ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vitaly Brodetskyi (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-14036) Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)
Date Tue, 24 Nov 2015 12:12:10 GMT
Vitaly Brodetskyi created AMBARI-14036:
------------------------------------------

             Summary: Add recommendations for authorization provider(upgrade ambari 1.7.0
-> ambari 2.1.3)
                 Key: AMBARI-14036
                 URL: https://issues.apache.org/jira/browse/AMBARI-14036
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.1.3
            Reporter: Vitaly Brodetskyi
            Assignee: Vitaly Brodetskyi
            Priority: Critical
             Fix For: 2.1.3


Basic implementation AMBARI-9587

*1st task:*
While upgrading a cluster above 2.0.0 Ambari version, if knox topology file is present without
authorization provider then add correct authorization provider i.e
# If Ranger plugin is not enabled for Knox then
{code}
<provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider> 
{code}
# If Ranger plugin for knox is enabled then
{code}
<provider> <role>authorization</role> <name>XASecurePDPKnox</name>
<enabled>true</enabled> </provider> 
{code}

NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply modify knox topology
to add "<provider> <role>authorization</role> <name>AclsAuthz</name>
<enabled>true</enabled> </provider>" as Ranger service itself was added
in 2.0.0 


*2nd task:*
Stack advisor right now recommends the value of authorization provider in topology file when
ranger plugin is enabled or disabled. But this will happen only if authorization provider
tag is present in topology file or else the recommendation logic will be skipped. Stack advisor
code needs to be changed so that while enabling or disabling ranger plugin for knox if authorization
provider tag does not exist then the corresponding authorization provider tag should be added
while sending back recommendation to ambari-web.








--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message