-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70426/
-----------------------------------------------------------
(Updated April 16, 2019, 5:26 p.m.)
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep
Agrawal, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
As sqlanywhere database does not allow any null-valued column in a composite
unique key, the patch is updated to have a hard-coded security zone
representing "unzoned" zone created at Ranger admin initialization time. The
only purpose for having this zone is to ensure that the zone_id field in
x_policy table is never null.
Bugs: RANGER-2400
https://issues.apache.org/jira/browse/RANGER-2400
Repository: ranger
Description
-------
Ranger enforces uniqueness of policy name within a service. However, with
introduction of security zones, policy name needs to be unique within a
security zone and a service. This will obviate the need for inventing unique
policy names if the policy is associated with the same service but different
security zones, as well as present security zone as a namespace in Ranger admin
as it does for making authorization decisions.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
547e2d204
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
710e75d57
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
fa50ab2d6
agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java
9e37cd550
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
8cdb9c3a6
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 0a529b412
security-admin/db/mysql/patches/037-create-security-zone-schema.sql aff9786c0
security-admin/db/mysql/patches/040-modify-unique-constraint-on-policy-table.sql
PRE-CREATION
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
9be7e8db9
security-admin/db/oracle/patches/037-create-security-zone-schema.sql
aae31dc11
security-admin/db/oracle/patches/040-modify-unique-constraint-on-policy-table.sql
PRE-CREATION
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
ec39c3242
security-admin/db/postgres/patches/037-create-security-zone-schema.sql
4a94d26d3
security-admin/db/postgres/patches/040-modify-unique-constraint-on-policy-table.sql
PRE-CREATION
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
abfe12058
security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql
5b7daded2
security-admin/db/sqlanywhere/patches/040-modify-unique-constraint-on-policy-table.sql
PRE-CREATION
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
1e8dff9f9
security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql
e621b43df
security-admin/db/sqlserver/patches/040-modify-unique-constraint-on-policy-table.sql
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
5499ea7c0
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
1d341c56f
security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 2a870efaa
security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZone.java
eccff5feb
security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
ec69d6e3a
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 7e702c144
security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java
ecd120eef
security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
88a563b6d
Diff: https://reviews.apache.org/r/70426/diff/4/
Changes: https://reviews.apache.org/r/70426/diff/3-4/
Testing
-------
Created security zone and ensured that the default policies created within zone
have same names as corresponding default policies in unzoned zone. Ensured that
within same zone (including unzoned zone), two policies with same name cannot
be created.
Thanks,
Abhay Kulkarni
