Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 14, 2016, 3:01 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml e02b7a5 
  ambari-server/sbin/ambari-server bdbdd0f 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 0b8e195 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 b04fdd7 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 e54d54e 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 ba32a5f 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 8ac7ebb 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 3425dd7 
  ambari-server/src/main/python/ambari-server.py d6c6c10 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
  ambari-server/src/main/resources/properties.json 6bbb323 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 f54ac5c 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 8ed81df 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Nov. 14, 2016, 4:59 p.m., Robert Levas wrote:
> > Ship It!

This look good, but it fails to apply to the trunk:

```
error: patch failed: 
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java:2459
error: 
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java:
 patch does not apply
```

Can you rebase and resubmit the patch.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155851
---


On Nov. 14, 2016, 4:49 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 14, 2016, 4:49 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml e02b7a5 
>   ambari-server/sbin/ambari-server bdbdd0f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  f9557a5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  09e49ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  6351720 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  ba32a5f 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  eee721a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  3425dd7 
>   ambari-server/src/main/python/ambari-server.py d6c6c10 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
>   ambari-server/src/main/resources/properties.json 6bbb323 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  f54ac5c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  8ed81df 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155851
---


Ship it!




Ship It!

- Robert Levas


On Nov. 14, 2016, 4:49 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 14, 2016, 4:49 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml e02b7a5 
>   ambari-server/sbin/ambari-server bdbdd0f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  f9557a5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  09e49ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  6351720 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  ba32a5f 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  eee721a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  3425dd7 
>   ambari-server/src/main/python/ambari-server.py d6c6c10 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
>   ambari-server/src/main/resources/properties.json 6bbb323 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  f54ac5c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  8ed81df 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 14, 2016, 1:49 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml e02b7a5 
  ambari-server/sbin/ambari-server bdbdd0f 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 f9557a5 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 09e49ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 6351720 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 ba32a5f 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 eee721a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 3425dd7 
  ambari-server/src/main/python/ambari-server.py d6c6c10 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
  ambari-server/src/main/resources/properties.json 6bbb323 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 f54ac5c 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 8ed81df 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155810
---




ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 (lines 115 - 116)


This is not acceptable for a unit test.  Not only do you not know what 
platform the test will be executed on, you do not know whether there is an 
existing pam config file or user that is being created for the test.

Since this is a unit test, you should create a mock for the PAM library 
call and avoid any intraection with the underlying OS as much as possible. 
There are several ways you can do this... Wrap the call(s) to the PAM library 
in protected methods that can be mocked in this unit test. Provide an interface 
to implement that provices the PAM functinality. This interface can be 
implemented for production and for test and the appropraite implementaion can 
be injected as needed.  

If you need to create files, look into JUnit's TemporaryFolder facility 
(see http://junit.org/junit4/javadoc/4.12/org/junit/rules/TemporaryFolder.html).


- Robert Levas


On Nov. 14, 2016, 9:30 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 14, 2016, 9:30 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml e02b7a5 
>   ambari-server/sbin/ambari-server bdbdd0f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  f9557a5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  09e49ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  6351720 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  ba32a5f 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  eee721a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  3425dd7 
>   ambari-server/src/main/python/ambari-server.py d6c6c10 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
>   ambari-server/src/main/resources/properties.json 6bbb323 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-ser

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 14, 2016, 6:30 a.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml e02b7a5 
  ambari-server/sbin/ambari-server bdbdd0f 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 f9557a5 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 09e49ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 6351720 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 ba32a5f 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 eee721a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 3425dd7 
  ambari-server/src/main/python/ambari-server.py d6c6c10 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
  ambari-server/src/main/resources/properties.json 6bbb323 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 f54ac5c 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 8ed81df 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Nov. 10, 2016, 10:40 a.m., Robert Levas wrote:
> > ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java,
> >  lines 78-96
> > 
> >
> > This is a poor test and is pretty much like the negative test named 
> > `testBadCredential`.  Is there a better positive test for this?

I need some help writing a better positive test. As PAM authenticates users 
based on pam configuration file, what is the best way to introduce such a file 
in a test? Also, in this unit test how to create a valid user (for example a 
unix user) that can be authenticated using pam.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155627
---


On Nov. 10, 2016, 7:35 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 10, 2016, 7:35 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml e02b7a5 
>   ambari-server/sbin/ambari-server bdbdd0f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  f9557a5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  09e49ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  6351720 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  ba32a5f 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  eee721a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  3425dd7 
>   ambari-server/src/main/python/ambari-server.py d6c6c10 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
>   ambari-server/src/main/resources/properties.json 6bbb323 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  f54ac5c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  8ed81df 
> 
> Diff: https://review

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155627
---




ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 (lines 78 - 88)


This is a poor test and is pretty much like the negative test named 
`testBadCredential`.  Is there a better positive test for this?


- Robert Levas


On Nov. 10, 2016, 10:35 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 10, 2016, 10:35 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml e02b7a5 
>   ambari-server/sbin/ambari-server bdbdd0f 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  f9557a5 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  09e49ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  6351720 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  ba32a5f 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  eee721a 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  3425dd7 
>   ambari-server/src/main/python/ambari-server.py d6c6c10 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
>   ambari-server/src/main/resources/properties.json 6bbb323 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  f54ac5c 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  8ed81df 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 10, 2016, 7:35 a.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml e02b7a5 
  ambari-server/sbin/ambari-server bdbdd0f 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 f9557a5 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 09e49ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 6351720 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 ba32a5f 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 eee721a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 3425dd7 
  ambari-server/src/main/python/ambari-server.py d6c6c10 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
  ambari-server/src/main/resources/properties.json 6bbb323 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 f54ac5c 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 8ed81df 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 9, 2016, 12:58 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml e02b7a5 
  ambari-server/sbin/ambari-server bdbdd0f 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 f9557a5 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 09e49ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 6351720 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 ba32a5f 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 eee721a 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 3425dd7 
  ambari-server/src/main/python/ambari-server.py d6c6c10 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py ef27ced 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 37a9757 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 15d6120 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 5a82a52 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 659e4dc 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql e9a258a 
  ambari-server/src/main/resources/properties.json 6bbb323 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 f54ac5c 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 8ed81df 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review155441
---


Ship it!




Ship It!

- Robert Levas


On Nov. 9, 2016, 6:25 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 9, 2016, 6:25 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Nov. 1, 2016, 11:46 a.m., Robert Levas wrote:
> > Ship It!
> 
> Vishal Ghugare wrote:
> Thank you Robert! I would really appreciate if you can commit these 
> changes on my behalf to trunk ( I am not a committer).The latest patch is 
> attached to AMBARI-12263. Thanks again.
> 
> Robert Levas wrote:
> I assume that the latest patch is the one that was reviewed here 
> correct?  If so, I can just download from this review.
> 
> Robert Levas wrote:
> The patch from the JIRA (AMBARI-12263) appears to be different than the 
> patch that has been reviewed.  Do you want me to merge the patch from this 
> review?  Else you will need to update the patch in this review if you want 
> the other patch to be merged in.

I have updated the patch here on the reviewboard. Please download it from this 
review.Please let me know if you have any questions.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review154434
---


On Nov. 9, 2016, 3:25 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Nov. 9, 2016, 3:25 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorizati

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Nov. 9, 2016, 3:25 a.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 a80cd03 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Nov. 1, 2016, 2:46 p.m., Robert Levas wrote:
> > Ship It!
> 
> Vishal Ghugare wrote:
> Thank you Robert! I would really appreciate if you can commit these 
> changes on my behalf to trunk ( I am not a committer).The latest patch is 
> attached to AMBARI-12263. Thanks again.
> 
> Robert Levas wrote:
> I assume that the latest patch is the one that was reviewed here 
> correct?  If so, I can just download from this review.

