Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ambari.apache.org
Content-Type: multipart/alternative;
 boundary="===============1484836068911292705=="
MIME-Version: 1.0
Subject: Re: Review Request 41107: Role Based Access Control support for
 Metrics.
From: "Jonathan Hurley" <jhurley@hortonworks.com>
To: "Sumit Mohanty" <smohanty@hortonworks.com>,
 "Robert Levas" <rlevas@hortonworks.com>,
 "Alejandro Fernandez" <afernandez@hortonworks.com>,
 "Jonathan Hurley" <jhurley@hortonworks.com>,
 "Nate Cole" <ncole@hortonworks.com>, "Sid Wagle" <swagle@hortonworks.com>
Cc: "Swapan Shridhar" <sshridhar@hortonworks.com>,
 "Ambari" <dev@ambari.apache.org>
Date: Fri, 11 Dec 2015 21:23:39 -0000
Message-ID: <20151211212339.1643.42347@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: "Jonathan Hurley" <noreply@reviews.apache.org>
References: <20151210140439.1618.43008@reviews.apache.org>
In-Reply-To: <20151210140439.1618.43008@reviews.apache.org>
Reply-To: "Jonathan Hurley" <jhurley@hortonworks.com>

--===============1484836068911292705==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41107/#review110022
-----------------------------------------------------------


It looks like a bunch of tests were removed.


ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java 
<https://reviews.apache.org/r/41107/#comment169776>

    Removing a test?


ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java 
<https://reviews.apache.org/r/41107/#comment169777>

    Removing a test?


It

- Jonathan Hurley


On Dec. 10, 2015, 9:04 a.m., Swapan Shridhar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41107/
> -----------------------------------------------------------
> 
> (Updated Dec. 10, 2015, 9:04 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Nate Cole, Robert Levas, Sumit Mohanty, and Sid Wagle.
> 
> 
> Bugs: AMBARI-14192
>     https://issues.apache.org/jira/browse/AMBARI-14192
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Role Based Access Control support for Metrics.
> 
> 
> * With the base infrastructure already in place for "Role Based Access Control(RBAC)", this change introduces the RBAC support for AMbari Metrics. Before the doing the metrics population, to be send back, it does an authorization check for the current user in consideration for the VIEW METRICE permissoions.
>   
> 
> * The mapping is as follows :
> 
> Resource.InternalType.Cluster -> CLUSTER_VIEW_METRICS
> Resource.InternalType.HOST -> HOST_VIEW_METRICS
> Resource.InternalType.Component -> SERVICE_VIEW_METRICS
> Resource.InternalType.HostComponent -> SERVICE_VIEW_METRICS
> 
> * For a user requesting Metrics and not having Au`thorization, AuthorizationException is raised.
> 
> 
> NOTE : 
> ----
> As of now, UI hangs when 403 code is raised (Sncreenshot attached) for VIEW user. I am raising a BUG on UI for that.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java 4a0c44f 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/jmx/JMXPropertyProvider.java 2748dd4 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProvider.java f1c5c81 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProviderProxy.java ac11556 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsReportPropertyProviderProxy.java 4d2ce01 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProvider.java b32adda 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/ThreadPoolEnabledPropertyProvider.java 8a35636 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProvider.java b9f54db 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java f0c1280 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProviderTest.java 82b42f2 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java 6fefffe 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProviderTest.java 6b5926b 
>   ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java 8abe757 
> 
> Diff: https://reviews.apache.org/r/41107/diff/
> 
> 
> Testing
> -------
> 
> - Ambari Server Deployment and tested for "View USER (only view permissions)", 'admin' login(all permissions) and SERVICE OPERATOR role.
> - UT : Running, will update the results.
> - UNIT tests modified as part of this change, tested : Success.
> - 
> - API :
> 
> 
> View User :
> ---------
> 
> [root@c6401 ambari-server]# curl -u viewUser:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "status" : 403,
>   "message" : "The authenticated user does not have authorization to view Host metrics"
> }
> 
> 
> Cluster Administrator Role:
> --------------------------
> 
> [root@c6401 ambari-server]# curl -u clusAdmin:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> Service Operator:
> ----------------
> 
> [root@c6401 ambari-server]# curl -u servOp:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> 
> 
> Non-existing User:
> -----------------
> 
> [root@c6401 ambari-server]# curl -u a:aaa "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "status": 403,
>   "message": "Full authentication is required to access this resource"
> }
> 
> 
> Admin User:
> ----------
> 
> [root@c6401 ambari-server]# curl -u admin:admin "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]"
> {
>   "href" : "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]",
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> File Attachments
> ----------------
> 
> Screenshot for hang
>   https://reviews.apache.org/media/uploaded/files/2015/12/10/9f38adda-2db9-44e1-b9f1-15e88e786817__Screen_Shot_2015-12-10_at_5.13.37_AM.png
> 
> 
> Thanks,
> 
> Swapan Shridhar
> 
>


--===============1484836068911292705==--