Robert Levas created AMBARI-18433:
-------------------------------------
Summary: Enforce granular role-based access control for custom
actions
Key: AMBARI-18433
URL: https://issues.apache.org/jira/browse/AMBARI-18433
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.4.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.5.0
Enforce granular role-based access control for custom actions. Such actions
are specified in
{{/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml}}
For example:
{code}
<actionDefinition>
<actionName>check_host</actionName>
<actionType>SYSTEM</actionType>
<inputs/>
<targetService/>
<targetComponent/>
<defaultTimeout>60</defaultTimeout>
<description>General check for host</description>
<targetType>ANY</targetType>
<permissions>HOST.ADD_DELETE_HOSTS</permissions>
</actionDefinition>
{code}
The "permissions" element that declare the permissions required to run the
action. These permissions must be used to authorize a user to perform the
operation. A user needs to have one of the listed permissions in order to be
authorized.
The relevant API entry points are:
* {{/api/v1/requests}}
* {{/api/v1/requests/clusters/:CLUSTER_NAME/request}}
Example: The user executing the following REST API call must be assigned a
role that has the {{HOST.ADD_DELETE_HOSTS}} authorization for the relevant
cluster
{noformat}
POST /api/v1/requests
{
"RequestInfo": {
"action": "check_host",
"log_output": "false",
"context": "Check host",
"parameters": {
"check_execute_list":
"last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
"jdk_location": "http://host1.example.com:8080/resources/";,
"threshold": "20"
}
},
"Requests/resource_filters": [
{
"hosts": "host1.example.com"
}
]
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
