----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74091/#review224633 -----------------------------------------------------------
Ship it! Ship It! - Pradeep Agrawal On Aug. 19, 2022, 7:47 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74091/ > ----------------------------------------------------------- > > (Updated Aug. 19, 2022, 7:47 p.m.) > > > Review request for ranger, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, > and Velmurugan Periasamy. > > > Bugs: RANGER-3861 > https://issues.apache.org/jira/browse/RANGER-3861 > > > Repository: ranger > > > Description > ------- > > Ranger allows non-admin users to create Ranger services. As a part of service > creation, usually there are default policies created as well. If such > policies contain users/groups/roles that do not yet exist in Ranger, then the > the default policies cannot be created - only admin users can create new > users/groups/roles - and service creation fails. This clearly is not a > desired behavior. > > A non-admin service creator should be allowed to create service default > policy and users/groups/roles in that policy. > > > The patch treats creating a default policy differently than creating a > default policy (which is created implicitly when a Ranger service is > created). In the latter case, the check for user having admin privileges is > bypassed. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java > 6283e02f2 > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 6c99df4e9 > security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java > 66adac2b5 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 41fb3bb96 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 9af354d09 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java > 8367d3f6b > > security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java > 9f0717a40 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java > c40280629 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java > ae6158ab0 > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > dfb5814f3 > > > Diff: https://reviews.apache.org/r/74091/diff/1/ > > > Testing > ------- > > Ran all unit tests successfully. > > Manually tested in the cluster service creation by a non-admin user with some > of the users of default policies missing. Ensured that the necessary > users/groups/roles are created and default policies as well as service gets > created successfully. > > > Thanks, > > Abhay Kulkarni > >
