You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Alejandro Fernandez <af...@hortonworks.com> on 2014/10/10 00:18:33 UTC
Re: Review Request 26519: Upgrade: Admin gets unnecessary READ
permissions
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26519/
-----------------------------------------------------------
(Updated Oct. 9, 2014, 10:18 p.m.)
Review request for Ambari, Jonathan Hurley, Srimanth Gunturi, Sid Wagle, and Tom Beerbower.
Bugs: AMBARI-7717
https://issues.apache.org/jira/browse/AMBARI-7717
Repository: ambari
Description
-------
During upgrade to Ambari 1.7.0, local users and admins get migrated fine, however, Ambari is explicitly giving CLUSTER.READ to admins.
The admins really don't need this READ, they just need CLUSTER.OPERATE (which they already have).
This is inteded for both trunk and release candidate branch 1.7.0, so it needs two +1s.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java f5f6297
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java 0c92f44
Diff: https://reviews.apache.org/r/26519/diff/
Testing
-------
Installed a cluster with Ambari 1.6.1.
An admin had roles of both admin and user.
$ psql -U ambari -d ambari
ambari=> select u.user_id, u.user_name, ur.role_name from users as u join user_roles as ur on u.user_id = ur.user_id ORDER BY u.user_id;
user_id | user_name | role_name
---------+-----------+-----------
1 | admin | admin
3 | admin1 | user
3 | admin1 | admin
4 | admin2 | user
4 | admin2 | admin
5 | user1 | user
6 | user2 | user
(7 rows)
After the upgrade,
ambari=> select u.user_name, u.principal_id, priv.permission_id, permission_name, t.resource_type_name from adminprivilege as priv join users as u on u.principal_id = priv.principal_id join adminpermission as perm on priv.permission_id = perm.permission_id join adminresourcetype as t on perm.resource_type_id = t.resource_type_id WHERE t.resource_type_name IN ('CLUSTER', 'AMBARI') ORDER BY u.user_name asc;
user_name | principal_id | permission_id | permission_name | resource_type_name
-----------+--------------+---------------+-----------------+--------------------
admin | 3 | 3 | CLUSTER.OPERATE | CLUSTER
admin | 3 | 1 | AMBARI.ADMIN | AMBARI
admin1 | 4 | 3 | CLUSTER.OPERATE | CLUSTER
admin1 | 4 | 1 | AMBARI.ADMIN | AMBARI
admin2 | 5 | 3 | CLUSTER.OPERATE | CLUSTER
admin2 | 5 | 1 | AMBARI.ADMIN | AMBARI
user1 | 6 | 2 | CLUSTER.READ | CLUSTER
user2 | 7 | 2 | CLUSTER.READ | CLUSTER
Also, ran unit tests.
----------------------------------------------------------------------
Total run:641
Total errors:0
Total failures:0
OK
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 28:41.374s
[INFO] Finished at: Thu Oct 09 14:13:30 PDT 2014
[INFO] Final Memory: 62M/1564M
[INFO] ------------------------------------------------------------------------
Thanks,
Alejandro Fernandez
Re: Review Request 26519: Upgrade: Admin gets unnecessary READ
permissions
Posted by Tom Beerbower <tb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26519/#review56071
-----------------------------------------------------------
Ship it!
Ship It!
- Tom Beerbower
On Oct. 9, 2014, 10:18 p.m., Alejandro Fernandez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26519/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2014, 10:18 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Srimanth Gunturi, Sid Wagle, and Tom Beerbower.
>
>
> Bugs: AMBARI-7717
> https://issues.apache.org/jira/browse/AMBARI-7717
>
>
> Repository: ambari
>
>
> Description
> -------
>
> During upgrade to Ambari 1.7.0, local users and admins get migrated fine, however, Ambari is explicitly giving CLUSTER.READ to admins.
> The admins really don't need this READ, they just need CLUSTER.OPERATE (which they already have).
>
> This is inteded for both trunk and release candidate branch 1.7.0, so it needs two +1s.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java f5f6297
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java 0c92f44
>
> Diff: https://reviews.apache.org/r/26519/diff/
>
>
> Testing
> -------
>
> Installed a cluster with Ambari 1.6.1.
> An admin had roles of both admin and user.
