Re: Review Request 71260: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation

[Ramesh Mani]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71260/
-----------------------------------------------------------

(Updated Aug. 14, 2019, 12:44 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
-------

Fixed an issue with Grant pemission calls


Bugs: RANGER-2512
    https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
-------

RANGER-2512:RangerRolesRESTClient for serving user group
 roles to the plugins for evaluation


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
 6367235 
  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
 b09a9be 
  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 62d5776 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java
 e3f9f15 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 d201aa6 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 015ca09 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 daa62f4 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
 02f3431 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 8d89a18 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java 
0e52c31 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 
310f69d 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRoles.java 
PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesUtil.java 
PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 
8c63434 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 d1e0c23 
  
knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
 f57012e 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 63959c9 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 28b2c11 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ef22354 
  security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java 
f6b9e1a 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 25fb085 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 348d072 


Diff: https://reviews.apache.org/r/71260/diff/3/

Changes: https://reviews.apache.org/r/71260/diff/2-3/


Testing
-------

- Testing done in Local Vm for
 1) Role cache file creation along with Policy file.
 2) Role based authorization happening based on the user / group role in the 
plugin.
 3) Ranger Admin now has role version and based on the roles are to be fetched 
to the plugin.
 4) RoleREST
curl -u user:password -H "Accept: application/json" -H "Content-Type: 
application/json" -X GET "http://`hostname 
-f`:6080/service/roles/secure/download/cm_hive?lastKnownRoleVersion=-1"


Thanks,

Ramesh Mani