Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

ver/state/kerberos/KerberosServiceDescriptorTest.java e1af515 Diff: https://reviews.apache.org/r/51713/diff/ Testing --- unit tests, manually upgrades # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51691: JMX metric retrieval method may unnecessarily refresh metrics at a high rate

e comment as above related to wording... - Robert Levas On Sept. 7, 2016, 1:18 p.m., Jonathan Hurley wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://re

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

NFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

NFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

eviews.apache.org/r/51713/#review148190 --- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To re

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

mail. To reply, visit: https://reviews.apache.org/r/51713/#review148199 --- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

ps://reviews.apache.org/r/51713/#review148190 ------- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail.

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

cally generated e-mail. To reply, visit: https://reviews.apache.org/r/51713/#review148190 ------- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- >

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

eviews.apache.org/r/51713/#review148193 --- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To re

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

is is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51713/#review148193 --- On Sept. 8, 2016, 11:09 a.m., Robert Levas wrote: > > --- > Thi

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

way to know the versions explicity rather than asking the cluster object? - Robert --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51713/#review148193 ---------

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

Wed Sep 07 22:51:30 EDT 2016 [INFO] Final Memory: 60M/1835M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

remove the "(if needed)" in text. done. - Robert --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51713/#review148190 -------

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

to DOWNGRADE. > > > > Doesn't that mean that this needs to check direction as well? > > Robert Levas wrote: > On a downgrade (kicked off during the middle of the upgrade process), the > previous and new versions appear to both the original version. Is t

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

> On Sept. 8, 2016, 12:06 p.m., Nate Cole wrote: > > What will happen if, say, doing an Upgrade after this code has run, the > > user decides to Downgrade? Will the old data be intact or does it get > > overwritten? > > Robert Levas wrote: > Looking at the

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

.apache.org/r/51713/#review148295 --- On Sept. 9, 2016, 9:42 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, v

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

NFO] [INFO] Total time: 1:20:19.796s [INFO] Finished at: Fri Sep 09 09:29:44 EDT 2016 [INFO] Final Memory: 62M/1882M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

NFO] [INFO] Total time: 1:20:19.796s [INFO] Finished at: Fri Sep 09 09:29:44 EDT 2016 [INFO] Final Memory: 62M/1882M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51713: After upgrading cluster from HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security properties

KERBEROS and KERBEROS_SERVER as service/component then this > > group should get skipped. > > Robert Levas wrote: > Kerberos can be enabled and not require the KERBEROS services and the > KERBEROS_CLIENT to be installed. In the manual case, they are not since we >

Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

erver/security/authentication/kerberos/AmbariKerberosAuthenticationPropertiesTest.java PRE-CREATION Diff: https://reviews.apache.org/r/51822/diff/ Testing --- Manually tested... # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51818: YAML Maps For Storm Are Not Being Escaped Correctly

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51818/#review148582 --- Ship it! Ship It! - Robert Levas On Sept. 12, 2016, 3:13

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

[INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

-test-patch/8643//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/8643//console This message is automatically generated. Thanks, Robert Levas

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

and fail startup > > on problems like this? ok.. will fix. - Robert --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51822/#review148699 ---

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

s is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51822/#review148699 ------- On Sept. 13, 2016, 5 a.m., Robert Levas wrote: > > --- > This is an automa

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

eply, visit: https://reviews.apache.org/r/51822/#review148701 ------- On Sept. 13, 2016, 5 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51822/ &g

Re: Review Request 51725: Microsoft-R client should work in a secured cluster

lly need to perform these operations? - Robert Levas On Sept. 13, 2016, 11:55 a.m., Balázs Bence Sári wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://rev

Re: Review Request 51822: Add Ambari configuration options to support Kerberos token authentication

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/8643//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/8643//console This message is automatically generated. Thanks, Robert Levas

Review Request 51892: Create authentication filter to encapsulate the various Ambari authentication methods

results: PENDING Thanks, Robert Levas

Re: Review Request 51892: Create authentication filter to encapsulate the various Ambari authentication methods

er` class. ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml (line 72) <https://reviews.apache.org/r/51892/#comment216430> This sets up the `AmbariAuthorizationFilter` and negates the need to inject members. Therefore the code to invoke injection is removed from the `Ambar

Re: Review Request 51892: Create authentication filter to encapsulate the various Ambari authentication methods

://builds.apache.org/job/Ambari-trunk-test-patch/8676//console Thanks, Robert Levas

Re: Review Request 51892: Create authentication filter to encapsulate the various Ambari authentication methods

/Ambari-trunk-test-patch/8676//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/8676//console Thanks, Robert Levas

Re: Review Request 51916: YAML Maps Can Include Dashes and Other Non-Word Characters

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51916/#review149079 --- Ship it! Ship It! - Robert Levas On Sept. 15, 2016, 11:54

Re: Review Request 51917: Upgrade Summary Endpoint Throws NPEs Due To JPA Cached Entities With Missing IDs

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51917/#review149080 --- Ship it! Ship It! - Robert Levas On Sept. 15, 2016, 12:15

Re: Review Request 51724: Add Kerberos HTTP SPNEGO authentication support to Ambari Metrics Monitor

e 112) <https://reviews.apache.org/r/51724/#comment217081> The path to the SPNEGO keytab file and the SPNEGO principal name must not be hard coded. There should be a relevant config property for this and it should be set via the Kerberos descriptor. - Robert Levas On Sept. 8, 2016, 1:2

Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

st/java/org/apache/ambari/server/security/authentication/kerberos/AmbariKerberosTicketValidatorTest.java PRE-CREATION Diff: https://reviews.apache.org/r/52068/diff/ Testing --- Manual testing # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

cation. - Robert Levas On Sept. 19, 2016, 6:18 p.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.

Re: Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

al Memory: 72M/692M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52068/#review149673 --- On Sept. 20, 2016, 10:41 a.m., Robert Levas wrote: > > ---

Re: Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

To reply, visit: https://reviews.apache.org/r/52068/#review149684 ------- On Sept. 20, 2016, 10:41 a.m., Robert Levas wrote: > > --- > This is an automatical

Re: Review Request 52068: Create authentication filter to perform Kerberos authentication for Ambari

[INFO] Final Memory: 72M/692M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Review Request 52163: Enforce granular role-based access control for custom actions

d06aa1e ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java d97cd9a ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java c4e0a7c Diff: https://reviews.apache.org/r/52163/diff/ Testing --- Manually tested clean install and upgrade scenarios # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52163: Enforce granular role-based access control for custom actions

eCatalog250Test.java c4e0a7c Diff: https://reviews.apache.org/r/52163/diff/ Testing --- Manually tested clean install and upgrade scenarios # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Review Request 52170: NPE when installing secure cluster via Blueprints due to null logger

://reviews.apache.org/r/52170/diff/ Testing --- Manually tested via Blueprint install. Thanks, Robert Levas

Re: Review Request 51724: Add Kerberos HTTP SPNEGO authentication support to Ambari Metrics Monitor

> The file name should be `krberr.py` rather than `faked_kerberos.py` ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/spnego_kerberos_auth.py (line 33) <https://reviews.apache.org/r/51724/#comment217869> See `curl_krb_request` - Robert Levas On Sept. 22,

Review Request 52289: Regression: krb5JAASLogin.conf is not updated during secure BP install

.245s [INFO] Finished at: Mon Sep 26 19:52:31 EDT 2016 [INFO] Final Memory: 67M/699M [INFO] ``` # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52223: AMBARI-18051 - Services should be able to provide their own pre-req checks by supplying a jar file

/checks/SampleServiceCheck.java (line 1) <https://reviews.apache.org/r/52223/#comment218575> Missing license header - Robert Levas On Sept. 23, 2016, 3:59 p.m., Tim Thorpe wrote: > > --- > This is an automatically gener

Review Request 52346: Fix Authentication data is not available error in ConfigGroupResourceProviderTest

