You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/11/19 21:47:52 UTC
Review Request 40499: Create base infrastructure to allow for
granular role based access control
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/
-----------------------------------------------------------
Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
Bugs: AMBARI-13947
https://issues.apache.org/jira/browse/AMBARI-13947
Repository: ambari
Description
-------
Create base infrastructure to allow for granular role based access control.
This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
Diff: https://reviews.apache.org/r/40499/diff/
Testing
-------
Manual testing
# Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:01:53.757s
[INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
[INFO] Final Memory: 67M/757M
[INFO] ------------------------------------------------------------------------
#Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Robert Levas <rl...@hortonworks.com>.
> On Nov. 19, 2015, 5:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java, line 70
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133008#file1133008line70>
> >
> > Is this a breaking change?
This is fixing something that was previously broken but appearing to never coming into play - until now.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------
On Nov. 19, 2015, 3:47 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
>
> (Updated Nov. 19, 2015, 3:47 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
>
>
> Bugs: AMBARI-13947
> https://issues.apache.org/jira/browse/AMBARI-13947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create base infrastructure to allow for granular role based access control.
>
> This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
> ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
> ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
> ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
> ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
>
> Diff: https://reviews.apache.org/r/40499/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
>
> #Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Robert Levas <rl...@hortonworks.com>.
> On Nov. 19, 2015, 5:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java, line 32
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133007#file1133007line32>
> >
> > Not critical - may be its OK that a code change is needed to add a new authorization. I was just thinking if they can be declarative.
I think if needed, we can change this in the future. Ironically, adding this was a requsted on the previous, related, patch.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------
On Nov. 19, 2015, 3:47 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
>
> (Updated Nov. 19, 2015, 3:47 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
>
>
> Bugs: AMBARI-13947
> https://issues.apache.org/jira/browse/AMBARI-13947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create base infrastructure to allow for granular role based access control.
>
> This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
> ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
> ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
> ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
> ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
>
> Diff: https://reviews.apache.org/r/40499/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
>
> #Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Sumit Mohanty <sm...@hortonworks.com>.
> On Nov. 19, 2015, 10:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java, line 32
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133004#file1133004line32>
> >
> > Type - drop the "does"
Typo in my typo comment - Type should be Typo
- Sumit
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------
On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
>
> (Updated Nov. 19, 2015, 8:47 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
>
>
> Bugs: AMBARI-13947
> https://issues.apache.org/jira/browse/AMBARI-13947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create base infrastructure to allow for granular role based access control.
>
> This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
> ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
> ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
> ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
> ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
>
> Diff: https://reviews.apache.org/r/40499/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
>
> #Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Sumit Mohanty <sm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java (line 32)
<https://reviews.apache.org/r/40499/#comment166282>
Type - drop the "does"
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java (line 32)
<https://reviews.apache.org/r/40499/#comment166284>
Not critical - may be its OK that a code change is needed to add a new authorization. I was just thinking if they can be declarative.
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java (line 70)
<https://reviews.apache.org/r/40499/#comment166286>
Is this a breaking change?
- Sumit Mohanty
On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
>
> (Updated Nov. 19, 2015, 8:47 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
>
>
> Bugs: AMBARI-13947
> https://issues.apache.org/jira/browse/AMBARI-13947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create base infrastructure to allow for granular role based access control.
>
> This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
> ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
> ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
> ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
> ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
>
> Diff: https://reviews.apache.org/r/40499/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
>
> #Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/
-----------------------------------------------------------
(Updated Nov. 19, 2015, 9:44 p.m.)
Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
Bugs: AMBARI-13947
https://issues.apache.org/jira/browse/AMBARI-13947
Repository: ambari
Description
-------
Create base infrastructure to allow for granular role based access control.
This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java 66d20b3
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 5e0e4bd
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 408a747
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 4c35d53
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
Diff: https://reviews.apache.org/r/40499/diff/
Testing
-------
Manual testing
# Local test results:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:01:53.757s
[INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
[INFO] Final Memory: 67M/757M
[INFO] ------------------------------------------------------------------------
#Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 40499: Create base infrastructure to allow for
granular role based access control
Posted by Sumit Mohanty <sm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107255
-----------------------------------------------------------
Ship it!
My comments are benign - so code can be committed without incorporating them
- Sumit Mohanty
On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
>
> (Updated Nov. 19, 2015, 8:47 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
>
>
> Bugs: AMBARI-13947
> https://issues.apache.org/jira/browse/AMBARI-13947
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Create base infrastructure to allow for granular role based access control.
>
> This entails creating a base class to help with authorization checks. The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e
> ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573
> ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db
> ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1
> ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7
> ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6
> ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c
> ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed
> ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f
>
> Diff: https://reviews.apache.org/r/40499/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> # Local test results:
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
>
> #Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>