falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sowmya Ramesh" <sram...@hortonworks.com>
Subject Re: Review Request 37771: Falcon Proxy user support
Date Mon, 31 Aug 2015 23:05:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37771/
-----------------------------------------------------------

(Updated Aug. 31, 2015, 11:05 p.m.)


Review request for Falcon.


Bugs: FALCON-1027
    https://issues.apache.org/jira/browse/FALCON-1027


Repository: falcon-git


Description
-------

Today, Falcon doesn’t have doAs capability i.e. it doesn’t support impersonation. Support
for impersonation or proxyuser functionality (identical to Hadoop proxyuser capabilities and
conceptually similar to Unix 'sudo') needs to be added to REST API’s and CLI(Command
line).


Diffs
-----

  client/src/main/java/org/apache/falcon/cli/FalconCLI.java 11dfe72 
  client/src/main/java/org/apache/falcon/cli/FalconMetadataCLI.java 2f57c7d 
  client/src/main/java/org/apache/falcon/client/AbstractFalconClient.java 282b41b 
  client/src/main/java/org/apache/falcon/client/FalconClient.java 44436d2 
  common/src/main/java/org/apache/falcon/security/CurrentUser.java 4aed5d7 
  common/src/main/java/org/apache/falcon/security/SecurityUtil.java 861f80f 
  common/src/main/java/org/apache/falcon/service/GroupsService.java PRE-CREATION 
  common/src/main/java/org/apache/falcon/service/ProxyUserService.java PRE-CREATION 
  common/src/main/resources/startup.properties c48188c 
  common/src/test/java/org/apache/falcon/security/CurrentUserTest.java 9a3f365 
  common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java 6e77462 
  common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java PRE-CREATION 
  common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java PRE-CREATION 
  docs/src/site/twiki/FalconCLI.twiki 9203699 
  docs/src/site/twiki/FalconDocumentation.twiki 29d93f7 
  prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java 78964dd 
  prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java 5b415a2

  prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java 78f68ba 
  prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
ceabb06 
  prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java df64b44 
  prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java 15e94cd 
  prism/src/main/java/org/apache/falcon/security/HostnameFilter.java PRE-CREATION 
  prism/src/main/webapp/WEB-INF/web.xml 551bf56 
  prism/src/test/java/org/apache/falcon/resource/EntityManagerTest.java cce8737 
  prism/src/test/java/org/apache/falcon/security/FalconAuthenticationFilterTest.java 9e8c76a

  prism/src/test/java/org/apache/falcon/security/HostnameFilterTest.java PRE-CREATION 
  src/conf/startup.properties 9925373 
  unit/src/main/java/org/apache/falcon/unit/FalconUnitClient.java eb65cb3 
  unit/src/test/java/org/apache/falcon/unit/FalconUnitTestBase.java 997b301 
  webapp/pom.xml 5a9e1da 
  webapp/src/conf/oozie/conf/oozie-site.xml ded4873 
  webapp/src/main/java/org/apache/falcon/resource/SchedulableEntityManager.java 1f8cc1b 
  webapp/src/main/webapp/WEB-INF/distributed/web.xml 31d78a2 
  webapp/src/main/webapp/WEB-INF/embedded/web.xml fa2db39 
  webapp/src/main/webapp/WEB-INF/web.xml 2cfd7de 
  webapp/src/test/java/org/apache/falcon/cli/FalconCLIIT.java 0062070 
  webapp/src/test/java/org/apache/falcon/resource/EntityManagerJerseyIT.java f0cee61 
  webapp/src/test/java/org/apache/falcon/resource/MetadataResourceJerseyIT.java eb1dda8 
  webapp/src/test/java/org/apache/falcon/resource/TestContext.java 4a25b88 
  webapp/src/test/resources/startup.properties PRE-CREATION 

Diff: https://reviews.apache.org/r/37771/diff/


Testing (updated)
-------

Unit tests and IT tests.
Manual testing : 

* ProxyUSer service not added in startup properties, should throw "Service ProxyUserService
not registered"
* Super user not added in proxy user setting in startup.properties, shoudl throw "java.security.AccessControlException:
User <superuser> not defined as proxyuser"

CLI:
* Add doAs option in CLI and verify command succeeds
* Commands should succeed without doAs as is an optional arg

REST API:
* pass doAs query param and verify REST requests succeeds
* REST requests should succeed without doAs query param as it is optional


* Perform schedule using doAs user. For other requests if doAs user is not passed (say suspend,
resume etc.) should get "User <superuser> not authorized for Coord job <bundleId>"


Thanks,

Sowmya Ramesh


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message