PERMISSION);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(6L));
     permissionEntity.addAuthorizations(EnumSet.of(
         RoleAuthorization.SERVICE_VIEW_CONFIGS,
         RoleAuthorization.SERVICE_VIEW_METRICS,
@@ -345,10 +340,11 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
-  private static PermissionEntity createViewUserPermission() {
+  public static PermissionEntity createViewUserPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setId(PermissionEntity.VIEW_USER_PERMISSION);
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setPrincipal(createPrincipalEntity(7L));
     permissionEntity.addAuthorizations(EnumSet.of(RoleAuthorization.VIEW_USE));
     return permissionEntity;
   }
@@ -374,7 +370,7 @@ public class TestAuthenticationFactory {
   private static ResourceEntity createViewResourceEntity(Long resourceId) {
     ResourceEntity resourceEntity = new ResourceEntity();
     resourceEntity.setId(resourceId);
-    if(resourceId != null) {
+    if (resourceId != null) {
       resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.VIEW.name(), resourceId.intValue()));
     }
     return resourceEntity;
@@ -386,11 +382,26 @@ public class TestAuthenticationFactory {
 
   private static ResourceTypeEntity createResourceTypeEntity(String resourceName, Integer resourceId) {
     ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
-    resourceTypeEntity.setId(resourceId.intValue());
+    resourceTypeEntity.setId(resourceId);
     resourceTypeEntity.setName(resourceName);
     return resourceTypeEntity;
   }
 
+  private static PrincipalEntity createPrincipalEntity(Long principalId) {
+    PrincipalEntity principalEntity = new PrincipalEntity();
+    principalEntity.setId(principalId);
+    principalEntity.setPrincipalType(createPrincipalTypeEntity());
+    return principalEntity;
+  }
+
+  private static PrincipalTypeEntity createPrincipalTypeEntity() {
+    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
+    principalTypeEntity.setId(1);
+    principalTypeEntity.setName("ROLE");
+    return principalTypeEntity;
+  }
+
+
   private static class TestAuthorization implements Authentication {
     private final String name;
     private final Collection<? extends GrantedAuthority> authorities;

ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java

@@ -1,4 +1,4 @@
-/**
+/*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -24,6 +24,7 @@ import static org.easymock.EasyMock.createMock;
 import static org.easymock.EasyMock.createNiceMock;
 import static org.easymock.EasyMock.eq;
 import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
 import static org.easymock.EasyMock.replay;
 import static org.easymock.EasyMock.reset;
 import static org.easymock.EasyMock.verify;
@@ -50,7 +51,6 @@ import java.util.jar.JarInputStream;
 
 import javax.xml.bind.JAXBException;
 
-import com.google.inject.Provider;
 import org.apache.ambari.server.api.resources.SubResourceDefinition;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
 import org.apache.ambari.server.configuration.Configuration;
@@ -59,6 +59,7 @@ import org.apache.ambari.server.controller.spi.ResourceProvider;
 import org.apache.ambari.server.events.ServiceInstalledEvent;
 import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
 import org.apache.ambari.server.orm.dao.MemberDAO;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
@@ -78,7 +79,6 @@ import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest;
 import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.security.TestAuthenticationFactory;
-import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
 import org.apache.ambari.server.security.authorization.ResourceType;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
@@ -99,14 +99,17 @@ import org.apache.ambari.view.events.Listener;
 import org.apache.ambari.view.validation.ValidationResult;
 import org.apache.ambari.view.validation.Validator;
 import org.easymock.Capture;
+import org.easymock.CaptureType;
 import org.easymock.EasyMock;
+import org.easymock.IAnswer;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import com.google.inject.Provider;
+
 /**
  * ViewRegistry tests.
  */
@@ -212,6 +215,7 @@ public class ViewRegistryTest {
   private static final UserDAO userDAO = createNiceMock(UserDAO.class);
   private static final MemberDAO memberDAO = createNiceMock(MemberDAO.class);
   private static final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+  private static final PermissionDAO permissionDAO = createNiceMock(PermissionDAO.class);
   private static final ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
   private static final ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
   private static final SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
@@ -224,7 +228,7 @@ public class ViewRegistryTest {
   @Before
   public void resetGlobalMocks() {
     ViewRegistry.initInstance(getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO,
-        resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, ambariMetaInfo, clusters));
+        permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, ambariMetaInfo, clusters));
 
