You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sailaja Polavarapu <sp...@hortonworks.com> on 2022/03/10 02:06:50 UTC
Review Request 73896: RANGER-3657: Support for recursive ACL check for subpaths in Ozone plugin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73896/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
Bugs: RANGER-3657
https://issues.apache.org/jira/browse/RANGER-3657
Repository: ranger
Description
-------
Added code to support recursive delete operations for Ranger Ozone plugin including upgrade patch for service def changes. Also added plugin side change to retrieve owner information from the request context as an extention to https://reviews.apache.org/r/73051/
Updated Ozone version.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java f44570623
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 41ad8936d
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 12fecd030
agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 4b899736b
plugin-ozone/pom.xml 264197acf
plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java 12e647ca3
plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java 704412246
pom.xml 49a06411d
ranger-ozone-plugin-shim/pom.xml ab3dc4e3f
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b603f96cd
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql c111a28f6
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 854a2c676
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b45eace3b
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql adec99857
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java df75db11a
security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10056.java PRE-CREATION
Diff: https://reviews.apache.org/r/73896/diff/1/
Testing
-------
Patched cluster and verified functionality with recursive delete operations and few regression tests.
Also verified manually upgrade patch changes.
Thanks,
Sailaja Polavarapu
Re: Review Request 73896: RANGER-3657: Support for recursive ACL check for subpaths in Ozone plugin
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73896/#review224252
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
Lines 586 (patched)
<https://reviews.apache.org/r/73896/#comment313129>
consider resouce-match-scope as a parameter to this method, instead of hardcoding here. This will make PolicyEngine.getMatchingPolicies() more widely applicable
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
Lines 588 (patched)
<https://reviews.apache.org/r/73896/#comment313130>
Consider sending resource-match-scope as parameter to getMatchedZonesForResourceAndChildren(), and rename the method:
Set<String> zoneNames = getMatchedZonesForResource(resource, scope)
plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
Lines 269 (patched)
<https://reviews.apache.org/r/73896/#comment313131>
If the requirement is to check if user has permission for all paths under a given directory, wouldn't it be enough to check for 'path + "/*"'? This will match only for policies that match for entire hierarchy below the given path (or its ancestors).
- Madhan Neethiraj
On March 10, 2022, 2:06 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73896/
> -----------------------------------------------------------
>
> (Updated March 10, 2022, 2:06 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3657
> https://issues.apache.org/jira/browse/RANGER-3657
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support recursive delete operations for Ranger Ozone plugin including upgrade patch for service def changes. Also added plugin side change to retrieve owner information from the request context as an extention to https://reviews.apache.org/r/73051/
> Updated Ozone version.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java f44570623
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 41ad8936d
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 12fecd030
> agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 4b899736b
> plugin-ozone/pom.xml 264197acf
> plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java 12e647ca3
> plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java 704412246
> pom.xml 49a06411d
> ranger-ozone-plugin-shim/pom.xml ab3dc4e3f
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b603f96cd
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql c111a28f6
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 854a2c676
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b45eace3b
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql adec99857
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java df75db11a
> security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10056.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/73896/diff/1/
>
>
> Testing
> -------
>
> Patched cluster and verified functionality with recursive delete operations and few regression tests.
> Also verified manually upgrade patch changes.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>
Re: Review Request 73896: RANGER-3657: Support for recursive ACL check for subpaths in Ozone plugin
Posted by Sailaja Polavarapu <sp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73896/
-----------------------------------------------------------
(Updated Aug. 4, 2022, 9:47 p.m.)
Review request for ranger, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
Added code to retrieve all the children for likely matching resources for recursive delete evaluation and incorporated some review comments
Bugs: RANGER-3657
https://issues.apache.org/jira/browse/RANGER-3657
Repository: ranger
Description
-------
Added code to support recursive delete operations for Ranger Ozone plugin including upgrade patch for service def changes. Also added plugin side change to retrieve owner information from the request context as an extention to https://reviews.apache.org/r/73051/
Updated Ozone version.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java f44570623
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 3ae0add51
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java 504acd3a2
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java dc51078a7
agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 4b899736b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6
plugin-ozone/pom.xml 264197acf
plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java 12e647ca3
pom.xml 0945f4b1d
ranger-ozone-plugin-shim/pom.xml ab3dc4e3f
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 833ffa0e0
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0d79d30f2
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql d0e6a3824
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 20ab7c224
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 827e982af
security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 97a384f30
security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10057.java PRE-CREATION
Diff: https://reviews.apache.org/r/73896/diff/2/
Changes: https://reviews.apache.org/r/73896/diff/1-2/
Testing
-------
Patched cluster and verified functionality with recursive delete operations and few regression tests.
Also verified manually upgrade patch changes.
Thanks,
Sailaja Polavarapu
Re: Review Request 73896: RANGER-3657: Support for recursive ACL check for subpaths in Ozone plugin
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73896/#review224251
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On March 10, 2022, 2:06 a.m., Sailaja Polavarapu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73896/
> -----------------------------------------------------------
>
> (Updated March 10, 2022, 2:06 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3657
> https://issues.apache.org/jira/browse/RANGER-3657
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Added code to support recursive delete operations for Ranger Ozone plugin including upgrade patch for service def changes. Also added plugin side change to retrieve owner information from the request context as an extention to https://reviews.apache.org/r/73051/
> Updated Ozone version.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java f44570623
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 41ad8936d
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 12fecd030
> agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 4b899736b
> plugin-ozone/pom.xml 264197acf
> plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java 12e647ca3
> plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java 704412246
> pom.xml 49a06411d
> ranger-ozone-plugin-shim/pom.xml ab3dc4e3f
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b603f96cd
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql c111a28f6
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 854a2c676
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b45eace3b
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql adec99857
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java df75db11a
> security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10056.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/73896/diff/1/
>
>
> Testing
> -------
>
> Patched cluster and verified functionality with recursive delete operations and few regression tests.
> Also verified manually upgrade patch changes.
>
>
> Thanks,
>
> Sailaja Polavarapu
>
>