Re: Review Request 52163: Enforce granular role-based access control for custom actions
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/
---
(Updated Sept. 22, 2016, 12:28 p.m.)
Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit
Mohanty, and Sebastian Toader.
Changes
---
Fixed copy/paste issue in Postgres DDL file
Bugs: AMBARI-18433
https://issues.apache.org/jira/browse/AMBARI-18433
Repository: ambari
Description
---
Enforce granular role-based access control for custom actions. Such actions
are specified in
`/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
For example:
```
check_host
SYSTEM
60
General check for host
ANY
HOST.ADD_DELETE_HOSTS
```
The "permissions" element that declare the permissions required to run the
action. These permissions must be used to authorize a user to perform the
operation. A user needs to have one of the listed permissions in order to be
authorized.
The relevant API entry points are:
- `/api/v1/requests`
- `/api/v1/requests/clusters/:CLUSTER_NAME/request`
Example: The user executing the following REST API call must be assigned a
role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant cluster
```
POST /api/v1/requests
{
"RequestInfo": {
"action": "check_host",
"log_output": "false",
"context": "Check host",
"parameters": {
"check_execute_list":
"last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
"jdk_location": "http://host1.example.com:8080/resources/;,
"threshold": "20"
}
},
"Requests/resource_filters": [
{
"hosts": "host1.example.com"
}
]
}
```
Diffs (updated)
-
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
c17c36d
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
d38234f
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
0157d49
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
35c773a
ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5
ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa
ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8
ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b
ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847
ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a
ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
bc1c271
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
d06aa1e
ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
d97cd9a
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
c4e0a7c
Diff: https://reviews.apache.org/r/52163/diff/
Testing
---
Manually tested clean install and upgrade scenarios
# Local test results: PENDING
# Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 52163: Enforce granular role-based access control for custom actions
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/#review150012
---
Ship it!
Ship It!
- Sebastian Toader
On Sept. 22, 2016, 4:26 p.m., Robert Levas wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52163/
> ---
>
> (Updated Sept. 22, 2016, 4:26 p.m.)
>
>
> Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit
> Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-18433
> https://issues.apache.org/jira/browse/AMBARI-18433
>
>
> Repository: ambari
>
>
> Description
> ---
>
> Enforce granular role-based access control for custom actions. Such actions
> are specified in
> `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
>
>
> For example:
>
> ```
>
> check_host
> SYSTEM
>
>
>
> 60
> General check for host
> ANY
> HOST.ADD_DELETE_HOSTS
>
> ```
>
> The "permissions" element that declare the permissions required to run the
> action. These permissions must be used to authorize a user to perform the
> operation. A user needs to have one of the listed permissions in order to be
> authorized.
>
> The relevant API entry points are:
> - `/api/v1/requests`
> - `/api/v1/requests/clusters/:CLUSTER_NAME/request`
>
> Example: The user executing the following REST API call must be assigned a
> role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant
> cluster
>
> ```
> POST /api/v1/requests
> {
> "RequestInfo": {
> "action": "check_host",
> "log_output": "false",
> "context": "Check host",
> "parameters": {
> "check_execute_list":
> "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
> "jdk_location": "http://host1.example.com:8080/resources/;,
> "threshold": "20"
> }
> },
> "Requests/resource_filters": [
> {
> "hosts": "host1.example.com"
> }
> ]
> }
> ```
>
>
> Diffs
> -
>
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
> c17c36d
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
> d38234f
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
> 0157d49
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
> 35c773a
> ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5
> ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa
> ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8
> ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b
> ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847
> ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a
>
> ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
> bc1c271
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
> d06aa1e
>
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
> d97cd9a
>
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
> c4e0a7c
>
> Diff: https://reviews.apache.org/r/52163/diff/
>
>
> Testing
> ---
>
> Manually tested clean install and upgrade scenarios
>
> # Local test results: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 52163: Enforce granular role-based access control for custom actions
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/#review150009
---
Ship it!
Ship It!
- Jonathan Hurley
On Sept. 22, 2016, 10:26 a.m., Robert Levas wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52163/
> ---
>
> (Updated Sept. 22, 2016, 10:26 a.m.)
>
>
> Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit
> Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-18433
> https://issues.apache.org/jira/browse/AMBARI-18433
>
>
> Repository: ambari
>
>
> Description
> ---
>
> Enforce granular role-based access control for custom actions. Such actions
> are specified in
> `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
>
>
> For example:
>
> ```
>
> check_host
> SYSTEM
>
>
>
> 60
> General check for host
> ANY
> HOST.ADD_DELETE_HOSTS
>
> ```
>
> The "permissions" element that declare the permissions required to run the
> action. These permissions must be used to authorize a user to perform the
> operation. A user needs to have one of the listed permissions in order to be
> authorized.
