You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2019/10/20 03:30:37 UTC
Re: Review Request 71636: RANGER-2626: Block unauthenticated access to
Ranger REST endpoints in kerberized environment
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/
-----------------------------------------------------------
(Updated Oct. 20, 2019, 3:30 a.m.)
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Changes
-------
RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment
Summary (updated)
-----------------
RANGER-2626: Block unauthenticated access to Ranger REST endpoints in kerberized environment
Bugs: RANGER-2626
https://issues.apache.org/jira/browse/RANGER-2626
Repository: ranger
Description (updated)
-------
Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are accessed for all users. However, in secure environment, unauthenticated access to them should not be allowed.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a
Diff: https://reviews.apache.org/r/71636/diff/3/
Changes: https://reviews.apache.org/r/71636/diff/2-3/
Testing (updated)
-------
Tested with kerberized cluster with curl script to invoke policy download without acquiring kerberos identity. Ensured that policy download failed.
Thanks,
Abhay Kulkarni
Re: Review Request 71636: RANGER-2626: Block unauthenticated access to
Ranger REST endpoints in kerberized environment
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/#review218296
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On Oct. 20, 2019, 2:04 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71636/
> -----------------------------------------------------------
>
> (Updated Oct. 20, 2019, 2:04 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
>
>
> Bugs: RANGER-2626
> https://issues.apache.org/jira/browse/RANGER-2626
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are accessed for all users. However, in secure environment, unauthenticated access to them should not be allowed.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1
> security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc
> security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a
>
>
> Diff: https://reviews.apache.org/r/71636/diff/4/
>
>
> Testing
> -------
>
> Tested with kerberized cluster with curl script to invoke policy download without acquiring kerberos identity. Ensured that policy download failed.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 71636: RANGER-2626: Block unauthenticated access to
Ranger REST endpoints in kerberized environment
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/#review218298
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Oct. 20, 2019, 2:04 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71636/
> -----------------------------------------------------------
>
> (Updated Oct. 20, 2019, 2:04 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
>
>
> Bugs: RANGER-2626
> https://issues.apache.org/jira/browse/RANGER-2626
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are accessed for all users. However, in secure environment, unauthenticated access to them should not be allowed.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1
> security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc
> security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a
>
>
> Diff: https://reviews.apache.org/r/71636/diff/4/
>
>
> Testing
> -------
>
> Tested with kerberized cluster with curl script to invoke policy download without acquiring kerberos identity. Ensured that policy download failed.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 71636: RANGER-2626: Block unauthenticated access to
Ranger REST endpoints in kerberized environment
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71636/
-----------------------------------------------------------
(Updated Oct. 20, 2019, 2:04 p.m.)
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Changes
-------
Passes all unit tests
Bugs: RANGER-2626
https://issues.apache.org/jira/browse/RANGER-2626
Repository: ranger
Description
-------
Some of the Ranger REST endpoints (such as those for downloads of policies/tags/roles) are accessed for all users. However, in secure environment, unauthenticated access to them should not be allowed.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 58cf790b1
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java fa3a31804
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 852c2c8dc
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b582081a
Diff: https://reviews.apache.org/r/71636/diff/4/
Changes: https://reviews.apache.org/r/71636/diff/3-4/
Testing
-------
Tested with kerberized cluster with curl script to invoke policy download without acquiring kerberos identity. Ensured that policy download failed.
Thanks,
Abhay Kulkarni