You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2019/12/07 00:24:42 UTC
Review Request 71890: RANGER-2665: Policy engine for delegate-admin
processing is not built correctly when policy-deltas are enabled and a zone
policy is updated
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71890/
-----------------------------------------------------------
Review request for ranger, madhan, Madhan Neethiraj, and Ramesh Mani.
Bugs: RANGER-2665
https://issues.apache.org/jira/browse/RANGER-2665
Repository: ranger
Description
-------
When policy-deltas are enabled, and the only change is to a zone policy, then the policy-engine used for delegate-admin processing fails to build. This may lead to incorrect processing of delegate-admin privileges when the affected policy has delegate-admin policy-item(s).
Encapsulated logic for determining if a given ServicePolicies object contains policy-deltas, and used it to decide if a new policy engine needs to be built from scratch or from existing policy-engine using deltas provided in ServicePolicies object.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java f5cdddf83
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java 4599997db
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java 76dabb4a0
Diff: https://reviews.apache.org/r/71890/diff/1/
Testing
-------
Passes all unit tests. Tested with cluster configured with ranger-admin enabled for using policy-deltas.
Thanks,
Abhay Kulkarni
Re: Review Request 71890: RANGER-2665: Policy engine for
delegate-admin
processing is not built correctly when policy-deltas are enabled and a zone
policy is updated
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71890/#review218962
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Dec. 7, 2019, 12:24 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71890/
> -----------------------------------------------------------
>
> (Updated Dec. 7, 2019, 12:24 a.m.)
>
>
> Review request for ranger, madhan, Madhan Neethiraj, and Ramesh Mani.
>
>
> Bugs: RANGER-2665
> https://issues.apache.org/jira/browse/RANGER-2665
>
>
> Repository: ranger
>
>
> Description
> -------
>
> When policy-deltas are enabled, and the only change is to a zone policy, then the policy-engine used for delegate-admin processing fails to build. This may lead to incorrect processing of delegate-admin privileges when the affected policy has delegate-admin policy-item(s).
>
> Encapsulated logic for determining if a given ServicePolicies object contains policy-deltas, and used it to decide if a new policy engine needs to be built from scratch or from existing policy-engine using deltas provided in ServicePolicies object.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java f5cdddf83
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java 4599997db
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminCache.java 76dabb4a0
>
>
> Diff: https://reviews.apache.org/r/71890/diff/1/
>
>
> Testing
> -------
>
> Passes all unit tests. Tested with cluster configured with ranger-admin enabled for using policy-deltas.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>