You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2019/10/05 01:58:26 UTC
Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving
user group roles to the plugins for evaluation -part2
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 51e08e1
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/1/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.role.download.by.service.enabled" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218095
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
Lines 139 (patched)
<https://reviews.apache.org/r/71583/#comment305630>
The configuration variable "ranger.role.download.by.service.enabled" is read in two separate places (here and in ServiceDBStore. Please see if it can be read only at one place (in ServiceDBStore.initStore()) and returned by a public static function in ServiceDBStore class. Also consider to rename the configuration variable as "ranger.support.for.service.specific.role.download" of type boolean.
- Abhay Kulkarni
On Oct. 5, 2019, 1:58 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 5, 2019, 1:58 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 51e08e1
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/1/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.role.download.by.service.enabled" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218167
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Oct. 10, 2019, midnight, Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2019, midnight)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
> agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/10/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218168
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Oct. 10, 2019, midnight, Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 10, 2019, midnight)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
> agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/10/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 10, 2019, midnight)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Review comments updated
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/10/
Changes: https://reviews.apache.org/r/71583/diff/9-10/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 9, 2019, 6:25 p.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
update patch after review
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/9/
Changes: https://reviews.apache.org/r/71583/diff/8-9/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 9, 2019, 6:36 a.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Fixed review comment
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/8/
Changes: https://reviews.apache.org/r/71583/diff/7-8/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218145
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Lines 62 (patched)
<https://reviews.apache.org/r/71583/#comment305717>
getRangerRoles() can return null if roleVersion is same as the currnet role version in DB - which will leave rangerRoles as null. Please review and update to handle this case.
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Line 65 (original), 72 (patched)
<https://reviews.apache.org/r/71583/#comment305718>
updatedServicePolicies() needs to be called even when no change in policyVersion ('if' at #64 is false) but roleVersion has changed. This will be missed since this line is inside 'if' block at #64. Please review and update.
- Madhan Neethiraj
On Oct. 9, 2019, 1:01 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2019, 1:01 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
> agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/7/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218144
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Oct. 9, 2019, 1:01 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 9, 2019, 1:01 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
> agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/7/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 9, 2019, 1:01 a.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Review requested addressed
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/7/
Changes: https://reviews.apache.org/r/71583/diff/6-7/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 8, 2019, 11:04 p.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comments, Addressed issue with Delegate admin privilege with Role policy.
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java 251a0ec
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java 5cd82d8
agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 2fec9a0
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/6/
Changes: https://reviews.apache.org/r/71583/diff/5-6/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218120
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Oct. 7, 2019, 6:05 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2019, 6:05 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/5/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218123
-----------------------------------------------------------
Fix it, then Ship it!
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 3501 (patched)
<https://reviews.apache.org/r/71583/#comment305698>
Instead of creating a new HashSet in every call to this method, consider taking the Set as a parameter:
private void collectRoleNames(List<? extends RangerPolicyItem> policyItems, Set<String> roleNames) {
..
}
- Madhan Neethiraj
On Oct. 7, 2019, 6:05 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2019, 6:05 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/5/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 7, 2019, 6:05 p.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Review comments fixed
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/5/
Changes: https://reviews.apache.org/r/71583/diff/4-5/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 7, 2019, 6:44 a.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Fixed review comments
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/4/
Changes: https://reviews.apache.org/r/71583/diff/3-4/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218105
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Line 3412 (original), 3425 (patched)
<https://reviews.apache.org/r/71583/#comment305653>
In addition to policyItems, get roles from denyPolicyItems, allowExceptions and denyExceptions as well.
Please review for other such occurances.
- Madhan Neethiraj
On Oct. 7, 2019, 5:07 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 7, 2019, 5:07 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/3/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 7, 2019, 5:07 a.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
review comments fixed
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java edc886c
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/3/
Changes: https://reviews.apache.org/r/71583/diff/2-3/
Testing
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218102
-----------------------------------------------------------
Fix it, then Ship it!
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 3473 (patched)
<https://reviews.apache.org/r/71583/#comment305637>
'ret' is already assigned to 'roleNames' in line #3454. So, line #3473 seems unnecessary. In fact, 'ret' itself is unncessary.
- Madhan Neethiraj
On Oct. 6, 2019, 6:31 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
>
> (Updated Oct. 6, 2019, 6:31 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 51e08e1
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
> security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
>
>
> Diff: https://reviews.apache.org/r/71583/diff/2/
>
>
> Testing
> -------
>
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for
serving user group roles to the plugins for evaluation -part2
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
-----------------------------------------------------------
(Updated Oct. 6, 2019, 6:31 p.m.)
Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
review comments addressed
Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512
Repository: ranger
Description
-------
RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 51e08e1
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8
security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629
security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java e168278
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd
Diff: https://reviews.apache.org/r/71583/diff/2/
Changes: https://reviews.apache.org/r/71583/diff/1-2/
Testing (updated)
-------
- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role download by service. By default it is "false" and it will download all the roles when add or update of roles happens. If set to "true" only these services which uses the roles will get the updated roles.
Thanks,
Ramesh Mani