subject:"Re\: Review Request 58429\: After pam setup\- Hive View user home test fails"

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-05-01 Thread Robert Levas



> On May 1, 2017, 4:09 p.m., Robert Levas wrote:
> > Ship It!
> 
> Anita Jebaraj wrote:
> Thank you Robert, can you please help in pushing the changes

Sure. On it now.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173498
---


On May 1, 2017, 4 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated May 1, 2017, 4 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  5b3acd0 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/2/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-05-01 Thread Anita Jebaraj



> On May 1, 2017, 8:09 p.m., Robert Levas wrote:
> > Ship It!

Thank you Robert, can you please help in pushing the changes


- Anita


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173498
---


On May 1, 2017, 8 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated May 1, 2017, 8 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  5b3acd0 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/2/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-05-01 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173498
---


Ship it!




Ship It!

- Robert Levas


On May 1, 2017, 4 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated May 1, 2017, 4 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  5b3acd0 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/2/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-05-01 Thread Anita Jebaraj



> On April 28, 2017, 7 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
> > Line 128 (original), 127 (patched)
> > 
> >
> > Can you use 
> > `org.apache.ambari.server.security.authorization.AmbariUserAuthentication` 
> > to be more consistent with other Ambari-specific authentication providers.  
> > For example, 
> > `org.apache.ambari.server.security.authorization.AmbariLocalUserProvider`

Hi Robert, yes the authentication provider can be changed, please review the 
new patch


- Anita


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173365
---


On May 1, 2017, 8 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated May 1, 2017, 8 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
>  5b3acd0 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/2/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-05-01 Thread Anita Jebaraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/
---

(Updated May 1, 2017, 8 p.m.)


Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
Kropp, Robert Levas, and Tim Thorpe.


Bugs: AMBARI-20760
https://issues.apache.org/jira/browse/AMBARI-20760


Repository: ambari


Description
---

After setting up PAM, tried to login as PAM user and access hive view, user 
home test fails with the error as in screen shot.

This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
not incorporated in the code. Pasting the comment from Henning below.

Something we noticed is that in a secured cluster we have issues with the 
views, getting the following exception for the Hive view as an example:

Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate 
proxy privilege of ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
.
sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of 
ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
 serverProtocolVersion:null)

As you can see it tries to impersonte 
"org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
 Changing the UsernamePasswordAuthenticationToken from Principal to username 
fixes this.

So instead of :

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(principal, null, userAuthorities);

We use:

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(user.getUserName(), null, userAuthorities);

What could potential also work is, overriding toString of the principal like:

Principal principal = new Principal() {
@Override
public String getName()
{ return user.getUserName(); }

@Override
public String toString()
{ return user.getUserName().toString(); }

};

We did not test this!


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 ca7cd31 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
 5b3acd0 


Diff: https://reviews.apache.org/r/58429/diff/2/

Changes: https://reviews.apache.org/r/58429/diff/1-2/


Testing
---

Ran mvn test and also manually tested the scenario


File Attachments


error screenshot
  
https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG


Thanks,

Anita Jebaraj

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-28 Thread Di Li


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173367
---


Ship it!




Ship It!

- Di Li


On April 28, 2017, 5:45 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated April 28, 2017, 5:45 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/1/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-28 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173365
---


Ship it!




Sorry for the delay on this.


ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
Line 128 (original), 127 (patched)


Can you use 
`org.apache.ambari.server.security.authorization.AmbariUserAuthentication` to 
be more consistent with other Ambari-specific authentication providers.  For 
example, 
`org.apache.ambari.server.security.authorization.AmbariLocalUserProvider`


- Robert Levas


On April 28, 2017, 1:45 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated April 28, 2017, 1:45 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/1/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-28 Thread Tim Thorpe


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review173354
---


Ship it!




Ship It!

- Tim Thorpe


On April 28, 2017, 5:45 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated April 28, 2017, 5:45 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Di Li, Vishal Ghugare, Henning 
> Kropp, Robert Levas, and Tim Thorpe.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/1/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-14 Thread Anita Jebaraj



> On April 13, 2017, 6:57 p.m., Robert Levas wrote:
> > Can you add Vishal Ghugare to the review?

Hi Robert, I have added Vishal to the review, he is currently on vacation and 
might not be looking at the jira for now. Meanwhile the team would like to get 
a solution for this issue, it would be helpful if you can take a look at this.


- Anita


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review171916
---


On April 13, 2017, 7:01 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated April 13, 2017, 7:01 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Vishal Ghugare, Henning Kropp, 
> and Robert Levas.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/1/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-13 Thread Robert Levas


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/#review171916
---



Can you add Vishal Ghugare to the review?