     reset(viewDAO, resourceDAO, viewInstanceDAO, userDAO, memberDAO,
         privilegeDAO, resourceTypeDAO, securityHelper, configuration, handlerList, ambariMetaInfo,
@@ -444,7 +448,7 @@ public class ViewRegistryTest {
     TestViewArchiveUtility archiveUtility =
         new TestViewArchiveUtility(viewConfigs, files, outputStreams, jarFiles, badArchive);
 
-    ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO,
+    ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO,
         resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, archiveUtility, ambariMetaInfo, clusters);
 
     registry.readViewArchives();
@@ -633,7 +637,7 @@ public class ViewRegistryTest {
 
     TestViewArchiveUtility archiveUtility = new TestViewArchiveUtility(viewConfigs, files, outputStreams, jarFiles, false);
 
-    ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO,
+    ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO,
         resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, archiveUtility, ambariMetaInfo);
 
     registry.readViewArchives();
@@ -1627,6 +1631,72 @@ public class ViewRegistryTest {
         libDir, metaInfDir, fileEntry, viewJarFile, jarEntry, is, fos, viewExtractor, resourceDAO, viewDAO, viewInstanceDAO);
   }
 
+  @Test
+  public void testSetViewInstanceRoleAccess() throws Exception {
+
+    final Map<String, PermissionEntity> permissions = new HashMap<>();
+    permissions.put("CLUSTER.ADMINISTRATOR", TestAuthenticationFactory.createClusterAdministratorPermission());
+    permissions.put("CLUSTER.OPERATOR", TestAuthenticationFactory.createClusterOperatorPermission());
+    permissions.put("SERVICE.ADMINISTRATOR", TestAuthenticationFactory.createServiceAdministratorPermission());
+    permissions.put("SERVICE.OPERATOR", TestAuthenticationFactory.createServiceOperatorPermission());
+    permissions.put("CLUSTER.USER", TestAuthenticationFactory.createClusterUserPermission());
+
+    PermissionEntity permissionViewUser = TestAuthenticationFactory.createViewUserPermission();
+
+    ViewInstanceEntity viewInstanceEntity = ViewInstanceEntityTest.getViewInstanceEntity();
+    ResourceEntity resourceEntity = viewInstanceEntity.getResource();
+
+    // Expected PrivilegeEntity items to be created...
+    Map<String, PrivilegeEntity> expectedPrivileges = new HashMap<>();
+    for (Map.Entry<String, PermissionEntity> entry : permissions.entrySet()) {
+      if(!entry.getKey().equals("CLUSTER.ADMINISTRATOR")) {
+        expectedPrivileges.put(entry.getKey(), TestAuthenticationFactory.createPrivilegeEntity(resourceEntity, permissionViewUser, entry.getValue().getPrincipal()));
+      }
+    }
+
+    Capture<PrivilegeEntity> captureCreatedPrivilegeEntity = Capture.newInstance(CaptureType.ALL);
+
+    for (Map.Entry<String, PermissionEntity> entry : permissions.entrySet()) {
+      expect(permissionDAO.findByName(entry.getKey())).andReturn(entry.getValue()).atLeastOnce();
+    }
+    expect(permissionDAO.findViewUsePermission()).andReturn(permissionViewUser).atLeastOnce();
+
+    // The CLUSTER.ADMINISTRATOR privilege for this View instance already exists...
+    expect(privilegeDAO.exists(EasyMock.anyObject(PrincipalEntity.class), eq(resourceEntity), eq(permissionViewUser)))
+        .andAnswer(new IAnswer<Boolean>() {
+          @Override
+          public Boolean answer() throws Throwable {
+            return EasyMock.getCurrentArguments()[0] == permissions.get("CLUSTER.ADMINISTRATOR").getPrincipal();
+          }
+        })
+        .anyTimes();
+
+    privilegeDAO.create(capture(captureCreatedPrivilegeEntity));
+    expectLastCall().times(expectedPrivileges.size());
+
+    replay(privilegeDAO, permissionDAO);
+
+    ViewRegistry viewRegistry = ViewRegistry.getInstance();
+
+    viewRegistry.setViewInstanceRoleAccess(viewInstanceEntity, permissions.keySet());
+
+    verify(privilegeDAO, permissionDAO);
+
+    Assert.assertTrue(expectedPrivileges.size() != permissions.size());
+
+    Assert.assertTrue(captureCreatedPrivilegeEntity.hasCaptured());
+
+    List<PrivilegeEntity> capturedValues = captureCreatedPrivilegeEntity.getValues();
+    Assert.assertNotNull( capturedValues);
+
+    Set<PrivilegeEntity> uniqueCapturedValues = new HashSet<>(capturedValues);
+    Assert.assertEquals(expectedPrivileges.size(), uniqueCapturedValues.size());
+
+    for(PrivilegeEntity capturedValue: uniqueCapturedValues) {
+      Assert.assertTrue(expectedPrivileges.containsValue(capturedValue));
+    }
+  }
+
   public static class TestViewModule extends ViewRegistry.ViewModule {
 
