----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73367/#review223073 -----------------------------------------------------------
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java Lines 836 (patched) <https://reviews.apache.org/r/73367/#comment312210> Consider setting isFallbackSupported based on existing config i.e. this.hadoopAuthEnabled. Replace #836 with the following line after #838: config.setIsFallbackSupported(this.hadoopAuthEnabled); plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java Lines 301 (patched) <https://reviews.apache.org/r/73367/#comment312213> Consider enabling fallback based on existing config, RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_PROP i.e. from line #92: boolean yarnAuthEnabled = rangerPluginConfig.getBoolean(RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_YARN_PERMISSION_DEFAULT); rangerPluginConfig.setIsFallbackSupported(yarnAuthEnabled); This will make policy-engine to not return UNDETERMINED when fallback is disabled. Changes in RangerYarnAuthorizer shouldn't be needed with above. - Madhan Neethiraj On May 27, 2021, 11:15 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73367/ > ----------------------------------------------------------- > > (Updated May 27, 2021, 11:15 p.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3294 > https://issues.apache.org/jira/browse/RANGER-3294 > > > Repository: ranger > > > Description > ------- > > RANGER-3294:AccessResult attribute with isAudited as false not filtered in > Ranger Audit Filter > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java > 7b34f77da > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > ecfc9ad14 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 4d7fb6c87 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 539d4c148 > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 1f965823c > > > Diff: https://reviews.apache.org/r/73367/diff/2/ > > > Testing > ------- > > - Verified in local VM for audit filter to filter out Allow and deny request > in Hive. > - Verified YARN and HDFS fallback and audit related to it. > > > Thanks, > > Ramesh Mani > >