The patch from the JIRA (AMBARI-12263) appears to be different than the patch 
that has been reviewed.  Do you want me to merge the patch from this review?  
Else you will need to update the patch in this review if you want the other 
patch to be merged in.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review154434
---


On Oct. 21, 2016, 10:38 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 21, 2016, 10:38 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apa

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Nov. 1, 2016, 2:46 p.m., Robert Levas wrote:
> > Ship It!
> 
> Vishal Ghugare wrote:
> Thank you Robert! I would really appreciate if you can commit these 
> changes on my behalf to trunk ( I am not a committer).The latest patch is 
> attached to AMBARI-12263. Thanks again.

I assume that the latest patch is the one that was reviewed here correct?  
If so, I can just download from this review.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review154434
---


On Oct. 21, 2016, 10:38 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 21, 2016, 10:38 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Nov. 1, 2016, 11:46 a.m., Robert Levas wrote:
> > Ship It!

Thank you Robert! I would really appreciate if you can commit these changes on 
my behalf to trunk ( I am not a committer).The latest patch is attached to 
AMBARI-12263. Thanks again.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review154434
---


On Oct. 21, 2016, 7:38 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 21, 2016, 7:38 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review154434
---


Ship it!




Ship It!

- Robert Levas


On Oct. 21, 2016, 10:38 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 21, 2016, 10:38 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 20, 2016, 6:36 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java,
> >  lines 171-189
> > 
> >
> > There should be a configuration option to allow the user to choose 
> > whether groups should be automatically created or not.
> 
> Vishal Ghugare wrote:
> What if the user says no. For external users, the user and groups have to 
> be created together just like when we sync with LDAP. We can not have orphan 
> users with no group to associate with. 
> Also, the rationale of creating these groups is to have no latency 
> syncing. For LDAP until the admin does LDAP-sync, changes to user-group 
> memebership are not reflected in  ambari. This is a security hole and we need 
> immediate syncing of user-group membership to reflect the backend.
> 
> Robert Levas wrote:
> This is why it should be a configurable option.  If a LOCAL user exists 
> with the same username as a PAM user, blindly converting the LOCAL user 
> record to a PAM user may cause confusion as their login credential will 
> change. You cannot simply create a new user record, though the current 
> infrastrucutre allow this, becuase the DAO object to find a user by username 
> will throw an exception if more than one record is returned. See 
> `org.apache.ambari.server.orm.dao.UserDAO#findUserByName`.
> 
> A similar issue is being worked on for LDAP sync right now; however I 
> dont have te Apache JIRA for it yet. The idea for this is that the person 
> configuring the Ambari server can choose to convert or skip users where 
> collission occur. If "skip" was choosen, the LDAP user is not to be imported 
> and therefore authentication for that user will be denied - unless both 
> authentication sources have the same password stored and the user 
> coincidentally is able to log in.
> 
> Robert Levas wrote:
> I am currently working a proposal to rework the user management facility 
> in Amabri. It will include a mechanism to allow a user be associated with 
> multiple authentication sources... LOCAL and PAM or LOCAL and LDAP, or LOCAL, 
> PAM, LDAP, KERBEROS; etc...  When the doc is ready I plan to set it out to 
> the community.  Keep an eye out for it.  :)

This patch does not convert a LOCAL user to PAM but creates a new user of type 
PAM. The patch also makes use of username & usertype while searching for users. 
If a LOCAL user exists with same username as a PAM user, yes you are right 
findUserByName will throw more than one record found exception. 
My thought - the users table has a unique contraint (user_name, user_type) but 
lot of the code still retrieve records only by the username which needs to 
change to username & usertype. Same logic applies to groups table. Hopefully, 
this gets fixed either part of the user management work or through some other 
JIRA (i would be happy to open one and fix).

I am adding configuration option to allow the user to choose whether groups 
should be automatically created or not.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153389
---


On Oct. 21, 2016, 7:38 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 21, 2016, 7:38 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-serv

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 21, 2016, 7:38 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 a80cd03 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 20, 2016, 9:36 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java,
> >  lines 171-189
> > 
> >
> > There should be a configuration option to allow the user to choose 
> > whether groups should be automatically created or not.
> 
> Vishal Ghugare wrote:
> What if the user says no. For external users, the user and groups have to 
> be created together just like when we sync with LDAP. We can not have orphan 
> users with no group to associate with. 
> Also, the rationale of creating these groups is to have no latency 
> syncing. For LDAP until the admin does LDAP-sync, changes to user-group 
> memebership are not reflected in  ambari. This is a security hole and we need 
> immediate syncing of user-group membership to reflect the backend.
> 
> Robert Levas wrote:
> This is why it should be a configurable option.  If a LOCAL user exists 
> with the same username as a PAM user, blindly converting the LOCAL user 
> record to a PAM user may cause confusion as their login credential will 
> change. You cannot simply create a new user record, though the current 
> infrastrucutre allow this, becuase the DAO object to find a user by username 
> will throw an exception if more than one record is returned. See 
> `org.apache.ambari.server.orm.dao.UserDAO#findUserByName`.
> 
> A similar issue is being worked on for LDAP sync right now; however I 
> dont have te Apache JIRA for it yet. The idea for this is that the person 
> configuring the Ambari server can choose to convert or skip users where 
> collission occur. If "skip" was choosen, the LDAP user is not to be imported 
> and therefore authentication for that user will be denied - unless both 
> authentication sources have the same password stored and the user 
> coincidentally is able to log in.

I am currently working a proposal to rework the user management facility in 
Amabri. It will include a mechanism to allow a user be associated with multiple 
authentication sources... LOCAL and PAM or LOCAL and LDAP, or LOCAL, PAM, LDAP, 
KERBEROS; etc...  When the doc is ready I plan to set it out to the community.  
Keep an eye out for it.  :)


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153389
---


On Oct. 20, 2016, 9:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 9:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/au

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 20, 2016, 9:36 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java,
> >  lines 171-189
> > 
> >
> > There should be a configuration option to allow the user to choose 
> > whether groups should be automatically created or not.
> 
> Vishal Ghugare wrote:
> What if the user says no. For external users, the user and groups have to 
> be created together just like when we sync with LDAP. We can not have orphan 
> users with no group to associate with. 
> Also, the rationale of creating these groups is to have no latency 
> syncing. For LDAP until the admin does LDAP-sync, changes to user-group 
> memebership are not reflected in  ambari. This is a security hole and we need 
> immediate syncing of user-group membership to reflect the backend.

This is why it should be a configurable option.  If a LOCAL user exists with 
the same username as a PAM user, blindly converting the LOCAL user record to a 
PAM user may cause confusion as their login credential will change. You cannot 
simply create a new user record, though the current infrastrucutre allow this, 
becuase the DAO object to find a user by username will throw an exception if 
more than one record is returned. See 
`org.apache.ambari.server.orm.dao.UserDAO#findUserByName`.

A similar issue is being worked on for LDAP sync right now; however I dont have 
te Apache JIRA for it yet. The idea for this is that the person configuring the 
Ambari server can choose to convert or skip users where collission occur. If 
"skip" was choosen, the LDAP user is not to be imported and therefore 
authentication for that user will be denied - unless both authentication 
sources have the same password stored and the user coincidentally is able to 
log in.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153389
---


On Oct. 20, 2016, 9:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 9:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 7, 2016, 1:55 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  line 817
> > 
> >
> > Since this is called each time Ambari starts up new groups can be 
> > _magically_ created each time Ambari is started.  This seems like a 
> > possible issue since it gives a non-Ambari-administrator the ability to 
> > create groups and assign roles to them. In many cases, the user that has 
> > write access to the ambari.properties file does not have admin access to 
> > Ambari. So being able to change something like this becomes a security 
> > hole. 
> > 
> > If we do find a way to do this securely, the solution should be more 
> > generic since it may not apply only to PAM.
> 
> Vishal Ghugare wrote:
> we could possibly do the PAM group creation securely & in a generic way 
> by invoking a rest api (a new api).
> 
> Robert Levas wrote:
> Can this feature be dropped from this patch?  We can then create a JIRA 
> and discuss a more generic and secure way to handle setting roles on imported 
> or manaully created groups. This will apply to the exists LDAP integration as 
> well as any other authentication source we may add in the future.
> 
> Vishal Ghugare wrote:
> Currently, the only way to create a LDAP group in amabri is by LDAP-sync. 
> Ambari do not have control over LDAP user-group membership. 
> 
> I will open a new JIRA for this work and take out the predefined group 
> creation from this patch for now.
> 
> Vishal Ghugare wrote:
> Created a new JIRA for this work: AMBARI-18656.

