[jira] [Commented] (AMBARI-17740) Cluster user role is permitted to install packages using API

Tue, 19 Jul 2016 17:16:34 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-17740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15385106#comment-15385106
 ] 

Hudson commented on AMBARI-17740:
---------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #5343 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/5343/])
AMBARI-17740. Cluster user role is permitted to install packages using (rlevas: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=38880143a9efcf524b3cf5454b59b32dfcacdb21])
* 
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java


> Cluster user role is permitted to install packages using API
> ------------------------------------------------------------
>
>                 Key: AMBARI-17740
>                 URL: https://issues.apache.org/jira/browse/AMBARI-17740
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: rbac
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-17740_branch-2.4_01.patch, 
> AMBARI-17740_trunk_01.patch
>
>
> With "Cluster User" role, submitting "install packages" API call goes 
> through, even though it should be blocked
> {code}
> #curl -u cu:1234 -H "X-Requested-By: ambari" -i -X  POST 
> http://ambari-server:8080/api/v1/clusters/cl1/stack_versions -d 
> '{"ClusterStackVersions":{"stack":"HDP","version":"2.3","repository_version":"2.3.0.0"}}'
> HTTP/1.1 202 Accepted
> Date: Wed, 29 Jun 2016 05:55:16 GMT
> X-Frame-Options: DENY
> X-XSS-Protection: 1; mode=block
> Set-Cookie: AMBARISESSIONID=11njwu8py6m511511liub068vj;Path=/;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> User: cu
> Content-Type: text/plain
> Vary: Accept-Encoding, User-Agent
> Content-Length: 136
> Server: Jetty(9.2.11.v20150529)
> {
>   "href" : "http://ambari-server:8080/api/v1/clusters/cl1/requests/36";,
>   "Requests" : {
>     "id" : 36,
>     "status" : "Accepted"
>   }
> }
> {code}
> Role of the user "cu"
> {code}
> {
>   "href" : "http://ambari-server:8080/api/v1/users/cu/privileges/7";,
>   "PrivilegeInfo" : {
>     "cluster_name" : "cl1",
>     "permission_label" : "Cluster User",
>     "permission_name" : "CLUSTER.USER",
>     "principal_name" : "cu",
>     "principal_type" : "USER",
>     "privilege_id" : 7,
>     "type" : "CLUSTER",
>     "user_name" : "cu"
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to