> On April 20, 2017, 3:22 p.m., Miklos Gergely wrote: > > ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java > > Line 126 (original), 126 (patched) > > <https://reviews.apache.org/r/58493/diff/2/?file=1695295#file1695295line126> > > > > As this is the only change that remained, and this is a bug fix not > > related to AMBARI.ADMINISTRATOR privileges please modify the description of > > the review request and the bug.
Hello Miklos, Thank you for the suggestion. I have updated the description on both the ReviewBoard and the Jira. - Keta ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58493/#review172460 ----------------------------------------------------------- On April 20, 2017, 4:43 p.m., Keta Patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58493/ > ----------------------------------------------------------- > > (Updated April 20, 2017, 4:43 p.m.) > > > Review request for Ambari, Di Li, Miklos Gergely, and Oliver Szabo. > > > Bugs: AMBARI-20768 > https://issues.apache.org/jira/browse/AMBARI-20768 > > > Repository: ambari > > > Description > ------- > > A local Ambari user with no cluster roles assigned to it can successfully log > into the Logsearch UI. > > Logsearch service exercises restriction on who can access its UI using a > property "logsearch.roles.allowed". This property is a comma-separated list > of roles to be allowed access to Logsearch UI. This defect deals with the > following issue: > 1. If Logsearch service requires that only certain roles be allowed to access > its UI, then a local Ambari user with no roles must not be allowed to access > the UI. > > > DESIRED BEHAVIOR: > ================= > 1. A local user with no role assigned to it, must not be able to access > Logsearch UI. > > Note: The description has been updated by removing the aspect of correcting > the behavior for Ambari Administrator role for the Logsearch UI. > > > Diffs > ----- > > > ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java > e23f0a2 > > > Diff: https://reviews.apache.org/r/58493/diff/2/ > > > Testing > ------- > > The patch *AMBARI-20768.patch* contains the fix for this issue. The fix > involves correction in 1 place in the > LogsearchExternalServerAuthenticationProvider class. > 1. In order to prevent a local user with no cluster roles assigned to it from > logging into Logsearch UI, we return *false*. > > The results of the logsearch tests after applying the patch are shown in the > screenshot "all_tests_successful.png" on the Jira. > > Note: The description for testing has been updated by removing the aspect of > correcting the behavior for Ambari Administrator role for the Logsearch UI. > > > Thanks, > > Keta Patel > >
