Re: Review Request 74441: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type

Ramesh Mani Tue, 16 May 2023 11:33:24 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
-----------------------------------------------------------


(Updated May 16, 2023, 6:33 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Bugs: RANGER-4165
    https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
-------

RANGER-4165:API to find whether a user/group is authorized to the given 
operation on any resource of give type


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
 6a38747f4 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
 f89d51e35 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 96e232b43 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
 c421388e7 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
 5fa5b68d4 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
 5df4f1e3a 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 b505f495b 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java
 30a7215a6 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 b2a5151e5 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java
 8fe3be9cc 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json 
PRE-CREATION 


Diff: https://reviews.apache.org/r/74441/diff/1/


Testing (updated)
-------

Testing done with TestCase.
-- Request has to set the resource = " " and  resourceMatchingScope =  
"SELF_OR_PREFIX",
example:  
{"name":"Any topic Consume access for user3",
      "request":{
        "resource":{"elements":{"topic":""}}, "resourceMatchingScope": 
"SELF_OR_PREFIX",
        "accessType":"consume","user":"user3","userGroups":[],
        "context": {"RESOURCE_TYPE": "topic"}
      },
      "result":{"isAudited":true,"isAllowed":true,"policyId":102}
    }
-- Policy maintained => user1 will have access to consume on several topics, 
this call should result in "ALLOWED".

-- Testing done with new tests in 
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json


-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani

Re: Review Request 74441: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type

Reply via email to