You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Madhan Neethiraj <ma...@apache.org> on 2016/04/01 00:08:24 UTC

Re: Review Request 45517: RANGER-873: Ranger policy model update to support data-mask policies


> On March 31, 2016, 9:33 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java, line 65
> > <https://reviews.apache.org/r/45517/diff/1/?file=1320233#file1320233line65>
> >
> >     If this is only called from with setPolicy(), consider making this private and remove it from the Interface RangerPolicyResourceMatcher

setPolicyResources() is called from couple of other places - like RangerTagEnricher, RangerHiveResourcesAccessedTogetherCondition. This method should continue to exist as public.


> On March 31, 2016, 9:33 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java, line 207
> > <https://reviews.apache.org/r/45517/diff/1/?file=1320230#file1320230line207>
> >
> >     Is this necessary? normalizeAndPrunePolicies() is called only for tag-policies.

This was added so that dataMaskPolicyItems collection will be handled just like other policyItem collections. Since this collection will be empty for tag-based policies (for now), this will be no-op.


- Madhan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45517/#review126396
-----------------------------------------------------------


On March 31, 2016, 1:40 a.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45517/
> -----------------------------------------------------------
> 
> (Updated March 31, 2016, 1:40 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-873
>     https://issues.apache.org/jira/browse/RANGER-873
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Updated Ranger policy model to support data-mask policies
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 522d130 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java 8b919d0 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java cab7006 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java 53df193 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java 0507fc4 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java 075a374 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java 4a394d4 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java c48fb72 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 710d0c5 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 4742850 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java f743d55 
>   agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 5063eea 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 1ec88d5 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 90242da 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b966be9 
>   agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java 7cc2831 
>   agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java d9e50e4 
>   agents-common/src/test/resources/policyengine/test_policyengine_hive_masking.json 92b21aa 
>   security-admin/db/mysql/patches/020-datamask-policy.sql 43d9395 
>   security-admin/db/postgres/patches/020-datamask-policy.sql PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 77203dc 
>   security-admin/src/main/java/org/apache/ranger/common/JSONUtil.java 38a1659 
>   security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 62b11ce 
>   security-admin/src/main/java/org/apache/ranger/entity/XXResourceDef.java 8a2b6e0 
>   security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java 7a172d4 
> 
> Diff: https://reviews.apache.org/r/45517/diff/
> 
> 
> Testing
> -------
> 
> added unit tests to verify the new functionality
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>