You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2023/02/15 22:09:04 UTC
Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/
-----------------------------------------------------------
Review request for ranger, madhan and Madhan Neethiraj.
Bugs: RANGER-3999
https://issues.apache.org/jira/browse/RANGER-3999
Repository: ranger
Description
-------
When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a
Diff: https://reviews.apache.org/r/74308/diff/1/
Testing
-------
Compiles clean and passes all unit tests.
Thanks,
Abhay Kulkarni
Re: Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/#review225188
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Feb. 16, 2023, 1:31 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74308/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2023, 1:31 a.m.)
>
>
> Review request for ranger, madhan and Madhan Neethiraj.
>
>
> Bugs: RANGER-3999
> https://issues.apache.org/jira/browse/RANGER-3999
>
>
> Repository: ranger
>
>
> Description
> -------
>
> When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java eb3d0ff46
> agents-common/src/test/resources/policyengine/test_policyengine_hive.json 0544feb14
>
>
> Diff: https://reviews.apache.org/r/74308/diff/2/
>
>
> Testing
> -------
>
> Compiles clean and passes all unit tests.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 74308: RANGER-3999: Implement more efficient way to handle _any access authorization - Part 3
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74308/
-----------------------------------------------------------
(Updated Feb. 16, 2023, 1:31 a.m.)
Review request for ranger, madhan and Madhan Neethiraj.
Changes
-------
Added unit tests
Bugs: RANGER-3999
https://issues.apache.org/jira/browse/RANGER-3999
Repository: ranger
Description
-------
When ANY_ACCESS is requested, the policy matching algorithm returns match if match-type is not NONE. However, the current check for ANY_ACCESS checks not only the request's access-type but also the value in the request's context. As the request's context's attribute ISANYACCESS may be set up for processing any of the multiple accesses specified in the context's ACCESSTYPES attribute, only request's access-type needs to be checked to determine if the policy matches.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 9a0df550c
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java a51f2322a
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java eb3d0ff46
agents-common/src/test/resources/policyengine/test_policyengine_hive.json 0544feb14
Diff: https://reviews.apache.org/r/74308/diff/2/
Changes: https://reviews.apache.org/r/74308/diff/1-2/
Testing
-------
Compiles clean and passes all unit tests.
Thanks,
Abhay Kulkarni