You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2016/09/22 19:00:24 UTC
[jira] [Commented] (AMBARI-18433) Enforce granular role-based
access control for custom actions
[ https://issues.apache.org/jira/browse/AMBARI-18433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15514182#comment-15514182 ]
Hudson commented on AMBARI-18433:
---------------------------------
SUCCESS: Integrated in Jenkins build Ambari-branch-2.5 #75 (See [https://builds.apache.org/job/Ambari-branch-2.5/75/])
AMBARI-18433. Enforce granular role-based access control for custom (rlevas: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=d8b97a7be843ebb709d167809408e8c2bf03c75f])
* (edit) ambari-server/src/main/resources/custom_action_definitions/system_action_definitions.xml
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
* (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
* (edit) ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
* (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
* (edit) ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
> Enforce granular role-based access control for custom actions
> -------------------------------------------------------------
>
> Key: AMBARI-18433
> URL: https://issues.apache.org/jira/browse/AMBARI-18433
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.4.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: rbac
> Fix For: 2.5.0
>
> Attachments: AMBARI-18433_branch-2.5_01.patch, AMBARI-18433_branch-2.5_02.patch, AMBARI-18433_trunk_01.patch, AMBARI-18433_trunk_02.patch
>
>
> Enforce granular role-based access control for custom actions. Such actions are specified in {{/var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml}}
> For example:
> {code}
> <actionDefinition>
> <actionName>check_host</actionName>
> <actionType>SYSTEM</actionType>
> <inputs/>
> <targetService/>
> <targetComponent/>
> <defaultTimeout>60</defaultTimeout>
> <description>General check for host</description>
> <targetType>ANY</targetType>
> <permissions>HOST.ADD_DELETE_HOSTS</permissions>
> </actionDefinition>
> {code}
> The "permissions" element that declare the permissions required to run the action. These permissions must be used to authorize a user to perform the operation. A user needs to have one of the listed permissions in order to be authorized.
> The relevant API entry points are:
> * {{/api/v1/requests}}
> * {{/api/v1/requests/clusters/:CLUSTER_NAME/request}}
> Example: The user executing the following REST API call must be assigned a role that has the {{HOST.ADD_DELETE_HOSTS}} authorization for the relevant cluster
> {noformat}
> POST /api/v1/requests
> {
> "RequestInfo": {
> "action": "check_host",
> "log_output": "false",
> "context": "Check host",
> "parameters": {
> "check_execute_list": "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
> "jdk_location": "http://host1.example.com:8080/resources/",
> "threshold": "20"
> }
> },
> "Requests/resource_filters": [
> {
> "hosts": "host1.example.com"
> }
> ]
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)