     private final ViewExtractor extractor;
@@ -1732,20 +1802,23 @@ public class ViewRegistryTest {
 
   public static ViewRegistry getRegistry(ViewDAO viewDAO, ViewInstanceDAO viewInstanceDAO,
                                          UserDAO userDAO, MemberDAO memberDAO,
-                                         PrivilegeDAO privilegeDAO, ResourceDAO resourceDAO,
+                                         PrivilegeDAO privilegeDAO, PermissionDAO permissionDAO,
+                                         ResourceDAO resourceDAO,
                                          ResourceTypeDAO resourceTypeDAO, SecurityHelper securityHelper,
                                          ViewInstanceHandlerList handlerList,
                                          ViewExtractor viewExtractor,
                                          ViewArchiveUtility archiveUtility,
                                          AmbariMetaInfo ambariMetaInfo) {
-    return getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, resourceDAO, resourceTypeDAO,
-        securityHelper, handlerList, viewExtractor, archiveUtility, ambariMetaInfo, null);
+    return getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO,
+        resourceDAO, resourceTypeDAO, securityHelper, handlerList, viewExtractor, archiveUtility,
+        ambariMetaInfo, null);
   }
 
   public static ViewRegistry getRegistry(ViewDAO viewDAO, ViewInstanceDAO viewInstanceDAO,
                                          UserDAO userDAO, MemberDAO memberDAO,
-                                         PrivilegeDAO privilegeDAO, ResourceDAO resourceDAO,
-                                         ResourceTypeDAO resourceTypeDAO, SecurityHelper securityHelper,
+                                         PrivilegeDAO privilegeDAO, PermissionDAO permissionDAO,
+                                         ResourceDAO resourceDAO, ResourceTypeDAO resourceTypeDAO,
+                                         SecurityHelper securityHelper,
                                          ViewInstanceHandlerList handlerList,
                                          ViewExtractor viewExtractor,
                                          ViewArchiveUtility archiveUtility,
@@ -1767,6 +1840,7 @@ public class ViewRegistryTest {
     instance.memberDAO = memberDAO;
     instance.privilegeDAO = privilegeDAO;
     instance.resourceTypeDAO = resourceTypeDAO;
+    instance.permissionDAO = permissionDAO;
     instance.securityHelper = securityHelper;
     instance.configuration = configuration;
     instance.handlerList = handlerList;
@@ -1796,7 +1870,7 @@ public class ViewRegistryTest {
                                      ClassLoader cl, String archivePath) throws Exception{
 
     ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO,
-        resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null);
+        permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null);
 
     ViewEntity viewDefinition = new ViewEntity(viewConfig, ambariConfig, archivePath);
 
@@ -1808,7 +1882,7 @@ public class ViewRegistryTest {
   public static ViewInstanceEntity getViewInstanceEntity(ViewEntity viewDefinition, InstanceConfig instanceConfig) throws Exception {
 
     ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO,
-        resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null);
+        permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null);
 
     ViewInstanceEntity viewInstanceDefinition =
         new ViewInstanceEntity(viewDefinition, instanceConfig);