You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2016/09/01 22:52:36 UTC
Re: Review Request 51232: Ranger policy should support variables like
{user}
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51232/
-----------------------------------------------------------
(Updated Sept. 1, 2016, 10:52 p.m.)
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-698
https://issues.apache.org/jira/browse/RANGER-698
Repository: ranger
Description
-------
Support for variables in Ranger policy resource values can make it easy to manage policies; in many cases can help use a single policy to manage access permissions for a large number of resources.
The replacement algorithm for converting encoded policy-resource-specification into actual resource-identifier requires a little more work. Also, need to put in more detailed debugging information. Therefore, this is sent only to you for early review and feedback. Thanks!
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesAccessedTogetherCondition.java fc9842e
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesNotAccessedTogetherCondition.java 3b8e009
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java cf7b8e7
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 5b60a53
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java f6931b3
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java a5e92da
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 6d3645f
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java 514884f
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCachedPolicyEvaluator.java 91a53d8
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java eb46353
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java e2c715f
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 00b24d1
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b60e06e
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 80e46f5
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 8bde807
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java a8810e5
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 574f2eb
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java 0a11be0
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java d508f3f
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8f1cebe
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 39eb339
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ce3721
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestedResources.java 0f10deb
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java 2079487
agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 0a2b451
agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java PRE-CREATION
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java 48bc6ee
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java d2fb62c
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java c9d207f
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java 9b870d4
agents-common/src/test/resources/policyengine/test_policyengine_hdfs_resourcespec.json da0a629
agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 918c30f
agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json PRE-CREATION
agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json 25b0eb7
agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json PRE-CREATION
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 5e8c540
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 90b146b
Diff: https://reviews.apache.org/r/51232/diff/
Testing
-------
Ran all unit tests successfully.
Thanks,
Abhay Kulkarni
Re: Review Request 51232: Ranger policy should support variables like
{user}
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51232/#review147616
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Sept. 1, 2016, 10:52 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51232/
> -----------------------------------------------------------
>
> (Updated Sept. 1, 2016, 10:52 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-698
> https://issues.apache.org/jira/browse/RANGER-698
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Support for variables in Ranger policy resource values can make it easy to manage policies; in many cases can help use a single policy to manage access permissions for a large number of resources.
>
> The replacement algorithm for converting encoded policy-resource-specification into actual resource-identifier requires a little more work. Also, need to put in more detailed debugging information. Therefore, this is sent only to you for early review and feedback. Thanks!
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesAccessedTogetherCondition.java fc9842e
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesNotAccessedTogetherCondition.java 3b8e009
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java cf7b8e7
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 5b60a53
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java f6931b3
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java a5e92da
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 6d3645f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java 514884f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCachedPolicyEvaluator.java 91a53d8
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java eb46353
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java e2c715f
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 00b24d1
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b60e06e
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 80e46f5
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 8bde807
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java a8810e5
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 574f2eb
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java 0a11be0
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java d508f3f
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8f1cebe
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 39eb339
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ce3721
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestedResources.java 0f10deb
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java 2079487
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 0a2b451
> agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java PRE-CREATION
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java 48bc6ee
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java d2fb62c
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java c9d207f
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java 9b870d4
> agents-common/src/test/resources/policyengine/test_policyengine_hdfs_resourcespec.json da0a629
> agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 918c30f
> agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json PRE-CREATION
> agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json 25b0eb7
> agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 5e8c540
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 90b146b
>
> Diff: https://reviews.apache.org/r/51232/diff/
>
>
> Testing
> -------
>
> Ran all unit tests successfully.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>