, Skipped: 0, Time elapsed: 9.478 sec - in org.apache.ambari.server.controller.internal.ConfigGroupResourceProviderTest Results : Tests run: 32, Failures: 0, Errors: 0, Skipped: 0 ``` Thanks, Robert Levas

Re: Review Request 52345: Remove Global Cluster Lock Shared Between Business Objects

--- > > (Updated Sept. 28, 2016, 8:50 a.m.) > > > Review request for Ambari, Alejandro Fernandez, Nate Cole, and Robert Levas. > > > Bugs: AMBARI-18456 > https://issues.apache.org/jira/browse/AMBARI-18456 > > > Repository: ambari > > >

Re: Review Request 52345: Remove Global Cluster Lock Shared Between Business Objects

> On Sept. 28, 2016, 9:54 a.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/events/listeners/alerts/AlertServiceStateListener.java, > > line 100 > > <https://reviews.apache.org/r/52345/diff/1/?file=1512284#file1512284line100> &g

Re: Review Request 52425: Remove Unnecessary Locks Inside Of Cluster Business Object Implementations

s.apache.org/r/52425/#comment219158> Aren't the affectedClusters in this collection left with potentially invalid data since they reference the old cluster instance? - Robert Levas On Sept. 30, 2016, 10:53 a.m., Jonathan Hurley wrote: > > --

Re: Review Request 52289: Regression: krb5JAASLogin.conf is not updated during secure BP install

[INFO] ``` # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52425: Remove Unnecessary Locks Inside Of Cluster Business Object Implementations

> On Sept. 30, 2016, 12:39 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java, > > lines 1104-1110 > > <https://reviews.apache.org/r/52425/diff/1/?file=1516872#file1516872line1104> > > > >

Re: Review Request 52456: Modify HTTP headers to follow best security practices

n/Configuration.java (line 2250) <https://reviews.apache.org/r/52456/#comment219317> "... for Ambari View requests." - Robert Levas On Sept. 30, 2016, 6:56 p.m., Sangeeta Ravindran wrote: > > --- > This is an

Re: Review Request 52289: Regression: krb5JAASLogin.conf is not updated during secure BP install

e.org/job/Ambari-trunk-test-patch/8783//console Thanks, Robert Levas

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

://reviews.apache.org/r/52369/#comment219526> group_type does not need to be that large. ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql (line 300) <https://reviews.apache.org/r/52369/#comment219527> group_type does not need to be that large. Miss

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java, > > lines 64-70 > > <https://reviews.apache.org/r/52369/diff/3/?file=1518897#file1518897line64> > > > > Is both

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java, > > lines 955-960 > > <https://reviews.apache.org/r/52369/diff/3/?file=1518904#file1518904line955> > > > > ro

Re: Review Request 52500: AMBARI-18520: Ambari usernames should not be converted to lowercase before storing in the DB.

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52500/#review151330 --- Ship it! Ship It! - Robert Levas On Oct. 3, 2016, 11:14 p.m

Re: Review Request 52500: AMBARI-18520: Ambari usernames should not be converted to lowercase before storing in the DB.

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52500/#review151385 --- Ship it! Ship It! - Robert Levas On Oct. 4, 2016, 4:14 p.m

Re: Review Request 52532: blueprint_setting table incorrectly defines blueprint_name column in DDL for MySQL

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52532/#review151429 --- Ship it! Ship It! - Robert Levas On Oct. 4, 2016, 6:40 p.m

Re: Review Request 52532: blueprint_setting table incorrectly defines blueprint_name column in DDL for MySQL

? Was the latest revision (3) a mistake? - Robert Levas On Oct. 5, 2016, 11:29 a.m., Vitalyi Brodetskyi wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache

Re: Review Request 52532: Getting errors with max length 1000byte, when using Mysql db with charset UTF8

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52532/#review151543 --- Ship it! Ship It! - Robert Levas On Oct. 5, 2016, 12:38 p.m

Review Request 52601: Kerberos server actions should not timeout in minutes as specified in configuration

f: https://reviews.apache.org/r/52601/diff/ Testing --- # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52601: Kerberos server actions should not timeout in minutes as specified in configuration

r.task.timeout` value should help there. - Robert --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52601/#review151648 ------

