[
https://issues.apache.org/jira/browse/AMBARI-20769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16029772#comment-16029772
]
Robert Levas edited comment on AMBARI-20769 at 5/30/17 5:17 PM:
----------------------------------------------------------------
[[email protected]]...
Thanks for the clarification on this. I didn't know about the
{{/clusters/:CLUSTER_NAME/request_schedules}} entry point. My guess is that
this was missed when adding the new RBAC features.
So what needs to be done is to add this URL pattern to the list tested in
{{org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter#authorizationPerformedInternally}}.
Then add the correct authorization logic to
{{org.apache.ambari.server.controller.internal.RequestScheduleResourceProvider}}.
Unfortunately, this resource provider handles generic requests, so logic will
need to be implemented to determine what is being asked for and then perform
the appropriate authorization check.
was (Author: rlevas):
[[email protected]]...
Thanks for the clarification on this. I didn't know about the
{{/clusters/:CLUSTER_NAME/request_schedules'}} entry point. My guess is that
this was missed when adding the new RBAC features.
So what needs to be done is to add this URL pattern to the list tested in
{{org.apache.ambari.server.security.authorization.AmbariAuthorizationFilter#authorizationPerformedInternally}}.
Then add the correct authorization logic to
{{org.apache.ambari.server.controller.internal.RequestScheduleResourceProvider}}.
Unfortunately, this resource provider handles generic requests, so logic will
need to be implemented to determine what is being asked for and then perform
the appropriate authorization check.
> Recommission fails for Cluster Operators, Service Adminstrators and Service
> Operators
> -------------------------------------------------------------------------------------
>
> Key: AMBARI-20769
> URL: https://issues.apache.org/jira/browse/AMBARI-20769
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: trunk, 2.5.0
> Reporter: Keta Patel
> Assignee: Keta Patel
> Attachments: AMBARI-20769-codeSnippet-for-error.png,
> AMBARI-20769-codeSnippet.png, cluster_operator_1_recommission.png,
> cluster_operator_2_recommission.png
>
>
> Steps to reproduce:
> 1. Create 4 local users assign one to each of the following roles:
> - Cluster Administrator
> - Cluster Operator
> - Service Administrator
> - Service Operator
> 2. Logout and login back as one of the above created users.
> 3. Decommission a node, the operation is successful with the Background
> Operation pop-up showing the decommissioning operation being performed.
> 4. Recommission that node. Only the Ambari Admin and Cluster Administrator is
> able to successfully perform this step. For the rest of the roles mentioned
> in step-1, you will see the following behavior:
> - The background operation pop-up shows up with "0 Operations" in progress.
> - The background operation pop-up disappears and you see the login page
> momentarily.
> - The main Dashboard is seen immediately after that and the node is still in
> the "Decommissioned" state.
> Desired Behavior:
> All the roles mentioned in step-1 must be able to successfully recommission
> the nodes.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
