Re: Review Request 74270: RANGER-4035: added catagory to access-types; added marker access-type: _ALL

Fri, 06 Jan 2023 11:10:57 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74270/
-----------------------------------------------------------

(Updated Jan. 6, 2023, 7:10 p.m.)


Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
Chaudhary, and Velmurugan Periasamy.


Changes
-------

Plugin changes to handle deny-_any and denyAllElse. This would result in 
earlier version plugins to fail for these usecases.

I am investigating options to keep this enhancement backward compatible.


Bugs: RANGER-4035
    https://issues.apache.org/jira/browse/RANGER-4035


Repository: ranger


Description
-------

- added category field to AccessTypeDef, which can be set to one of the 
following: CREATE/READ/UPDATE/DELETE/MANAGE
- updated to include access-typedef _ALL in each service-def, with all other 
access-types as impliedGrants
- updated to include following access-typedefs in each service-def, each 
including access-types having corresponding category
  -- _CREATE
  -- _READ
  -- _UPDATE
  -- _DELETE
  -- _MANAGE


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java
 05dde4edf 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 4f65d3da2 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 55752e79c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
 e50eb5f54 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
 f130e2491 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
fe1cf9244 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
 a7f48bb33 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 eb3d0ff46 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineComparison.java
 6f644cc3b 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngineForDeltas.java
 4e1844bc6 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestRangerAuthContext.java
 c07a7ea02 
  
agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
 3cd42f44f 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
6cc3509d8 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
6b9604817 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
 656bc0184 


Diff: https://reviews.apache.org/r/74270/diff/3/

Changes: https://reviews.apache.org/r/74270/diff/2-3/


Testing
-------

- verified that policy UI renders built-in marker types added in service-def - 
_ALL, _CREATE, _READ, _UPDATE, _DELETE, _MANAGE
- verified that plugin enforce built-in marker access-types referenced in 
policies


Thanks,

Madhan Neethiraj

Reply via email to