> On Jan. 3, 2022, 9:38 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java > > Lines 107 (patched) > > <https://reviews.apache.org/r/73782/diff/2/?file=2257360#file2257360line107> > > > > Is it possible to have line 103 to return a value containing tokens? If > > so, then tokenReplacer.replaceTokens() also needs to be executed to get the > > final expandedValue.
Abhay - thanks for catching this scenario, especially as this helps address RANGER-1302. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73782/#review223918 ----------------------------------------------------------- On Jan. 2, 2022, 9:56 p.m., Madhan Neethiraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73782/ > ----------------------------------------------------------- > > (Updated Jan. 2, 2022, 9:56 p.m.) > > > Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3567 > https://issues.apache.org/jira/browse/RANGER-3567 > > > Repository: ranger > > > Description > ------- > > - updated policy resource matchers to support expressions that refer to > request attributes > - request expressions are enabled by default; can be disabled in a > resource-def by setting matcherOption replaceReqExpressions=false > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 8bfc16136 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java > d99a7d57c > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java > 80ed569f4 > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java > 7841838af > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java > 43297d66f > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java > e21d9079d > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java > 6d8e293a6 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > 474005570 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestExprResolver.java > d70430b70 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 81c374400 > > agents-common/src/test/resources/policyengine/test_policyengine_resource_with_req_expressions.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73782/diff/2/ > > > Testing > ------- > > - added test cases to validate resource names that include request expressions > > > Thanks, > > Madhan Neethiraj > >
