You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2023/04/19 22:36:00 UTC

Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------

Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Bugs: RANGER-4165
    https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
-------

RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION 
  agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30 


Diff: https://reviews.apache.org/r/74404/diff/1/


Testing
-------

- Testing done with TestCase.
    -- Request has to set the resource as "_any_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
          example: resource => "_any_topic",  context => "topic" , operation => consume, user => "user1"
    -- Policy maintained => user1 will have access to consume on any topic, but the this call result in "ALLOWED".
    
-- Testing done with new in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json

-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani

Re: Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------

(Updated May 11, 2023, 1:58 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Bugs: RANGER-4165
    https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
-------

RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION 
  agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30 


Diff: https://reviews.apache.org/r/74404/diff/1/


Testing (updated)
-------

- Testing done with TestCase.
    -- Request has to set the resource as "*_any*_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
          example: resource => "_any_topic",  context => "topic" , operation => consume, user => "user1"
    -- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
    
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json

-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani

Re: Review Request 74404: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74404/
-----------------------------------------------------------

(Updated May 5, 2023, 3:51 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Changes
-------

Testing descriptiosn changed


Bugs: RANGER-4165
    https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
-------

RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java ca899979a 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java 3864f30d2 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java e75bb722c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c 
  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 
  agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION 
  agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 779f57a0b 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30 


Diff: https://reviews.apache.org/r/74404/diff/1/


Testing (updated)
-------

- Testing done with TestCase.
    -- Request has to set the resource as "_any_<resourceType>" and add a request context "RESOURCE_TYPE" = "<resourceType>".
          example: resource => "_any_topic",  context => "topic" , operation => consume, user => "user1"
    -- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
    
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json

-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani