-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/
-----------------------------------------------------------
(Updated May 17, 2019, 6:51 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Summary (updated)
-----------------
RANGER-2436 - Custom condition: Access from cluster
Bugs: RANGER-2436
https://issues.apache.org/jira/browse/RANGER-2436
Repository: ranger
Description
-------
Include a custom-condition that checks if the current cluster-name matches one
of the condition values. This will enable setting up different authorization
policies depending on the cluster from which access was performed.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerClusterMatcher.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
5b66539
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
0c078a8
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
45231e7
agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
370ff56
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
a54d69e
Diff: https://reviews.apache.org/r/70658/diff/2/
Testing
-------
1.Tested If cluster name condition is provided in policy/policyItem condition
then access is granted if that cluster name is given in policy condition while
setting up the policy.
2.If condition is specified with some cluster names and the cluster from which
access request is coming is not present in condition then access is denied.
3.Tested for hive plugin
Thanks,
Nikhil P
