Re: Review Request 52163: Enforce granular role-based access control for custom actions
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52163/ --- (Updated Sept. 22, 2016, 12:28 p.m.) Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit Mohanty, and Sebastian Toader. Changes --- Fixed copy/paste issue in Postgres DDL file Bugs: AMBARI-18433 https://issues.apache.org/jira/browse/AMBARI-18433 Repository: ambari Description --- Enforce granular role-based access control for custom actions. Such actions are specified in `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml` For example: ``` check_host SYSTEM 60 General check for host ANY HOST.ADD_DELETE_HOSTS ``` The "permissions" element that declare the permissions required to run the action. These permissions must be used to authorize a user to perform the operation. A user needs to have one of the listed permissions in order to be authorized. The relevant API entry points are: - `/api/v1/requests` - `/api/v1/requests/clusters/:CLUSTER_NAME/request` Example: The user executing the following REST API call must be assigned a role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant cluster ``` POST /api/v1/requests { "RequestInfo": { "action": "check_host", "log_output": "false", "context": "Check host", "parameters": { "check_execute_list": "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", "jdk_location": "http://host1.example.com:8080/resources/;, "threshold": "20" } }, "Requests/resource_filters": [ { "hosts": "host1.example.com" } ] } ``` Diffs (updated) - ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js c17c36d ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java d38234f ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java 0157d49 ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java 35c773a ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml bc1c271 ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java d06aa1e ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java d97cd9a ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java c4e0a7c Diff: https://reviews.apache.org/r/52163/diff/ Testing --- Manually tested clean install and upgrade scenarios # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas
Re: Review Request 52163: Enforce granular role-based access control for custom actions
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52163/#review150012 --- Ship it! Ship It! - Sebastian Toader On Sept. 22, 2016, 4:26 p.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52163/ > --- > > (Updated Sept. 22, 2016, 4:26 p.m.) > > > Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit > Mohanty, and Sebastian Toader. > > > Bugs: AMBARI-18433 > https://issues.apache.org/jira/browse/AMBARI-18433 > > > Repository: ambari > > > Description > --- > > Enforce granular role-based access control for custom actions. Such actions > are specified in > `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml` > > > For example: > > ``` > > check_host > SYSTEM > > > > 60 > General check for host > ANY > HOST.ADD_DELETE_HOSTS > > ``` > > The "permissions" element that declare the permissions required to run the > action. These permissions must be used to authorize a user to perform the > operation. A user needs to have one of the listed permissions in order to be > authorized. > > The relevant API entry points are: > - `/api/v1/requests` > - `/api/v1/requests/clusters/:CLUSTER_NAME/request` > > Example: The user executing the following REST API call must be assigned a > role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant > cluster > > ``` > POST /api/v1/requests > { > "RequestInfo": { > "action": "check_host", > "log_output": "false", > "context": "Check host", > "parameters": { > "check_execute_list": > "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", > "jdk_location": "http://host1.example.com:8080/resources/;, > "threshold": "20" > } > }, > "Requests/resource_filters": [ > { > "hosts": "host1.example.com" > } > ] > } > ``` > > > Diffs > - > > > ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js > c17c36d > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java > d38234f > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java > 0157d49 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java > 35c773a > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a > > ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml > bc1c271 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java > d06aa1e > > ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java > d97cd9a > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java > c4e0a7c > > Diff: https://reviews.apache.org/r/52163/diff/ > > > Testing > --- > > Manually tested clean install and upgrade scenarios > > # Local test results: PENDING > > # Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >
Re: Review Request 52163: Enforce granular role-based access control for custom actions
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52163/#review150009 --- Ship it! Ship It! - Jonathan Hurley On Sept. 22, 2016, 10:26 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52163/ > --- > > (Updated Sept. 22, 2016, 10:26 a.m.) > > > Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit > Mohanty, and Sebastian Toader. > > > Bugs: AMBARI-18433 > https://issues.apache.org/jira/browse/AMBARI-18433 > > > Repository: ambari > > > Description > --- > > Enforce granular role-based access control for custom actions. Such actions > are specified in > `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml` > > > For example: > > ``` > > check_host > SYSTEM > > > > 60 > General check for host > ANY > HOST.ADD_DELETE_HOSTS > > ``` > > The "permissions" element that declare the permissions required to run the > action. These permissions must be used to authorize a user to perform the > operation. A user needs to have one of the listed permissions in order to be > authorized. > > The relevant API entry points are: > - `/api/v1/requests` > - `/api/v1/requests/clusters/:CLUSTER_NAME/request` > > Example: The user executing the following REST API call must be assigned a > role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant > cluster > > ``` > POST /api/v1/requests > { > "RequestInfo": { > "action": "check_host", > "log_output": "false", > "context": "Check