-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/#review150007
-----------------------------------------------------------


Ship it!




Ship It!

- Nate Cole


On Sept. 22, 2016, 10:26 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52163/
> -----------------------------------------------------------
> 
> (Updated Sept. 22, 2016, 10:26 a.m.)
> 
> 
> Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit 
> Mohanty, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-18433
>     https://issues.apache.org/jira/browse/AMBARI-18433
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Enforce granular role-based access control for custom actions.  Such actions 
> are specified in 
> `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
>  
> 
> For example:
> 
> ```
>   <actionDefinition>
>     <actionName>check_host</actionName>
>     <actionType>SYSTEM</actionType>
>     <inputs/>
>     <targetService/>
>     <targetComponent/>
>     <defaultTimeout>60</defaultTimeout>
>     <description>General check for host</description>
>     <targetType>ANY</targetType>
>     <permissions>HOST.ADD_DELETE_HOSTS</permissions>
>   </actionDefinition>
> ```
> 
> The "permissions" element that declare the permissions required to run the 
> action.  These permissions must be used to authorize a user to perform the 
> operation.  A user needs to have one of the listed permissions in order to be 
> authorized. 
> 
> The relevant API entry points are:
> - `/api/v1/requests`
> - `/api/v1/requests/clusters/:CLUSTER_NAME/request`
> 
> Example:  The user executing the following REST API call must be assigned a 
> role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant 
> cluster
> 
> ```
> POST /api/v1/requests
> {
>   "RequestInfo": {
>     "action": "check_host",
>     "log_output": "false",
>     "context": "Check host",
>     "parameters": {
>       "check_execute_list": 
> "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
>       "jdk_location": "http://host1.example.com:8080/resources/";,
>       "threshold": "20"
>     }
>   },
>   "Requests/resource_filters": [
>     {
>       "hosts": "host1.example.com"
>     }
>   ]
> }
> ```
> 
> 
> Diffs
> -----
> 
>   
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js 
> c17c36d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
>  d38234f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
>  0157d49 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  35c773a 
>   ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a 
>   
> ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
>  bc1c271 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
>  d06aa1e 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
>  d97cd9a 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  c4e0a7c 
> 
> Diff: https://reviews.apache.org/r/52163/diff/
> 
> 
> Testing
> -------
> 
> Manually tested clean install and upgrade scenarios
> 
> # Local test results: PENDING
> 
> # Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Reply via email to