>
> The relevant API entry points are:
> - `/api/v1/requests`
> - `/api/v1/requests/clusters/:CLUSTER_NAME/request`
>
> Example: The user executing the following REST API call must be assigned a
> role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant
> cluster
>
> ```
> POST /api/v1/requests
> {
> "RequestInfo": {
> "action": "check_host",
> "log_output": "false",
> "context": "Check host",
> "parameters": {
> "check_execute_list":
> "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
> "jdk_location": "http://host1.example.com:8080/resources/;,
> "threshold": "20"
> }
> },
> "Requests/resource_filters": [
> {
> "hosts": "host1.example.com"
> }
> ]
> }
> ```
>
>
> Diffs
> -
>
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
> c17c36d
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
> d38234f
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
> 0157d49
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
> 35c773a
> ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5
> ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa
> ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8
> ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b
> ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847
> ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a
>
> ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
> bc1c271
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
> d06aa1e
>
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
> d97cd9a
>
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
> c4e0a7c
>
> Diff: https://reviews.apache.org/r/52163/diff/
>
>
> Testing
> ---
>
> Manually tested clean install and upgrade scenarios
>
> # Local test results: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 52163: Enforce granular role-based access control for custom actions
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/#review150007
---
Ship it!
Ship It!
- Nate Cole
On Sept. 22, 2016, 10:26 a.m., Robert Levas wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52163/
> ---
>
> (Updated Sept. 22, 2016, 10:26 a.m.)
>
>
> Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit
> Mohanty, and Sebastian Toader.
>
>
> Bugs: AMBARI-18433
> https://issues.apache.org/jira/browse/AMBARI-18433
>
>
> Repository: ambari
>
>
> Description
> ---
>
> Enforce granular role-based access control for custom actions. Such actions
> are specified in
> `/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
>
>
> For example:
>
> ```
>
> check_host
> SYSTEM
>
>
>
> 60
> General check for host
> ANY
> HOST.ADD_DELETE_HOSTS
>
> ```
>
> The "permissions" element that declare the permissions required to run the
> action. These permissions must be used to authorize a user to perform the
> operation. A user needs to have one of the listed permissions in order to be
> authorized.
>
> The relevant API entry points are:
> - `/api/v1/requests`
> - `/api/v1/requests/clusters/:CLUSTER_NAME/request`
>
> Example: The user executing the following REST API call must be assigned a
> role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant
> cluster
>
> ```
> POST /api/v1/requests
> {
> "RequestInfo": {
> "action": "check_host",
> "log_output": "false",
> "context": "Check host",
> "parameters": {
> "check_execute_list":
> "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
> "jdk_location": "http://host1.example.com:8080/resources/;,
> "threshold": "20"
> }
> },
> "Requests/resource_filters": [
> {
> "hosts": "host1.example.com"
> }
> ]
> }
> ```
>
>
> Diffs
> -
>
>
> ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
> c17c36d
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
> d38234f
>
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
> 0157d49
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
> 35c773a
> ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5
> ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa
> ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8
> ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b
> ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847
> ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a
>
> ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
> bc1c271
>
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
> d06aa1e
>
> ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
> d97cd9a
>
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
> c4e0a7c
>
> Diff: https://reviews.apache.org/r/52163/diff/
>
>
> Testing
> ---
>
> Manually tested clean install and upgrade scenarios
>
> # Local test results: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Review Request 52163: Enforce granular role-based access control for custom actions
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52163/
---
Review request for Ambari, Ajit Kumar, Jonathan Hurley, Nate Cole, Sumit
Mohanty, and Sebastian Toader.
Bugs: AMBARI-18433
https://issues.apache.org/jira/browse/AMBARI-18433
Repository: ambari
Description
---
Enforce granular role-based access control for custom actions. Such actions
are specified in
`/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml`
For example:
```
check_host
SYSTEM
60
General check for host
ANY
HOST.ADD_DELETE_HOSTS
```
The "permissions" element that declare the permissions required to run the
action. These permissions must be used to authorize a user to perform the
operation. A user needs to have one of the listed permissions in order to be
authorized.
The relevant API entry points are:
- `/api/v1/requests`
- `/api/v1/requests/clusters/:CLUSTER_NAME/request`
Example: The user executing the following REST API call must be assigned a
role that has the `HOST.ADD_DELETE_HOSTS` authorization for the relevant cluster
```
POST /api/v1/requests
{
"RequestInfo": {
"action": "check_host",
"log_output": "false",
"context": "Check host",
"parameters": {
"check_execute_list":
"last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
"jdk_location": "http://host1.example.com:8080/resources/;,
"threshold": "20"
}
},
"Requests/resource_filters": [
{
"hosts": "host1.example.com"
}
]
}
```
Diffs
-
ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
c17c36d
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
d38234f
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
0157d49
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
35c773a
ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 38f78c5
ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 25948aa
ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql 07cd6a8
ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql f03767b
ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql 535d847
ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 1bfde7a
ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
bc1c271
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
d06aa1e
ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
d97cd9a
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
c4e0a7c
Diff: https://reviews.apache.org/r/52163/diff/
Testing
---
Manually tested clean install and upgrade scenarios
# Local test results: PENDING
# Jenkins test results: PENDING
Thanks,
Robert Levas
