You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2022/02/24 02:12:04 UTC

Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------

Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.


Bugs: RANGER-3638
    https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
-------

RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.


Diffs
-----

  ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/1/


Testing
-------

1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224093
-----------------------------------------------------------




ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 144 (patched)
<https://reviews.apache.org/r/73863/#comment313047>

    Is this a misplaced comment, which needs to be before line 134?


- Abhay Kulkarni


On Feb. 24, 2022, 2:12 a.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2022, 2:12 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
>     https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -----
> 
>   ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/1/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224097
-----------------------------------------------------------


Ship it!




Ship It!

- Abhay Kulkarni


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
>     https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -----
> 
>   ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Ramesh Mani <rm...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224098
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
>     https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -----
> 
>   ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224099
-----------------------------------------------------------


Fix it, then Ship it!





ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 130 (patched)
<https://reviews.apache.org/r/73863/#comment313052>

    I think following will make it a little easier to read; please consider:
    
      // close() to be forwarded only for authorizer instances
      // see: https://solr.apache.org/docs/8_11_1/solr-core/org/apache/solr/core/SolrInfoBean.html#getName--
      boolean isAuthorizer = StringUtils.equals(super.getName(), RANGER_SOLR_AUTHORIZER_IMPL_CLASSNAME);
    
      if (isAuthorizer) {
       ...
      } else {
        if (LOG.isDebugEnabled()) {
          LOG.debug("RangerSolrAuthorizer.close(): not forwarding for instance '" + super.getName() + "'");
        }
      }


- Madhan Neethiraj


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
>     https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -----
> 
>   ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Sailaja Polavarapu <sp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------

(Updated Feb. 25, 2022, 1:56 a.m.)


Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.


Changes
-------

incorporated review comments


Bugs: RANGER-3638
    https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
-------

RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.


Diffs (updated)
-----

  ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/3/

Changes: https://reviews.apache.org/r/73863/diff/2-3/


Testing
-------

1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

Posted by Sailaja Polavarapu <sp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
-----------------------------------------------------------

(Updated Feb. 24, 2022, 2:31 p.m.)


Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and Ramesh Mani.


Changes
-------

Placed comments before checking the authorizer class name


Bugs: RANGER-3638
    https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
-------

RangerSolrAuthorizer is a common implementation call for both SearchComponent (for Document level Authorization) and AuthorizationPlugin (for collection level Authorization). RangerSolrAuthorizer implementation close() shutdowns the plugin and should be avoided when the call is for SearchComponent. Added check to get the authorizer class name to determine if the call is for SearchComponent of for the authorization plugin.


Diffs (updated)
-----

  ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/2/

Changes: https://reviews.apache.org/r/73863/diff/1-2/


Testing
-------

1. Patched cluster with the changes and verified the end to end functionality with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu