-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37771/
-----------------------------------------------------------
(Updated Sept. 12, 2015, 12:54 a.m.)
Review request for Falcon.
Changes
-------
Applied feedback!
Bugs: FALCON-1027
https://issues.apache.org/jira/browse/FALCON-1027
Repository: falcon-git
Description
-------
Today, Falcon doesn’t have doAs capability i.e. it doesn’t support
impersonation. Support for impersonation or proxyuser functionality (identical
to Hadoop proxyuser capabilities and conceptually similar to Unix 'sudo') needs
to be added to REST API’s and CLI(Command
line).
Diffs (updated)
-----
client/src/main/java/org/apache/falcon/cli/FalconCLI.java d4da302
client/src/main/java/org/apache/falcon/cli/FalconMetadataCLI.java 2f57c7d
client/src/main/java/org/apache/falcon/client/AbstractFalconClient.java
282b41b
client/src/main/java/org/apache/falcon/client/FalconClient.java 44436d2
common/src/main/java/org/apache/falcon/security/CurrentUser.java 4aed5d7
common/src/main/java/org/apache/falcon/security/SecurityUtil.java 861f80f
common/src/main/java/org/apache/falcon/service/GroupsService.java
PRE-CREATION
common/src/main/java/org/apache/falcon/service/ProxyUserService.java
PRE-CREATION
common/src/main/resources/runtime.properties 23ecc16
common/src/main/resources/startup.properties c48188c
common/src/test/java/org/apache/falcon/security/CurrentUserTest.java 5780c94
common/src/test/java/org/apache/falcon/security/SecurityUtilTest.java e40308e
common/src/test/java/org/apache/falcon/service/GroupsServiceTest.java
PRE-CREATION
common/src/test/java/org/apache/falcon/service/ProxyUserServiceTest.java
PRE-CREATION
docs/src/site/twiki/FalconCLI.twiki 8bf3155
docs/src/site/twiki/FalconDocumentation.twiki 29d93f7
prism/src/main/java/org/apache/falcon/resource/AbstractEntityManager.java
63c5d39
prism/src/main/java/org/apache/falcon/resource/AbstractSchedulableEntityManager.java
f9405dc
prism/src/main/java/org/apache/falcon/resource/channel/HTTPChannel.java
78f68ba
prism/src/main/java/org/apache/falcon/resource/proxy/SchedulableEntityManagerProxy.java
ceabb06
prism/src/main/java/org/apache/falcon/security/FalconAuthenticationFilter.java
df64b44
prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java
15e94cd
prism/src/main/java/org/apache/falcon/security/HostnameFilter.java
PRE-CREATION
prism/src/main/webapp/WEB-INF/web.xml 551bf56
prism/src/test/java/org/apache/falcon/resource/EntityManagerTest.java ea2c40f
prism/src/test/java/org/apache/falcon/security/FalconAuthenticationFilterTest.java
df85529
prism/src/test/java/org/apache/falcon/security/HostnameFilterTest.java
PRE-CREATION
src/conf/runtime.properties b31e6a3
src/conf/startup.properties 9925373
unit/src/main/java/org/apache/falcon/unit/FalconUnitClient.java eb65cb3
unit/src/test/java/org/apache/falcon/unit/FalconUnitTestBase.java 997b301
webapp/pom.xml ce37634
webapp/src/conf/oozie/conf/oozie-site.xml ded4873
webapp/src/main/java/org/apache/falcon/resource/SchedulableEntityManager.java
1f8cc1b
webapp/src/main/webapp/WEB-INF/distributed/web.xml 31d78a2
webapp/src/main/webapp/WEB-INF/embedded/web.xml fa2db39
webapp/src/main/webapp/WEB-INF/web.xml 2cfd7de
webapp/src/test/java/org/apache/falcon/cli/FalconCLIIT.java 0062070
webapp/src/test/java/org/apache/falcon/resource/EntityManagerJerseyIT.java
bcd3bd5
webapp/src/test/java/org/apache/falcon/resource/MetadataResourceJerseyIT.java
eb1dda8
webapp/src/test/java/org/apache/falcon/resource/TestContext.java 54671fb
webapp/src/test/resources/runtime.properties PRE-CREATION
Diff: https://reviews.apache.org/r/37771/diff/
Testing
-------
Unit tests and IT tests.
Manual testing :
* ProxyUSer service not added in startup properties, should throw "Service
ProxyUserService not registered"
* Super user not added in proxy user setting in startup.properties, shoudl
throw "java.security.AccessControlException: User <superuser> not defined as
proxyuser"
CLI:
* Add doAs option in CLI and verify command succeeds
* Commands should succeed without doAs as is an optional arg
REST API:
* pass doAs query param and verify REST requests succeeds
* REST requests should succeed without doAs query param as it is optional
* Perform schedule using doAs user. For other requests if doAs user is not
passed (say suspend, resume etc.) should get "User <superuser> not authorized
for Coord job <bundleId>"
Thanks,
Sowmya Ramesh
