> On Dec. 11, 2015, 9:23 p.m., Jonathan Hurley wrote:
> > ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java,
> > line 238
> > <https://reviews.apache.org/r/41107/diff/1/?file=1158783#file1158783line238>
> >
> > Removing a test?
@Test has been removed from the functions and a combined function based on the
role context created, all the existing @Test functions are called from it.
eg: For ClusterAdmin role , the below fn. gets tests it and calls all the
earlier @Test fns.
@Test
public void testJMXPropertyProviderAsClusterAdministrator() throws Exception {
//Setup user with Role 'ClusterAdministrator'.
SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("ClusterAdmin",
2L));
testPopulateResources();
testPopulateResources_singleProperty();
testPopulateResources_category();
testPopulateResourcesWithUnknownPort();
testPopulateResourcesUnhealthyResource();
testPopulateResourcesMany();
testPopulateResourcesTimeout();
}
Similarly, I have fn's as testJMXPropertyProviderAsAdministrator(),
testJMXPropertyProviderAsServiceAdministrator(),
testJMXPropertyProviderAsViewUser() caling the same set of functions as shown
above.
> On Dec. 11, 2015, 9:23 p.m., Jonathan Hurley wrote:
> > ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java,
> > line 274
> > <https://reviews.apache.org/r/41107/diff/1/?file=1158783#file1158783line274>
> >
> > Removing a test?
Ditto above.
- Swapan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41107/#review110022
-----------------------------------------------------------
On Dec. 10, 2015, 2:04 p.m., Swapan Shridhar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41107/
> -----------------------------------------------------------
>
> (Updated Dec. 10, 2015, 2:04 p.m.)
>
>
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Nate Cole,
> Robert Levas, Sumit Mohanty, and Sid Wagle.
>
>
> Bugs: AMBARI-14192
> https://issues.apache.org/jira/browse/AMBARI-14192
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Role Based Access Control support for Metrics.
>
>
> * With the base infrastructure already in place for "Role Based Access
> Control(RBAC)", this change introduces the RBAC support for AMbari Metrics.
> Before the doing the metrics population, to be send back, it does an
> authorization check for the current user in consideration for the VIEW
> METRICE permissoions.
>
>
> * The mapping is as follows :
>
> Resource.InternalType.Cluster -> CLUSTER_VIEW_METRICS
> Resource.InternalType.HOST -> HOST_VIEW_METRICS
> Resource.InternalType.Component -> SERVICE_VIEW_METRICS
> Resource.InternalType.HostComponent -> SERVICE_VIEW_METRICS
>
> * For a user requesting Metrics and not having Au`thorization,
> AuthorizationException is raised.
>
>
> NOTE :
> ----
> As of now, UI hangs when 403 code is raised (Sncreenshot attached) for VIEW
> user. I am raising a BUG on UI for that.
>
>
> Diffs
> -----
>
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
> 4a0c44f
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/jmx/JMXPropertyProvider.java
> 2748dd4
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProvider.java
> f1c5c81
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProviderProxy.java
> ac11556
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsReportPropertyProviderProxy.java
> 4d2ce01
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProvider.java
> b32adda
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/ThreadPoolEnabledPropertyProvider.java
> 8a35636
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProvider.java
> b9f54db
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java
> f0c1280
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProviderTest.java
> 82b42f2
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java
> 6fefffe
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProviderTest.java
> 6b5926b
>
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
> 8abe757
>
> Diff: https://reviews.apache.org/r/41107/diff/
>
>
> Testing
> -------
>
> - Ambari Server Deployment and tested for "View USER (only view
> permissions)", 'admin' login(all permissions) and SERVICE OPERATOR role.
> - UT : Running, will update the results.
> - UNIT tests modified as part of this change, tested : Success.
> -
> - API :
>
>
> View User :
> ---------
>
> [root@c6401 ambari-server]# curl -u viewUser:aaa
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
> "status" : 403,
> "message" : "The authenticated user does not have authorization to view
> Host metrics"
> }
>
>
> Cluster Administrator Role:
> --------------------------
>
> [root@c6401 ambari-server]# curl -u clusAdmin:aaa
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
> "href" :
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
> "Hosts" : {
> "cluster_name" : "c1",
> "host_name" : "c6401.ambari.apache.org"
> }
> }
>
>
> Service Operator:
> ----------------
>
> [root@c6401 ambari-server]# curl -u servOp:aaa
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
> "href" :
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
> "Hosts" : {
> "cluster_name" : "c1",
> "host_name" : "c6401.ambari.apache.org"
> }
>
>
> Non-existing User:
> -----------------
>
> [root@c6401 ambari-server]# curl -u a:aaa
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
> "status": 403,
> "message": "Full authentication is required to access this resource"
> }
>
>
> Admin User:
> ----------
>
> [root@c6401 ambari-server]# curl -u admin:admin
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
> "href" :
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
> "Hosts" : {
> "cluster_name" : "c1",
> "host_name" : "c6401.ambari.apache.org"
> }
> }
>
>
> File Attachments
> ----------------
>
> Screenshot for hang
>
> https://reviews.apache.org/media/uploaded/files/2015/12/10/9f38adda-2db9-44e1-b9f1-15e88e786817__Screen_Shot_2015-12-10_at_5.13.37_AM.png
>
>
> Thanks,
>
> Swapan Shridhar
>
>
