----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71260/#review217151 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java Lines 40 (patched) <https://reviews.apache.org/r/71260/#comment304424> getUserGroupRolesIfUpdate() ==> getRolesIfUpdated() agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRoles.java Lines 39 (patched) <https://reviews.apache.org/r/71260/#comment304425> RangerUserGroupRoles => RangerRoles agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRoles.java Lines 43 (patched) <https://reviews.apache.org/r/71260/#comment304422> Are the following fields necessary in RangerUserGroupRoles? - pluginId - clustserName - serviceId agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRoles.java Lines 48 (patched) <https://reviews.apache.org/r/71260/#comment304423> It might be useful to get list of RangerRole objects, instead of pre-processed roleNames for users and groups. For example, details like 'RoleMember.isAdmin' and 'RangerRole.options' could be useful for clients of this API. Consider moving the pre-processing to the client side implementation. agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRolesProvider.java Lines 38 (patched) <https://reviews.apache.org/r/71260/#comment304426> RangerUserGroupRolesProvider => RangerRolesProvider agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java Lines 57 (patched) <https://reviews.apache.org/r/71260/#comment304427> Is it necessary to include fields related to 'roles' in ServicePolicies? With the introduction of RangerRoles and RangerRolesProviders, we should remove userRoles and groupRoles from ServicePolicies. - Madhan Neethiraj On Aug. 9, 2019, 3:54 a.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71260/ > ----------------------------------------------------------- > > (Updated Aug. 9, 2019, 3:54 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2512 > https://issues.apache.org/jira/browse/RANGER-2512 > > > Repository: ranger > > > Description > ------- > > RANGER-2512:RangerRolesRESTClient for serving user group > roles to the plugins for evaluation > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java > 6367235 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java > b09a9be > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 62d5776 > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java > e3f9f15 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java > d201aa6 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java > 015ca09 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > daa62f4 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java > 02f3431 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 8d89a18 > > agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java > 0e52c31 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 310f69d > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRoles.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerUserGroupRolesProvider.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java > 8c63434 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > d1e0c23 > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 63959c9 > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 28b2c11 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ef22354 > security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > f6b9e1a > security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 25fb085 > > > Diff: https://reviews.apache.org/r/71260/diff/1/ > > > Testing > ------- > > - Testing done in Local Vm for > 1) Role cache file creation along with Policy file. > 2) Role based authorization happening based on the user / group role in the > plugin. > 3) Ranger Admin now has role version and based on the roles are to be > fetched to the plugin. > 4) RoleREST > curl -u user:password -H "Accept: application/json" -H "Content-Type: > application/json" -X GET "http://`hostname > -f`:6080/service/roles/secure/download/cm_hive?lastKnownRoleVersion=-1" > > > Thanks, > > Ramesh Mani > >
