----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68855/#review209318 -----------------------------------------------------------
agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json Line 29 (original), 30 (patched) <https://reviews.apache.org/r/68855/#comment293635> Please consider adding "mandatory":true for all resources (it's already added for topic resource). plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java Lines 54 (patched) <https://reviews.apache.org/r/68855/#comment293633> Please consider using RangerKafkaAuthorizer.KEY_CLUSTER instead of "cluster". plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java Lines 56 (patched) <https://reviews.apache.org/r/68855/#comment293634> If the resource-type is cluster, then resourceName will be non-null. Given that resourceName is non-null, the check resourceName.equalsIgnoreCase(request.getRequestData() will always be true. Please consider checking the access-type in the original request for the specific "create" operation to decide if audit needs to be skipped. - Abhay Kulkarni On Oct. 5, 2018, 11:15 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68855/ > ----------------------------------------------------------- > > (Updated Oct. 5, 2018, 11:15 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan > Periasamy. > > > Bugs: RANGER-2222 > https://issues.apache.org/jira/browse/RANGER-2222 > > > Repository: ranger > > > Description > ------- > > RANGER-2222: Apache RangerKafkaPlugin support to handle Kafka Cluster as a > new resource > > > Diffs > ----- > > agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json > ca3e0fe > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java > PRE-CREATION > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > eab869a > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java > c1386fe > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java > PRE-CREATION > plugin-kafka/src/test/resources/kafka-policies.json 0c07604 > plugin-kafka/src/test/resources/kafka_kerberos.jaas 1de804b > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 3f23b00 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > bafdb96 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 2bc58ac > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 1b64eea > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 4a216fe > > security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java > PRE-CREATION > src/main/assembly/plugin-kafka.xml 97ff8ad > > > Diff: https://reviews.apache.org/r/68855/diff/5/ > > > Testing > ------- > > - This patch addresses "Cluster" and "DelegationToken" as resource in Ranger > plugin. > - Tested in local vm and added unit test for TopicCreation. > - Upgrade patch tested for default policy creation for cluster and delegation > token as resource. > > > Thanks, > > Ramesh Mani > >
