----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71260/#review217468 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java Line 95 (original), 100 (patched) <https://reviews.apache.org/r/71260/#comment304728> If the policies don't change but the roles change, how does Base plugin know that the policy-engine (or at least the role-mapping part in the policy-engine) needs to be rebuilt? agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java Line 319 (original), 331 (patched) <https://reviews.apache.org/r/71260/#comment304730> New policy engine is created only when setPolicies() is called - which is when policy-version changes. However, if roles change, then a new policy-engine is required to be created so that it can use the role mapping correctly. Please review. agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java Line 328 (original), 340 (patched) <https://reviews.apache.org/r/71260/#comment304731> When policy-delta are used, how are (potentially new) role-mapping is provided to it? security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java Lines 69 (patched) <https://reviews.apache.org/r/71260/#comment304729> Please review the condition. - Abhay Kulkarni On Aug. 27, 2019, 7:02 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71260/ > ----------------------------------------------------------- > > (Updated Aug. 27, 2019, 7:02 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2512 > https://issues.apache.org/jira/browse/RANGER-2512 > > > Repository: ranger > > > Description > ------- > > RANGER-2512:RangerRolesRESTClient for serving user group > roles to the plugins for evaluation > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java > 6367235 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java > b09a9be > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 62d5776 > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java > e3f9f15 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java > d201aa6 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java > 015ca09 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > daa62f4 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java > 02f3431 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 8d89a18 > > agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java > 0e52c31 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 310f69d > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRoles.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesUtil.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java > 8c63434 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 7180675 > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > f57012e > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 63959c9 > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 28b2c11 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > fc4b40d > security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > f6b9e1a > security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 25fb085 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > bb825b8 > > > Diff: https://reviews.apache.org/r/71260/diff/4/ > > > Testing > ------- > > - Testing done in Local Vm for > 1) Role cache file creation along with Policy file. > 2) Role based authorization happening based on the user / group role in the > plugin. > 3) Ranger Admin now has role version and based on the roles are to be > fetched to the plugin. > 4) RoleREST > curl -u user:password -H "Accept: application/json" -H "Content-Type: > application/json" -X GET "http://`hostname > -f`:6080/service/roles/secure/download/cm_hive?lastKnownRoleVersion=-1" > > > Thanks, > > Ramesh Mani > >