Re: Review Request 52601: Kerberos server actions should not timeout in minutes as specified in configuration

601/diff/ Testing --- # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java, > > lines 955-960 > > <https://reviews.apache.org/r/52369/diff/3/?file=1518904#file1518904line955> > > > > ro

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

lable ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql (line 300) <https://reviews.apache.org/r/52369/#comment220413> group_type should be not nullable - Robert Levas On Oct. 3, 2016, 10:57 p.m., Vishal Ghugare wrote: > > ---

Re: Review Request 52646: Remove Unnecessary Locks Inside Of Service Business Object Implementations

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52646/#review151866 --- Ship it! Ship It! - Robert Levas On Oct. 7, 2016, 3:04 p.m

Re: Review Request 52456: Modify HTTP headers to follow best security practices

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52456/#review151944 --- Ship it! Ship It! - Robert Levas On Oct. 4, 2016, 12:45 p.m

Re: Review Request 52456: Modify HTTP headers to follow best security practices

> On Oct. 9, 2016, 6:39 p.m., Robert Levas wrote: > > Ship It! > > Sangeeta Ravindran wrote: > Thank you Robert. > Can you please help push the fix? Pushed to trunk: ``` commit 34c5686c3a0f80a5c7b78ddf05bb41cb13202438 Author: Sangeeta Ravindran Date: Mon Oct 1

Review Request 52749: Ambari should be able to create arbitrary Kerberos identities for itself as declared in the Kerberos Descriptor

/ambari/server/controller/KerberosHelperTest.java b2eb738 Diff: https://reviews.apache.org/r/52749/diff/ Testing --- Manually tested using the UI and BP ont he trunk and brach-2.5 # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52709: Deprecate old UpgradeCatalog Unit Tests

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52709/#review152201 --- Ship it! Ship It! - Robert Levas On Oct. 10, 2016, 7:21 p.m

Re: Review Request 52749: Ambari should be able to create arbitrary Kerberos identities for itself as declared in the Kerberos Descriptor

/8847//testReport/ Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/8847//console ``` Thanks, Robert Levas

Re: Review Request 52837: Hive Rolling Upgrade Is No Longer Supported In Ambari

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52837/#review152650 --- Ship it! Ship It! - Robert Levas On Oct. 13, 2016, 1:17 p.m

Re: Review Request 52691: Provision actions to happen based only on specified dependencies

2691/#comment222047> These should be `private` and possibly `private final` ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java (line 111) <https://reviews.apache.org/r/52691/#comment222051> Why is the length here 45 where the field in VARCHA

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

you fix? - Robert Levas On Oct. 13, 2016, 11:25 p.m., Vishal Ghugare wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache

Re: Review Request 52930: Ambari Metrics doesn't use SPNEGO to authenticate

-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java (line 267) <https://reviews.apache.org/r/52930/#comment222066> Missing Javadoc - Robert Levas On Oct. 17, 2016, 10:28 a.m., Dmytro Sen

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

/authorization/AmbariPamAuthenticationProvider.java (line 161) <https://reviews.apache.org/r/52369/#comment222680> `AmbariPamAuthorization` should be `ambariPamAuthorization` - incorrect name due to Ambari naming conventions. - Robert Levas On Oct. 17, 2016, 4:50 p.m., Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

g/r/52369/#comment222685> There should be a configuration option to allow the user to choose whether groups should be automatically created or not. - Robert Levas On Oct. 17, 2016, 4:50 p.m., Vishal Ghugare wrote: > > --- > Thi

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 7, 2016, 1:55 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java, > > line 817 > > <https://reviews.apache.org/r/52369/diff/4/?file=1519678#file1519678line817> > > > > Since th

Review Request 53060: Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

nkins test results: PENDING Thanks, Robert Levas

Re: Review Request 52456: Modify HTTP headers to follow best security practices

> On Oct. 9, 2016, 6:39 p.m., Robert Levas wrote: > > Ship It! > > Sangeeta Ravindran wrote: > Thank you Robert. > Can you please help push the fix? > > Robert Levas wrote: > Pushed to trunk: > > ``` > commit 34c5686c3a0f80

