You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ankit Singhal <an...@apache.org> on 2018/03/07 14:13:50 UTC
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/
-----------------------------------------------------------
(Updated March 7, 2018, 2:13 p.m.)
Review request for ranger and Ramesh Mani.
Bugs: RANGER-1958
https://issues.apache.org/jira/browse/RANGER-1958
Repository: ranger
Description
-------
RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 189dc2c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java f8241c5
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 2b66c70
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 7a890b8
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad7834
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 665640f
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java 9f0e5ac
hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json f563c28
Diff: https://reviews.apache.org/r/65950/diff/1/
Testing
-------
Unit testing is done
Thanks,
Ankit Singhal
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review198830
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Lines 32 (patched)
<https://reviews.apache.org/r/65950/#comment279073>
Ankit, please rebase the patch for the Apache Master and send it again. It is not applying.
- Ramesh Mani
On March 7, 2018, 2:13 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated March 7, 2018, 2:13 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 189dc2c
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java f8241c5
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 2b66c70
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 7a890b8
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad7834
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 665640f
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java 9f0e5ac
> hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json f563c28
>
>
> Diff: https://reviews.apache.org/r/65950/diff/1/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ankit Singhal <an...@apache.org>.
> On March 7, 2018, 11:31 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
> > Line 384 (original), 384 (patched)
> > <https://reviews.apache.org/r/65950/diff/1/?file=1972226#file1972226line384>
> >
> > Please consider adding another method with a diffrent signature to get list of RangerPolicyItemEvaluators, instead of changing signature and implementation of this critical method.
> >
> > Signature of new method may look like:
> >
> > List<RangerPolicyItemEvaluator> getDeterminingPolicyItems(String user, Set<String> userGroups, List<String> accessType);
> >
> > Then have the caller provide list of all available hbase accessTypes - they can be figured out from hbase Service-definition).
> >
> > Method implementation may call getDeterminingPolicyItem for each accessType to build a list.
> >
> > This will isolate current implementation from hbase specific changes.
> >
> > Thanks!
Now using getResourceAcls API from RANGER-2061.
- Ankit
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review198831
-----------------------------------------------------------
On Aug. 20, 2018, 6:14 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2018, 6:14 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
> hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
>
>
> Diff: https://reviews.apache.org/r/65950/diff/2/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review198831
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
Line 384 (original), 384 (patched)
<https://reviews.apache.org/r/65950/#comment279074>
Please consider adding another method with a diffrent signature to get list of RangerPolicyItemEvaluators, instead of changing signature and implementation of this critical method.
Signature of new method may look like:
List<RangerPolicyItemEvaluator> getDeterminingPolicyItems(String user, Set<String> userGroups, List<String> accessType);
Then have the caller provide list of all available hbase accessTypes - they can be figured out from hbase Service-definition).
Method implementation may call getDeterminingPolicyItem for each accessType to build a list.
This will isolate current implementation from hbase specific changes.
Thanks!
- Abhay Kulkarni
On March 7, 2018, 2:13 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated March 7, 2018, 2:13 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 189dc2c
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java f8241c5
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java PRE-CREATION
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 2b66c70
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 7a890b8
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java aad7834
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 665640f
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java 9f0e5ac
> hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json f563c28
>
>
> Diff: https://reviews.apache.org/r/65950/diff/1/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review209155
-----------------------------------------------------------
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
Lines 36 (patched)
<https://reviews.apache.org/r/65950/#comment293449>
Could you please fix PMD violations?
```
[INFO] --- maven-pmd-plugin:3.7:check (default) @ ranger-hbase-plugin ---
[INFO] PMD Failure: org/apache/ranger/authorization/hbase/AuthorizationSession.java:36 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.plugin.policyengine.RangerResourceACLs'.
[INFO] PMD Failure: org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest:1007 Rule:UnusedLocalVariable Priority:3 Avoid unused local variables such as 'userPermission'..
```
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
Lines 1007 (patched)
<https://reviews.apache.org/r/65950/#comment293450>
Please fix PMD violation.
