You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2023/05/23 19:22:39 UTC
Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
-----------------------------------------------------------
(Updated May 23, 2023, 7:22 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Changes
-------
RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
Summary (updated)
-----------------
RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
-------
RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java e561c4c7c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java 4887c0112
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestWrapper.java 6aec330d7
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java eee1e1f1b
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java e887730c9
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 5fa5b68d4
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 0cb3e0fed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java ee2fff3ed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e31437fc1
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java ad21b3239
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java 8fe3be9cc
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcherTest.java 2b7f27200
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java ea7bc01f2
agents-common/src/test/resources/policyengine/test_policyengine_aws.json 118bef534
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION
Diff: https://reviews.apache.org/r/74441/diff/2/
Changes: https://reviews.apache.org/r/74441/diff/1-2/
Testing
-------
Testing done with TestCase.
-- Request has to set the resource = " " and resourceMatchingScope = "SELF_OR_PREFIX",
example:
{"name":"Any topic Consume access for user3",
"request":{
"resource":{"elements":{"topic":""}}, "resourceMatchingScope": "SELF_OR_PREFIX",
"accessType":"consume","user":"user3","userGroups":[],
"context": {"RESOURCE_TYPE": "topic"}
},
"result":{"isAudited":true,"isAllowed":true,"policyId":102}
}
-- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani
Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
-----------------------------------------------------------
(Updated May 23, 2023, 11:18 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Changes
-------
Updated the test case in the description
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
-------
RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java e561c4c7c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java 4887c0112
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestWrapper.java 6aec330d7
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java eee1e1f1b
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java e887730c9
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 5fa5b68d4
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 0cb3e0fed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java ee2fff3ed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e31437fc1
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java ad21b3239
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java 8fe3be9cc
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcherTest.java 2b7f27200
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java ea7bc01f2
agents-common/src/test/resources/policyengine/test_policyengine_aws.json 118bef534
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION
Diff: https://reviews.apache.org/r/74441/diff/2/
Testing (updated)
-------
Testing done with TestCase.
-- Request has to set the resource = " " and resourceMatchingScope = "SELF_OR_PREFIX",
example:
{"name":"Any topic Consume access for user3",
"request":{
"resource":{"elements":{"topic":""}}, "resourceMatchingScope": "SELF_OR_PREFIX",
"accessType":"consume","user":"user3","userGroups":[]
},
"result":{"isAudited":true,"isAllowed":true,"policyId":102}
}
-- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED".
-- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani