You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2022/02/24 02:12:04 UTC
Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638
Repository: ranger
Description
-------
RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
Diffs
-----
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
Diff: https://reviews.apache.org/r/73863/diff/1/
Testing
-------
1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.
Thanks,
Sailaja Polavarapu
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224093
-----------------------------------------------------------
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 144 (patched)
<https://reviews.apache.org/r/73863/#comment313047>
Is this a misplaced comment, which needs to be before line 134?
- Abhay Kulkarni
On Feb. 24, 2022, 2:12 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
>
> (Updated Feb. 24, 2022, 2:12 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
>
>
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
>
>
> Diffs
> -----
>
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
>
>
> Diff: https://reviews.apache.org/r/73863/diff/1/
>
>
> Testing
> -------
>
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224097
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
>
> (Updated Feb. 24, 2022, 2:31 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
>
>
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
>
>
> Diffs
> -----
>
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
>
>
> Diff: https://reviews.apache.org/r/73863/diff/2/
>
>
> Testing
> -------
>
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224098
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
>
> (Updated Feb. 24, 2022, 2:31 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
>
>
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
>
>
> Diffs
> -----
>
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
>
>
> Diff: https://reviews.apache.org/r/73863/diff/2/
>
>
> Testing
> -------
>
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224099
-----------------------------------------------------------
Fix it, then Ship it!
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 130 (patched)
<https://reviews.apache.org/r/73863/#comment313052>
I think following will make it a little easier to read; please consider:
// close() to be forwarded only for authorizer instances
// see: https://solr.apache.org/docs/8_11_1/solr-core/org/apache/solr/core/SolrInfoBean.html#getName--
boolean isAuthorizer = StringUtils.equals(super.getName(), RANGER_SOLR_AUTHORIZER_IMPL_CLASSNAME);
if (isAuthorizer) {
...
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("RangerSolrAuthorizer.close(): not forwarding for instance '" + super.getName() + "'");
}
}
- Madhan Neethiraj
On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
>
> (Updated Feb. 24, 2022, 2:31 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
>
>
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
>
>
> Diffs
> -----
>
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
>
>
> Diff: https://reviews.apache.org/r/73863/diff/2/
>
>
> Testing
> -------
>
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------
(Updated Feb. 25, 2022, 1:56 a.m.)
Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
Changes
-------
incorporated review comments
Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638
Repository: ranger
Description
-------
RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
Diffs (updated)
-----
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
Diff: https://reviews.apache.org/r/73863/diff/3/
Changes: https://reviews.apache.org/r/73863/diff/2-3/
Testing
-------
1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.
Thanks,
Sailaja Polavarapu
Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------
(Updated Feb. 24, 2022, 2:31 p.m.)
Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
Changes
-------
Placed comments before checking the authorizer class name
Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638
Repository: ranger
Description
-------
RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
Diffs (updated)
-----
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670
Diff: https://reviews.apache.org/r/73863/diff/2/
Changes: https://reviews.apache.org/r/73863/diff/1-2/
Testing
-------
1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.
Thanks,
Sailaja Polavarapu