You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2016/07/16 07:02:20 UTC
[jira] [Commented] (AMBARI-17740) Cluster user role is permitted to
install packages using API
[ https://issues.apache.org/jira/browse/AMBARI-17740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15380573#comment-15380573 ]
Hadoop QA commented on AMBARI-17740:
------------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12818276/AMBARI-17740_trunk_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in ambari-server.
Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/7884//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/7884//console
This message is automatically generated.
> Cluster user role is permitted to install packages using API
> ------------------------------------------------------------
>
> Key: AMBARI-17740
> URL: https://issues.apache.org/jira/browse/AMBARI-17740
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.4.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: rbac
> Fix For: 2.4.0
>
> Attachments: AMBARI-17740_branch-2.4_01.patch, AMBARI-17740_trunk_01.patch
>
>
> With "Cluster User" role, submitting "install packages" API call goes through, even though it should be blocked
> {code}
> #curl -u cu:1234 -H "X-Requested-By: ambari" -i -X POST http://ambari-server:8080/api/v1/clusters/cl1/stack_versions -d '{"ClusterStackVersions":{"stack":"HDP","version":"2.3","repository_version":"2.3.0.0"}}'
> HTTP/1.1 202 Accepted
> Date: Wed, 29 Jun 2016 05:55:16 GMT
> X-Frame-Options: DENY
> X-XSS-Protection: 1; mode=block
> Set-Cookie: AMBARISESSIONID=11njwu8py6m511511liub068vj;Path=/;HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> User: cu
> Content-Type: text/plain
> Vary: Accept-Encoding, User-Agent
> Content-Length: 136
> Server: Jetty(9.2.11.v20150529)
> {
> "href" : "http://ambari-server:8080/api/v1/clusters/cl1/requests/36",
> "Requests" : {
> "id" : 36,
> "status" : "Accepted"
> }
> }
> {code}
> Role of the user "cu"
> {code}
> {
> "href" : "http://ambari-server:8080/api/v1/users/cu/privileges/7",
> "PrivilegeInfo" : {
> "cluster_name" : "cl1",
> "permission_label" : "Cluster User",
> "permission_name" : "CLUSTER.USER",
> "principal_name" : "cu",
> "principal_type" : "USER",
> "privilege_id" : 7,
> "type" : "CLUSTER",
> "user_name" : "cu"
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)