-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41107/
-----------------------------------------------------------
(Updated Dec. 12, 2015, 10:40 a.m.)
Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Nate Cole,
Robert Levas, Sumit Mohanty, and Sid Wagle.
Changes
-------
- Updated review suggestions made by Robert and Jonathan.
- Updated the test case "StackDefinedPropertyProviderTest.java", as it also
required change as part of RBAC metrics changes.
Testing :
- Ambari Server Deployment and tested for "View USER (only view permissions)",
'admin' login(all permissions) and SERVICE OPERATOR role.
- UT : PASSES.
Bugs: AMBARI-14192
https://issues.apache.org/jira/browse/AMBARI-14192
Repository: ambari
Description (updated)
-------
Role Based Access Control support for Metrics.
* With the base infrastructure already in place for "Role Based Access
Control(RBAC)", this change introduces the RBAC support for AMbari Metrics.
Before the doing the metrics population, to be send back, it does an
authorization check for the current user in consideration for the VIEW METRICE
permissoions.
* The mapping is as follows :
Resource.InternalType.Cluster -> CLUSTER_VIEW_METRICS
Resource.InternalType.HOST -> HOST_VIEW_METRICS
Resource.InternalType.Component -> SERVICE_VIEW_METRICS
Resource.InternalType.HostComponent -> SERVICE_VIEW_METRICS
* For a user requesting Metrics and not having Au`thorization,
AuthorizationException is raised.
NOTE :
----
As of now, the when the VIEW USER logs in, it see the VIEW listed for which it
is entitled for, but clicking on the VIEW results in ERROR :
"Couldn't connect to the cluster
RA040 I/O error while requesting Ambari".
Two Screenshots attached.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
4a0c44f
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProvider.java
a1b4f3f
ambari-server/src/main/java/org/apache/ambari/server/controller/jmx/JMXPropertyProvider.java
2748dd4
ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProvider.java
f1c5c81
ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProviderProxy.java
ac11556
ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsReportPropertyProviderProxy.java
4d2ce01
ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProvider.java
b32adda
ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/ThreadPoolEnabledPropertyProvider.java
8a35636
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProviderTest.java
bb6673c
ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java
f0c1280
ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProviderTest.java
82b42f2
ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java
6fefffe
ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProviderTest.java
6b5926b
Diff: https://reviews.apache.org/r/41107/diff/
Testing (updated)
-------
- Ambari Server Deployment and tested for "View USER (only view permissions)",
'admin' login(all permissions) and SERVICE OPERATOR role.
- UT : PASSES.
- UNIT tests modified as part of this change, tested : Success.
-
- API :
View User :
---------
[root@c6401 ambari-server]# curl -u viewUser:aaa
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
{
"status" : 403,
"message" : "The authenticated user does not have authorization to view Host
metrics"
}
Cluster Administrator Role:
--------------------------
[root@c6401 ambari-server]# curl -u clusAdmin:aaa
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
{
"href" :
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
"Hosts" : {
"cluster_name" : "c1",
"host_name" : "c6401.ambari.apache.org"
}
}
Service Operator:
----------------
[root@c6401 ambari-server]# curl -u servOp:aaa
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
{
"href" :
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
"Hosts" : {
"cluster_name" : "c1",
"host_name" : "c6401.ambari.apache.org"
}
Non-existing User:
-----------------
[root@c6401 ambari-server]# curl -u a:aaa
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
{
"status": 403,
"message": "Full authentication is required to access this resource"
}
Admin User:
----------
[root@c6401 ambari-server]# curl -u admin:admin
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
{
"href" :
"http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
"Hosts" : {
"cluster_name" : "c1",
"host_name" : "c6401.ambari.apache.org"
}
}
File Attachments (updated)
----------------
1. Clicking on VIEW in "VIEW USER" role results in ERROR
https://reviews.apache.org/media/uploaded/files/2015/12/12/69a18d68-cb66-4432-965e-5d883ff846ac__1._Clicking_on_VIEW_in_22VIEW_USER22_role_results_in_ERROR.png
2. ERROR on UI after clicking on VIEW as "VIEW USER"
https://reviews.apache.org/media/uploaded/files/2015/12/12/212ed873-75a5-4d4d-bfff-c9749938ef9b__2._ERROR_on_UI_after_clicking_on_VIEW_as_22VIEW_USER22.png
Thanks,
Swapan Shridhar
