ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myroslav Papirkovskyy" <mpapyrkovs...@hortonworks.com>
Subject Re: Review Request 41034: Enforce granular role-based access control for service functions
Date Tue, 08 Dec 2015 15:35:02 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41034/#review109332
-----------------------------------------------------------



ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
(line 1490)
<https://reviews.apache.org/r/41034/#comment168807>

    This will restrict user from updating cofigs not related to service (cluster-env for example)
if he doesn't have permission to modify service configs.
    Wondering how valid this case is.


- Myroslav Papirkovskyy


On Гру. 8, 2015, 1:02 до полудня, Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41034/
> -----------------------------------------------------------
> 
> (Updated Гру. 8, 2015, 1:02 до полудня)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Sumit Mohanty,
Swapan Shridhar, and Sid Wagle.
> 
> 
> Bugs: AMBARI-14192
>     https://issues.apache.org/jira/browse/AMBARI-14192
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Enforce granular role-based access control for service functions:
> 
>                                | Cluster User | Service Operator | Service Administrator
| Cluster Operator | Cluster Administrator | Administrator 
> -------------------------------|--------------|------------------|-----------------------|------------------|-----------------------|---------------
> Start/Stop/Restart Service     |              | (+)              | (+)              
    | (+)              | (+)                   | (+) 
> Decommission/recommission      |              | (+)              | (+)              
    | (+)              | (+)                   | (+)
> Run service checks             |              | (+)              | (+)              
    | (+)              | (+)                   | (+)
> Turn on/off maintenance mode   |              | (+)              | (+)              
    | (+)              | (+)                   | (+)
> Perform service-specific tasks |              | (+)              | (+)              
    | (+)              | (+)                   | (+)
> Move to another host           |              |                  | (+)              
    | (+)              | (+)                   | (+)
> Enable HA                      |              |                  | (+)              
    | (+)              | (+)                   | (+)
> Add Service to cluster         |              |                  |                  
    |                  | (+)                   | (+)
> Install components             |              |                  |                  
    | (+)              | (+)                   | (+)
> Modify service configurations  |              |                  | (+)              
    | (+)              | (+)                   | (+)
> Set service users and groups   |              |                  |                  
    |                  |                       | (+)
> 
> Entry points affected:
> - GET /api/v1/clusters/:cluster_name/services
> - GET /api/v1/clusters/:cluster_name/services/:service_name
> - POST /api/v1/clusters/:cluster_name/services/:service_name
> - PUT /api/v1/clusters/:cluster_name/services/:service_name
> - DELETE /api/v1/clusters/:cluster_name/services/:service_name
> - GET /api/v1/clusters/:cluster_name/services/:service_name/components
> - GET /api/v1/clusters/:cluster_name/services/:service_name/components/:component_name
> - POST /api/v1/clusters/:cluster_name/services/:service_name/components/:component_name
> - PUT /api/v1/clusters/:cluster_name/services/:service_name/components/:component_name
> - DELETE /api/v1/clusters/:cluster_name/services/:service_name/components/:component_name
> - POST /api/v1/clusters/:cluster_name/hosts
> - POST /api/v1/clusters/:cluster_name/requests
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
424678e 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
2266a13 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
60b6901 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java
59b5fcf 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostComponentResourceProvider.java
af39076 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
061b27d 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
0df2507 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
c87c338 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
e303066 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
1f53b06 
>   ambari-server/src/main/java/org/apache/ambari/server/topology/AmbariContext.java d9ac183

>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
53630aa 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
9dbfcff 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
e1e9104 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
c871ec7 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
827f979 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java
5fb2831 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostComponentResourceProviderTest.java
734bbc4 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
36286e7 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
22aa124 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
fc0c1cc 
>   ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
94f119c 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
bd1d12b 
> 
> Diff: https://reviews.apache.org/r/41034/diff/
> 
> 
> Testing
> -------
> 
> Manually tested
> 
> # Local test results: PASSED
> 
> # Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message