> On May 24, 2016, 4:41 p.m., Nate Cole wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java,
> >  lines 190-194
> > <https://reviews.apache.org/r/47783/diff/1/?file=1392703#file1392703line190>
> >
> >     Should special permissions like this go right in the action definition 
> > itself?  Would require finding out if the file is readable by non-root 
> > Ambari.  Would help with having to hard code action names here.
> 
> Robert Levas wrote:
>     I dont think I understand the issue.  
>     
>     The request to create a Request resource with the command "check_host" 
> needs to be processed to ensure that the user requesting this operation is 
> authorized to do so.  This check cannot be done anywhere else since we dont 
> know until this point what the user is trying to do - that is without parsing 
> the request data an additional time just for the authorization check.

I really only meant that check_host, and all other custom actions, are defined 
in a-s/src/main/resources/custom_action_definitions.  Should the permissions 
needed to run be set with the definition, not special-cased in code?


- Nate


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47783/#review134630
-----------------------------------------------------------


On May 24, 2016, 1:48 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47783/
> -----------------------------------------------------------
> 
> (Updated May 24, 2016, 1:48 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Nate 
> Cole.
> 
> 
> Bugs: AMBARI-16851
>     https://issues.apache.org/jira/browse/AMBARI-16851
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Cluster operator and the cluster admin must be allowed to add/delete hosts 
> but install of agents using /bootstrap fails with 403
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
>  5b318af 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
>  5c74f07 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
>  f4f614e 
>   ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 2c2d743 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ee87cc5 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql a65df9c 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 6f38ec8 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql 
> ca57de5 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql bd2e6d6 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 9269b13 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
>  65efc63 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
>  69b4b08 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
>  6511cb4 
> 
> Diff: https://reviews.apache.org/r/47783/diff/
> 
> 
> Testing
> -------
> 
> Manually tested, newly created cluster and upgrade 
> 
> # Local test results:
> [INFO] 
> ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] 
> ------------------------------------------------------------------------
> [INFO] Total time: 1:15:22.164s
> [INFO] Finished at: Tue May 24 13:28:21 EDT 2016
> [INFO] Final Memory: 59M/1807M
> [INFO] 
> ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Reply via email to