Keep in mind, my issue is not with creating new groups, it is with setting the 
roles on the new groups.  The summary for AMBARI-18656, "Generic and secure way 
to handle setting roles on imported or manaully created groups", reflects that. 
 Thanks.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---


On Oct. 20, 2016, 9:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 9:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 7, 2016, 10:55 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  line 817
> > 
> >
> > Since this is called each time Ambari starts up new groups can be 
> > _magically_ created each time Ambari is started.  This seems like a 
> > possible issue since it gives a non-Ambari-administrator the ability to 
> > create groups and assign roles to them. In many cases, the user that has 
> > write access to the ambari.properties file does not have admin access to 
> > Ambari. So being able to change something like this becomes a security 
> > hole. 
> > 
> > If we do find a way to do this securely, the solution should be more 
> > generic since it may not apply only to PAM.
> 
> Vishal Ghugare wrote:
> we could possibly do the PAM group creation securely & in a generic way 
> by invoking a rest api (a new api).
> 
> Robert Levas wrote:
> Can this feature be dropped from this patch?  We can then create a JIRA 
> and discuss a more generic and secure way to handle setting roles on imported 
> or manaully created groups. This will apply to the exists LDAP integration as 
> well as any other authentication source we may add in the future.
> 
> Vishal Ghugare wrote:
> Currently, the only way to create a LDAP group in amabri is by LDAP-sync. 
> Ambari do not have control over LDAP user-group membership. 
> 
> I will open a new JIRA for this work and take out the predefined group 
> creation from this patch for now.

Created a new JIRA for this work: AMBARI-18656.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---


On Oct. 20, 2016, 6:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 6:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/p

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 20, 2016, 6:36 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java,
> >  lines 171-189
> > 
> >
> > There should be a configuration option to allow the user to choose 
> > whether groups should be automatically created or not.

What if the user says no. For external users, the user and groups have to be 
created together just like when we sync with LDAP. We can not have orphan users 
with no group to associate with. 
Also, the rationale of creating these groups is to have no latency syncing. For 
LDAP until the admin does LDAP-sync, changes to user-group memebership are not 
reflected in  ambari. This is a security hole and we need immediate syncing of 
user-group membership to reflect the backend.


> On Oct. 20, 2016, 6:36 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java,
> >  lines 165-167
> > 
> >
> > What happends on username collision.  Maybe there needs to be an option 
> > to determine whether to change the existing user to a PAM user or fail - 
> > depending on the configuration.
> > 
> > There is a similar effort going on now dealing with what to do with 
> > username collisions during LDAP sync.

I have fixed the code to avoid username & group collision which was missing in 
my previous patch. With this patch there should not be any collision.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153389
---


On Oct. 20, 2016, 6:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 6:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupS

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 7, 2016, 10:55 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  line 817
> > 
> >
> > Since this is called each time Ambari starts up new groups can be 
> > _magically_ created each time Ambari is started.  This seems like a 
> > possible issue since it gives a non-Ambari-administrator the ability to 
> > create groups and assign roles to them. In many cases, the user that has 
> > write access to the ambari.properties file does not have admin access to 
> > Ambari. So being able to change something like this becomes a security 
> > hole. 
> > 
> > If we do find a way to do this securely, the solution should be more 
> > generic since it may not apply only to PAM.
> 
> Vishal Ghugare wrote:
> we could possibly do the PAM group creation securely & in a generic way 
> by invoking a rest api (a new api).
> 
> Robert Levas wrote:
> Can this feature be dropped from this patch?  We can then create a JIRA 
> and discuss a more generic and secure way to handle setting roles on imported 
> or manaully created groups. This will apply to the exists LDAP integration as 
> well as any other authentication source we may add in the future.

Currently, the only way to create a LDAP group in amabri is by LDAP-sync. 
Ambari do not have control over LDAP user-group membership. 

I will open a new JIRA for this work and take out the predefined group creation 
from this patch for now.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---


On Oct. 20, 2016, 6:01 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 20, 2016, 6:01 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
> 255c5e6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MyS

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 20, 2016, 6:01 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java 
255c5e6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 a80cd03 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 7, 2016, 1:55 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  line 817
> > 
> >
> > Since this is called each time Ambari starts up new groups can be 
> > _magically_ created each time Ambari is started.  This seems like a 
> > possible issue since it gives a non-Ambari-administrator the ability to 
> > create groups and assign roles to them. In many cases, the user that has 
> > write access to the ambari.properties file does not have admin access to 
> > Ambari. So being able to change something like this becomes a security 
> > hole. 
> > 
> > If we do find a way to do this securely, the solution should be more 
> > generic since it may not apply only to PAM.
> 
> Vishal Ghugare wrote:
> we could possibly do the PAM group creation securely & in a generic way 
> by invoking a rest api (a new api).

Can this feature be dropped from this patch?  We can then create a JIRA and 
discuss a more generic and secure way to handle setting roles on imported or 
manaully created groups. This will apply to the exists LDAP integration as well 
as any other authentication source we may add in the future.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---


On Oct. 17, 2016, 4:50 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 17, 2016, 4:50 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/pr

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153389
---




ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (lines 165 - 167)


What happends on username collision.  Maybe there needs to be an option to 
determine whether to change the existing user to a PAM user or fail - depending 
on the configuration.

There is a similar effort going on now dealing with what to do with 
username collisions during LDAP sync.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (lines 171 - 189)


There should be a configuration option to allow the user to choose whether 
groups should be automatically created or not.


- Robert Levas


On Oct. 17, 2016, 4:50 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 17, 2016, 4:50 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https:/

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review153387
---




ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (line 161)


`AmbariPamAuthorization` should be `ambariPamAuthorization` - incorrect 
name due to Ambari naming conventions.


- Robert Levas


On Oct. 17, 2016, 4:50 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 17, 2016, 4:50 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 17, 2016, 8:09 a.m., Robert Levas wrote:
> > It seems like there was a rebase issue with the last patch. Can you fix?

fixed. please ignore revision 5.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review152880
---


On Oct. 17, 2016, 1:50 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 17, 2016, 1:50 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263.patch_base
>   
> https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 17, 2016, 1:50 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 a80cd03 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments (updated)


AMBARI-12263.patch_base
  
https://reviews.apache.org/media/uploaded/files/2016/10/17/5107a016-3a83-478c-b98c-2f35ecf6cbc5__AMBARI-12263.patch_base


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review152880
---



It seems like there was a rebase issue with the last patch. Can you fix?

