-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/
-----------------------------------------------------------

(Updated Sept. 22, 2016, 12:28 p.m.)


Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit 
Mohanty, and Sebastian Toader.


Changes
-------

Fixed copy/paste issue in Postgres DDL file


Bugs: AMBARI-18433
    https://issues.apache.org/jira/browse/AMBARI-18433


Repository: ambari


Description
-------

Enforce granular role-based access control for custom actions.  Such actions 
are specified in 
`/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
 

For example:

```
  <actionDefinition>
    <actionName>check_host</actionName>
    <actionType>SYSTEM</actionType>
    <inputs/>
    <targetService/>
    <targetComponent/>
    <defaultTimeout>60</defaultTimeout>
    <description>General check for host</description>
    <targetType>ANY</targetType>
    <permissions>HOST.ADD_DELETE_HOSTS</permissions>
  </actionDefinition>
```

The "permissions" element that declare the permissions required to run the 
action.  These permissions must be used to authorize a user to perform the 
operation.  A user needs to have one of the listed permissions in order to be 
authorized. 

The relevant API entry points are:
- `/api/v1/requests`
- `/api/v1/requests/clusters/:CLUSTER_NAME/request`

Example:  The user executing the following REST API call must be assigned a 
role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant cluster

```
POST /api/v1/requests
{
  "RequestInfo": {
    "action": "check_host",
    "log_output": "false",
    "context": "Check host",
    "parameters": {
      "check_execute_list": 
"last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
      "jdk_location": "http://host1.example.com:8080/resources/";,
      "threshold": "20"
    }
  },
  "Requests/resource_filters": [
    {
      "hosts": "host1.example.com"
    }
  ]
}
```


Diffs (updated)
-----

  ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js 
c17c36d 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
 d38234f 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
 0157d49 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 35c773a 
  ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a 
  
ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
 bc1c271 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
 d06aa1e 
  
ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
 d97cd9a 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 c4e0a7c 

Diff: https://reviews.apache.org/r/52163/diff/


Testing
-------

Manually tested clean install and upgrade scenarios

# Local test results: PENDING

# Jenkins test results: PENDING


Thanks,

Robert Levas

Reply via email to