Return-Path: 
 <dev-return-14686-apmail-falcon-dev-archive=falcon.apache.org@falcon.apache.org>
X-Original-To: apmail-falcon-dev-archive@minotaur.apache.org
Delivered-To: apmail-falcon-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 545A91880C
	for <apmail-falcon-dev-archive@minotaur.apache.org>;
 Thu, 10 Sep 2015 07:43:23 +0000 (UTC)
Received: (qmail 67856 invoked by uid 500); 10 Sep 2015 07:43:20 -0000
Delivered-To: apmail-falcon-dev-archive@falcon.apache.org
Received: (qmail 67819 invoked by uid 500); 10 Sep 2015 07:43:20 -0000
Mailing-List: contact dev-help@falcon.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@falcon.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@falcon.apache.org>
List-Post: <mailto:dev@falcon.apache.org>
List-Id: <dev.falcon.apache.org>
Reply-To: dev@falcon.apache.org
Delivered-To: mailing list dev@falcon.apache.org
Received: (qmail 67808 invoked by uid 99); 10 Sep 2015 07:43:19 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Sep 2015 07:43:19 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id 8362DC0252
	for <dev@falcon.apache.org>; Thu, 10 Sep 2015 07:43:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 5.176
X-Spam-Level: *****
X-Spam-Status: No, score=5.176 tagged_above=-999 required=6.31
	tests=[DKIM_ADSP_CUSTOM_MED=0.001,
	HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=3,
	KAM_LAZY_DOMAIN_SECURITY=1, NML_ADSP_CUSTOM_MED=1.2,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-0.006] autolearn=disabled
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id EkOrNsiDdlFe for <dev@falcon.apache.org>;
	Thu, 10 Sep 2015 07:43:17 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 SMTP id C31ED201FB
	for <dev@falcon.incubator.apache.org>; Thu, 10 Sep 2015 07:43:15 +0000 (UTC)
Received: (qmail 67676 invoked by uid 99); 10 Sep 2015 07:43:15 -0000
Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Sep 2015 07:43:15 +0000
Received: from reviews.apache.org (localhost [127.0.0.1])
	by reviews.apache.org (Postfix) with ESMTP id 3D0A926BCD7;
	Thu, 10 Sep 2015 07:43:14 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============5673213634535394165=="
MIME-Version: 1.0
Subject: Re: Review Request 37771: Falcon Proxy user support
From: "pavan kumar kolamuri" <pavan.kolamuri@gmail.com>
To: "pavan kumar kolamuri" <pavan.kolamuri@gmail.com>,
 "Sowmya Ramesh" <sramesh@hortonworks.com>,
 "Falcon" <dev@falcon.incubator.apache.org>
Date: Thu, 10 Sep 2015 07:43:14 -0000
Message-ID: <20150910074314.12751.14316@reviews.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: "pavan kumar kolamuri" <noreply@reviews.apache.org>
X-ReviewGroup: Falcon
X-Auto-Response-Suppress: DR, RN, OOF, AutoReply
X-ReviewRequest-URL: https://reviews.apache.org/r/37771/
X-Sender: "pavan kumar kolamuri" <noreply@reviews.apache.org>
References: <20150831230522.16296.76019@reviews.apache.org>
In-Reply-To: <20150831230522.16296.76019@reviews.apache.org>
Reply-To: "pavan kumar kolamuri" <pavan.kolamuri@gmail.com>
X-ReviewRequest-Repository: falcon-git

--===============5673213634535394165==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37771/#review98356
-----------------------------------------------------------



common/src/main/java/org/apache/falcon/service/ProxyUserService.java (line 147)
<https://reviews.apache.org/r/37771/#comment154794>

    This is not required since in validateRequestorHost , Comparision is done for both hostname and normalize hostname. If we do this won't it fail if some one gives only hostnames in properties ?



common/src/main/java/org/apache/falcon/service/ProxyUserService.java (line 149)
<https://reviews.apache.org/r/37771/#comment154810>

    falcon.service.ProxyUserService.proxyuser." + proxyUser + ".groups.  Is it Ok if this property not present also ? But doc says both should be present if i am not wrong ?



prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java (line 490)
<https://reviews.apache.org/r/37771/#comment154778>

    Why doAs option is added only for entitySummary and entityList ? Why not for other entity operations. But in CLI we are taking doAs for all entity operations won't it cause exceptions ? Please correct me if i am missing something.