>
> $ psql -U ambari -d ambari
> ambari=> select u.user_id, u.user_name, ur.role_name from users as u join user_roles as ur on u.user_id = ur.user_id ORDER BY u.user_id;
> user_id | user_name | role_name
> ---------+-----------+-----------
> 1 | admin | admin
> 3 | admin1 | user
> 3 | admin1 | admin
> 4 | admin2 | user
> 4 | admin2 | admin
> 5 | user1 | user
> 6 | user2 | user
> (7 rows)
>
> After the upgrade,
>
> ambari=> select u.user_name, u.principal_id, priv.permission_id, permission_name, t.resource_type_name from adminprivilege as priv join users as u on u.principal_id = priv.principal_id join adminpermission as perm on priv.permission_id = perm.permission_id join adminresourcetype as t on perm.resource_type_id = t.resource_type_id WHERE t.resource_type_name IN ('CLUSTER', 'AMBARI') ORDER BY u.user_name asc;
> user_name | principal_id | permission_id | permission_name | resource_type_name
> -----------+--------------+---------------+-----------------+--------------------
> admin | 3 | 3 | CLUSTER.OPERATE | CLUSTER
> admin | 3 | 1 | AMBARI.ADMIN | AMBARI
> admin1 | 4 | 3 | CLUSTER.OPERATE | CLUSTER
> admin1 | 4 | 1 | AMBARI.ADMIN | AMBARI
> admin2 | 5 | 3 | CLUSTER.OPERATE | CLUSTER
> admin2 | 5 | 1 | AMBARI.ADMIN | AMBARI
> user1 | 6 | 2 | CLUSTER.READ | CLUSTER
> user2 | 7 | 2 | CLUSTER.READ | CLUSTER
>
>
> Also, ran unit tests.
> ----------------------------------------------------------------------
> Total run:641
> Total errors:0
> Total failures:0
> OK
> ...
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 28:41.374s
> [INFO] Finished at: Thu Oct 09 14:13:30 PDT 2014
> [INFO] Final Memory: 62M/1564M
> [INFO] ------------------------------------------------------------------------
>
>
>
> Thanks,
>
> Alejandro Fernandez
>
>
Re: Review Request 26519: Upgrade: Admin gets unnecessary READ
permissions
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26519/#review56136
-----------------------------------------------------------
Ship it!
Ship It!
- Jonathan Hurley
On Oct. 9, 2014, 6:34 p.m., Alejandro Fernandez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26519/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2014, 6:34 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Srimanth Gunturi, Sid Wagle, and Tom Beerbower.
>
>
> Bugs: AMBARI-7717
> https://issues.apache.org/jira/browse/AMBARI-7717
>
>
> Repository: ambari
>
>
> Description
> -------
>
> During upgrade to Ambari 1.7.0, local users and admins get migrated fine, however, Ambari is explicitly giving CLUSTER.READ to admins.
> The admins really don't need this READ, they just need CLUSTER.OPERATE (which they already have).
>
> This is inteded for both trunk and release candidate branch 1.7.0, so it needs two +1s.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java f5f6297
> ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java 0c92f44
>
> Diff: https://reviews.apache.org/r/26519/diff/
>
>
> Testing
> -------
>
> Installed a cluster with Ambari 1.6.1.
> An admin had roles of both admin and user.
>
> $ psql -U ambari -d ambari
> ambari=> select u.user_id, u.user_name, ur.role_name from users as u join user_roles as ur on u.user_id = ur.user_id ORDER BY u.user_id;
> user_id | user_name | role_name
> ---------+-----------+-----------
> 1 | admin | admin
> 3 | admin1 | user
> 3 | admin1 | admin
> 4 | admin2 | user
> 4 | admin2 | admin
> 5 | user1 | user
> 6 | user2 | user
> (7 rows)
>
> After the upgrade,
>
> ambari=> select u.user_name, u.principal_id, priv.permission_id, permission_name, t.resource_type_name from adminprivilege as priv join users as u on u.principal_id = priv.principal_id join adminpermission as perm on priv.permission_id = perm.permission_id join adminresourcetype as t on perm.resource_type_id = t.resource_type_id WHERE t.resource_type_name IN ('CLUSTER', 'AMBARI') ORDER BY u.user_name asc;
> user_name | principal_id | permission_id | permission_name | resource_type_name
> -----------+--------------+---------------+-----------------+--------------------
> admin | 3 | 3 | CLUSTER.OPERATE | CLUSTER
> admin | 3 | 1 | AMBARI.ADMIN | AMBARI
> admin1 | 4 | 3 | CLUSTER.OPERATE | CLUSTER
> admin1 | 4 | 1 | AMBARI.ADMIN | AMBARI
> admin2 | 5 | 3 | CLUSTER.OPERATE | CLUSTER
> admin2 | 5 | 1 | AMBARI.ADMIN | AMBARI
> user1 | 6 | 2 | CLUSTER.READ | CLUSTER
> user2 | 7 | 2 | CLUSTER.READ | CLUSTER
>
>
> Also, ran unit tests.
