You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2019/08/27 00:22:14 UTC
Review Request 71370: RANGER-2552: Fixed code to update the user
role/permissions properly when group memberships are updated
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71370/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-2552
https://issues.apache.org/jira/browse/RANGER-2552
Repository: ranger
Description
-------
Modified code to re-evaluate user's role/permissions based on the existing groups as well as the modified groups.
Diffs
-----
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java e5fc68ba8
Diff: https://reviews.apache.org/r/71370/diff/1/
Testing
-------
1. Verified all the existing unit tests ran successfully.
2. Patched a cluster and verified the user's role/permissions are properly evaluated for every add/update/delete of group memberships
3. Also verfied during startup the user permissions are stayed intact as well as during periodic sync with not updates to the user.
Thanks,
Sailaja Polavarapu
Re: Review Request 71370: RANGER-2552: Fixed code to update the user
role/permissions properly when group memberships are updated
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71370/#review217458
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Aug. 27, 2019, 5:34 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71370/
> -----------------------------------------------------------
>
> (Updated Aug. 27, 2019, 5:34 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2552
> https://issues.apache.org/jira/browse/RANGER-2552
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Modified code to re-evaluate user's role/permissions based on the existing groups as well as the modified groups.
>
>
> Diffs
> -----
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java e5fc68ba8
>
>
> Diff: https://reviews.apache.org/r/71370/diff/2/
>
>
> Testing
> -------
>
> 1. Verified all the existing unit tests ran successfully.
> 2. Patched a cluster and verified the user's role/permissions are properly evaluated for every add/update/delete of group memberships
> 3. Also verfied during startup the user permissions are stayed intact as well as during periodic sync with not updates to the user.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 71370: RANGER-2552: Fixed code to update the user
role/permissions properly when group memberships are updated
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71370/
-----------------------------------------------------------
(Updated Aug. 27, 2019, 5:34 p.m.)
Review request for ranger.
Changes
-------
Minor cleanup for deleting groups from userinfo object
Bugs: RANGER-2552
https://issues.apache.org/jira/browse/RANGER-2552
Repository: ranger
Description
-------
Modified code to re-evaluate user's role/permissions based on the existing groups as well as the modified groups.
Diffs (updated)
-----
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java e5fc68ba8
Diff: https://reviews.apache.org/r/71370/diff/2/
Changes: https://reviews.apache.org/r/71370/diff/1-2/
Testing
-------
1. Verified all the existing unit tests ran successfully.
2. Patched a cluster and verified the user's role/permissions are properly evaluated for every add/update/delete of group memberships
3. Also verfied during startup the user permissions are stayed intact as well as during periodic sync with not updates to the user.
Thanks,
Sailaja Polavarapu
Re: Review Request 71370: RANGER-2552: Fixed code to update the user
role/permissions properly when group memberships are updated
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
> On Aug. 27, 2019, 12:40 a.m., Madhan Neethiraj wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> > Lines 465 (patched)
> > <https://reviews.apache.org/r/71370/diff/1/?file=2162901#file2162901line542>
> >
> > Should delGroups be removed from cumulativeGroups?
This is taken care in line 455.
> On Aug. 27, 2019, 12:40 a.m., Madhan Neethiraj wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> > Lines 485 (patched)
> > <https://reviews.apache.org/r/71370/diff/1/?file=2162901#file2162901line572>
> >
> > Please review if the following case is handled: when the user was removed from a group, the user should be removed from corresponding role as well
Verified this case.
- Sailaja
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71370/#review217449
-----------------------------------------------------------
On Aug. 27, 2019, 5:34 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71370/
> -----------------------------------------------------------
>
> (Updated Aug. 27, 2019, 5:34 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2552
> https://issues.apache.org/jira/browse/RANGER-2552
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Modified code to re-evaluate user's role/permissions based on the existing groups as well as the modified groups.
>
>
> Diffs
> -----
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java e5fc68ba8
>
>
> Diff: https://reviews.apache.org/r/71370/diff/2/
>
>
> Testing
> -------
>
> 1. Verified all the existing unit tests ran successfully.
> 2. Patched a cluster and verified the user's role/permissions are properly evaluated for every add/update/delete of group memberships
> 3. Also verfied during startup the user permissions are stayed intact as well as during periodic sync with not updates to the user.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 71370: RANGER-2552: Fixed code to update the user
role/permissions properly when group memberships are updated
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71370/#review217449
-----------------------------------------------------------
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
Lines 465 (patched)
<https://reviews.apache.org/r/71370/#comment304714>
Should delGroups be removed from cumulativeGroups?
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
Lines 485 (patched)
<https://reviews.apache.org/r/71370/#comment304715>
Please review if the following case is handled: when the user was removed from a group, the user should be removed from corresponding role as well
- Madhan Neethiraj
On Aug. 27, 2019, 12:22 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71370/
> -----------------------------------------------------------
>
> (Updated Aug. 27, 2019, 12:22 a.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2552
> https://issues.apache.org/jira/browse/RANGER-2552
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Modified code to re-evaluate user's role/permissions based on the existing groups as well as the modified groups.
>
>
> Diffs
> -----
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java e5fc68ba8
>
>
> Diff: https://reviews.apache.org/r/71370/diff/1/
>
>
> Testing
> -------
>
> 1. Verified all the existing unit tests ran successfully.
> 2. Patched a cluster and verified the user's role/permissions are properly evaluated for every add/update/delete of group memberships
> 3. Also verfied during startup the user permissions are stayed intact as well as during periodic sync with not updates to the user.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>