Re: Review Request 72237: RANGER-2758 :Option to create missing users/groups while creating/updating roles

Thu, 19 Mar 2020 06:44:01 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72237/#review220007
-----------------------------------------------------------


Ship it!




Ship It!

- Mehul Parikh


On March 17, 2020, 1:06 p.m., Dineshkumar Yadav wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72237/
> -----------------------------------------------------------
> 
> (Updated March 17, 2020, 1:06 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Gautam Borad, Jayendra 
> Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, Nixon Rodrigues, Pradeep Agrawal, Ramesh Mani, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Problem Statement: Currently Ranger dose not allow to create or update roles 
> while it passes non-existing users or groups during role creation or updating.
> 
> Solution: 1. Now this option will be available with one additional optional 
> Queryparam "createNonExistUserGroup" which is boolean value. If we wanted to 
> create role with non existing  groups or roles, pass the value true in 
> queryparam otherwise false. Role will be get created or updated.   
> 2. Default value for QueryParam "createNonExistUserGroup" is false and this 
> is optional, so that existing api dose not get affected with this changes.
> 3. This changes done for create and update Role for both internal and public 
> api.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java
>  bc3459852 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 7da43d518 
>   security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
> baacfa4d8 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 
> 5be8d9de8 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
> 3742bd687 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> 1a8394978 
>   security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java d690297bf 
> 
> 
> Diff: https://reviews.apache.org/r/72237/diff/1/
> 
> 
> Testing
> -------
> 
> Steps Performed (without patch):
>  1. Try to create role using non-existing users/groups. It won't allow to 
> create.
>   
> Steps Performed (with patch):  
> Note we have to pass optional Queryparam createNonExistUserGroup=true
> 1. Try same steps as mentioned above this time role will get created.
> 2. Try to update role with non- exisitng users/groups. It will allow to 
> update.
> 3. without Queryparam or createNonExistUserGroup=false it will behave as per 
> existing behavior
> 
> 
> Thanks,
> 
> Dineshkumar Yadav
> 
>

Reply via email to