----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74441/ -----------------------------------------------------------
(Updated May 16, 2023, 6:33 p.m.) Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Bugs: RANGER-4165 https://issues.apache.org/jira/browse/RANGER-4165 Repository: ranger Description ------- RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 96e232b43 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 5fa5b68d4 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java 8fe3be9cc agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION Diff: https://reviews.apache.org/r/74441/diff/1/ Testing (updated) ------- Testing done with TestCase. -- Request has to set the resource = " " and resourceMatchingScope = "SELF_OR_PREFIX", example: {"name":"Any topic Consume access for user3", "request":{ "resource":{"elements":{"topic":""}}, "resourceMatchingScope": "SELF_OR_PREFIX", "accessType":"consume","user":"user3","userGroups":[], "context": {"RESOURCE_TYPE": "topic"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":102} } -- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED". -- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json -- Ran all the PolicyEngine and plugin tests. Thanks, Ramesh Mani