ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nate Cole" <nc...@hortonworks.com>
Subject Re: Review Request 40793: Enforce granular role-based access control for cluster functions
Date Tue, 01 Dec 2015 15:59:09 GMT


> On Dec. 1, 2015, 9:57 a.m., Jonathan Hurley wrote:
> > I have a concern about the way that we're coupling the security logic here. The
AMC class is a mess - it really is just a massive steaming pot of "anything goes" - there's
no real separation of concerns and no real contract. It feels like we're just catching a few
places where front-end logic eventually gets funneled. What about trying to catch this stuff
at a lower level? Maybe in the DAOs?
> > 
> > What about catching it at a higher level? Could there be a branch new request processor
that inspects the incoming request, picks it apart to see the different things it's trying
to do and throws auth exceptions there? This way we wouldn't be trying to find all of the
spots sprinkeled throughout the code that we need to intercept.

I like the service-level (endpoint) approach.

DAOs feel like it would get complicated fast, especially when performing joins across tables
- trying to decide if the user is authenticated to update rows of one table, but not another
(if that's a valid use case).


- Nate


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40793/#review108503
-----------------------------------------------------------


On Nov. 30, 2015, 5:43 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40793/
> -----------------------------------------------------------
> 
> (Updated Nov. 30, 2015, 5:43 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Myroslav Papirkovskyy,
Nate Cole, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-14072
>     https://issues.apache.org/jira/browse/AMBARI-14072
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Enforce granular role-based access control for cluster functions:
> 
>                            | Cluster User | Service Operator | Service Administrator
| Cluster Operator | Cluster Administrator | Administrator
> ---------------------------|--------------|------------------|-----------------------|------------------|-----------------------|---------------
> View status information    |(+)           |(+)               |(+)                   
|(+)               |(+)                    |(+)            
> View configuration         |(+)           |(+)               |(+)                   
|(+)               |(+)                    |(+)            
> View stack version details |(+)           |(+)               |(+)                   
|(+)               |(+)                    |(+)            
> Enable/disable Kerberos    |              |                  |                      
|                  |(+)                    |(+)            
> Upgrade/downgrade stack    |              |                  |                      
|                  |(+)                    |(+)            
> Create new clusters        |              |                  |                      
|                  |                       |(+)            
> Rename clusters            |              |                  |                      
|                  |                       |(+)            
> 
> Entry points affected:
> * PUT /api/v1/clusters/:cluster_name 
> * POST /api/v1/clusters/:cluster_name 
> 
> # Note: Read-only requests (GET) are not protected so that the front end is not broken.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
4954a96 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
b446121 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
0e3e7b8 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
84c13b9 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
7f88286 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
baa394c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
ca3ca36 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
3bf6cad 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
30be261 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
e93a479 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
84de604 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
2c6905d 
>   ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
634d840 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
d4b7d5a 
>   ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java bdb5156

>   ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java fa6598c

>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java
319b9fe 
> 
> Diff: https://reviews.apache.org/r/40793/diff/
> 
> 
> Testing
> -------
> 
> Manually tested
> 
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 58:54.570s
> [INFO] Finished at: Mon Nov 30 07:53:59 EST 2015
> [INFO] Final Memory: 67M/1340M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message