----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/37771/#review98356 -----------------------------------------------------------
common/src/main/java/org/apache/falcon/service/ProxyUserService.java (line 147) <https://reviews.apache.org/r/37771/#comment154794> This is not required since in validateRequestorHost , Comparision is done for both hostname and normalize hostname. If we do this won't it fail if some one gives only hostnames in properties ? common/src/main/java/org/apache/falcon/service/ProxyUserService.java (line 149) <https://reviews.apache.org/r/37771/#comment154810> falcon.service.ProxyUserService.proxyuser." + proxyUser + ".groups. Is it Ok if this property not present also ? But doc says both should be present if i am not wrong ? prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java (line 490) <https://reviews.apache.org/r/37771/#comment154778> Why doAs option is added only for entitySummary and entityList ? Why not for other entity operations. But in CLI we are taking doAs for all entity operations won't it cause exceptions ? Please correct me if i am missing something. - pavan kumar kolamuri On Aug. 31, 2015, 11:05 p.m., Sowmya Ramesh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/37771/ > ----------------------------------------------------------- > > (Updated Aug. 31, 2015, 11:05 p.m.) > > > Review request for Falcon. > > > Bugs: FALCON-1027 > https://issues.apache.org/jira/browse/FALCON-1027 > > > Repository: falcon-git > > > Description > ------- > > Today, Falcon doesn’t have doAs capability i.e. it doesn’t support > impersonation. Support for impersonation or proxyuser functionality > (identical to Hadoop proxyuser capabilities and conceptually similar to Unix > 'sudo') needs to be added to REST API’s and CLI(Command > line). > > > Diffs > ----- > > client/src/main/java/org/apache/falcon/cli/FalconCLI.java 11dfe72 > client/src/main/java/org/apache/falcon/cli/FalconMetadataCLI.java 2f57c7d > client/src/main/java/org/apache/falcon/client/AbstractFalconClient.java > 282b41b > client/src/main/java/org/apache/falcon/client/FalconClient.java 44436d2 > common/src/main/java/org/apache/falcon/security/CurrentUser.java 4aed5d7 > common/src/main/java/org/apache/falcon/security/SecurityUtil.java 861f80f > common/src/main/java/org/apache/falcon/service/GroupsService.java > PRE-CREATION > common/src/main/java/org/apache/falcon/service/ProxyUserService.java > PRE-CREATION > common/src/main/resources/startup.properties c48188c > common/src/test/java/org/apache/falcon/security/CurrentUserTest.java > 9a3f365 > common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java > 6e77462 > common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java > PRE-CREATION > common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java > PRE-CREATION > docs/src/site/twiki/FalconCLI.twiki 9203699 > docs/src/site/twiki/FalconDocumentation.twiki 29d93f7 > prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java > 78964dd > > prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java > 5b415a2 > prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java > 78f68ba > > prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java > ceabb06 > > prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java > df64b44 > > prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java > 15e94cd > prism/src/main/java/org/apache/falcon/security/HostnameFilter.java > PRE-CREATION > prism/src/main/webapp/WEB-INF/web.xml 551bf56 > prism/src/test/java/org/apache/falcon/resource/EntityManagerTest.java > cce8737 > > prism/src/test/java/org/apache/falcon/security/FalconAuthenticationFilterTest.java > 9e8c76a > prism/src/test/java/org/apache/falcon/security/HostnameFilterTest.java > PRE-CREATION > src/conf/startup.properties 9925373 > unit/src/main/java/org/apache/falcon/unit/FalconUnitClient.java eb65cb3 > unit/src/test/java/org/apache/falcon/unit/FalconUnitTestBase.java 997b301 > webapp/pom.xml 5a9e1da > webapp/src/conf/oozie/conf/oozie-site.xml ded4873 > > webapp/src/main/java/org/apache/falcon/resource/SchedulableEntityManager.java > 1f8cc1b > webapp/src/main/webapp/WEB-INF/distributed/web.xml 31d78a2 > webapp/src/main/webapp/WEB-INF/embedded/web.xml fa2db39 > webapp/src/main/webapp/WEB-INF/web.xml 2cfd7de > webapp/src/test/java/org/apache/falcon/cli/FalconCLIIT.java 0062070 > webapp/src/test/java/org/apache/falcon/resource/EntityManagerJerseyIT.java > f0cee61 > > webapp/src/test/java/org/apache/falcon/resource/MetadataResourceJerseyIT.java > eb1dda8 > webapp/src/test/java/org/apache/falcon/resource/TestContext.java 4a25b88 > webapp/src/test/resources/startup.properties PRE-CREATION > > Diff: https://reviews.apache.org/r/37771/diff/ > > > Testing > ------- > > Unit tests and IT tests. > Manual testing : > > * ProxyUSer service not added in startup properties, should throw "Service > ProxyUserService not registered" > * Super user not added in proxy user setting in startup.properties, shoudl > throw "java.security.AccessControlException: User <superuser> not defined as > proxyuser" > > CLI: > * Add doAs option in CLI and verify command succeeds > * Commands should succeed without doAs as is an optional arg > > REST API: > * pass doAs query param and verify REST requests succeeds > * REST requests should succeed without doAs query param as it is optional > > > * Perform schedule using doAs user. For other requests if doAs user is not > passed (say suspend, resume etc.) should get "User <superuser> not authorized > for Coord job <bundleId>" > > > Thanks, > > Sowmya Ramesh > >
