Re: Review Request 40637: Add recommendations for authorization provider(upgrade ambari 1.7.0 -> ambari 2.1.3)

[Dmitro Lisnichenko]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40637/#review107777
-----------------------------------------------------------

Ship it!


Ship It!

- Dmitro Lisnichenko


On Nov. 24, 2015, 2:15 p.m., Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40637/
> -----------------------------------------------------------
> 
> (Updated Nov. 24, 2015, 2:15 p.m.)
> 
> 
> Review request for Ambari, Dmitro Lisnichenko and Jaimin Jetly.
> 
> 
> Bugs: AMBARI-14036
>     https://issues.apache.org/jira/browse/AMBARI-14036
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Basic implementation AMBARI-9587
> 1st task:
> While upgrading a cluster above 2.0.0 Ambari version, if knox topology file 
> is present without authorization provider then add correct authorization 
> provider i.e
> If Ranger plugin is not enabled for Knox then
> <provider> <role>authorization</role> <name>AclsAuthz</name> 
> <enabled>true</enabled> </provider> 
> If Ranger plugin for knox is enabled then
> <provider> <role>authorization</role> <name>XASecurePDPKnox</name> 
> <enabled>true</enabled> </provider> 
> NOTE: If this logic is going in upgrade catalog for 2.0.0 then we can simply 
> modify knox topology to add "<provider> <role>authorization</role> 
> <name>AclsAuthz</name> <enabled>true</enabled> </provider>" as Ranger service 
> itself was added in 2.0.0
> 2nd task:
> Stack advisor right now recommends the value of authorization provider in 
> topology file when ranger plugin is enabled or disabled. But this will happen 
> only if authorization provider tag is present in topology file or else the 
> recommendation logic will be skipped. Stack advisor code needs to be changed 
> so that while enabling or disabling ranger plugin for knox if authorization 
> provider tag does not exist then the corresponding authorization provider tag 
> should be added while sending back recommendation to ambari-web.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
>  30e4151 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog213.java
>  cc1838b 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py 
> 7201de8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog213Test.java
>  fa3e365 
>   ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py 
> 0acaaff 
> 
> Diff: https://reviews.apache.org/r/40637/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>