----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48844/ -----------------------------------------------------------
(Updated June 21, 2016, 2:56 p.m.) Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas. Bugs: AMBARI-17292 https://issues.apache.org/jira/browse/AMBARI-17292 Repository: ambari Description ------- ambari-server --hash 9a2943ba77371f1c20b4f3da900abb7c2e89d22b Build# ambari-server-2.4.0.0-591.x86_64 **Steps** 1. Create user with different roles like Cluster user, Service Administrator etc. 2. Login as Ambari admin user and start Express Upgrade (register version, install packages and start EU) 3. Pause the Upgrade at any step that requires manual intervention (like stop YARN queue or backup DB or even at Finalize step) 4. Logout and login as cluster user **Result**: The logged in user has complete access to Upgrade Wizard and can resume upgrade Also do actions like Downgrade, 'Ignore and Proceed', 'Retry' The same is true for other roles like service administrator too, both during upgrade and downgrade **Expected Result:** Only Ambari Admin and Cluster Admin should be permitted to perform actions during cluster upgrade Screenshots attached for reference while logged in as cluster user role (cluser) Another observation: While upgrade is in progress, login in a different session as cluster user - the cluster user can view the upgrade wizard in exact same way as admin Diffs (updated) ----- ambari-server/pom.xml f0bd67c ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java 0719430 ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java fb3ae69 ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java 922a215 ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java c052a6c ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java 5bcfd86 Diff: https://reviews.apache.org/r/48844/diff/ Testing ------- mvn clean test Thanks, Andrew Onischuk