----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/27208/#review58554 -----------------------------------------------------------
Ship it! Ship It! - Andrew Onischuk On Oct. 26, 2014, 3:06 p.m., Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/27208/ > ----------------------------------------------------------- > > (Updated Oct. 26, 2014, 3:06 p.m.) > > > Review request for Ambari, Andrew Onischuk and Dmytro Sen. > > > Bugs: AMBARI-7976 > https://issues.apache.org/jira/browse/AMBARI-7976 > > > Repository: ambari > > > Description > ------- > > Oozie has an authorization model for admin access to oozie facilities. Oozie > admin users > > * have write access to all jobs > * have write access to admin operations > > When authorization server security is enabled by config property > oozie.service.AuthorizationService.authorization.enabled (which is set to true > in our installations - the default is false), then admin users are determined > by either membership in a group identified by the property > oozie.service.AuthorizationService.admin.groups. > > Since we don't set either of them, we expect users to set the admin usernames > in the file /etc/oozie/conf/adminusers.txt > > See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0 > .0/AG_Install.html#User_Authorization_Configuration) for more details on admin > user configuration > > Because we want to do sharelib update operations which are write access > operations, the user performing these should be an Oozie admin user. If not, > the admin operation will fail. > > We should explicitly add the oozie install user as the admin user by adding > the user to adminusers.txt > > This feature is also needed for rolling upgrade scenarios to explicitly update > sharelib after upgrading the servers. > > > Diffs > ----- > > > ambari-common/src/main/python/resource_management/libraries/functions/__init__.py > 3d92d64 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml > 9d4247e > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py > bba2e09 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py > 3960904 > > ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 > PRE-CREATION > > ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml > 4a8eab7 > ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py > 7afbf96 > > Diff: https://reviews.apache.org/r/27208/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Andrew Onischuk > >
