----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75240/#review226992 -----------------------------------------------------------
Ship it! Ship It! - Vyom Tiwari On Oct. 22, 2024, 8:35 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75240/ > ----------------------------------------------------------- > > (Updated Oct. 22, 2024, 8:35 p.m.) > > > Review request for ranger, madhan, Madhan Neethiraj, Mahesh Bandal, > Velmurugan Periasamy, and Vyom Tiwari. > > > Bugs: RANGER-4966 > https://issues.apache.org/jira/browse/RANGER-4966 > > > Repository: ranger > > > Description > ------- > > If the policy-deltas are enabled, then when two policies have a common subset > of resources and are defined on same user (or subset of users, through groups > or direct users), if one of these policies is modified (on anything: name, > resource, user), it is the only one in effect during access evaluation. Until > a restart of the underlying service. > > The underlying cause is a ResourceTrie node referring to modified > policy-evaluator is removed even when it contains wildcard-evaluator(s). > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java > 3a3a80e53 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 34f1f07f4 > > agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update_for_wildcard_evaluators.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/75240/diff/1/ > > > Testing > ------- > > Added a unit test for the scenario. > > Ran all unit tests successfully. > > > Thanks, > > Abhay Kulkarni > >
