ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Hurley" <jhur...@hortonworks.com>
Subject Re: Review Request 41107: Role Based Access Control support for Metrics.
Date Mon, 14 Dec 2015 15:31:42 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41107/#review110241
-----------------------------------------------------------

Ship it!



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
(lines 117 - 150)
<https://reviews.apache.org/r/41107/#comment170037>

    I'm a little concerned about these methods taking the first item in the collection. We
know that moving forward we're going to probably need to support multiple clusters and multiple
service instances - taking the first and using it seems wrong here.



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
(line 187)
<https://reviews.apache.org/r/41107/#comment170038>

    Kind of the same problem as above. You're making a check against the "first" cluster when
there could be multiple ones, no?



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProvider.java
(line 214)
<https://reviews.apache.org/r/41107/#comment170040>

    Log instead of printStackTrace


- Jonathan Hurley


On Dec. 12, 2015, 5:40 a.m., Swapan Shridhar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41107/
> -----------------------------------------------------------
> 
> (Updated Dec. 12, 2015, 5:40 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Nate Cole, Robert Levas,
Sumit Mohanty, and Sid Wagle.
> 
> 
> Bugs: AMBARI-14192
>     https://issues.apache.org/jira/browse/AMBARI-14192
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Role Based Access Control support for Metrics.
> 
> 
> * With the base infrastructure already in place for "Role Based Access Control(RBAC)",
this change introduces the RBAC support for AMbari Metrics. Before the doing the metrics population,
to be send back, it does an authorization check for the current user in consideration for
the VIEW METRICE permissoions.
>   
> 
> * The mapping is as follows :
> 
> Resource.InternalType.Cluster -> CLUSTER_VIEW_METRICS
> Resource.InternalType.HOST -> HOST_VIEW_METRICS
> Resource.InternalType.Component -> SERVICE_VIEW_METRICS
> Resource.InternalType.HostComponent -> SERVICE_VIEW_METRICS
> 
> * For a user requesting Metrics and not having Au`thorization, AuthorizationException
is raised.
> 
> 
> NOTE : 
> ----
> As of now, the when the VIEW USER logs in, it see the VIEW listed for which it is entitled
for, but clicking on the VIEW results in ERROR :
> 
> "Couldn't connect to the cluster
> RA040 I/O error while requesting Ambari". 
> 
> 
> Two Screenshots attached.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
4a0c44f 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProvider.java
a1b4f3f 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/jmx/JMXPropertyProvider.java
2748dd4 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProvider.java
f1c5c81 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProviderProxy.java
ac11556 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsReportPropertyProviderProxy.java
4d2ce01 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProvider.java
b32adda 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/ThreadPoolEnabledPropertyProvider.java
8a35636 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProviderTest.java
bb6673c 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java
f0c1280 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProviderTest.java
82b42f2 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java
6fefffe 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProviderTest.java
6b5926b 
> 
> Diff: https://reviews.apache.org/r/41107/diff/
> 
> 
> Testing
> -------
> 
> - Ambari Server Deployment and tested for "View USER (only view permissions)", 'admin'
login(all permissions) and SERVICE OPERATOR role.
> - UT : PASSES.
> - UNIT tests modified as part of this change, tested : Success.
> - 
> - API :
> 
> 
> View User :
> ---------
> 
> [root@c6401 ambari-server]# curl -u viewUser:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "status" : 403,
>   "message" : "The authenticated user does not have authorization to view Host metrics"
> }
> 
> 
> Cluster Administrator Role:
> --------------------------
> 
> [root@c6401 ambari-server]# curl -u clusAdmin:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> Service Operator:
> ----------------
> 
> [root@c6401 ambari-server]# curl -u servOp:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> 
> 
> Non-existing User:
> -----------------
> 
> [root@c6401 ambari-server]# curl -u a:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "status": 403,
>   "message": "Full authentication is required to access this resource"
> }
> 
> 
> Admin User:
> ----------
> 
> [root@c6401 ambari-server]# curl -u admin:admin "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> File Attachments
> ----------------
> 
> 1. Clicking on VIEW in "VIEW USER" role results in ERROR
>   https://reviews.apache.org/media/uploaded/files/2015/12/12/69a18d68-cb66-4432-965e-5d883ff846ac__1._Clicking_on_VIEW_in_22VIEW_USER22_role_results_in_ERROR.png
> 2. ERROR on UI after clicking on VIEW as "VIEW USER"
>   https://reviews.apache.org/media/uploaded/files/2015/12/12/212ed873-75a5-4d4d-bfff-c9749938ef9b__2._ERROR_on_UI_after_clicking_on_VIEW_as_22VIEW_USER22.png
> 
> 
> Thanks,
> 
> Swapan Shridhar
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message