You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2023/02/11 21:59:46 UTC

Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/
-----------------------------------------------------------

Review request for ranger, madhan and Madhan Neethiraj.


Bugs: RANGER-3999
    https://issues.apache.org/jira/browse/RANGER-3999


Repository: ranger


Description
-------

This patch addresses the following to an earlier patch for RANGER-3999:
- Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
- Clean up - use existing APIs where possible
- Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
- Add a few logging messages


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5 


Diff: https://reviews.apache.org/r/74304/diff/1/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni

Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/#review225181
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Feb. 13, 2023, 7:18 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74304/
> -----------------------------------------------------------
> 
> (Updated Feb. 13, 2023, 7:18 p.m.)
> 
> 
> Review request for ranger, madhan and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3999
>     https://issues.apache.org/jira/browse/RANGER-3999
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> This patch addresses the following to an earlier patch for RANGER-3999:
> - Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
> - Clean up - use existing APIs where possible
> - Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
> - Add a few logging messages
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5 
> 
> 
> Diff: https://reviews.apache.org/r/74304/diff/2/
> 
> 
> Testing
> -------
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/
-----------------------------------------------------------

(Updated Feb. 13, 2023, 7:18 p.m.)


Review request for ranger, madhan and Madhan Neethiraj.


Changes
-------

Addressed comment


Bugs: RANGER-3999
    https://issues.apache.org/jira/browse/RANGER-3999


Repository: ranger


Description
-------

This patch addresses the following to an earlier patch for RANGER-3999:
- Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
- Clean up - use existing APIs where possible
- Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
- Add a few logging messages


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2 
  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5 


Diff: https://reviews.apache.org/r/74304/diff/2/

Changes: https://reviews.apache.org/r/74304/diff/1-2/


Testing
-------

Passed all unit tests


Thanks,

Abhay Kulkarni

Re: Review Request 74304: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 2

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74304/#review225180
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Line 704 (original), 706 (patched)
<https://reviews.apache.org/r/74304/#comment313937>

    Shouldn't requestedAccess be added even when impliedGrants is not empty? Consider replacing #705 - #709 with:
      allRequestedAccesses.add(requestedAccess);
      allRequestedAccesses.addAll(impliedGrants);


- Madhan Neethiraj


On Feb. 11, 2023, 9:59 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74304/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2023, 9:59 p.m.)
> 
> 
> Review request for ranger, madhan and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3999
>     https://issues.apache.org/jira/browse/RANGER-3999
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> This patch addresses the following to an earlier patch for RANGER-3999:
> - Add API to request-context to control how multiple resources' evaluation is combined to compute composite result (EITHER or EVERY)
> - Clean up - use existing APIs where possible
> - Explication of "_ANY" access-type to avoid duplicate access-types which have implied grants
> - Add a few logging messages
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 4f65d3da2 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 55752e79c 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ebb9cba5 
> 
> 
> Diff: https://reviews.apache.org/r/74304/diff/1/
> 
> 
> Testing
> -------
> 
> Passed all unit tests
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>