subject:"\[jira\] \[Commented\] \(AMBARI\-18635\) Authorizations given to roles, should use generic role\-based principals rather than hard\-coded pseudo\-role\-based principals"

[jira] [Commented] (AMBARI-18635) Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

2016-10-20 Thread Hadoop QA (JIRA)


[ 
https://issues.apache.org/jira/browse/AMBARI-18635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15593289#comment-15593289
 ] 

Hadoop QA commented on AMBARI-18635:


{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12834531/AMBARI-18635_trunk_02.patch
  against trunk revision .

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 10 new 
or modified test files.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:red}-1 core tests{color}.  The patch failed these unit tests in 
ambari-admin ambari-server:

  org.apache.ambari.server.state.ServicePropertiesTest
  org.apache.ambari.server.state.ConfigHelperTest

Test results: 
https://builds.apache.org/job/Ambari-trunk-test-patch/8952//testReport/
Console output: 
https://builds.apache.org/job/Ambari-trunk-test-patch/8952//console

This message is automatically generated.

> Authorizations given to roles, should use generic role-based principals 
> rather than hard-coded pseudo-role-based principals
> ---
>
> Key: AMBARI-18635
> URL: https://issues.apache.org/jira/browse/AMBARI-18635
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.4.0
>Reporter: Robert Levas
>Assignee: Robert Levas
> Fix For: 2.4.2
>
> Attachments: AMBARI-18635_branch-2.4_01.patch, 
> AMBARI-18635_branch-2.4_02.patch, AMBARI-18635_branch-2.5_01.patch, 
> AMBARI-18635_branch-2.5_02.patch, AMBARI-18635_trunk_01.patch, 
> AMBARI-18635_trunk_02.patch
>
>
> Authorizations given to roles, should use generic role-based principals 
> rather than hard-coded resource types.  
> Access to views can be assigned to all users with a given role.  The 
> implementation for this lead to the creation of hard-coded principals that 
> represent the current set of roles. This is not dynamic enough for possibly 
> future enhancements where new roles may be created by administrators. 
> This needs to be changed such that rather that using the hard-coded 
> pseudo-role-principals, the dynamically generated role-principals are to be 
> used.
> The hard-coded pseudo-role-principals have the following 
> {{adminprincipaltype}} values as opposed to "ROLE":
> * ALL.CLUSTER.ADMINISTRATOR
> * ALL.CLUSTER.OPERATOR
> * ALL.SERVICE.ADMINISTRATOR
> * ALL.SERVICE.OPERATOR
> * ALL.CLUSTER.USER
> These should be removed along with the associated {{adminprincipal}} records. 
> Also, the FE should be updated to set permissions using the dynamic 
> role-principals.
> Finally, code should be cleaned up to remove unneeded code in 
> * 
> org.apache.ambari.server.security.authorization.ClusterInheritedPermissionHelper
> * 
> org.apache.ambari.server.controller.internal.GroupPrivilegeResourceProvider#getResources
> * 
> org.apache.ambari.server.controller.internal.PrivilegeResourceProvider#toEntity
> * 
> org.apache.ambari.server.controller.internal.UserPrivilegeResourceProvider#getResources
> * 
> org.apache.ambari.server.security.authorization.AuthorizationHelper#isAuthorized
> * org.apache.ambari.server.view.ViewRegistry#addClusterInheritedPermissions
> * ...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMBARI-18635) Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

2016-10-20 Thread Hadoop QA (JIRA)


[ 
https://issues.apache.org/jira/browse/AMBARI-18635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15592189#comment-15592189
 ] 

Hadoop QA commented on AMBARI-18635:


{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12834396/AMBARI-18635_trunk_01.patch
  against trunk revision .

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:green}+1 tests included{color}.  The patch appears to include 10 new 
or modified test files.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:red}-1 core tests{color}.  The patch failed these unit tests in 
ambari-admin ambari-server:

  org.apache.ambari.server.api.services.AmbariMetaInfoTest
  
org.apache.ambari.server.api.services.KerberosServiceMetaInfoTest
  
org.apache.ambari.server.state.kerberos.KerberosDescriptorUpdateHelperTest
  org.apache.ambari.server.state.stack.ConfigUpgradeValidityTest
  org.apache.ambari.server.stack.StackManagerTest

Test results: 
https://builds.apache.org/job/Ambari-trunk-test-patch/8939//testReport/
Console output: 
https://builds.apache.org/job/Ambari-trunk-test-patch/8939//console

This message is automatically generated.

> Authorizations given to roles, should use generic role-based principals 
> rather than hard-coded pseudo-role-based principals
> ---
>
> Key: AMBARI-18635
> URL: https://issues.apache.org/jira/browse/AMBARI-18635
> Project: Ambari
>  Issue Type: Bug
>  Components: ambari-server
>Affects Versions: 2.4.0
>Reporter: Robert Levas
>Assignee: Robert Levas
> Fix For: 2.4.2
>
> Attachments: AMBARI-18635_branch-2.4_01.patch, 
> AMBARI-18635_branch-2.5_01.patch, AMBARI-18635_trunk_01.patch
>
>
> Authorizations given to roles, should use generic role-based principals 
> rather than hard-coded resource types.  
> Access to views can be assigned to all users with a given role.  The 
> implementation for this lead to the creation of hard-coded principals that 
> represent the current set of roles. This is not dynamic enough for possibly 
> future enhancements where new roles may be created by administrators. 
> This needs to be changed such that rather that using the hard-coded 
> pseudo-role-principals, the dynamically generated role-principals are to be 
> used.
> The hard-coded pseudo-role-principals have the following 
> {{adminprincipaltype}} values as opposed to "ROLE":
> * ALL.CLUSTER.ADMINISTRATOR
> * ALL.CLUSTER.OPERATOR
> * ALL.SERVICE.ADMINISTRATOR
> * ALL.SERVICE.OPERATOR
> * ALL.CLUSTER.USER
> These should be removed along with the associated {{adminprincipal}} records. 
> Also, the FE should be updated to set permissions using the dynamic 
> role-principals.
> Finally, code should be cleaned up to remove unneeded code in 
> * 
> org.apache.ambari.server.security.authorization.ClusterInheritedPermissionHelper
> * 
> org.apache.ambari.server.controller.internal.GroupPrivilegeResourceProvider#getResources
> * 
> org.apache.ambari.server.controller.internal.PrivilegeResourceProvider#toEntity
> * 
> org.apache.ambari.server.controller.internal.UserPrivilegeResourceProvider#getResources
> * 
> org.apache.ambari.server.security.authorization.AuthorizationHelper#isAuthorized
> * org.apache.ambari.server.view.ViewRegistry#addClusterInheritedPermissions
> * ...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMBARI-18635) Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

[jira] [Commented] (AMBARI-18635) Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals

2 matches

Site Navigation

Mail list logo

Footer information