- Robert Levas


On Oct. 13, 2016, 11:25 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 13, 2016, 11:25 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
> 78a6884 
>   ambari-agent/conf/unix/ambari-agent 30897dd 
>   ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
>   ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
>   ambari-agent/src/main/python/ambari_agent/HostCleanup.py cca79a8 
>   ambari-agent/src/main/python/ambari_agent/PythonReflectiveExecutor.py 
> b476671 
>   ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 6caf1d0 
>   ambari-agent/src/main/python/ambari_agent/apscheduler/scheduler.py f787a2d 
>   ambari-agent/src/main/python/ambari_agent/apscheduler/threadpool.py cb19888 
>   ambari-agent/src/test/python/ambari_agent/TestActionQueue.py 32773b8 
>   ambari-agent/src/test/python/resource_management/TestDataStructureUtils.py 
> a4bdc1c 
>   ambari-agent/src/test/python/resource_management/TestPackageResource.py 
> 66227c6 
>   ambari-common/src/main/python/ambari_commons/inet_utils.py b5cea75 
>   ambari-common/src/main/python/resource_management/core/exceptions.py 
> a59611d 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
>  21de183 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/apt.py
>  d095173 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
>  ea10a86 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
>  265c162 
>   ambari-common/src/main/python/resource_management/core/shell.py f8f056a 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/data_structure_utils.py
>  59e01aa 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/get_user_call_output.py
>  7b7acae 
>   
> ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
>  f1aa3e1 
>   
> ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/LogFeederAMSClient.java
>  133646a 
>   
> ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/solr/metrics/SolrAmsClient.java
>  0d4deab 
>   ambari-logsearch/pom.xml a1b6c9d 
>   
> ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
>  efa5cba 
>   
> ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHAHelper.java
>  e7f7cfd 
>   
> ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHATest.java
>  3d00270 
>   
> ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/cache/HandleConnectExceptionTest.java
>  36ec074 
>   
> ambari-metrics/ambari-metrics-flume-sink/src/main/java/org/apache/hadoop/metrics2/sink/flume/FlumeTimelineMetricsSink.java
>  c1b684b 
>   
> ambari-metrics/ambari-metrics-hadoop-sink/src/main/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSink.java
>  d81187e 
>   
> ambari-metrics/ambari-metrics-hadoop-sink/src/test/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSinkTest.java
>  3259c18 
>   
> ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/blacklisted_set.py
>  dab54c0 
>   
> ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py
>  890d3ce 
>   
> ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/emitter.py 
> ba3f18e 
>   
> ambari-metrics/ambari-metrics-kafka-sink/src/main/java/org/apache/hadoop/metrics2/sink/kafka/KafkaTimelineMetricsReporter.java
>  fef1f24 
>   
> ambari-metrics/ambari-metric

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 13, 2016, 8:25 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
78a6884 
  ambari-agent/conf/unix/ambari-agent 30897dd 
  ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
  ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
  ambari-agent/src/main/python/ambari_agent/HostCleanup.py cca79a8 
  ambari-agent/src/main/python/ambari_agent/PythonReflectiveExecutor.py b476671 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 6caf1d0 
  ambari-agent/src/main/python/ambari_agent/apscheduler/scheduler.py f787a2d 
  ambari-agent/src/main/python/ambari_agent/apscheduler/threadpool.py cb19888 
  ambari-agent/src/test/python/ambari_agent/TestActionQueue.py 32773b8 
  ambari-agent/src/test/python/resource_management/TestDataStructureUtils.py 
a4bdc1c 
  ambari-agent/src/test/python/resource_management/TestPackageResource.py 
66227c6 
  ambari-common/src/main/python/ambari_commons/inet_utils.py b5cea75 
  ambari-common/src/main/python/resource_management/core/exceptions.py a59611d 
  
ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
 21de183 
  
ambari-common/src/main/python/resource_management/core/providers/package/apt.py 
d095173 
  
ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
 ea10a86 
  
ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
 265c162 
  ambari-common/src/main/python/resource_management/core/shell.py f8f056a 
  
ambari-common/src/main/python/resource_management/libraries/functions/data_structure_utils.py
 59e01aa 
  
ambari-common/src/main/python/resource_management/libraries/functions/get_user_call_output.py
 7b7acae 
  
ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
 f1aa3e1 
  
ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/LogFeederAMSClient.java
 133646a 
  
ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/solr/metrics/SolrAmsClient.java
 0d4deab 
  ambari-logsearch/pom.xml a1b6c9d 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
 efa5cba 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHAHelper.java
 e7f7cfd 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHATest.java
 3d00270 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/cache/HandleConnectExceptionTest.java
 36ec074 
  
ambari-metrics/ambari-metrics-flume-sink/src/main/java/org/apache/hadoop/metrics2/sink/flume/FlumeTimelineMetricsSink.java
 c1b684b 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/main/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSink.java
 d81187e 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/test/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSinkTest.java
 3259c18 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/blacklisted_set.py
 dab54c0 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py
 890d3ce 
  ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/emitter.py 
ba3f18e 
  
ambari-metrics/ambari-metrics-kafka-sink/src/main/java/org/apache/hadoop/metrics2/sink/kafka/KafkaTimelineMetricsReporter.java
 fef1f24 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 ef73a0e 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 60c1427 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 802e57d 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 5a3eac1 
  ambari-metrics/ambari-metrics-timelineservice/pom.xml 6896c6b 
  ambari-metrics/pom.xml 2d889

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 13, 2016, 7:58 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
78a6884 
  ambari-agent/conf/unix/ambari-agent 30897dd 
  ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
  ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
  ambari-agent/src/main/python/ambari_agent/HostCleanup.py cca79a8 
  ambari-agent/src/main/python/ambari_agent/PythonReflectiveExecutor.py b476671 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 6caf1d0 
  ambari-agent/src/main/python/ambari_agent/apscheduler/scheduler.py f787a2d 
  ambari-agent/src/main/python/ambari_agent/apscheduler/threadpool.py cb19888 
  ambari-agent/src/test/python/ambari_agent/TestActionQueue.py 32773b8 
  ambari-agent/src/test/python/resource_management/TestDataStructureUtils.py 
a4bdc1c 
  ambari-agent/src/test/python/resource_management/TestPackageResource.py 
66227c6 
  ambari-common/src/main/python/ambari_commons/inet_utils.py b5cea75 
  ambari-common/src/main/python/resource_management/core/exceptions.py a59611d 
  
ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
 21de183 
  
ambari-common/src/main/python/resource_management/core/providers/package/apt.py 
d095173 
  
ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
 ea10a86 
  
ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
 265c162 
  ambari-common/src/main/python/resource_management/core/shell.py f8f056a 
  
ambari-common/src/main/python/resource_management/libraries/functions/data_structure_utils.py
 59e01aa 
  
ambari-common/src/main/python/resource_management/libraries/functions/get_user_call_output.py
 7b7acae 
  
ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
 f1aa3e1 
  
ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/LogFeederAMSClient.java
 133646a 
  
ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/solr/metrics/SolrAmsClient.java
 0d4deab 
  ambari-logsearch/pom.xml a1b6c9d 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
 efa5cba 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHAHelper.java
 e7f7cfd 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHATest.java
 3d00270 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/cache/HandleConnectExceptionTest.java
 36ec074 
  
ambari-metrics/ambari-metrics-flume-sink/src/main/java/org/apache/hadoop/metrics2/sink/flume/FlumeTimelineMetricsSink.java
 c1b684b 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/main/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSink.java
 d81187e 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/test/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSinkTest.java
 3259c18 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/blacklisted_set.py
 dab54c0 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py
 890d3ce 
  ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/emitter.py 
ba3f18e 
  
ambari-metrics/ambari-metrics-kafka-sink/src/main/java/org/apache/hadoop/metrics2/sink/kafka/KafkaTimelineMetricsReporter.java
 fef1f24 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 ef73a0e 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 60c1427 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 802e57d 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 5a3eac1 
  ambari-metrics/ambari-metrics-timelineservice/pom.xml 6896c6b 
  ambari-metrics/pom.xml 2d889

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 7, 2016, 10:55 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  line 817
> > 
> >
> > Since this is called each time Ambari starts up new groups can be 
> > _magically_ created each time Ambari is started.  This seems like a 
> > possible issue since it gives a non-Ambari-administrator the ability to 
> > create groups and assign roles to them. In many cases, the user that has 
> > write access to the ambari.properties file does not have admin access to 
> > Ambari. So being able to change something like this becomes a security 
> > hole. 
> > 
> > If we do find a way to do this securely, the solution should be more 
> > generic since it may not apply only to PAM.

we could possibly do the PAM group creation securely & in a generic way by 
invoking a rest api (a new api).


