-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74386/
-----------------------------------------------------------
(Updated April 10, 2023, 4:07 p.m.)
Review request for ranger, Abhishek Kumar, Anand Nadar, Ankita Sinha, Kishor
Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Monika Kachhadiya, Pradeep
Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat Chaudhary, Tejas Patil, and
Velmurugan Periasamy.
Changes
-------
- fixed updatePolicy() to honor query-param createPrincipalsIfAbsent
- updated to handle createPrincipalsIfAbsent query-param per request, by not
storing it in UserSessionBase - which applies for entire login session of the
user
Bugs: RANGER-4177
https://issues.apache.org/jira/browse/RANGER-4177
Repository: ranger
Description
-------
- updated policy create/update to fail when the policy references non-existing
users/groups/roles
- added an option to create missing users/groups/roles for admin users via
query parameter named createPrincipalsIfAbsent
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java
4581112fe
security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
f9294c1e1
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
562467e80
security-admin/src/main/java/org/apache/ranger/security/context/RangerAdminOpContext.java
a447882ab
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
782fe1173
Diff: https://reviews.apache.org/r/74386/diff/2/
Changes: https://reviews.apache.org/r/74386/diff/1-2/
Testing
-------
- verified that policy create/update fails when the policy references
non-existing users/groups/roles
- verified that for admin users, such policy create/update succeeds with query
parameter createPrincipalsIfAbsent=true,
- verified that for non-admin users, such policy create/update fails even with
query parameter createPrincipalsIfAbsent=true
Thanks,
Madhan Neethiraj
