You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2019/05/14 17:34:58 UTC
Review Request 70642: RANGER-2427: Tag policies are not evaluated if
no security zones are configured
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70642/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
Bugs: RANGER-2427
https://issues.apache.org/jira/browse/RANGER-2427
Repository: ranger
Description
-------
Policies downloaded to plugin have empty string as a value for zone-name. This causes the check for zone-name of policy(empty string) and zone-name of accessed resource(null) to fail. Consequently, none of the tag policies will match.
zone-name check condition is fixed to account for empty zone-name in policy.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 365edcf35
Diff: https://reviews.apache.org/r/70642/diff/1/
Testing
-------
Tested with a cluster with no configured security zone and with a tag policy. Ensured that tag policy is selected for evaluation when the accessed resource matches tagged resource.
Thanks,
Abhay Kulkarni
Re: Review Request 70642: RANGER-2427: Tag policies are not evaluated
if no security zones are configured
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70642/#review215256
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On May 14, 2019, 5:34 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70642/
> -----------------------------------------------------------
>
> (Updated May 14, 2019, 5:34 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2427
> https://issues.apache.org/jira/browse/RANGER-2427
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Policies downloaded to plugin have empty string as a value for zone-name. This causes the check for zone-name of policy(empty string) and zone-name of accessed resource(null) to fail. Consequently, none of the tag policies will match.
>
> zone-name check condition is fixed to account for empty zone-name in policy.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 365edcf35
>
>
> Diff: https://reviews.apache.org/r/70642/diff/1/
>
>
> Testing
> -------
>
> Tested with a cluster with no configured security zone and with a tag policy. Ensured that tag policy is selected for evaluation when the accessed resource matches tagged resource.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 70642: RANGER-2427: Tag policies are not evaluated
if no security zones are configured
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70642/#review215257
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On May 14, 2019, 5:34 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70642/
> -----------------------------------------------------------
>
> (Updated May 14, 2019, 5:34 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2427
> https://issues.apache.org/jira/browse/RANGER-2427
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Policies downloaded to plugin have empty string as a value for zone-name. This causes the check for zone-name of policy(empty string) and zone-name of accessed resource(null) to fail. Consequently, none of the tag policies will match.
>
> zone-name check condition is fixed to account for empty zone-name in policy.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 365edcf35
>
>
> Diff: https://reviews.apache.org/r/70642/diff/1/
>
>
> Testing
> -------
>
> Tested with a cluster with no configured security zone and with a tag policy. Ensured that tag policy is selected for evaluation when the accessed resource matches tagged resource.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 70642: RANGER-2427: Tag policies are not evaluated
if no security zones are configured
Posted by Selvamohan Neethiraj <sn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70642/#review215258
-----------------------------------------------------------
Ship it!
Ship It!
- Selvamohan Neethiraj
On May 14, 2019, 1:34 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70642/
> -----------------------------------------------------------
>
> (Updated May 14, 2019, 1:34 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2427
> https://issues.apache.org/jira/browse/RANGER-2427
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Policies downloaded to plugin have empty string as a value for zone-name. This causes the check for zone-name of policy(empty string) and zone-name of accessed resource(null) to fail. Consequently, none of the tag policies will match.
>
> zone-name check condition is fixed to account for empty zone-name in policy.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 365edcf35
>
>
> Diff: https://reviews.apache.org/r/70642/diff/1/
>
>
> Testing
> -------
>
> Tested with a cluster with no configured security zone and with a tag policy. Ensured that tag policy is selected for evaluation when the accessed resource matches tagged resource.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>