Re: Review Request 41107: Role Based Access Control support for Metrics.

Tue, 15 Dec 2015 05:08:32 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41107/#review110486
-----------------------------------------------------------



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
 (lines 119 - 127)
<https://reviews.apache.org/r/41107/#comment170409>

    This assumes that all passed-in resources are the same?



ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
 (lines 205 - 211)
<https://reviews.apache.org/r/41107/#comment170408>

    Seems like this should be made to do Resource.InternalType.valueOf() 
(catching exceptions when not found) then use a switch statement instead of 
this string-comparing.


- Nate Cole


On Dec. 12, 2015, 5:40 a.m., Swapan Shridhar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41107/
> -----------------------------------------------------------
> 
> (Updated Dec. 12, 2015, 5:40 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Jonathan Hurley, Nate Cole, 
> Robert Levas, Sumit Mohanty, and Sid Wagle.
> 
> 
> Bugs: AMBARI-14192
>     https://issues.apache.org/jira/browse/AMBARI-14192
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Role Based Access Control support for Metrics.
> 
> 
> * With the base infrastructure already in place for "Role Based Access 
> Control(RBAC)", this change introduces the RBAC support for AMbari Metrics. 
> Before the doing the metrics population, to be send back, it does an 
> authorization check for the current user in consideration for the VIEW 
> METRICE permissoions.
>   
> 
> * The mapping is as follows :
> 
> Resource.InternalType.Cluster -> CLUSTER_VIEW_METRICS
> Resource.InternalType.HOST -> HOST_VIEW_METRICS
> Resource.InternalType.Component -> SERVICE_VIEW_METRICS
> Resource.InternalType.HostComponent -> SERVICE_VIEW_METRICS
> 
> * For a user requesting Metrics and not having Au`thorization, 
> AuthorizationException is raised.
> 
> 
> NOTE : 
> ----
> As of now, the when the VIEW USER logs in, it see the VIEW listed for which 
> it is entitled for, but clicking on the VIEW results in ERROR :
> 
> "Couldn't connect to the cluster
> RA040 I/O error while requesting Ambari". 
> 
> 
> Two Screenshots attached.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractPropertyProvider.java
>  4a0c44f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProvider.java
>  a1b4f3f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/jmx/JMXPropertyProvider.java
>  2748dd4 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProvider.java
>  f1c5c81 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsPropertyProviderProxy.java
>  ac11556 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/MetricsReportPropertyProviderProxy.java
>  4d2ce01 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProvider.java
>  b32adda 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/metrics/ThreadPoolEnabledPropertyProvider.java
>  8a35636 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/StackDefinedPropertyProviderTest.java
>  bb6673c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java
>  f0c1280 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/RestMetricsPropertyProviderTest.java
>  82b42f2 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java
>  6fefffe 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/timeline/AMSPropertyProviderTest.java
>  6b5926b 
> 
> Diff: https://reviews.apache.org/r/41107/diff/
> 
> 
> Testing
> -------
> 
> - Ambari Server Deployment and tested for "View USER (only view 
> permissions)", 'admin' login(all permissions) and SERVICE OPERATOR role.
> - UT : PASSES.
> - UNIT tests modified as part of this change, tested : Success.
> - 
> - API :
> 
> 
> View User :
> ---------
> 
> [root@c6401 ambari-server]# curl -u viewUser:aaa 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
>   "status" : 403,
>   "message" : "The authenticated user does not have authorization to view 
> Host metrics"
> }
> 
> 
> Cluster Administrator Role:
> --------------------------
> 
> [root@c6401 ambari-server]# curl -u clusAdmin:aaa 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
>   "href" : 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> Service Operator:
> ----------------
> 
> [root@c6401 ambari-server]# curl -u servOp:aaa 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
>   "href" : 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> 
> 
> Non-existing User:
> -----------------
> 
> [root@c6401 ambari-server]# curl -u a:aaa 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
>   "status": 403,
>   "message": "Full authentication is required to access this resource"
> }
> 
> 
> Admin User:
> ----------
> 
> [root@c6401 ambari-server]# curl -u admin:admin 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";
> {
>   "href" : 
> "http://c6401:8080/api/v1/clusters/c1/hosts/c6401.ambari.apache.org?fields=metrics/network/bytes_in[1449532831,1449534631,15],metrics/network/bytes_out[1449532831,1449534631,15]";,
>   "Hosts" : {
>     "cluster_name" : "c1",
>     "host_name" : "c6401.ambari.apache.org"
>   }
> }
> 
> 
> File Attachments
> ----------------
> 
> 1. Clicking on VIEW in "VIEW USER" role results in ERROR
>   
> https://reviews.apache.org/media/uploaded/files/2015/12/12/69a18d68-cb66-4432-965e-5d883ff846ac__1._Clicking_on_VIEW_in_22VIEW_USER22_role_results_in_ERROR.png
> 2. ERROR on UI after clicking on VIEW as "VIEW USER"
>   
> https://reviews.apache.org/media/uploaded/files/2015/12/12/212ed873-75a5-4d4d-bfff-c9749938ef9b__2._ERROR_on_UI_after_clicking_on_VIEW_as_22VIEW_USER22.png
> 
> 
> Thanks,
> 
> Swapan Shridhar
> 
>

Reply via email to