ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Nastetsky <anastet...@spryinc.com>
Subject Re: ambari user management
Date Wed, 05 Mar 2014 20:04:44 GMT
Thanks. Ironically, there is nothing in there about "users", only
"clusters" and its sub-resources.


On Wed, Mar 5, 2014 at 2:47 PM, Yusaku Sako <yusaku@hortonworks.com> wrote:

> Alex,
>
> You are welcome.
> You might want to check out the API Reference:
> https://github.com/apache/ambari/blob/trunk/ambari-server/docs/api/v1/index.md
>
> Yusaku
>
>
> On Wed, Mar 5, 2014 at 11:43 AM, Alex Nastetsky <anastetsky@spryinc.com>wrote:
>
>> Yusako, this is very helpful! This is  exactly what I was looking for.
>>
>> By the way, is there any documentation about the API somewhere? So far I
>> just I just know about the http://localhost:8080/api/v1/users and
>> http://localhost:8080/api/v1/ <http://localhost:8080/api/v1/users/>clusters.
>> Attempting to access http://localhost:8080/api/v<http://localhost:8080/api/v1/users/>1
>> gives a 404.
>>
>>
>> On Wed, Mar 5, 2014 at 1:41 PM, Yusaku Sako <yusaku@hortonworks.com>wrote:
>>
>>> Hi Alex,
>>>
>>> > Do you mean that admin users CAN change passwords through the API in
>>> configs.sh?
>>>
>>> No, admins cannot change user passwords via configs.sh; configs.sh is a
>>> wrapper that uses the API to manage "configuration" objects that do not
>>> deal with user passwords.
>>> However, admins can change passwords directly via the API (or with a
>>> similar wrapper script).
>>> Here's an example:
>>>
>>> curl -i -uadmin:admin -H "X-Requested-By: ambari" -X PUT -d '{"Users":{"roles":"admin,user","password":"mysecret","old_password":"admin"}}'
>>> http://localhost:8080/api/v1/users/<user-name>
>>>
>>> where:
>>> * "roles" is a comma-delimited list of roles that the user should belong
>>> to "admin,user" for admin users; just "user" for non-admin users.
>>> * "password" is the new password to set for the user
>>> * "old_password" is misleading, but* it's the password of the admin
>>> user invoking this call*.  If you omit this parameter, the API call
>>> seems to go thru, but the password does not actually change.  This is a bit
>>> redundant and confusing, but that's how it works today...
>>>
>>> I hope this helps!
>>>
>>> Yusaku
>>>
>>>
>>>
>>> On Wed, Mar 5, 2014 at 8:20 AM, Alex Nastetsky <anastetsky@spryinc.com>wrote:
>>>
>>>> Thanks Yusaku,
>>>>
>>>> Do you mean that admin users CAN change passwords through the API in
>>>> configs.sh? I couldn't find how to do that. None of the CONFIG_TYPE values
>>>> seem relevant, they all deal directly with other Hadoop services.
>>>>
>>>> I'm talking about this:
>>>>
>>>>  <CONFIG_TYPE>: One of the various configuration types in Ambari.
>>>> Ex:global, core-site, hdfs-site, mapred-queue-acls, etc.
>>>>
>>>>
>>>>
>>>> On Wed, Mar 5, 2014 at 11:11 AM, Yusaku Sako <yusaku@hortonworks.com>wrote:
>>>>
>>>>> Hi Alex,
>>>>>
>>>>> Ambari can be configured to use a built-in local user store (default)
>>>>> or an external LDAP server (including ActiveDirectory), which can be
>>>>> managed outside of Ambari.
>>>>> Unfortunately the built-in user store is a bit simplistic in that only
>>>>> Admins can change the password on behalf of the non-admin user as you
>>>>> mentioned.  The API currently prevents non-admin users from invoking
any
>>>>> write operations, including changing their own password, so there is
not a
>>>>> good way to do this via the API for now.
>>>>>
>>>>> Yusaku
>>>>> On Mar 5, 2014 7:49 AM, "Alex Nastetsky" <anastetsky@spryinc.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I keep getting spam errors when I send emails to this list. This
is
>>>>>> my attempt to circumvent that by putting my message content in a
pastebin:
>>>>>>
>>>>>> http://pastebin.com/raw.php?i=K03dwytn
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>
>>>>> CONFIDENTIALITY NOTICE
>>>>> NOTICE: This message is intended for the use of the individual or
>>>>> entity to which it is addressed and may contain information that is
>>>>> confidential, privileged and exempt from disclosure under applicable
law.
>>>>> If the reader of this message is not the intended recipient, you are
hereby
>>>>> notified that any printing, copying, dissemination, distribution,
>>>>> disclosure or forwarding of this communication is strictly prohibited.
If
>>>>> you have received this communication in error, please contact the sender
>>>>> immediately and delete it from your system. Thank You.
>>>>
>>>>
>>>>
>>>
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to which it is addressed and may contain information that is confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender immediately
>>> and delete it from your system. Thank You.
>>>
>>
>>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>

Mime
View raw message