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---


On Oct. 13, 2016, 6:45 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 13, 2016, 6:45 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
> 78a6884 
>   ambari-agent/conf/unix/ambari-agent 30897dd 
>   ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
>   ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
>   ambari-agent/src/main/python/ambari_agent/HostCleanup.py cca79a8 
>   ambari-agent/src/main/python/ambari_agent/PythonReflectiveExecutor.py 
> b476671 
>   ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 6caf1d0 
>   ambari-agent/src/main/python/ambari_agent/apscheduler/scheduler.py f787a2d 
>   ambari-agent/src/main/python/ambari_agent/apscheduler/threadpool.py cb19888 
>   ambari-agent/src/test/python/ambari_agent/TestActionQueue.py 32773b8 
>   ambari-agent/src/test/python/resource_management/TestDataStructureUtils.py 
> a4bdc1c 
>   ambari-agent/src/test/python/resource_management/TestPackageResource.py 
> 66227c6 
>   ambari-common/src/main/python/ambari_commons/inet_utils.py b5cea75 
>   ambari-common/src/main/python/resource_management/core/exceptions.py 
> a59611d 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
>  21de183 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/apt.py
>  d095173 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
>  ea10a86 
>   
> ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
>  265c162 
>   ambari-common/src/main/python/resource_management/core/shell.py f8f056a 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/data_structure_utils.py
>  59e01aa 
>   
> ambari-common/src/main/python/resource_management/libraries/functions/get_user_call_output.py
>  7b7acae 
>   
> ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
>  f1aa3e1 
>   
> ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/LogFeederAMSClient.java
>  133646a 
>   
> ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/solr/metrics/SolrAmsClient.java
>  0d4deab 
>   ambari-logsearch/pom.xml a1b6c9d 
>   
> ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
>  efa5cba 
>   
> ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHAHelper.java
>  e7f7cfd 
>   
> ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHATest.java
>  3d00270 
>   
> ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/cache/HandleConnectExceptionTest.java
>  36ec074 
>   
> ambari-metrics/ambari-metrics-flume-sink/src

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  lines 955-960
> > 
> >
> > roles may be set today, but in the future these may be customizabled by 
> > the user.
> 
> Vishal Ghugare wrote:
> -is anyone already working on it? is there any JIRA to track this work? 
> -How is upgrade handled in this case (upgrade from version which has 
> predefined roles to version which has configurable roles)?
> 
> Robert Levas wrote:
> I am not sure how this will work yet, any there are no JIRA open, but I 
> would still avoid hard-coding this. That said, I am not sure why there is a 
> need to make this part of the configuration data.
> 
> Vishal Ghugare wrote:
> The hardcoded roles are to help customers make use of the predefined 
> roles in Ambari (Cluster Admin, Cluster Operator and so on) and bootstrap 
> their  PAM authorization. I understand that the predefined roles (and their 
> names) may be customizable by the user in the future, but  at the minimum, 
> the "Admin " role will still need to be predefined since the pre-created 
> "admin" user should be removed in the near future for PAM/LDAP use-case as it 
> creates a security hole.  When the change to make roles configurable happens, 
> the PAM related code in Users.java & setupSecurity.py will also need to be 
> changed accordingly (not sure how these customized roles will be defined 
> initially).  Having the choice (which is optional) to create custom groups 
> (with assigned roles) during PAM setup gives user an entry point to 
> boot-strap the authorization in Ambari.   Also these custom groups are part 
> of the pam setup (just like any other setup for example setup-ldap) and it 
> makes sense for the propert
 ies to be stored into configuration file.
> 
> Robert Levas wrote:
> It is not clear to me why we need to preload Ambari with certain groups 
> when PAM authentcation is enabled. We do not do this with other _remote_ 
> authentication facilities - like LDAP.  It seems like if this is needed, we 
> might be able to come up with a more generic way to handle it since it could 
> be useful elsewhere.

Thank you for reviewing the patch.

"It is not clear to me why we need to preload Ambari with certain groups when 
PAM authentcation is enabled."
-When there are no locally created users exist in ambari (currently admin local 
user is created by default), the preloaded groups will become entry point to 
get into Ambari.
-When PAM is enabled, the PAM user & all the groups (the user belongs to) are 
created into database only when a user logs into Ambari, so without any 
predefined users (local admin user) & groups (preloaded PAM groups) there is no 
way to login to Ambari.


"We do not do this with other remote authentication facilities - like LDAP."
-In my previous comment, i was referring to the properties 
(authentication.ldap.baseDn, authentication.ldap.primaryUrl ... all the 
properties that get added during ldap setup).

"It seems like if this is needed, we might be able to come up with a more 
generic way to handle it since it could be useful elsewhere."
-Please let us know if you any suggestions on doing it in more generic way. One 
that i could think of is to have a separate setup action for creating these 
groups.


If you have some time, i could setup a conference call to discuss this.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 13, 2016, 6:45 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 13, 2016, 6:45 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
> 78a6884 
>   ambari-agent/conf/unix/ambari-agent 30897dd 
>   ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
>   ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
>   ambari-agent/

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 13, 2016, 6:45 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html 
78a6884 
  ambari-agent/conf/unix/ambari-agent 30897dd 
  ambari-agent/conf/unix/ambari-agent.ini 1c39c24 
  ambari-agent/src/main/python/ambari_agent/ActionQueue.py c03ee4f 
  ambari-agent/src/main/python/ambari_agent/HostCleanup.py cca79a8 
  ambari-agent/src/main/python/ambari_agent/PythonReflectiveExecutor.py b476671 
  ambari-agent/src/main/python/ambari_agent/alerts/web_alert.py 6caf1d0 
  ambari-agent/src/main/python/ambari_agent/apscheduler/scheduler.py f787a2d 
  ambari-agent/src/main/python/ambari_agent/apscheduler/threadpool.py cb19888 
  ambari-agent/src/test/python/ambari_agent/TestActionQueue.py 32773b8 
  ambari-agent/src/test/python/resource_management/TestDataStructureUtils.py 
a4bdc1c 
  ambari-agent/src/test/python/resource_management/TestPackageResource.py 
66227c6 
  ambari-common/src/main/python/ambari_commons/inet_utils.py b5cea75 
  ambari-common/src/main/python/resource_management/core/exceptions.py a59611d 
  
ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
 21de183 
  
ambari-common/src/main/python/resource_management/core/providers/package/apt.py 
d095173 
  
ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
 ea10a86 
  
ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
 265c162 
  ambari-common/src/main/python/resource_management/core/shell.py f8f056a 
  
ambari-common/src/main/python/resource_management/libraries/functions/data_structure_utils.py
 59e01aa 
  
ambari-common/src/main/python/resource_management/libraries/functions/get_user_call_output.py
 7b7acae 
  
ambari-common/src/main/python/resource_management/libraries/providers/hdfs_resource.py
 f1aa3e1 
  
ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/LogFeederAMSClient.java
 133646a 
  
ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/solr/metrics/SolrAmsClient.java
 0d4deab 
  ambari-logsearch/pom.xml a1b6c9d 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
 efa5cba 
  
ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHAHelper.java
 e7f7cfd 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/availability/MetricCollectorHATest.java
 3d00270 
  
ambari-metrics/ambari-metrics-common/src/test/java/org/apache/hadoop/metrics2/sink/timeline/cache/HandleConnectExceptionTest.java
 36ec074 
  
ambari-metrics/ambari-metrics-flume-sink/src/main/java/org/apache/hadoop/metrics2/sink/flume/FlumeTimelineMetricsSink.java
 c1b684b 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/main/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSink.java
 d81187e 
  
ambari-metrics/ambari-metrics-hadoop-sink/src/test/java/org/apache/hadoop/metrics2/sink/timeline/HadoopTimelineMetricsSinkTest.java
 3259c18 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/blacklisted_set.py
 dab54c0 
  
ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/config_reader.py
 890d3ce 
  ambari-metrics/ambari-metrics-host-monitoring/src/main/python/core/emitter.py 
ba3f18e 
  
ambari-metrics/ambari-metrics-kafka-sink/src/main/java/org/apache/hadoop/metrics2/sink/kafka/KafkaTimelineMetricsReporter.java
 fef1f24 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 ef73a0e 
  
ambari-metrics/ambari-metrics-storm-sink-legacy/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 60c1427 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsReporter.java
 802e57d 
  
ambari-metrics/ambari-metrics-storm-sink/src/main/java/org/apache/hadoop/metrics2/sink/storm/StormTimelineMetricsSink.java
 5a3eac1 
  ambari-metrics/ambari-metrics-timelineservice/pom.xml 6896c6b 
  ambari-metrics/pom

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151829
---




ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 (lines 205 - 210)


These should follow the new `ConfigurationProperty` scheme with the _self 
documenting_ annotations.  For example:

```
  /**
   * Determines whether to use Kerberos (SPNEGO) authentication when 
connecting Ambari.
   */
  @Markdown(description = "Determines whether to use Kerberos (SPNEGO) 
authentication when connecting Ambari.")
  public static final ConfigurationProperty KERBEROS_AUTH_ENABLED 
= new ConfigurationProperty<>(
  "authentication.kerberos.enabled", Boolean.FALSE);

```



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 817)


Since this is called each time Ambari starts up new groups can be 
_magically_ created each time Ambari is started.  This seems like a possible 
issue since it gives a non-Ambari-administrator the ability to create groups 
and assign roles to them. In many cases, the user that has write access to the 
ambari.properties file does not have admin access to Ambari. So being able to 
change something like this becomes a security hole. 

If we do find a way to do this securely, the solution should be more 
generic since it may not apply only to PAM.



ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 (line 129)


group_type should be not nullable



ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql (line 296)


group_type should be not nullable



ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql (line 287)


group_type should be not nullable



ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql (line 296)


group_type should be not nullable



ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql (line 300)


group_type should be not nullable


- Robert Levas


On Oct. 3, 2016, 10:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 10:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/P

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  lines 955-960
> > 
> >
> > roles may be set today, but in the future these may be customizabled by 
> > the user.
> 
> Vishal Ghugare wrote:
> -is anyone already working on it? is there any JIRA to track this work? 
> -How is upgrade handled in this case (upgrade from version which has 
> predefined roles to version which has configurable roles)?
> 
> Robert Levas wrote:
> I am not sure how this will work yet, any there are no JIRA open, but I 
> would still avoid hard-coding this. That said, I am not sure why there is a 
> need to make this part of the configuration data.
> 
> Vishal Ghugare wrote:
> The hardcoded roles are to help customers make use of the predefined 
> roles in Ambari (Cluster Admin, Cluster Operator and so on) and bootstrap 
> their  PAM authorization. I understand that the predefined roles (and their 
> names) may be customizable by the user in the future, but  at the minimum, 
> the "Admin " role will still need to be predefined since the pre-created 
> "admin" user should be removed in the near future for PAM/LDAP use-case as it 
> creates a security hole.  When the change to make roles configurable happens, 
> the PAM related code in Users.java & setupSecurity.py will also need to be 
> changed accordingly (not sure how these customized roles will be defined 
> initially).  Having the choice (which is optional) to create custom groups 
> (with assigned roles) during PAM setup gives user an entry point to 
> boot-strap the authorization in Ambari.   Also these custom groups are part 
> of the pam setup (just like any other setup for example setup-ldap) and it 
> makes sense for the propert
 ies to be stored into configuration file.

It is not clear to me why we need to preload Ambari with certain groups when 
PAM authentcation is enabled. We do not do this with other _remote_ 
authentication facilities - like LDAP.  It seems like if this is needed, we 
might be able to come up with a more generic way to handle it since it could be 
useful elsewhere.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 10:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 10:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  lines 955-960
> > 
> >
> > roles may be set today, but in the future these may be customizabled by 
> > the user.
> 
> Vishal Ghugare wrote:
> -is anyone already working on it? is there any JIRA to track this work? 
> -How is upgrade handled in this case (upgrade from version which has 
> predefined roles to version which has configurable roles)?
> 
> Robert Levas wrote:
> I am not sure how this will work yet, any there are no JIRA open, but I 
> would still avoid hard-coding this. That said, I am not sure why there is a 
> need to make this part of the configuration data.

The hardcoded roles are to help customers make use of the predefined roles in 
Ambari (Cluster Admin, Cluster Operator and so on) and bootstrap their  PAM 
authorization. I understand that the predefined roles (and their names) may be 
customizable by the user in the future, but  at the minimum, the "Admin " role 
will still need to be predefined since the pre-created "admin" user should be 
removed in the near future for PAM/LDAP use-case as it creates a security hole. 
 When the change to make roles configurable happens, the PAM related code in 
Users.java & setupSecurity.py will also need to be changed accordingly (not 
sure how these customized roles will be defined initially).  Having the choice 
(which is optional) to create custom groups (with assigned roles) during PAM 
setup gives user an entry point to boot-strap the authorization in Ambari.   
Also these custom groups are part of the pam setup (just like any other setup 
for example setup-ldap) and it makes sense for the properties to
  be stored into configuration file.


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java,
> >  lines 64-70
> > 
> >
> > Is both  `ldapGroup` and `groupType` necessary... wouldn't only 
> > `groupType` be needed?
> 
> Vishal Ghugare wrote:
> I tried to keep the groups table consistent with the existing users table 
> functionality (which also has ldap_user column).
> 
> Robert Levas wrote:
> I dont like it, but I will drop this issue. We should create a JIRA to 
> fix it though.

A new JIRA is opened to address this issue: AMBARI-18533.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 7:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 7:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apa

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  lines 955-960
> > 
> >
> > roles may be set today, but in the future these may be customizabled by 
> > the user.
> 
> Vishal Ghugare wrote:
> -is anyone already working on it? is there any JIRA to track this work? 
> -How is upgrade handled in this case (upgrade from version which has 
> predefined roles to version which has configurable roles)?

I am not sure how this will work yet, any there are no JIRA open, but I would 
still avoid hard-coding this. That said, I am not sure why there is a need to 
make this part of the configuration data.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 10:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 10:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

> On Oct. 3, 2016, 4:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java,
> >  lines 64-70
> > 
> >
> > Is both  `ldapGroup` and `groupType` necessary... wouldn't only 
> > `groupType` be needed?
> 
> Vishal Ghugare wrote:
> I tried to keep the groups table consistent with the existing users table 
> functionality (which also has ldap_user column).

I dont like it, but I will drop this issue. We should create a JIRA to fix it 
though.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 10:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 10:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  PRE-CREATION 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  a80cd03 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/upload

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 3, 2016, 7:57 p.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
 a80cd03 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

On Oct. 3, 2016, 1:17 p.m., Vishal Ghugare wrote:
> > Missing unit test for `AmbariPamAuthenticationProvider`.

Can you please review AmbariPamAuthenticationProviderTest?


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java,
> >  lines 64-70
> > 
> >
> > Is both  `ldapGroup` and `groupType` necessary... wouldn't only 
> > `groupType` be needed?

I tried to keep the groups table consistent with the existing users table 
functionality (which also has ldap_user column).


