ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-20768) Local Ambari user with no cluster role must not be able to access Logsearch UI
Date Thu, 20 Apr 2017 12:21:04 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-20768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15976591#comment-15976591
] 

Hudson commented on AMBARI-20768:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #7319 (See [https://builds.apache.org/job/Ambari-trunk-Commit/7319/])
AMBARI-20768. Local Ambari user with no cluster role must not be able to (oleewere: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=1c37ffc435995fc898941837a2cdcdffd51d06bc])
* (edit) ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java


> Local Ambari user with no cluster role must not be able to access Logsearch UI
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-20768
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20768
>             Project: Ambari
>          Issue Type: Bug
>          Components: logsearch
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>             Fix For: 2.5.1
>
>         Attachments: all_tests_successful.png, AMBARI-20768_branch-2.5.0.patch, AMBARI-20768_branch-2.5_updated.patch
>
>
> A local Ambari user with no cluster roles assigned to it can successfully log into the
Logsearch UI.
> Logsearch service exercises restriction on who can access its UI using a property "logsearch.roles.allowed".
This property is a comma-separated list of roles to be allowed access to Logsearch UI. This
defect deals with the following issue:
> 1. If Logsearch service requires that only certain roles be allowed to access its UI,
then a local Ambari user with no roles must not be allowed to access the UI.
> DESIRED BEHAVIOR:
> =================
> 1. A local user with no role assigned to it, must not be able to access Logsearch UI.
> Note: The description has been updated by removing the aspect of correcting the behavior
for Ambari Administrator role for the Logsearch UI.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message