You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2018/03/01 04:31:41 UTC
Review Request 65854: RANGER-1999: Ranger policy engine updates to
support list-of-values in access reource
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh Mani.
Bugs: RANGER-1999
https://issues.apache.org/jira/browse/RANGER-1999
Repository: ranger
Description
-------
Updated policy engine module to handle resources with multiple values
Diffs
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java 2ee616a1
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java 58004862
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java 18bb1f44
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java 9fcefbe0
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 415263ee
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java acd599a7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java a7399eed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8183dedb
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java eab9dbc7
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad78340
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java bcd15779
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e2c7c270
agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java e4eafc69
ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java 0008808e
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859
Diff: https://reviews.apache.org/r/65854/diff/1/
Testing
-------
- added unit tests to validate the enhancements
Thanks,
Madhan Neethiraj
Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to
support list-of-values in access reource
Posted by Madhan Neethiraj <ma...@apache.org>.
> On March 5, 2018, 9:57 a.m., Zsombor Gegesy wrote:
> > Instead of using Objects, and casting to Collection or String, why didn't you use either just Collection<String> - and use Collection.singleton(resourceName), or introduce a new 'ResourceMatch' type, with a 'SingleResourceMatch' and a 'AnyOfResourceMatch' subtypes ? So later a 'AllOfResourceMatch' could be introduced, if needed. Sure, a better name could be easily picked.
> > Relaying on runtime class casts from 'Object' makes the code more fragile - it will be easy to forget later to update the code, because the compiler won't complain.
@Zsombor - having generic 'Object' as the type for access-resouce value can enable extensions that can use types other than string/collection<string>. Policy engine framework doesn't need to be restricted on specific types. Only 2 places need to deal with this: resource-matcher and trie-lookup. With this commit, I updated both to deal with string/collection<string> type values. Current framework allows for registration of new type of resouce-matcher along with service-def. Not sure if such approach is feasible for trie-lookup - which arranges the policies based on string type resource values; for other resource types, trie can simply return complete policy-list.
- Madhan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/#review198619
-----------------------------------------------------------
On March 1, 2018, 8:41 p.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65854/
> -----------------------------------------------------------
>
> (Updated March 1, 2018, 8:41 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh Mani.
>
>
> Bugs: RANGER-1999
> https://issues.apache.org/jira/browse/RANGER-1999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Updated policy engine module to handle resources with multiple values
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java 2ee616a1
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java 58004862
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java 18bb1f44
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java 9fcefbe0
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 415263ee
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java acd599a7
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java a7399eed
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8183dedb
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java eab9dbc7
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad78340
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java bcd15779
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e2c7c270
> agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java e4eafc69
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java 0008808e
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859
>
>
> Diff: https://reviews.apache.org/r/65854/diff/2/
>
>
> Testing
> -------
>
> - added unit tests to validate the enhancements
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to
support list-of-values in access reource
Posted by Zsombor Gegesy <gz...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/#review198619
-----------------------------------------------------------
Instead of using Objects, and casting to Collection or String, why didn't you use either just Collection<String> - and use Collection.singleton(resourceName), or introduce a new 'ResourceMatch' type, with a 'SingleResourceMatch' and a 'AnyOfResourceMatch' subtypes ? So later a 'AllOfResourceMatch' could be introduced, if needed. Sure, a better name could be easily picked.
Relaying on runtime class casts from 'Object' makes the code more fragile - it will be easy to forget later to update the code, because the compiler won't complain.
- Zsombor Gegesy
On March 1, 2018, 9:41 p.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65854/
> -----------------------------------------------------------
>
> (Updated March 1, 2018, 9:41 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh Mani.
>
>
> Bugs: RANGER-1999
> https://issues.apache.org/jira/browse/RANGER-1999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Updated policy engine module to handle resources with multiple values
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java 2ee616a1
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java 58004862
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java 18bb1f44
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java 9fcefbe0
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 415263ee
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java acd599a7
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java a7399eed
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8183dedb
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java eab9dbc7
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad78340
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java bcd15779
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e2c7c270
> agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java e4eafc69
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java 0008808e
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859
>
>
> Diff: https://reviews.apache.org/r/65854/diff/2/
>
>
> Testing
> -------
>
> - added unit tests to validate the enhancements
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to
support list-of-values in access reource
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/#review198540
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On March 1, 2018, 8:41 p.m., Madhan Neethiraj wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65854/
> -----------------------------------------------------------
>
> (Updated March 1, 2018, 8:41 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh Mani.
>
>
> Bugs: RANGER-1999
> https://issues.apache.org/jira/browse/RANGER-1999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Updated policy engine module to handle resources with multiple values
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java 2ee616a1
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java 58004862
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java 18bb1f44
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java 9fcefbe0
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 415263ee
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java acd599a7
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java a7399eed
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8183dedb
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java eab9dbc7
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad78340
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java bcd15779
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e2c7c270
> agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java e4eafc69
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java 0008808e
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859
>
>
> Diff: https://reviews.apache.org/r/65854/diff/2/
>
>
> Testing
> -------
>
> - added unit tests to validate the enhancements
>
>
> Thanks,
>
> Madhan Neethiraj
>
>
Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to
support list-of-values in access reource
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/
-----------------------------------------------------------
(Updated March 1, 2018, 8:41 p.m.)
Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh Mani.
Changes
-------
fix for PMD violations (unused import), optimizations
Bugs: RANGER-1999
https://issues.apache.org/jira/browse/RANGER-1999
Repository: ranger
Description
-------
Updated policy engine module to handle resources with multiple values
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java 2ee616a1
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java 58004862
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java 18bb1f44
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java 9fcefbe0
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 415263ee
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java acd599a7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java a7399eed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8183dedb
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java eab9dbc7
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad78340
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java bcd15779
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java e2c7c270
agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java e4eafc69
ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java 0008808e
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859
Diff: https://reviews.apache.org/r/65854/diff/2/
Changes: https://reviews.apache.org/r/65854/diff/1-2/
Testing
-------
- added unit tests to validate the enhancements
Thanks,
Madhan Neethiraj