- Robert Levas


On April 13, 2017, 2:45 p.m., Anita Jebaraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58429/
> ---
> 
> (Updated April 13, 2017, 2:45 p.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Henning Kropp, and Robert Levas.
> 
> 
> Bugs: AMBARI-20760
> https://issues.apache.org/jira/browse/AMBARI-20760
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After setting up PAM, tried to login as PAM user and access hive view, user 
> home test fails with the error as in screen shot.
> 
> This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
> not incorporated in the code. Pasting the comment from Henning below.
> 
> Something we noticed is that in a secured cluster we have issues with the 
> views, getting the following exception for the Hive view as an example:
> 
> Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
> infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to 
> validate proxy privilege of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
> .
> sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege 
> of ambari for 
> org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
>  serverProtocolVersion:null)
> 
> As you can see it tries to impersonte 
> "org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
>  Changing the UsernamePasswordAuthenticationToken from Principal to username 
> fixes this.
> 
> So instead of :
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
> 
> We use:
> 
> UsernamePasswordAuthenticationToken token = new 
> UsernamePasswordAuthenticationToken(user.getUserName(), null, 
> userAuthorities);
> 
> What could potential also work is, overriding toString of the principal like:
> 
> Principal principal = new Principal() {
> @Override
> public String getName()
> { return user.getUserName(); }
> 
> @Override
> public String toString()
> { return user.getUserName().toString(); }
> 
> };
> 
> We did not test this!
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
>  ca7cd31 
> 
> 
> Diff: https://reviews.apache.org/r/58429/diff/1/
> 
> 
> Testing
> ---
> 
> Ran mvn test and also manually tested the scenario
> 
> 
> File Attachments
> 
> 
> error screenshot
>   
> https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG
> 
> 
> Thanks,
> 
> Anita Jebaraj
> 
>

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-13 Thread Anita Jebaraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/
---

(Updated April 13, 2017, 6:45 p.m.)


Review request for Ambari, Attila Doroszlai, Henning Kropp, and Robert Levas.


Bugs: AMBARI-20760
https://issues.apache.org/jira/browse/AMBARI-20760


Repository: ambari


Description
---

After setting up PAM, tried to login as PAM user and access hive view, user 
home test fails with the error as in screen shot.

This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
not incorporated in the code. Pasting the comment from Henning below.

Something we noticed is that in a secured cluster we have issues with the 
views, getting the following exception for the Hive view as an example:

Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate 
proxy privilege of ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
.
sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of 
ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
 serverProtocolVersion:null)

As you can see it tries to impersonte 
"org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
 Changing the UsernamePasswordAuthenticationToken from Principal to username 
fixes this.

So instead of :

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(principal, null, userAuthorities);

We use:

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(user.getUserName(), null, userAuthorities);

What could potential also work is, overriding toString of the principal like:

Principal principal = new Principal() {
@Override
public String getName()
{ return user.getUserName(); }

@Override
public String toString()
{ return user.getUserName().toString(); }

};

We did not test this!


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
 ca7cd31 


Diff: https://reviews.apache.org/r/58429/diff/1/


Testing
---

Ran mvn test and also manually tested the scenario


File Attachments


error screenshot
  
https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG


Thanks,

Anita Jebaraj

Re: Review Request 58429: After pam setup- Hive View user home test fails

2017-04-13 Thread Anita Jebaraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58429/
---

(Updated April 13, 2017, 6:45 p.m.)


Review request for Ambari, Attila Doroszlai, Henning Kropp, and Robert Levas.


Bugs: AMBARI-20760
https://issues.apache.org/jira/browse/AMBARI-20760


Repository: ambari


Description
---

After setting up PAM, tried to login as PAM user and access hive view, user 
home test fails with the error as in screen shot.

This issue was pointed out by Henning Kropp in the jira AMBARI-12263, but was 
not incorporated in the code. Pasting the comment from Henning below.

Something we noticed is that in a secured cluster we have issues with the 
views, getting the following exception for the Hive view as an example:

Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, 
infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate 
proxy privilege of ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32,
.
sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of 
ambari for 
org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459),
 serverProtocolVersion:null)

As you can see it tries to impersonte 
"org.apache.ambari.server.security.authorization.AmbariPamAuthenticationProvider$1@3459:33:32".
 Changing the UsernamePasswordAuthenticationToken from Principal to username 
fixes this.

So instead of :

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(principal, null, userAuthorities);

We use:

UsernamePasswordAuthenticationToken token = new 
UsernamePasswordAuthenticationToken(user.getUserName(), null, userAuthorities);

What could potential also work is, overriding toString of the principal like:

Principal principal = new Principal() {
@Override
public String getName()
{ return user.getUserName(); }

@Override
public String toString()
{ return user.getUserName().toString(); }

};

We did not test this!


Testing
---

Ran mvn test and also manually tested the scenario


File Attachments (updated)


error screenshot
  
https://reviews.apache.org/media/uploaded/files/2017/04/13/4a43b897-e030-41a7-b702-f711432b03b9__error.PNG


Thanks,

Anita Jebaraj

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

Re: Review Request 58429: After pam setup- Hive View user home test fails

12 matches

Site Navigation

Mail list logo

Footer information