> On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java > > Lines 228 (patched) > > <https://reviews.apache.org/r/71654/diff/1/?file=2169861#file2169861line228> > > > > RangerServiceDisabledException is also thrown if grant or revoke > > endpoint or role-download endpoint) is invoked for disabled service. It > > needs to be handled for those cases as well.
I have updated the patch to handle those cases > On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote: > > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java > > Line 1365 (original), 1366 (patched) > > <https://reviews.apache.org/r/71654/diff/1/?file=2169864#file2169864line1366> > > > > This code will be executed only if https is enabled. Please review. When service is disabled, http request will also execute this code and throw RangerServiceDisabledException > On 十月 31, 2019, 5:33 a.m., Abhay Kulkarni wrote: > > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java > > Line 1500 (original), 1501 (patched) > > <https://reviews.apache.org/r/71654/diff/1/?file=2169864#file2169864line1501> > > > > This code will not be executed when unsecured REST endpoints (for > > policy download, grant and revoke) are called. Correspondingly, client > > calling these endpoints will not get this exception even when service is > > invalid. Unsecured REST will throw RangerServiceDisabledException in method isValidateHttpsAuthentication(String serviceName, HttpServletRequest request) - Xing ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71654/#review218471 ----------------------------------------------------------- On 十月 23, 2019, 9:08 a.m., Xing Peng wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71654/ > ----------------------------------------------------------- > > (Updated 十月 23, 2019, 9:08 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan > Neethiraj, Sailaja Polavarapu, sam rome, Venkat Ranganathan, Velmurugan > Periasamy, Qiang Zhang, and Zsombor Gegesy. > > > Bugs: RANGER-2629 > https://issues.apache.org/jira/browse/RANGER-2629 > > > Repository: ranger > > > Description > ------- > > When service is disabled, the plugins should use an empty policy instead of > the last known version of policies. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 86469fd5a > > agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java > 7ec8495bc > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceDisabledException.java > PRE-CREATION > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > 0fafa6e4b > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java > 2b1a3fa30 > > > Diff: https://reviews.apache.org/r/71654/diff/1/ > > > Testing > ------- > > Test Result: > > Tested. > > > Thanks, > > Xing Peng > >
