-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/
-----------------------------------------------------------
(Updated Oct. 21, 2022, 9:09 p.m.)
Review request for ranger and madhan.
Changes
-------
added a new diff. I guess since the package name changed, or because of how I
updated this repo from my working repo, the diff just shows deleted files and
new files. There is also a lot of refactoring between diff 1 and diff 2. if
this diff is not acceptable, let me know. (I might also need help on how to do
better at updating this repo from my working repo.) I'm sorry if I'm causing
undue inconvenience.
Bugs: Ranger-3855
https://issues.apache.org/jira/browse/Ranger-3855
Repository: ranger
Description
-------
RangerExternalUserStoreRetriever class Ranger-3855
Ranger version 3.0.0 provides a means, via a context enricher, to add or
retrieve attributes to the database of users for whom Ranger controls access.
This permits syntax like "Dumbo" in $USER.aliases any Ranger policy condition,
including row and tag filters. This greatly enhances the ability to provide
custom Attribute-based Access Control based on the specific business needs of
one's organization.
I believe that the original assumption was that such attributes would be added
to AD/LDAP and enter Ranger via regular user sync's. However, this process does
not currently work with Azure AD, which many organizations use. Neither does it
provide timely support for organizations for whom adding each new attribute to
AD would be subject to prolonged scrutiny by overworked security teams.
In the spirit of the RangerAdminUserStoreRetriever context enricher, we have
written a RangerExternalUserStoreRetriever class which adds arbitrary
attributes to Ranger users via external API calls, thus freeing additions to
the UserStore from dependency on AD/LDAP. We have also written a
RangerRoleUserStoreRetriever class, which transforms role membership into user
attributes, for ease of use in complex policy conditions.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetBearerToken.java
4e1d19556
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromDataFile.java
60c7f22f7
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/GetFromURL.java
1b9335339
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/HandleSecrets.java
c5e13dbba
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/LICENSE
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/NOTICE
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/README.md
eaf9ae823
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerExternalUserStoreRetriever.java
c7ab74bc7
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/RangerRoleUserStoreRetriever.java
9eb50faa3
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/TokenInputs.java
b9e1f0185
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalUserStoreRetrievers/pom.xml
d2914dbc0
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetBearerToken.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/HandleSecrets.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/README.md
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerExternalUserStoreRetriever.java
PRE-CREATION
Diff: https://reviews.apache.org/r/74142/diff/2/
Changes: https://reviews.apache.org/r/74142/diff/1-2/
Testing
-------
Thanks,
Barbara Eckman