host", > "parameters": { > "check_execute_list": > "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", > "jdk_location": "http://host1.example.com:8080/resources/;, > "threshold": "20" > } > }, > "Requests/resource_filters": [ > { > "hosts": "host1.example.com" > } > ] > } > ``` > > > Diffs > - > > > ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js > c17c36d > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java > d38234f > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java > 0157d49 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java > 35c773a > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a > > ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml > bc1c271 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java > d06aa1e > > ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java > d97cd9a > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java > c4e0a7c > > Diff: https://reviews.apache.org/r/52163/diff/ > > > Testing > --- > > Manually tested clean install and upgrade scenarios > > # Local test results: PENDING > > # Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >
Re: Review Request 52163: Enforce granular role-based access control for custom actions
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52163/#review150007 --- Ship it! Ship It! - Nate Cole On Sept. 22, 2016, 10:26 a.m., Robert Levas wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52163/ > --- > > (Updated Sept. 22, 2016, 10:26 a.m.) > > > Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit > Mohanty, and Sebastian Toader. > > > Bugs: AMBARI-18433 > https://issues.apache.org/jira/browse/AMBARI-18433 > > > Repository: ambari > > > Description > --- > > Enforce granular role-based access control for custom actions. Such actions > are specified in > `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml` > > > For example: > > ``` > > check_host > SYSTEM > > > > 60 > General check for host > ANY > HOST.ADD_DELETE_HOSTS > > ``` > > The "permissions" element that declare the permissions required to run the > action. These permissions must be used to authorize a user to perform the > operation. A user needs to have one of the listed permissions in order to be > authorized. > > The relevant API entry points are: > - `/api/v1/requests` > - `/api/v1/requests/clusters/:CLUSTER_NAME/request` > > Example: The user executing the following REST API call must be assigned a > role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant > cluster > > ``` > POST /api/v1/requests > { > "RequestInfo": { > "action": "check_host", > "log_output": "false", > "context": "Check host", > "parameters": { > "check_execute_list": > "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", > "jdk_location": "http://host1.example.com:8080/resources/;, > "threshold": "20" > } > }, > "Requests/resource_filters": [ > { > "hosts": "host1.example.com" > } > ] > } > ``` > > > Diffs > - > > > ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js > c17c36d > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java > d38234f > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java > 0157d49 > > ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java > 35c773a > ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 > ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa > ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 > ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b > ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 > ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a > > ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml > bc1c271 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java > d06aa1e > > ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java > d97cd9a > > ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java > c4e0a7c > > Diff: https://reviews.apache.org/r/52163/diff/ > > > Testing > --- > > Manually tested clean install and upgrade scenarios > > # Local test results: PENDING > > # Jenkins test results: PENDING > > > Thanks, > > Robert Levas > >
Review Request 52163: Enforce granular role-based access control for custom actions
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52163/ --- Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit Mohanty, and Sebastian Toader. Bugs: AMBARI-18433 https://issues.apache.org/jira/browse/AMBARI-18433 Repository: ambari Description --- Enforce granular role-based access control for custom actions. Such actions are specified in `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml` For example: ``` check_host SYSTEM 60 General check for host ANY HOST.ADD_DELETE_HOSTS ``` The "permissions" element that declare the permissions required to run the action. These permissions must be used to authorize a user to perform the operation. A user needs to have one of the listed permissions in order to be authorized. The relevant API entry points are: - `/api/v1/requests` - `/api/v1/requests/clusters/:CLUSTER_NAME/request` Example: The user executing the following REST API call must be assigned a role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant cluster ``` POST /api/v1/requests { "RequestInfo": { "action": "check_host", "log_output": "false", "context": "Check host", "parameters": { "check_execute_list": "last_agent_env_check,installed_packages,existing_repos,transparentHugePage", "jdk_location": "http://host1.example.com:8080/resources/;, "threshold": "20" } }, "Requests/resource_filters": [ { "hosts": "host1.example.com" } ] } ``` Diffs - ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js c17c36d ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java d38234f ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java 0157d49 ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java 35c773a ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5 ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8 ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847 ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml bc1c271 ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java d06aa1e ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java d97cd9a ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java c4e0a7c Diff: https://reviews.apache.org/r/52163/diff/ Testing --- Manually tested clean install and upgrade scenarios # Local test results: PENDING # Jenkins test results: PENDING Thanks, Robert Levas