Re: Review Request 70426: RANGER-2400: policy name needs to be unique within security zone and service

Tue, 16 Apr 2019 18:40:51 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70426/#review214712
-----------------------------------------------------------


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Line 1849 (original), 1850 (patched)
<https://reviews.apache.org/r/70426/#comment300932>

    zoneId should be initialized to 
RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID, to avoid NULL being sent 
down to DB query from line #1860.



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 4343 (patched)
<https://reviews.apache.org/r/70426/#comment300933>

    Consider removing this commented code block.


- Madhan Neethiraj


On April 16, 2019, 5:26 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70426/
> -----------------------------------------------------------
> 
> (Updated April 16, 2019, 5:26 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep 
> Agrawal, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2400
>     https://issues.apache.org/jira/browse/RANGER-2400
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Ranger enforces uniqueness of policy name within a service. However, with 
> introduction of security zones, policy name needs to be unique within a 
> security zone and a service. This will obviate the need for inventing unique 
> policy names if the policy is associated with the same service but different 
> security zones, as well as present security zone as a namespace in Ranger 
> admin as it does for making authorization decisions.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
>  547e2d204 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
>  710e75d57 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
>  fa50ab2d6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 
> 9e37cd550 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
>  8cdb9c3a6 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 0a529b412 
>   security-admin/db/mysql/patches/037-create-security-zone-schema.sql 
> aff9786c0 
>   
> security-admin/db/mysql/patches/040-modify-unique-constraint-on-policy-table.sql
>  PRE-CREATION 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 9be7e8db9 
>   security-admin/db/oracle/patches/037-create-security-zone-schema.sql 
> aae31dc11 
>   
> security-admin/db/oracle/patches/040-modify-unique-constraint-on-policy-table.sql
>  PRE-CREATION 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> ec39c3242 
>   security-admin/db/postgres/patches/037-create-security-zone-schema.sql 
> 4a94d26d3 
>   
> security-admin/db/postgres/patches/040-modify-unique-constraint-on-policy-table.sql
>  PRE-CREATION 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  abfe12058 
>   security-admin/db/sqlanywhere/patches/037-create-security-zone-schema.sql 
> 5b7daded2 
>   
> security-admin/db/sqlanywhere/patches/040-modify-unique-constraint-on-policy-table.sql
>  PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> 1e8dff9f9 
>   security-admin/db/sqlserver/patches/037-create-security-zone-schema.sql 
> e621b43df 
>   
> security-admin/db/sqlserver/patches/040-modify-unique-constraint-on-policy-table.sql
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
> 5499ea7c0 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 1d341c56f 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 
> 2a870efaa 
>   security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZone.java 
> eccff5feb 
>   security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
> ec69d6e3a 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 7e702c144 
>   
> security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java
>  ecd120eef 
>   
> security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java 
> 88a563b6d 
> 
> 
> Diff: https://reviews.apache.org/r/70426/diff/4/
> 
> 
> Testing
> -------
> 
> Created security zone and ensured that the default policies created within 
> zone have same names as corresponding default policies in unzoned zone. 
> Ensured that within same zone (including unzoned zone), two policies with 
> same name cannot be created.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to