----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73653/#review223617 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On Oct. 13, 2021, 7:07 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73653/ > ----------------------------------------------------------- > > (Updated Oct. 13, 2021, 7:07 p.m.) > > > Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Sailaja > Polavarapu. > > > Bugs: RANGER-3481 > https://issues.apache.org/jira/browse/RANGER-3481 > > > Repository: ranger > > > Description > ------- > > If Ranger has multiple security zones configured and policies from a single > security zone are modified, then the incremental policy update is not > processed correctly which results in incorrect enforcement of policies in > remaining security zones. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java > eee1b7a45 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java > 8866eed56 > > > Diff: https://reviews.apache.org/r/73653/diff/1/ > > > Testing > ------- > > - Compiled and passed all unit tests. > - Tested the following scenario in the cluster: > 1. Ensured that the cluser was set up with incremental policy update feature > enabled. > 2. Created multiple security zones spanning HDFS and Hive services > 3. Updated one policy from one zone to remove permission for one user > 4. After the policies were synced with services, ensure that the access > evaluation resources falling in each of the security zone was correctly > evaluated. > > > Thanks, > > Abhay Kulkarni > >
