ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitro Lisnichenko" <dlysniche...@hortonworks.com>
Subject Re: Review Request 40637: Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
Date Tue, 24 Nov 2015 13:47:38 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40637/#review107777
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On Nov. 24, 2015, 2:15 p.m., Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40637/
> -----------------------------------------------------------
> 
> (Updated Nov. 24, 2015, 2:15 p.m.)
> 
> 
> Review request for Ambari, Dmitro Lisnichenko and Jaimin Jetly.
> 
> 
> Bugs: AMBARI-14036
>     https://issues.apache.org/jira/browse/AMBARI-14036
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Basic implementation AMBARI-9587
> 1st task:
> While upgrading a cluster above 2.0.0 Ambari version, if knox topology file is present
without authorization provider then add correct authorization provider i.e
> If Ranger plugin is not enabled for Knox then
> <provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider> 
> If Ranger plugin for knox is enabled then
> <provider> <role>authorization</role> <name>XASecurePDPKnox</name>
<enabled>true</enabled> </provider> 
> NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply modify knox
topology to add "<provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider>" as Ranger service itself was added
in 2.0.0
> 2nd task:
> Stack advisor right now recommends the value of authorization provider in topology file
when ranger plugin is enabled or disabled. But this will happen only if authorization provider
tag is present in topology file or else the recommendation logic will be skipped. Stack advisor
code needs to be changed so that while enabling or disabling ranger plugin for knox if authorization
provider tag does not exist then the corresponding authorization provider tag should be added
while sending back recommendation to ambari-web.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
30e4151 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog213.java
cc1838b 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 7201de8 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog213Test.java
fa3e365 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 0acaaff 
> 
> Diff: https://reviews.apache.org/r/40637/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message