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java,
> >  line 28
> > 
> >
> > This seems unnecessary with `groupType`

I tried to keep the groups table consistent with the existing users table 
functionality (which also has ldap_user column).


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/python/ambari_server/setupSecurity.py, lines 838-843
> > 
> >
> > Roles will be configurable in the future, this will be problematic.

-is anyone already working on it? is there any JIRA to track this work?
-How is upgrade handled in this case (upgrade from version which has predefined 
roles to version which has configurable roles)?


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java,
> >  lines 955-960
> > 
> >
> > roles may be set today, but in the future these may be customizabled by 
> > the user.

-is anyone already working on it? is there any JIRA to track this work? 
-How is upgrade handled in this case (upgrade from version which has predefined 
roles to version which has configurable roles)?


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.or

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > group_type does not need to be that large.

Thank you for reviewing the changes. I tried to keep the group_type size same 
as users.user_type.


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql, line 287
> > 
> >
> > group_type does not need to be that large.

Thank you for reviewing the changes. I tried to keep the group_type size same 
as users.user_type.


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql, line 296
> > 
> >
> > group_type does not need to be that large.

Thank you for reviewing the changes. I tried to keep the group_type size same 
as users.user_type.


> On Oct. 3, 2016, 1:17 p.m., Robert Levas wrote:
> > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql, line 300
> > 
> >
> > group_type does not need to be that large.

Thank you for reviewing the changes. I tried to keep the group_type size same 
as users.user_type.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/mai

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Robert Levas]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151223
---




ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 (lines 64 - 70)


Is both  `ldapGroup` and `groupType` necessary... wouldn't only `groupType` 
be needed?



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (line 47)


Missing JavaDoc



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (line 53)


Formatting?



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (line 58)


This should be `private static`



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 (line 60)


This should be `private` or possibly `private final`.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 (line 28)


This seems unnecessary with `groupType`



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 414)


Why not change `createGroup` to take a group type?



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 503)


`grantAdminPrivilegeToGroup`, `grantClusterAdminPrivilegeToGroup`, 
`grantClusterOperatorPrivilegeToGroup`, `grantServiceAdminPrivilegeToGroup`, 
`grantServiceOperatorPrivilegeToGroup`, `grantClusterUserPrivilegeToGroup` 
should be consolidated to reuse code.  Also the different roles may be sort of 
hard coded today, but in the future the roles (and their names) will be managed 
by the user. For example Cluser Operator may be deleted and the use may create 
a new roles instead.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 522)


`grantAdminPrivilegeToGroup`, `grantClusterAdminPrivilegeToGroup`, 
`grantClusterOperatorPrivilegeToGroup`, `grantServiceAdminPrivilegeToGroup`, 
`grantServiceOperatorPrivilegeToGroup`, `grantClusterUserPrivilegeToGroup` 
should be consolidated to reuse code.  Also the different roles may be sort of 
hard coded today, but in the future the roles (and their names) will be managed 
by the user. For example Cluser Operator may be deleted and the use may create 
a new roles instead.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 545)


`grantAdminPrivilegeToGroup`, `grantClusterAdminPrivilegeToGroup`, 
`grantClusterOperatorPrivilegeToGroup`, `grantServiceAdminPrivilegeToGroup`, 
`grantServiceOperatorPrivilegeToGroup`, `grantClusterUserPrivilegeToGroup` 
should be consolidated to reuse code.  Also the different roles may be sort of 
hard coded today, but in the future the roles (and their names) will be managed 
by the user. For example Cluser Operator may be deleted and the use may create 
a new roles instead.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 568)


`grantAdminPrivilegeToGroup`, `grantClusterAdminPrivilegeToGroup`, 
`grantClusterOperatorPrivilegeToGroup`, `grantServiceAdminPrivilegeToGroup`, 
`grantServiceOperatorPrivilegeToGroup`, `grantClusterUserPrivilegeToGroup` 
should be consolidated to reuse code.  Also the different roles may be sort of 
hard coded today, but in the future the roles (and their names) will be managed 
by the user. For example Cluser Operator may be deleted and the use may create 
a new roles instead.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 (line 592)


`grantAdminPrivilegeToGroup`, `grantClusterAdminPrivilegeToGroup`, 
`grantClusterOperatorPrivilegeToGroup`, `grantServiceAdminPrivilegeToGroup`, 
`grantServiceOperatorPrivilegeToGroup`, `grantClusterUserPrivilegeToGroup` 
should be consolidated to reuse code.  Also the different roles may be sort of 
hard coded today, but in the future the roles (and their names) will be managed 
by the user. For example Cluser Operator may be deleted and the use may create 
a new roles instead.



ambari-server/src/main/java/org/apache/ambar

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 12:04 p.m., Di Li wrote:
> > Ship It!

Thank you Di.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151215
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Di Li]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151215
---


Ship it!




Ship It!

- Di Li


On Oct. 3, 2016, 6:43 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 6:43 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Oct. 3, 2016, 11:58 a.m., Alejandro Fernandez wrote:
> > Ship It!

Thank you for reviewing the patch. I would appreciate if you can commit the 
changes on my behalf (I am not a committer).


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151212
---


On Oct. 3, 2016, 11:43 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 11:43 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review151212
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 3, 2016, 6:43 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Oct. 3, 2016, 6:43 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
>   
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
>  7b6c3ad 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Oct. 3, 2016, 11:43 a.m.)


Review request for Ambari, Alejandro Fernandez, Di Li, and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
 7b6c3ad 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

> On Sept. 30, 2016, 12:19 a.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java,
> >  line 124
> > 
> >
> > We should move this into its own function, like updateGroupTable
> > 
> > You can then use the column capture in UpgradeCatalog250Test to assert 
> > that this is called.
> 
> Vishal Ghugare wrote:
> Thanks Alejandro, i will fix it. do you have any feedback/comments for 
> other files in this patch?

Rest of the patch looks good. Thanks


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150968
---


On Sept. 30, 2016, 12:11 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 30, 2016, 12:11 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Sept. 29, 2016, 5:19 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java,
> >  line 124
> > 
> >
> > We should move this into its own function, like updateGroupTable
> > 
> > You can then use the column capture in UpgradeCatalog250Test to assert 
> > that this is called.

Thanks Alejandro, i will fix it. do you have any feedback/comments for other 
files in this patch?


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150968
---


On Sept. 29, 2016, 5:11 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 5:11 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150968
---




ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 (line 124)


We should move this into its own function, like updateGroupTable

You can then use the column capture in UpgradeCatalog250Test to assert that 
this is called.


- Alejandro Fernandez


On Sept. 30, 2016, 12:11 a.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 30, 2016, 12:11 a.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
>  185bd58 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Sept. 29, 2016, 5:11 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs (updated)
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
 185bd58 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Sept. 29, 2016, 5:10 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments (updated)


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/30/80254a19-7d51-46f0-80f9-07e664b814ec__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Sept. 29, 2016, 5:09 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

> On Sept. 29, 2016, 8:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Vishal, you need to also upload this code review with the new patch.
> > 
> > In the Apache Jira, I don't see changes to add the group_type column 
> > with a default value of "LOCAL".
> > What happens to existing groups stored in the DB?
> 
> Vishal Ghugare wrote:
> My apologies, i am new to reviewboard and getting a hang of it. 
> 
> I have added code to UpgradeCatalog to 1.add group_type column with 
> default value of 'LOCAL' 2.update group_type for existing ldap groups.
> 
> Alejandro Fernandez wrote:
> You can upload a new patch as opposed to an attachment.

