ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMBARI-20769) Recommission fails for Cluster Operators, Service Adminstrators and Service Operators
Date Tue, 30 May 2017 17:18:04 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-20769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16029772#comment-16029772
] 

Robert Levas edited comment on AMBARI-20769 at 5/30/17 5:17 PM:
----------------------------------------------------------------

[~patelket@us.ibm.com]...

Thanks for the clarification on this. I didn't know about the {{/clusters/:CLUSTER_NAME/request_schedules}}
entry point.  My guess is that this was missed when adding the new RBAC features. 

So what needs to be done is to add this URL pattern to the list tested in {{org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter#authorizationPerformedInternally}}.
 Then add the correct authorization logic to {{org.apache.ambari.server.controller.internal.RequestScheduleResourceProvider}}.
 

Unfortunately, this resource provider handles generic requests, so logic will need to be implemented
to determine what is being asked for and then perform the appropriate authorization check.


 


was (Author: rlevas):
[~patelket@us.ibm.com]...

Thanks for the clarification on this. I didn't know about the {{/clusters/:CLUSTER_NAME/request_schedules'}}
entry point.  My guess is that this was missed when adding the new RBAC features. 

So what needs to be done is to add this URL pattern to the list tested in {{org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter#authorizationPerformedInternally}}.
 Then add the correct authorization logic to {{org.apache.ambari.server.controller.internal.RequestScheduleResourceProvider}}.
 

Unfortunately, this resource provider handles generic requests, so logic will need to be implemented
to determine what is being asked for and then perform the appropriate authorization check.


 

> Recommission fails for Cluster Operators, Service Adminstrators and Service Operators
> -------------------------------------------------------------------------------------
>
>                 Key: AMBARI-20769
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20769
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk, 2.5.0
>            Reporter: Keta Patel
>            Assignee: Keta Patel
>         Attachments: AMBARI-20769-codeSnippet-for-error.png, AMBARI-20769-codeSnippet.png,
cluster_operator_1_recommission.png, cluster_operator_2_recommission.png
>
>
> Steps to reproduce:
> 1. Create 4 local users assign one to each of the following roles:
>  - Cluster Administrator
>  - Cluster Operator
>  - Service Administrator
>  - Service Operator
> 2. Logout and login back as one of the above created users.
> 3. Decommission a node, the operation is successful with the Background Operation pop-up
showing the decommissioning operation being performed.
> 4. Recommission that node. Only the Ambari Admin and Cluster Administrator is able to
successfully perform this step. For the rest of the roles mentioned in step-1, you will see
the following behavior:
>  - The background operation pop-up shows up with "0 Operations" in progress.
>  - The background operation pop-up disappears and you see the login page momentarily.
>  - The main Dashboard is seen immediately after that and the node is still in the "Decommissioned"
state.
> Desired Behavior:
> All the roles mentioned in step-1 must be able to successfully recommission the nodes.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message