You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/11/19 21:47:52 UTC

Review Request 40499: Create base infrastructure to allow for granular role based access control

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.


Bugs: AMBARI-13947
    https://issues.apache.org/jira/browse/AMBARI-13947


Repository: ambari


Description
-------

Create base infrastructure to allow for granular role based access control. 

This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
  ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
  ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
  ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
  ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
  ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
  ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
  ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
  ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
  ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
  ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
  ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 

Diff: https://reviews.apache.org/r/40499/diff/


Testing
-------

Manual testing

# Local test results: 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:01:53.757s
[INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
[INFO] Final Memory: 67M/757M
[INFO] ------------------------------------------------------------------------

#Jenkins test results: PENDING


Thanks,

Robert Levas

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Robert Levas <rl...@hortonworks.com>.


> On Nov. 19, 2015, 5:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java, line 70
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133008#file1133008line70>
> >
> >     Is this a breaking change?

This is fixing something that was previously broken but appearing to never coming into play - until now.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------


On Nov. 19, 2015, 3:47 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
> 
> (Updated Nov. 19, 2015, 3:47 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13947
>     https://issues.apache.org/jira/browse/AMBARI-13947
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create base infrastructure to allow for granular role based access control. 
> 
> This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
>   ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 
> 
> Diff: https://reviews.apache.org/r/40499/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> # Local test results: 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Robert Levas <rl...@hortonworks.com>.


> On Nov. 19, 2015, 5:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java, line 32
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133007#file1133007line32>
> >
> >     Not critical - may be its OK that a code change is needed to add a new authorization. I was just thinking if they can be declarative.

I think if needed, we can change this in the future.  Ironically, adding this was a requsted on the previous, related, patch.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------


On Nov. 19, 2015, 3:47 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
> 
> (Updated Nov. 19, 2015, 3:47 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13947
>     https://issues.apache.org/jira/browse/AMBARI-13947
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create base infrastructure to allow for granular role based access control. 
> 
> This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
>   ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 
> 
> Diff: https://reviews.apache.org/r/40499/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> # Local test results: 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Sumit Mohanty <sm...@hortonworks.com>.


> On Nov. 19, 2015, 10:29 p.m., Sumit Mohanty wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java, line 32
> > <https://reviews.apache.org/r/40499/diff/1/?file=1133004#file1133004line32>
> >
> >     Type - drop the "does"

Typo in my typo comment - Type should be Typo


- Sumit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------


On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
> 
> (Updated Nov. 19, 2015, 8:47 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13947
>     https://issues.apache.org/jira/browse/AMBARI-13947
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create base infrastructure to allow for granular role based access control. 
> 
> This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
>   ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 
> 
> Diff: https://reviews.apache.org/r/40499/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> # Local test results: 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Sumit Mohanty <sm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107252
-----------------------------------------------------------



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java (line 32)
<https://reviews.apache.org/r/40499/#comment166282>

    Type - drop the "does"



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java (line 32)
<https://reviews.apache.org/r/40499/#comment166284>

    Not critical - may be its OK that a code change is needed to add a new authorization. I was just thinking if they can be declarative.



ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java (line 70)
<https://reviews.apache.org/r/40499/#comment166286>

    Is this a breaking change?


- Sumit Mohanty


On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
> 
> (Updated Nov. 19, 2015, 8:47 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13947
>     https://issues.apache.org/jira/browse/AMBARI-13947
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create base infrastructure to allow for granular role based access control. 
> 
> This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
>   ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 
> 
> Diff: https://reviews.apache.org/r/40499/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> # Local test results: 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Robert Levas <rl...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/
-----------------------------------------------------------

(Updated Nov. 19, 2015, 9:44 p.m.)


Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.


Bugs: AMBARI-13947
    https://issues.apache.org/jira/browse/AMBARI-13947


Repository: ambari


Description
-------

Create base infrastructure to allow for granular role based access control. 

This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java 66d20b3 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 5e0e4bd 
  ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 408a747 
  ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
  ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
  ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
  ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
  ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 4c35d53 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
  ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
  ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
  ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
  ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
  ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
  ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
  ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
  ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 

Diff: https://reviews.apache.org/r/40499/diff/


Testing
-------

Manual testing

# Local test results: 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:01:53.757s
[INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
[INFO] Final Memory: 67M/757M
[INFO] ------------------------------------------------------------------------

#Jenkins test results: PENDING


Thanks,

Robert Levas

Re: Review Request 40499: Create base infrastructure to allow for granular role based access control

Posted by Sumit Mohanty <sm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40499/#review107255
-----------------------------------------------------------

Ship it!


My comments are benign - so code can be committed without incorporating them

- Sumit Mohanty


On Nov. 19, 2015, 8:47 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/40499/
> -----------------------------------------------------------
> 
> (Updated Nov. 19, 2015, 8:47 p.m.)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, Nate Cole, Robert Nettleton, and Sumit Mohanty.
> 
> 
> Bugs: AMBARI-13947
>     https://issues.apache.org/jira/browse/AMBARI-13947
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Create base infrastructure to allow for granular role based access control. 
> 
> This entails creating a base class to help with authorization checks.  The base class is to contain a default authorization check implementation but allow derived classes to override the logic to implement more sophisticated checks.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/query/QueryImpl.java cb22ddd 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d162eec 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractAuthorizedResourceProvider.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java d2e7be7 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java f4839e9 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java 0621286 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java 090805e 
>   ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java 3c434ea 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationException.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java 9feaf93 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ResourceType.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java 6d7a573 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java 310de34 
>   ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java 01b69db 
>   ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java 53277d1 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java 3a6ad91 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java 6286aea 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java 06ae045 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java 8e424f7 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java c5bb6e6 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/TestOrmImpl.java 27f6897 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ConfigGroupDAOTest.java 53af8a5 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/HostVersionDAOTest.java 7642603 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestDAOTest.java edc1428 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/RequestScheduleDAOTest.java 75b937c 
>   ambari-server/src/test/java/org/apache/ambari/server/orm/dao/ServiceConfigDAOTest.java 7873abb 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java c094934 
>   ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java a2a94ed 
>   ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterTest.java b2e2d68 
>   ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogHelper.java 19c0c7f 
> 
> Diff: https://reviews.apache.org/r/40499/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> # Local test results: 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 1:01:53.757s
> [INFO] Finished at: Thu Nov 19 15:30:16 EST 2015
> [INFO] Final Memory: 67M/757M
> [INFO] ------------------------------------------------------------------------
> 
> #Jenkins test results: PENDING
> 
> 
> Thanks,
> 
> Robert Levas
> 
>