Re: Review Request 53060: Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

like your accessment of this and protect against `null`. Thanks. - Robert --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53060/#review153412 ------

Re: Review Request 53060: Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

993M [INFO] # Jenkins test results: PENDING Thanks, Robert Levas

Re: Review Request 53060: Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

----- On Oct. 20, 2016, 4:06 p.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53060/ > ---

Re: Review Request 53068: Alert Targets Cannot Be Updated Due To Transaction / Cache Timing Issues

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53068/#review153525 --- Ship it! Ship It! - Robert Levas On Oct. 20, 2016, 1:02 p.m

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 7, 2016, 1:55 p.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java, > > line 817 > > <https://reviews.apache.org/r/52369/diff/4/?file=1519678#file1519678line817> > > > > Since th

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 20, 2016, 9:36 a.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java, > > lines 171-189 > > <https://reviews.apache.org/r/52369/diff/6/?file=1539952#file1539952line171>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

> On Oct. 20, 2016, 9:36 a.m., Robert Levas wrote: > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java, > > lines 171-189 > > <https://reviews.apache.org/r/52369/diff/6/?file=1539952#file1539952line171>

Re: Review Request 52930: Ambari Metrics doesn't use SPNEGO to authenticate

- > > (Updated Oct. 21, 2016, 10:19 a.m.) > > > Review request for Ambari, Aravindan Vijayan, Robert Levas, and Sid Wagle. > > > Bugs: AMBARI-14384 > https://issues.apache.org/jira/browse/AMBARI-14384 > > > Repository: ambari > > > Des

Review Request 53101: While syncing with LDAP, username collisions should be handled based on configuration value

r/src/test/python/TestAmbariServer.py 5746503 Diff: https://reviews.apache.org/r/53101/diff/ Testing --- Thanks, Robert Levas

Review Request 53135: Fix constraint violations in adminprincipal table when installing database schema

E.sql 4922378 ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql f72b0ab Diff: https://reviews.apache.org/r/53135/diff/ Testing --- Manually created MySQL and PosgreSQL databases. Thanks, Robert Levas

Re: Review Request 53135: Fix constraint violations in adminprincipal table when installing database schema

ly created MySQL and PosgreSQL databases. Thanks, Robert Levas

Re: Review Request 53101: While syncing with LDAP, username collisions should be handled based on configuration value

/ldap/AmbariLdapDataPopulatorTest.java 34eadad ambari-server/src/test/python/TestAmbariServer.py 5746503 Diff: https://reviews.apache.org/r/53101/diff/ Testing --- Thanks, Robert Levas

Re: Review Request 53142: Webhcat server start failed during EU with BindException

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53142/#review153767 --- Ship it! Ship It! - Robert Levas On Oct. 24, 2016, 1:16 p.m

Re: Review Request 53101: While syncing with LDAP, username collisions should be handled based on configuration value

ari_server/setupSecurity.py 119a7d8 ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java 34eadad ambari-server/src/test/python/TestAmbariServer.py 5746503 Diff: https://reviews.apache.org/r/53101/diff/ Testing --- Thanks, Robert Levas

Re: Review Request 53101: While syncing with LDAP, username collisions should be handled based on configuration value

his is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53101/#review153703 --- On Oct. 25, 2016, 10:50 a.m., Robert Levas wrote: > > -

Re: Review Request 53185: Upgrade Configuration Packs Should Have an XSD

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53185/#review153872 --- Ship it! Ship It! - Robert Levas On Oct. 26, 2016, 8:19 a.m

Re: Review Request 53251: Upgrade Orchestration Groups And Stages Should Be Conditionally Controlled

ver/src/main/resources/upgrade-pack.xsd (line 77) <https://reviews.apache.org/r/53251/#comment223636> Shouldn't this be of type `security-type` from the definition above? - Robert Levas On Oct. 28, 2016, 10:18 a.m., Jonathan Hurley wrote: > > -

<    1   2   3   4   5   6   7   8   9   10   >