Enforce granular role-based access control for custom actions

Enforce granular role-based access control for custom actions. Such actions are specified in /var/lib/ambari-server/resources/custom_action_definitions/system_action_definitions.xml

For example:

  <actionDefinition>
    <actionName>check_host</actionName>
    <actionType>SYSTEM</actionType>
    <inputs/>
    <targetService/>
    <targetComponent/>
    <defaultTimeout>60</defaultTimeout>
    <description>General check for host</description>
    <targetType>ANY</targetType>
    <permissions>HOST.ADD_DELETE_HOSTS</permissions>
  </actionDefinition>

The "permissions" element that declare the permissions required to run the action. These permissions must be used to authorize a user to perform the operation. A user needs to have one of the listed permissions in order to be authorized.

The relevant API entry points are:

• /api/v1/requests
• /api/v1/requests/clusters/:CLUSTER_NAME/request

Example: The user executing the following REST API call must be assigned a role that has the HOST.ADD_DELETE_HOSTS authorization for the relevant cluster

POST /api/v1/requests
{
  "RequestInfo": {
    "action": "check_host",
    "log_output": "false",
    "context": "Check host",
    "parameters": {
      "check_execute_list": "last_agent_env_check,installed_packages,existing_repos,transparentHugePage",
      "jdk_location": "http://host1.example.com:8080/resources/",
      "threshold": "20"
    }
  },
  "Requests/resource_filters": [
    {
      "hosts": "host1.example.com"
    }
  ]
}