Page tree
Skip to end of metadata
Go to start of metadata

(Content authored by Unknown User (jeclarke) moved from front page) 

Current Security

The Deployment Manager Applications API currently only supports user identity. It runs applications as a particular user so that for example, for oozie and YARN components the jobs are executed as that user. The user to use is passed in the body of the create application API call. It does not authenticate the user at all and subsequently allows any other user to modify all applications.

Overview of changes

The Deployment Manager Applications API will be enhanced to authorise actions against applications so that only the user that created the application can perform actions on it. The restricted actions are start, stop and destroy.

Read only operations will not be restricted, this will allow all users of the console to see what other users are running and view the properties of those applications.

The Deployment Manager Applications API will use a URL parameter 'user=<user>' for this purpose.

If a user is supplied in the JSON body of the call to create application an HTTP 400 Client Error will be returned with a message indicating that the URL parameter should be used.

If the user supplied does not match the value held in the application registrar record then an HTTP 403 Forbidden will be returned with a message indicating that the user does not have sufficient privilege to perform the required action.

Detail of changes

In deployment_manager._assert_application_status add a user parameter that is passed through all the way down from the URL parameter 'user'.

If the application exists and is anything other than NOTCREATED then check the passed user against the user returned by application_registrar.get_application in record['overrides']['user'].

Define a new exception Forbidden in exceptiondef and raise this in the case that the above check fails.

In app.BaseHandler catch Forbidden exceptions and convert to HTTP 403.

Unit tests will be added to verify this behaviour.

The API documentation in the readme will be updated to reflect the changes.

  • No labels