-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218145
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Lines 62 (patched)
<https://reviews.apache.org/r/71583/#comment305717>

    getRangerRoles() can return null if roleVersion is same as the currnet role 
version in DB - which will leave rangerRoles as null. Please review and update 
to handle this case.



agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Line 65 (original), 72 (patched)
<https://reviews.apache.org/r/71583/#comment305718>

    updatedServicePolicies() needs to be called even when no change in 
policyVersion ('if' at #64 is false) but roleVersion has changed. This will be 
missed since this line is inside 'if' block at #64. Please review and update.


- Madhan Neethiraj


On Oct. 9, 2019, 1:01 a.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> -----------------------------------------------------------
> 
> (Updated Oct. 9, 2019, 1:01 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
>     https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  251a0ec 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
>  5cd82d8 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 2fec9a0 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 190c6f5 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/7/
> 
> 
> Testing
> -------
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Reply via email to