AMBARI-17014. Service admin and cluster operator can't modify service configs through API (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java

@@ -78,6 +78,7 @@ public class AmbariAuthorizationFilter implements Filter {
   private static final String API_CLUSTER_SERVICES_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/services.*";
   private static final String API_CLUSTER_ALERT_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/alert.*";
   private static final String API_CLUSTER_HOSTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
+  private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
   private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
   private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX + "/stacks/.*?/versions/.*";
   private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX + "/hosts.*";
@@ -307,6 +308,7 @@ public class AmbariAuthorizationFilter implements Filter {
         requestURI.matches(VIEWS_CONTEXT_PATH_PATTERN) ||
         requestURI.matches(API_WIDGET_LAYOUTS_PATTERN) ||
         requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
+        requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
         requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
         requestURI.matches(API_HOSTS_ALL_PATTERN) ||
         requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||

ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java

@@ -79,6 +79,10 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -112,6 +116,10 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -145,6 +153,10 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -178,6 +190,10 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -211,6 +227,10 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
     urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);