You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2023/02/11 21:59:46 UTC
Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/
-----------------------------------------------------------
Review request for ranger, madhan and Madhan Neethiraj.
Bugs: RANGER-3999
https://issues.apache.org/jira/browse/RANGER-3999
Repository: ranger
Description
-------
This patch addresses the following to an earlier patch for RANGER-3999:
- Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
- Clean up - use existing APIs where possible
- Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
- Add a few logging messages
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5
Diff: https://reviews.apache.org/r/74304/diff/1/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni
Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/#review225181
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Feb. 13, 2023, 7:18 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74304/
> -----------------------------------------------------------
>
> (Updated Feb. 13, 2023, 7:18 p.m.)
>
>
> Review request for ranger, madhan and Madhan Neethiraj.
>
>
> Bugs: RANGER-3999
> https://issues.apache.org/jira/browse/RANGER-3999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch addresses the following to an earlier patch for RANGER-3999:
> - Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
> - Clean up - use existing APIs where possible
> - Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
> - Add a few logging messages
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5
>
>
> Diff: https://reviews.apache.org/r/74304/diff/2/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/
-----------------------------------------------------------
(Updated Feb. 13, 2023, 7:18 p.m.)
Review request for ranger, madhan and Madhan Neethiraj.
Changes
-------
Addressed comment
Bugs: RANGER-3999
https://issues.apache.org/jira/browse/RANGER-3999
Repository: ranger
Description
-------
This patch addresses the following to an earlier patch for RANGER-3999:
- Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
- Clean up - use existing APIs where possible
- Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
- Add a few logging messages
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5
Diff: https://reviews.apache.org/r/74304/diff/2/
Changes: https://reviews.apache.org/r/74304/diff/1-2/
Testing
-------
Passed all unit tests
Thanks,
Abhay Kulkarni
Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/#review225180
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Line 704 (original), 706 (patched)
<https://reviews.apache.org/r/74304/#comment313937>
Shouldn't requestedAccess be added even when impliedGrants is not empty? Consider replacing #705 - #709 with:
allRequestedAccesses.add(requestedAccess);
allRequestedAccesses.addAll(impliedGrants);
- Madhan Neethiraj
On Feb. 11, 2023, 9:59 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74304/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2023, 9:59 p.m.)
>
>
> Review request for ranger, madhan and Madhan Neethiraj.
>
>
> Bugs: RANGER-3999
> https://issues.apache.org/jira/browse/RANGER-3999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch addresses the following to an earlier patch for RANGER-3999:
> - Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
> - Clean up - use existing APIs where possible
> - Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
> - Add a few logging messages
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5
>
>
> Diff: https://reviews.apache.org/r/74304/diff/1/
>
>
> Testing
> -------
>
> Passed all unit tests
>
>
> Thanks,
>
> Abhay Kulkarni
>
>