Home Explore Help
Sign In
apache
/
ambari
mirror of https://gitee.com/freeshow_me/ambari
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

AMBARI-18135. Enable Namenode HA failing at install journal nodes with cluster operator user. (mpapirkovskyy)

Myroslav Papirkovskyi 9 years ago
parent
44e21f8ef2
commit
e349cd9889
1 changed files with 10 additions and 6 deletions
Split View Show Diff Stats
  1. 10 6
      ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java

+ 10 - 6
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ComponentResourceProvider.java
View File 

@@ -119,8 +119,8 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide
 
     super(propertyIds, keyPropertyIds, managementController);
 
     this.maintenanceStateHelper = maintenanceStateHelper;
 
 
-    setRequiredCreateAuthorizations(EnumSet.of(RoleAuthorization.SERVICE_ADD_DELETE_SERVICES));
 
-    setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.SERVICE_ADD_DELETE_SERVICES));
 
+    setRequiredCreateAuthorizations(EnumSet.of(RoleAuthorization.SERVICE_ADD_DELETE_SERVICES, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS));
 
+    setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.SERVICE_ADD_DELETE_SERVICES, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS));
 
     setRequiredGetAuthorizations(RoleAuthorization.AUTHORIZATIONS_VIEW_SERVICE);
 
     setRequiredGetAuthorizations(RoleAuthorization.AUTHORIZATIONS_VIEW_SERVICE);
 
     setRequiredUpdateAuthorizations(RoleAuthorization.AUTHORIZATIONS_UPDATE_CLUSTER);
 
@@ -285,7 +285,7 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide
 
       Validate.notEmpty(request.getComponentName(), "component name should be non-empty");
 
       Cluster cluster = getClusterForRequest(request, clusters);
 
 
-      isAuthorized(cluster, RoleAuthorization.SERVICE_ADD_DELETE_SERVICES);
 
+      isAuthorized(cluster, getRequiredCreateAuthorizations());
 
 
       setServiceNameIfAbsent(request, cluster, ambariMetaInfo);
 
       debug("Received a createComponent request: {}", request);
 
@@ -774,8 +774,12 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide
 
   }
 
 
   private void isAuthorized(final Cluster cluster, final RoleAuthorization roleAuthorization) throws AuthorizationException {
 
-    if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), roleAuthorization)) {
 
-      throw new AuthorizationException("The user is not authorized to for role " + roleAuthorization.name());
 
+    isAuthorized(cluster, EnumSet.of(roleAuthorization));
 
+  }
 
+
 
+  private void isAuthorized(final Cluster cluster, final Set<RoleAuthorization> requiredAuthorizations) throws AuthorizationException {
 
+    if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(), requiredAuthorizations)) {
 
+      throw new AuthorizationException("The user is not authorized to for roles " + requiredAuthorizations);
 
     }
 
   }
 
 
@@ -815,4 +819,4 @@ public class ComponentResourceProvider extends AbstractControllerResourceProvide
 
       LOG.debug(format, arguments);
 
     }
 
   }
 
-}
 
+}