- pavan kumar kolamuri


On Aug. 31, 2015, 11:05 p.m., Sowmya Ramesh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37771/
> -----------------------------------------------------------
> 
> (Updated Aug. 31, 2015, 11:05 p.m.)
> 
> 
> Review request for Falcon.
> 
> 
> Bugs: FALCON-1027
>     https://issues.apache.org/jira/browse/FALCON-1027
> 
> 
> Repository: falcon-git
> 
> 
> Description
> -------
> 
> Today, Falcon doesn’t have doAs capability i.e. it doesn’t support impersonation. Support for impersonation or proxyuser functionality (identical to Hadoop proxyuser capabilities and conceptually similar to Unix 'sudo') needs to be added to REST API’s and CLI(Command
> line).
> 
> 
> Diffs
> -----
> 
>   client/src/main/java/org/apache/falcon/cli/FalconCLI.java 11dfe72 
>   client/src/main/java/org/apache/falcon/cli/FalconMetadataCLI.java 2f57c7d 
>   client/src/main/java/org/apache/falcon/client/AbstractFalconClient.java 282b41b 
>   client/src/main/java/org/apache/falcon/client/FalconClient.java 44436d2 
>   common/src/main/java/org/apache/falcon/security/CurrentUser.java 4aed5d7 
>   common/src/main/java/org/apache/falcon/security/SecurityUtil.java 861f80f 
>   common/src/main/java/org/apache/falcon/service/GroupsService.java PRE-CREATION 
>   common/src/main/java/org/apache/falcon/service/ProxyUserService.java PRE-CREATION 
>   common/src/main/resources/startup.properties c48188c 
>   common/src/test/java/org/apache/falcon/security/CurrentUserTest.java 9a3f365 
>   common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java 6e77462 
>   common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java PRE-CREATION 
>   common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java PRE-CREATION 
>   docs/src/site/twiki/FalconCLI.twiki 9203699 
>   docs/src/site/twiki/FalconDocumentation.twiki 29d93f7 
>   prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java 78964dd 
>   prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java 5b415a2 
>   prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java 78f68ba 
>   prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java ceabb06 
>   prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java df64b44 
>   prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java 15e94cd 
>   prism/src/main/java/org/apache/falcon/security/HostnameFilter.java PRE-CREATION 
>   prism/src/main/webapp/WEB-INF/web.xml 551bf56 
>   prism/src/test/java/org/apache/falcon/resource/EntityManagerTest.java cce8737 
>   prism/src/test/java/org/apache/falcon/security/FalconAuthenticationFilterTest.java 9e8c76a 
>   prism/src/test/java/org/apache/falcon/security/HostnameFilterTest.java PRE-CREATION 
>   src/conf/startup.properties 9925373 
>   unit/src/main/java/org/apache/falcon/unit/FalconUnitClient.java eb65cb3 
>   unit/src/test/java/org/apache/falcon/unit/FalconUnitTestBase.java 997b301 
>   webapp/pom.xml 5a9e1da 
>   webapp/src/conf/oozie/conf/oozie-site.xml ded4873 
>   webapp/src/main/java/org/apache/falcon/resource/SchedulableEntityManager.java 1f8cc1b 
>   webapp/src/main/webapp/WEB-INF/distributed/web.xml 31d78a2 
>   webapp/src/main/webapp/WEB-INF/embedded/web.xml fa2db39 
>   webapp/src/main/webapp/WEB-INF/web.xml 2cfd7de 
>   webapp/src/test/java/org/apache/falcon/cli/FalconCLIIT.java 0062070 
>   webapp/src/test/java/org/apache/falcon/resource/EntityManagerJerseyIT.java f0cee61 
>   webapp/src/test/java/org/apache/falcon/resource/MetadataResourceJerseyIT.java eb1dda8 
>   webapp/src/test/java/org/apache/falcon/resource/TestContext.java 4a25b88 
>   webapp/src/test/resources/startup.properties PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/37771/diff/
> 
> 
> Testing
> -------
> 
> Unit tests and IT tests.
> Manual testing : 
> 
> * ProxyUSer service not added in startup properties, should throw "Service ProxyUserService not registered"
> * Super user not added in proxy user setting in startup.properties, shoudl throw "java.security.AccessControlException: User <superuser> not defined as proxyuser"
> 
> CLI:
> * Add doAs option in CLI and verify command succeeds
> * Commands should succeed without doAs as is an optional arg
> 
> REST API:
> * pass doAs query param and verify REST requests succeeds
> * REST requests should succeed without doAs query param as it is optional
> 
> 
> * Perform schedule using doAs user. For other requests if doAs user is not passed (say suspend, resume etc.) should get "User <superuser> not authorized for Coord job <bundleId>"
> 
> 
> Thanks,
> 
> Sowmya Ramesh
> 
>


--===============5673213634535394165==--