You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2023/02/15 22:09:04 UTC

Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/
-----------------------------------------------------------

Review request for ranger, madhan and Madhan Neethiraj.


Bugs: RANGER-3999
    https://issues.apache.org/jira/browse/RANGER-3999


Repository: ranger


Description
-------

When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a 


Diff: https://reviews.apache.org/r/74308/diff/1/


Testing
-------

Compiles clean and passes all unit tests.


Thanks,

Abhay Kulkarni

Re: Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/#review225188
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Feb. 16, 2023, 1:31 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74308/
> -----------------------------------------------------------
> 
> (Updated Feb. 16, 2023, 1:31 a.m.)
> 
> 
> Review request for ranger, madhan and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3999
>     https://issues.apache.org/jira/browse/RANGER-3999
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a 
>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java eb3d0ff46 
>   agents-common/src/test/resources/policyengine/test_policyengine_hive.json 0544feb14 
> 
> 
> Diff: https://reviews.apache.org/r/74308/diff/2/
> 
> 
> Testing
> -------
> 
> Compiles clean and passes all unit tests.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/
-----------------------------------------------------------

(Updated Feb. 16, 2023, 1:31 a.m.)


Review request for ranger, madhan and Madhan Neethiraj.


Changes
-------

Added unit tests


Bugs: RANGER-3999
    https://issues.apache.org/jira/browse/RANGER-3999


Repository: ranger


Description
-------

When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java eb3d0ff46 
  agents-common/src/test/resources/policyengine/test_policyengine_hive.json 0544feb14 


Diff: https://reviews.apache.org/r/74308/diff/2/

Changes: https://reviews.apache.org/r/74308/diff/1-2/


Testing
-------

Compiles clean and passes all unit tests.


Thanks,

Abhay Kulkarni