This is an automated email from the ASF dual-hosted git repository.

oleewere pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 084aa6b  AMBARI-23118. Add apidoc for 
InfraRuleBasedAuthorizationPlugin. (#513)
084aa6b is described below

commit 084aa6b1fe25bb78d8705216f33c380ae929e17f
Author: Olivér Szabó <oleew...@gmail.com>
AuthorDate: Fri Mar 2 14:18:13 2018 +0100

    AMBARI-23118. Add apidoc for InfraRuleBasedAuthorizationPlugin. (#513)
---
 ambari-infra/ambari-infra-solr-plugin/pom.xml      |   5 +
 ...uster.security.InfraRuleBasedAuthorization.json | 129 +++++++++++++++++++++
 2 files changed, 134 insertions(+)

diff --git a/ambari-infra/ambari-infra-solr-plugin/pom.xml 
b/ambari-infra/ambari-infra-solr-plugin/pom.xml
index 3337d99..b3344c6 100644
--- a/ambari-infra/ambari-infra-solr-plugin/pom.xml
+++ b/ambari-infra/ambari-infra-solr-plugin/pom.xml
@@ -41,6 +41,11 @@
     </dependency>
   </dependencies>
   <build>
+    <resources>
+      <resource>
+        <directory>src/main/resources</directory>
+      </resource>
+    </resources>
     <plugins>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
diff --git 
a/ambari-infra/ambari-infra-solr-plugin/src/main/resources/apispec/cluster.security.InfraRuleBasedAuthorization.json
 
b/ambari-infra/ambari-infra-solr-plugin/src/main/resources/apispec/cluster.security.InfraRuleBasedAuthorization.json
new file mode 100644
index 0000000..4a7fdbe
--- /dev/null
+++ 
b/ambari-infra/ambari-infra-solr-plugin/src/main/resources/apispec/cluster.security.InfraRuleBasedAuthorization.json
@@ -0,0 +1,129 @@
+{
+  "documentation": 
"https://lucene.apache.org/solr/guide/rule-based-authorization-plugin.html";,
+  "description": "Defines roles for accessing Solr, and assigns users to those 
roles. Use this API to change user authorizations to each of Solr's 
components.",
+  "methods": [
+    "POST"
+  ],
+  "url": {
+    "paths": [
+      "/cluster/security/authorization"
+    ]
+  },
+  "commands": {
+    "set-permission": {
+      "type":"object",
+      "description": "Create a new permission, overwrite an existing 
permission definition, or assign a pre-defined permission to a role.",
+      "properties": {
+        "name":{
+          "type":"string",
+          "description": "The name of the permission. The name will be used to 
update or delete the permission later."
+        },
+        "method":{
+          "type":"string",
+          "enum":["GET", "POST", "DELETE","PUT"],
+          "description": "HTTP methods that are allowed for this permission. 
You could allow only GET requests, or have a role that allows PUT and POST 
requests. The method values that are allowed for this property are GET, POST, 
PUT, DELETE and HEAD."
+        },
+
+        "collection":{
+          "type":"array",
+          "items": {
+            "type": "string"
+          },
+          "description":"The collection or collections the permission will 
apply to. When the path that will be allowed is collection-specific, such as 
when setting permissions to allow use of the Schema API, omitting the 
collection property will allow the defined path and/or method for all 
collections. However, when the path is one that is non-collection-specific, 
such as the Collections API, the collection value must be null. In this case, 
two permissions may need to be created; one fo [...]
+        },
+
+        "path":{
+          "type":"array",
+          "items": {
+            "type": "string"
+          },
+          "description":"A request handler name, such as /update or /select. A 
wild card is supported, to allow for all paths as appropriate (such as, 
/update/*)."
+        },
+        "index": {
+          "type": "integer",
+          "description": "The index of the permission you wish to overwrite. 
Skip this if it is a new permission that should be created."
+        },
+        "before":{
+          "type": "integer",
+          "description":"This property allows ordering of permissions. The 
value for this property is the name of the permission that this new permission 
should be placed before in security.json."
+        },
+        "params":{
+          "type":"object",
+          "additionalProperties":true,
+          "description": "The names and values of request parameters. This 
property can be omitted if all request parameters are allowed, but will 
restrict access only to the values provided if defined."
+        },
+        "role": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "description": "The name of the role(s) to give this permission. 
This name will be used to map user IDs to the role to grant these permissions. 
The value can be wildcard such as (*), which means that any user is OK, but no 
user is NOT OK."
+          }
+        }
+      },
+      "required": [
+        "role"
+      ]
+    },
+    "update-permission": {
+      "type":"object",
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "The name of the permission. The name will be used to 
update or delete the permission later."
+        },
+        "method": {
+          "type": "string",
+          "description": "HTTP methods that are allowed for this permission. 
You could allow only GET requests, or have a role that allows PUT and POST 
requests. The method values that are allowed for this property are GET, POST, 
PUT, DELETE and HEAD."
+        },
+        "collection": {
+          "type":"array",
+          "items": {
+            "type": "string"
+          },
+          "description": "The collection or collections the permission will 
apply to. When the path that will be allowed is collection-specific, such as 
when setting permissions to allow use of the Schema API, omitting the 
collection property will allow the defined path and/or method for all 
collections. However, when the path is one that is non-collection-specific, 
such as the Collections API, the collection value must be null. In this case, 
two permissions may need to be created; one f [...]
+        },
+        "path": {
+          "type":"array",
+          "items": {
+            "type": "string"
+          },
+          "description": "A request handler name, such as /update or /select. 
A wild card is supported, to allow for all paths as appropriate (such as, 
/update/*)."
+        },
+        "index": {
+          "type": "integer",
+          "description": "The index of the permission you wish to overwrite."
+        },
+        "before": {
+          "type": "integer",
+          "description": "This property allows ordering of permissions. The 
value for this property is the index of the permission that this new permission 
should be placed before in security.json."
+        },
+        "role": {
+          "type": "array",
+          "items": {
+            "type": "string",
+            "description": "The name of the role(s) to give this permission. 
This name will be used to map user IDs to the role to grant these permissions. 
The value can be wildcard such as (*), which means that any user is OK, but no 
user is NOT OK."
+          }
+        },
+        "params": {
+          "type": "object",
+          "additionalProperties": true,
+          "description": "The names and values of request parameters. This 
property can be omitted if all request parameters are allowed, but will 
restrict access only to the values provided if defined."
+        }
+      },
+      "required": [
+        "role",
+        "index"
+      ]
+    },
+    "delete-permission":{
+      "description":"delete a permission by its index",
+      "type":"integer"
+    },
+    "set-user-role": {
+      "type":"object",
+      "description": "A single command allows roles to be mapped to users. To 
remove a user's permission, you should set the role to null. The key is always 
a user id and the value is one or more role names.",
+      "additionalProperties":true
+
+    }
+  }
+}

-- 
To stop receiving notification emails like this one, please contact
oleew...@apache.org.

Reply via email to