Re: Review Request 74386: RANGER-4177: fail policy create/update when it references non-existing users/groups/roles

Fri, 14 Apr 2023 07:09:51 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74386/#review225382
-----------------------------------------------------------


Ship it!




Ship It!

- Kishor Gollapalliwar


On April 10, 2023, 4:07 p.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74386/
> -----------------------------------------------------------
> 
> (Updated April 10, 2023, 4:07 p.m.)
> 
> 
> Review request for ranger, Abhishek  Kumar, Anand Nadar, Ankita Sinha, Kishor 
> Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Monika Kachhadiya, Pradeep 
> Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat Chaudhary, Tejas Patil, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4177
>     https://issues.apache.org/jira/browse/RANGER-4177
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> - updated policy create/update to fail when the policy references 
> non-existing users/groups/roles
> - added an option to create missing users/groups/roles for admin users via 
> query parameter named createPrincipalsIfAbsent
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
> 4581112fe 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> f9294c1e1 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 562467e80 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAdminOpContext.java
>  a447882ab 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  782fe1173 
> 
> 
> Diff: https://reviews.apache.org/r/74386/diff/2/
> 
> 
> Testing
> -------
> 
> - verified that policy create/update fails when the policy references 
> non-existing users/groups/roles
> - verified that for admin users, such policy create/update succeeds with 
> query parameter createPrincipalsIfAbsent=true, 
> - verified that for non-admin users, such policy create/update fails even 
> with query parameter createPrincipalsIfAbsent=true
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Reply via email to