You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2015/04/09 10:35:17 UTC
Review Request 33012: RANGER-360: added delegated-admin enforcement
logic in Ranger REST APIs
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33012/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, dilli dorai, Gautam Borad, Abhay Kulkarni, Ramesh Mani, and Velmurugan Periasamy.
Bugs: RANGER-360
https://issues.apache.org/jira/browse/RANGER-360
Repository: ranger
Description
-------
RANGER-360: added delegated-admin enforcement logic in Ranger REST APIs
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 511896e
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java 8ee6b77
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDb.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDbCache.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 2802d90
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 5e9ca0c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java 755f553
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 154c6ea
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 3cdc5ea
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java af24247
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 35164b2
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java 8f9aea8
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 947c1ed
agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b6acc43
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java d9e7bf0
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java 59e79d0
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java fbb6917
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java d9f7015
Diff: https://reviews.apache.org/r/33012/diff/
Testing
-------
Verified that: 1) admin users have access to all policies 2) non-admin users have access to only policies for resources on which the user has delegated-admin access
Thanks,
Madhan Neethiraj
Re: Review Request 33012: RANGER-360: added delegated-admin
enforcement logic in Ranger REST APIs
Posted by Don Bosco Durai <bo...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33012/#review79639
-----------------------------------------------------------
Ship it!
Ship It!
- Don Bosco Durai
On April 10, 2015, 2:44 a.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33012/
> -----------------------------------------------------------
>
> (Updated April 10, 2015, 2:44 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, dilli dorai, Gautam Borad, Abhay Kulkarni, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-360
> https://issues.apache.org/jira/browse/RANGER-360
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-360: added delegated-admin enforcement logic in Ranger REST APIs
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDb.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDbCache.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 3cdc5ea
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java PRE-CREATION
> agents-common/src/test/resources/policyengine/test_policydb_hdfs.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/33012/diff/
>
>
> Testing
> -------
>
> Verified that: 1) admin users have access to all policies 2) non-admin users have access to only policies for resources on which the user has delegated-admin access
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 33012: RANGER-360: added delegated-admin
enforcement logic in Ranger REST APIs
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33012/
-----------------------------------------------------------
(Updated April 10, 2015, 2:44 a.m.)
Review request for ranger, Alok Lal, Don Bosco Durai, dilli dorai, Gautam Borad, Abhay Kulkarni, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
Added unit tests. Updated RangerPolicyDbCache to use synchronizedMap, per offline comments from Abhay Kulkarni.
Bugs: RANGER-360
https://issues.apache.org/jira/browse/RANGER-360
Repository: ranger
Description
-------
RANGER-360: added delegated-admin enforcement logic in Ranger REST APIs
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDb.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyDbCache.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 3cdc5ea
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java PRE-CREATION
agents-common/src/test/resources/policyengine/test_policydb_hdfs.json PRE-CREATION
Diff: https://reviews.apache.org/r/33012/diff/
Testing
-------
Verified that: 1) admin users have access to all policies 2) non-admin users have access to only policies for resources on which the user has delegated-admin access
Thanks,
Madhan Neethiraj