```
[INFO] --- maven-pmd-plugin:3.7:check (default) @ ranger-hbase-plugin ---
[INFO] PMD Failure: org/apache/ranger/authorization/hbase/AuthorizationSession.java:36 Rule:UnusedImports Priority:4 Avoid unused imports such as 'org.apache.ranger.plugin.policyengine.RangerResourceACLs'.
[INFO] PMD Failure: org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest:1007 Rule:UnusedLocalVariable Priority:3 Avoid unused local variables such as 'userPermission'..
```
- Velmurugan Periasamy
On Sept. 26, 2018, 10:40 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated Sept. 26, 2018, 10:40 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
> hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
>
>
> Diff: https://reviews.apache.org/r/65950/diff/3/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review209056
-----------------------------------------------------------
Ship it!
Ship It!
- Ramesh Mani
On Sept. 26, 2018, 10:40 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated Sept. 26, 2018, 10:40 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
> hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
>
>
> Diff: https://reviews.apache.org/r/65950/diff/3/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review209281
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 4, 2018, 11:38 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated Oct. 4, 2018, 11:38 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
> hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
>
>
> Diff: https://reviews.apache.org/r/65950/diff/4/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ankit Singhal <an...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/
-----------------------------------------------------------
(Updated Oct. 4, 2018, 11:38 p.m.)
Review request for ranger and Ramesh Mani.
Bugs: RANGER-1958
https://issues.apache.org/jira/browse/RANGER-1958
Repository: ranger
Description
-------
RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
Diffs (updated)
-----
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
Diff: https://reviews.apache.org/r/65950/diff/4/
Changes: https://reviews.apache.org/r/65950/diff/3-4/
Testing
-------
Unit testing is done
Thanks,
Ankit Singhal
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ankit Singhal <an...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/
-----------------------------------------------------------
(Updated Sept. 26, 2018, 10:40 p.m.)
Review request for ranger and Ramesh Mani.
Changes
-------
removed permissionAccess.getValue().getIsFinal() unnecessary check as per Abhay Kulkarni review comment.
Bugs: RANGER-1958
https://issues.apache.org/jira/browse/RANGER-1958
Repository: ranger
Description
-------
RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
Diffs (updated)
-----
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
Diff: https://reviews.apache.org/r/65950/diff/3/
Changes: https://reviews.apache.org/r/65950/diff/2-3/
Testing
-------
Unit testing is done
Thanks,
Ankit Singhal
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review208528
-----------------------------------------------------------
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
Lines 1377 (patched)
<https://reviews.apache.org/r/65950/#comment292515>
Is the check, permissionAccess.getValue().getIsFinal(), required? All permissionAccesses are set to final in RangerResourceACLs.finalizeAcls().
- Abhay Kulkarni
On Aug. 20, 2018, 6:14 p.m., Ankit Singhal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> -----------------------------------------------------------
>
> (Updated Aug. 20, 2018, 6:14 p.m.)
>
>
> Review request for ranger and Ramesh Mani.
>
>
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
>
>
> Diffs
> -----
>
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
> hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
>
>
> Diff: https://reviews.apache.org/r/65950/diff/2/
>
>
> Testing
> -------
>
> Unit testing is done
>
>
> Thanks,
>
> Ankit Singhal
>
>
Re: Review Request 65950: Add support to allow clients to access
resource permissions stored in Ranger
Posted by Ankit Singhal <an...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/
-----------------------------------------------------------
(Updated Aug. 20, 2018, 6:14 p.m.)
Review request for ranger and Ramesh Mani.
Changes
-------
Now leveraged RANGER-2061 to implement getUserPermissions() API of HBase plugin
Bugs: RANGER-1958
https://issues.apache.org/jira/browse/RANGER-1958
Repository: ranger
Description
-------
RANGER-1958 [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger
Diffs (updated)
-----
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java cdaad00a4
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java d85339a09
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 38408855d
hbase-agent/src/test/resources/hbase-policies.json b7b44c9ea
Diff: https://reviews.apache.org/r/65950/diff/2/
Changes: https://reviews.apache.org/r/65950/diff/1-2/
Testing
-------
Unit testing is done
Thanks,
Ankit Singhal