> ----------------------------------------------------------------------
> Total run:641
> Total errors:0
> Total failures:0
> OK
> ...
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 28:41.374s
> [INFO] Finished at: Thu Oct 09 14:13:30 PDT 2014
> [INFO] Final Memory: 62M/1564M
> [INFO] ------------------------------------------------------------------------
>
>
>
> Thanks,
>
> Alejandro Fernandez
>
>
Re: Review Request 26519: Upgrade: Admin gets unnecessary READ
permissions
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26519/
-----------------------------------------------------------
(Updated Oct. 9, 2014, 10:34 p.m.)
Review request for Ambari, Jonathan Hurley, Srimanth Gunturi, Sid Wagle, and Tom Beerbower.
Bugs: AMBARI-7717
https://issues.apache.org/jira/browse/AMBARI-7717
Repository: ambari
Description
-------
During upgrade to Ambari 1.7.0, local users and admins get migrated fine, however, Ambari is explicitly giving CLUSTER.READ to admins.
The admins really don't need this READ, they just need CLUSTER.OPERATE (which they already have).
This is inteded for both trunk and release candidate branch 1.7.0, so it needs two +1s.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java f5f6297
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java 0c92f44
Diff: https://reviews.apache.org/r/26519/diff/
Testing
-------
Installed a cluster with Ambari 1.6.1.
An admin had roles of both admin and user.
$ psql -U ambari -d ambari
ambari=> select u.user_id, u.user_name, ur.role_name from users as u join user_roles as ur on u.user_id = ur.user_id ORDER BY u.user_id;
user_id | user_name | role_name
---------+-----------+-----------
1 | admin | admin
3 | admin1 | user
3 | admin1 | admin
4 | admin2 | user
4 | admin2 | admin
5 | user1 | user
6 | user2 | user
(7 rows)
After the upgrade,
ambari=> select u.user_name, u.principal_id, priv.permission_id, permission_name, t.resource_type_name from adminprivilege as priv join users as u on u.principal_id = priv.principal_id join adminpermission as perm on priv.permission_id = perm.permission_id join adminresourcetype as t on perm.resource_type_id = t.resource_type_id WHERE t.resource_type_name IN ('CLUSTER', 'AMBARI') ORDER BY u.user_name asc;
user_name | principal_id | permission_id | permission_name | resource_type_name
-----------+--------------+---------------+-----------------+--------------------
admin | 3 | 3 | CLUSTER.OPERATE | CLUSTER
admin | 3 | 1 | AMBARI.ADMIN | AMBARI
admin1 | 4 | 3 | CLUSTER.OPERATE | CLUSTER
admin1 | 4 | 1 | AMBARI.ADMIN | AMBARI
admin2 | 5 | 3 | CLUSTER.OPERATE | CLUSTER
admin2 | 5 | 1 | AMBARI.ADMIN | AMBARI
user1 | 6 | 2 | CLUSTER.READ | CLUSTER
user2 | 7 | 2 | CLUSTER.READ | CLUSTER
Also, ran unit tests.
----------------------------------------------------------------------
Total run:641
Total errors:0
Total failures:0
OK
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 28:41.374s
[INFO] Finished at: Thu Oct 09 14:13:30 PDT 2014
[INFO] Final Memory: 62M/1564M
[INFO] ------------------------------------------------------------------------
Thanks,
Alejandro Fernandez