Re: Review Request 70257: RANGER-2375: RangerAuthContext is not correctly initialized

Wed, 20 Mar 2019 22:06:27 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70257/
-----------------------------------------------------------

(Updated March 21, 2019, 5:06 a.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Changes
-------

Addressed review comment


Bugs: RANGER-2375
    https://issues.apache.org/jira/browse/RANGER-2375


Repository: ranger


Description
-------

RangerAuthContext object may be used to provide consistent view of 
authorization policies database across multiple authorization API calls. It 
maintains a list of context enrichers, if defined, to provide context 
enrichment for access requests. When this list is not maintained correctly, 
context for authorization will not be initialized correctly, and authorization 
calls made with RangerAuthContext will fail.

This seems to a regression introduced by RANGER-2341.

The fix consists of creating a RangerAuthContext object before a 
RangerPolicyEngine is created from policies.


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
 ddc6df2fa 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
 b2cccef5c 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 e52d4de28 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestProjectProvider.java
 PRE-CREATION 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestRangerAuthContext.java
 PRE-CREATION 
  agents-common/src/test/resources/policyengine/plugin/resourceTags.json 
PRE-CREATION 
  agents-common/src/test/resources/policyengine/plugin/test_auth_context.json 
PRE-CREATION 
  agents-common/src/test/resources/policyengine/plugin/userText.txt 
PRE-CREATION 


Diff: https://reviews.apache.org/r/70257/diff/2/

Changes: https://reviews.apache.org/r/70257/diff/1-2/


Testing
-------

Tested with policies containing policy conditions that depended on context of 
access-request to be populated correctly. Verified that context is populated 
correctly and policies with conditions work as expected.


Thanks,

Abhay Kulkarni

Reply via email to