You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2023/04/19 22:36:00 UTC
Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
-------
RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION
agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30
Diff: https://reviews.apache.org/r/74404/diff/1/
Testing
-------
- Testing done with TestCase.
-- Request has to set the resource as "_any_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
example: resource => "_any_topic", context => "topic" , operation => consume, user => "user1"
-- Policy maintained => user1 will have access to consume on any topic, but the this call result in "ALLOWED".
-- Testing done with new in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani
Re: Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------
(Updated May 11, 2023, 1:58 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
-------
RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION
agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30
Diff: https://reviews.apache.org/r/74404/diff/1/
Testing (updated)
-------
- Testing done with TestCase.
-- Request has to set the resource as "*_any*_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
example: resource => "_any_topic", context => "topic" , operation => consume, user => "user1"
-- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani
Re: Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------
(Updated May 5, 2023, 3:51 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Changes
-------
Testing descriptiosn changed
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
-------
RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION
agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30
Diff: https://reviews.apache.org/r/74404/diff/1/
Testing (updated)
-------
- Testing done with TestCase.
-- Request has to set the resource as "_any_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
example: resource => "_any_topic", context => "topic" , operation => consume, user => "user1"
-- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani