ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Re: Review Request 23171: Views : Admin - Add Permission Resource
Date Wed, 02 Jul 2014 13:22:13 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23171/
-----------------------------------------------------------

(Updated July 2, 2014, 1:22 p.m.)


Review request for Ambari, Mahadev Konar, Nate Cole, and Sid Wagle.


Bugs: AMBARI-6318
    https://issues.apache.org/jira/browse/AMBARI-6318


Repository: ambari


Description
-------

Add service/resource, resource provider and db tables/entities for Permissions resources.

API support
{code}
GET
/api/v1/permissions/CLUSTER.READ
Response
{
  "href" : "http://<server>:8080/api/v1/permissions/VIEW",
  "Permissions" : {
    "name" : "CLUSTER.READ",
    "description" : "The read cluster permission … "
  }
}
{code}

{code}
GET
/api/v1/permissions
Response
{
  "href" : "http://server:8080/api/v1/permissions/",
  "items" : [
    {
      "href" : "http://server:8080/api/v1/permissions/VIEW",
      "Permissions" : {
        "name" : "CLUSTER.READ"
      }
    },
    {
      "href" : "http://server:8080/api/v1/permissions/OPERATE",
      "Permissions" : {
        "name" : "CLUSTER.OPERATE"
      }
    },
    {
      "href" : "http://server:8080/api/v1/permissions/ADMIN",
      "Permissions" : {
        "name" : "AMBARI.ADMIN"
      }
    }
  ]
}
{code}


Built-in Permissions (view, cluster, Ambari)

*View*

VIEW.USE
Gives access to view

View permissions may be granted and revoked by any user with the AMBARI.ADMIN privilege.

*Cluster*

CLUSTER.READ
Gives read only access to the cluster
CLUSTER.OPERATE
Gives ability to manage cluster

Cluster permissions may be granted and revoked by any user with the AMBARI.ADMIN privilege.

Note that in an upgrade scenario, users in the old USER role will automatically be granted
the CLUSTER.READ privilege on the cluster instance.  Users in the old ADMIN role will automatically
be granted the CLUSTER.OPERATE privilege on the cluster instance.

*Ambari*

AMBARI.ADMIN
Gives ability to manage clusters, manage views, create users, etc.

Ambari permissions may be granted and revoked by any user with the AMBARI.ADMIN privilege.
 On initial install the default ‘admin’ user is automatically granted the AMBARI.ADMIN
permission on the Ambari resource.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/resources/PermissionResourceDefinition.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
e1428d8 
  ambari-server/src/main/java/org/apache/ambari/server/api/services/PermissionService.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
923202c 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java
PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java 13e7c77

  ambari-server/src/test/java/org/apache/ambari/server/api/resources/PermissionResourceDefinitionTest.java
PRE-CREATION 
  ambari-server/src/test/java/org/apache/ambari/server/api/services/permissionServiceTest.java
PRE-CREATION 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java
PRE-CREATION 

Diff: https://reviews.apache.org/r/23171/diff/


Testing
-------

New unit tests added.  All tests pass...

Results :

Tests run: 1695, Failures: 0, Errors: 0, Skipped: 13


[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 24:40.217s
[INFO] Finished at: Mon Jun 30 11:32:25 EDT 2014
[INFO] Final Memory: 36M/123M
[INFO] ------------------------------------------------------------------------


Thanks,

Tom Beerbower


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message