Update -> Update Diff


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150928
---


On Sept. 29, 2016, 10:35 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 10:35 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/29/544f4689-1ae6-414b-8bcc-f6dfe30992cf__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Sept. 29, 2016, 3:35 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments (updated)


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/29/544f4689-1ae6-414b-8bcc-f6dfe30992cf__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

> On Sept. 29, 2016, 8:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Vishal, you need to also upload this code review with the new patch.
> > 
> > In the Apache Jira, I don't see changes to add the group_type column 
> > with a default value of "LOCAL".
> > What happens to existing groups stored in the DB?
> 
> Vishal Ghugare wrote:
> My apologies, i am new to reviewboard and getting a hang of it. 
> 
> I have added code to UpgradeCatalog to 1.add group_type column with 
> default value of 'LOCAL' 2.update group_type for existing ldap groups.

You can upload a new patch as opposed to an attachment.


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150928
---


On Sept. 29, 2016, 9:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 9:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/29/37f4e76f-2430-4aea-b8eb-281863c821da__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Sept. 29, 2016, 1:21 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Vishal, you need to also upload this code review with the new patch.
> > 
> > In the Apache Jira, I don't see changes to add the group_type column 
> > with a default value of "LOCAL".
> > What happens to existing groups stored in the DB?

My apologies, i am new to reviewboard and getting a hang of it. 

I have added code to UpgradeCatalog to 1.add group_type column with default 
value of 'LOCAL' 2.update group_type for existing ldap groups.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150928
---


On Sept. 29, 2016, 2:57 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 2:57 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> File Attachments
> 
> 
> AMBARI-12263_trunk.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/09/29/37f4e76f-2430-4aea-b8eb-281863c821da__AMBARI-12263_trunk.patch
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/
---

(Updated Sept. 29, 2016, 2:57 p.m.)


Review request for Ambari, Alejandro Fernandez and Robert Levas.


Bugs: AMBARI-12263
https://issues.apache.org/jira/browse/AMBARI-12263


Repository: ambari


Description
---

Hello Robert,

How are you doing? 

We have been working on PAM support into Ambari and have something ready for 
review. Can you please take a look at the patch and documentation and provide 
your feedback.

Please let me know if you have any questions.

Note: I have added you as a reviewer as i see some authentication related 
commits under your name.

Thanks,
-Vishal


Diffs
-

  ambari-server/pom.xml d507b82 
  ambari-server/sbin/ambari-server 762ae19 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 2e850ef 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1fc9dbf 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 5e498f0 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
 ef28f61 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
 e1aa5ac 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
 bdd73a6 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
e4ed9c6 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
 00e233e 
  
ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
 26d4da7 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
 b20df8d 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
 aa9f3e0 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
 e547f05 
  ambari-server/src/main/python/ambari-server.py bb6bc0e 
  ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
  ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
  ambari-server/src/main/resources/properties.json eb27878 
  ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 

Diff: https://reviews.apache.org/r/52369/diff/


Testing
---

No test cases added at this point.


File Attachments (updated)


AMBARI-12263_trunk.patch
  
https://reviews.apache.org/media/uploaded/files/2016/09/29/37f4e76f-2430-4aea-b8eb-281863c821da__AMBARI-12263_trunk.patch


Thanks,

Vishal Ghugare

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150928
---




ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql (line 296)


Vishal, you need to also upload this code review with the new patch.

In the Apache Jira, I don't see changes to add the group_type column with a 
default value of "LOCAL".
What happens to existing groups stored in the DB?


- Alejandro Fernandez


On Sept. 29, 2016, 7:34 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 7:34 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Sept. 28, 2016, 5:03 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Is there already an UpgradeCatalog for Ambari 2.5 that will make these 
> > schema changes as well?
> 
> Vishal Ghugare wrote:
> Hi Alejandro, i need to add these changes to UpgradeCatalog. Will fix it. 
> Thank you.
> 
> Vishal Ghugare wrote:
> Fixed. New patch uploaded.
> 
> Alejandro Fernandez wrote:
> I still only see one revision.

I have recreated the AMBARI-12263_trunk.patch which now includes two patches- 
Patch 1: All previous changes & Patch 2: changes to UpgradeCatalog.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150789
---


On Sept. 29, 2016, 12:34 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 12:34 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

> On Sept. 29, 2016, 12:03 a.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Is there already an UpgradeCatalog for Ambari 2.5 that will make these 
> > schema changes as well?
> 
> Vishal Ghugare wrote:
> Hi Alejandro, i need to add these changes to UpgradeCatalog. Will fix it. 
> Thank you.
> 
> Vishal Ghugare wrote:
> Fixed. New patch uploaded.

I still only see one revision.


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150789
---


On Sept. 29, 2016, 7:34 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 29, 2016, 7:34 p.m.)
> 
> 
> Review request for Ambari, Alejandro Fernandez and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Sept. 28, 2016, 5:03 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Is there already an UpgradeCatalog for Ambari 2.5 that will make these 
> > schema changes as well?
> 
> Vishal Ghugare wrote:
> Hi Alejandro, i need to add these changes to UpgradeCatalog. Will fix it. 
> Thank you.

Fixed. New patch uploaded.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150789
---


On Sept. 28, 2016, 4:40 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 28, 2016, 4:40 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Vishal Ghugare]

> On Sept. 28, 2016, 5:03 p.m., Alejandro Fernandez wrote:
> > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql, line 296
> > 
> >
> > Is there already an UpgradeCatalog for Ambari 2.5 that will make these 
> > schema changes as well?

Hi Alejandro, i need to add these changes to UpgradeCatalog. Will fix it. Thank 
you.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150789
---


On Sept. 28, 2016, 4:40 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 28, 2016, 4:40 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>

Re: Review Request 52369: AMBARI-12263: Support PAM as authentication mechanism for accessing Ambari UI/REST

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52369/#review150789
---




ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql (line 296)


Is there already an UpgradeCatalog for Ambari 2.5 that will make these 
schema changes as well?


- Alejandro Fernandez


On Sept. 28, 2016, 11:40 p.m., Vishal Ghugare wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52369/
> ---
> 
> (Updated Sept. 28, 2016, 11:40 p.m.)
> 
> 
> Review request for Ambari and Robert Levas.
> 
> 
> Bugs: AMBARI-12263
> https://issues.apache.org/jira/browse/AMBARI-12263
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> Hello Robert,
> 
> How are you doing? 
> 
> We have been working on PAM support into Ambari and have something ready for 
> review. Can you please take a look at the patch and documentation and provide 
> your feedback.
> 
> Please let me know if you have any questions.
> 
> Note: I have added you as a reviewer as i see some authentication related 
> commits under your name.
> 
> Thanks,
> -Vishal
> 
> 
> Diffs
> -
> 
>   ambari-server/pom.xml d507b82 
>   ambari-server/sbin/ambari-server 762ae19 
>   
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
>  2e850ef 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
>  1fc9dbf 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
>  5e498f0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/GroupResponse.java
>  ef28f61 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupResourceProvider.java
>  e1aa5ac 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
>  bdd73a6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java 
> e4ed9c6 
>   
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
>  00e233e 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/ClientSecurityType.java
>  26d4da7 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Group.java
>  b20df8d 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/GroupType.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/PamAuthenticationException.java
>  PRE-CREATION 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/UserType.java
>  aa9f3e0 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  e547f05 
>   ambari-server/src/main/python/ambari-server.py bb6bc0e 
>   ambari-server/src/main/python/ambari_server/setupActions.py 697bc1d 
>   ambari-server/src/main/python/ambari_server/setupSecurity.py 119a7d8 
>   ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 1d55515 
>   ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 49f3e2f 
>   ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 7aa52ef 
>   ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 0c95471 
>   ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 631b5c4 
>   ambari-server/src/main/resources/properties.json eb27878 
>   ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml 500c0bf 
> 
> Diff: https://reviews.apache.org/r/52369/diff/
> 
> 
> Testing
> ---
> 
> No test cases added at this point.
> 
> 
> Thanks,
> 
> Vishal Ghugare
> 
>