You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by bhavik patel <bh...@gmail.com> on 2019/05/16 10:48:31 UTC

Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2430
    https://issues.apache.org/jira/browse/RANGER-2430


Repository: ranger


Description
-------

Steps to Reproduce:
1. Create a zone for HDFS service
Zone name: zone1
Zoneadmin user: zoneadmin1
2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
3. It should not be allowed as hbase service is not associated with zone: zone1


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 


Diff: https://reviews.apache.org/r/70654/diff/1/


Testing
-------

User is no more able to create zone policy using curl command within service which are not associated to zone.


Thanks,

bhavik patel

Re: Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

Posted by bhavik patel <bh...@gmail.com>.


> On May 17, 2019, 5:01 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
> > Lines 213 (patched)
> > <https://reviews.apache.org/r/70654/diff/1/?file=2145481#file2145481line213>
> >
> >     Please add a unit test case to TestRangerPolicyValidator to cover this scenario.

Added couple of test cases around this change.


- bhavik


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/#review215326
-----------------------------------------------------------


On May 16, 2019, 10:48 a.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70654/
> -----------------------------------------------------------
> 
> (Updated May 16, 2019, 10:48 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2430
>     https://issues.apache.org/jira/browse/RANGER-2430
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Steps to Reproduce:
> 1. Create a zone for HDFS service
> Zone name: zone1
> Zoneadmin user: zoneadmin1
> 2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
> 3. It should not be allowed as hbase service is not associated with zone: zone1
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 
> 
> 
> Diff: https://reviews.apache.org/r/70654/diff/1/
> 
> 
> Testing
> -------
> 
> User is no more able to create zone policy using curl command within service which are not associated to zone.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/#review215326
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
Lines 213 (patched)
<https://reviews.apache.org/r/70654/#comment301995>

    Please add a unit test case to TestRangerPolicyValidator to cover this scenario.


- Abhay Kulkarni


On May 16, 2019, 10:48 a.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70654/
> -----------------------------------------------------------
> 
> (Updated May 16, 2019, 10:48 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2430
>     https://issues.apache.org/jira/browse/RANGER-2430
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Steps to Reproduce:
> 1. Create a zone for HDFS service
> Zone name: zone1
> Zoneadmin user: zoneadmin1
> 2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
> 3. It should not be allowed as hbase service is not associated with zone: zone1
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 
> 
> 
> Diff: https://reviews.apache.org/r/70654/diff/1/
> 
> 
> Testing
> -------
> 
> User is no more able to create zone policy using curl command within service which are not associated to zone.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

Posted by Pradeep Agrawal <pr...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/#review215398
-----------------------------------------------------------


Ship it!




Ship It!

- Pradeep Agrawal


On May 20, 2019, 12:08 p.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70654/
> -----------------------------------------------------------
> 
> (Updated May 20, 2019, 12:08 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2430
>     https://issues.apache.org/jira/browse/RANGER-2430
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Steps to Reproduce:
> 1. Create a zone for HDFS service
> Zone name: zone1
> Zoneadmin user: zoneadmin1
> 2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
> 3. It should not be allowed as hbase service is not associated with zone: zone1
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 
>   agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java 2c1de4e 
> 
> 
> Diff: https://reviews.apache.org/r/70654/diff/2/
> 
> 
> Testing
> -------
> 
> User is no more able to create zone policy using curl command within service which are not associated to zone.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

Posted by Abhay Kulkarni <ak...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/#review215365
-----------------------------------------------------------


Ship it!




Ship It!

- Abhay Kulkarni


On May 20, 2019, 12:08 p.m., bhavik patel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70654/
> -----------------------------------------------------------
> 
> (Updated May 20, 2019, 12:08 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2430
>     https://issues.apache.org/jira/browse/RANGER-2430
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Steps to Reproduce:
> 1. Create a zone for HDFS service
> Zone name: zone1
> Zoneadmin user: zoneadmin1
> 2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
> 3. It should not be allowed as hbase service is not associated with zone: zone1
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 
>   agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java 2c1de4e 
> 
> 
> Diff: https://reviews.apache.org/r/70654/diff/2/
> 
> 
> Testing
> -------
> 
> User is no more able to create zone policy using curl command within service which are not associated to zone.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 70654: RANGER-2430 Zoneadmin User is able to create policy for those services which is not associated to zone

Posted by bhavik patel <bh...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70654/
-----------------------------------------------------------

(Updated May 20, 2019, 12:08 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Oliver Szabo, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2430
    https://issues.apache.org/jira/browse/RANGER-2430


Repository: ranger


Description
-------

Steps to Reproduce:
1. Create a zone for HDFS service
Zone name: zone1
Zoneadmin user: zoneadmin1
2. Create a hbase policy with zone name as "zone1" through curl from zoneadmin user: zoneadmin1
3. It should not be allowed as hbase service is not associated with zone: zone1


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 3111037 
  agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java 990aab0 
  agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java 2c1de4e 


Diff: https://reviews.apache.org/r/70654/diff/2/

Changes: https://reviews.apache.org/r/70654/diff/1-2/


Testing
-------

User is no more able to create zone policy using curl command within service which are not associated to zone.


Thanks,

bhavik patel