Re: Review Request 70257: RANGER-2375: RangerAuthContext is not correctly initialized

Thu, 21 Mar 2019 12:48:06 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70257/#review213889
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On March 21, 2019, 5:06 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70257/
> -----------------------------------------------------------
> 
> (Updated March 21, 2019, 5:06 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-2375
>     https://issues.apache.org/jira/browse/RANGER-2375
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerAuthContext object may be used to provide consistent view of 
> authorization policies database across multiple authorization API calls. It 
> maintains a list of context enrichers, if defined, to provide context 
> enrichment for access requests. When this list is not maintained correctly, 
> context for authorization will not be initialized correctly, and 
> authorization calls made with RangerAuthContext will fail.
> 
> This seems to a regression introduced by RANGER-2341.
> 
> The fix consists of creating a RangerAuthContext object before a 
> RangerPolicyEngine is created from policies.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
>  ddc6df2fa 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
>  b2cccef5c 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  e52d4de28 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestProjectProvider.java
>  PRE-CREATION 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestRangerAuthContext.java
>  PRE-CREATION 
>   agents-common/src/test/resources/policyengine/plugin/resourceTags.json 
> PRE-CREATION 
>   agents-common/src/test/resources/policyengine/plugin/test_auth_context.json 
> PRE-CREATION 
>   agents-common/src/test/resources/policyengine/plugin/userText.txt 
> PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70257/diff/2/
> 
> 
> Testing
> -------
> 
> Tested with policies containing policy conditions that depended on context of 
> access-request to be populated correctly. Verified that context is populated 
> correctly and policies with conditions work as expected.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to