mneethiraj commented on code in PR #1017:
URL: https://github.com/apache/ranger/pull/1017#discussion_r3411149092
##########
audit-server/audit-ingestor/src/main/resources/conf/ranger-audit-ingestor-site.xml:
##########
@@ -185,19 +185,85 @@
<property>
<name>ranger.audit.ingestor.service.dev_hdfs.allowed.users</name>
<value>hdfs</value>
- <description>Comma-separated list of allowed users that can send
audits for dev_hdfs service</description>
+ <description>Allowed users for dev_hdfs (Policy Manager service name;
from policy.download.auth.users)</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_yarn.allowed.users</name>
+ <value>yarn</value>
+ <description>Allowed users for dev_yarn (YARN RM/NM)</description>
</property>
<property>
<name>ranger.audit.ingestor.service.dev_hive.allowed.users</name>
<value>hive</value>
- <description>Comma-separated list of allowed users that can send
audits for dev_hive service.</description>
+ <description>Allowed users for dev_hive (HiveServer2 +
Metastore)</description>
</property>
<property>
<name>ranger.audit.ingestor.service.dev_hbase.allowed.users</name>
<value>hbase</value>
- <description>Comma-separated list of allowed users that can send
audits for dev_hbase service.</description>
+ <description>Allowed users for dev_hbase (HBase Master +
RegionServer)</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_kafka.allowed.users</name>
+ <value>kafka</value>
+ <description>Allowed users for dev_kafka</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_knox.allowed.users</name>
+ <value>knox</value>
+ <description>Allowed users for dev_knox</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_kms.allowed.users</name>
+ <value>rangerkms</value>
+ <description>Allowed users for dev_kms</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_trino.allowed.users</name>
+ <value>trino</value>
+ <description>Allowed users for dev_trino</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_ozone.allowed.users</name>
+ <value>om</value>
+ <description>Allowed users for dev_ozone (Ozone Manager; Ranger plugin
runs on OM only)</description>
+ </property>
+
+ <property>
+ <name>ranger.audit.ingestor.service.dev_solr.allowed.users</name>
+ <value>solr</value>
+ <description>Allowed users for dev_solr (Solr plugin)</description>
+ </property>
+
+ <property>
Review Comment:
Audits are generated for resource services like `dev_hdfs`, `dev_hive`; and
not for tag services like `dev_tag`. Please remove lines 244 to 249.
##########
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java:
##########
@@ -817,7 +817,8 @@ private void runTests(InputStreamReader reader, String
testName) {
}
private void runTestCaseTests(RangerPolicyEngine policyEngine,
RangerServiceDef serviceDef, String testName, List<TestData> tests) {
- tests.parallelStream().forEach(test -> {
+ // Sequential: shared policyEngine is not safe for parallel sub-test
evaluation ({USER} token context).
Review Comment:
`policyEngine` instance must be thread safe. Any failures seen with
multi-threaded use must be fixed. I suggest to retain parallel execution of
tests here.
##########
agents-common/src/test/resources/policyengine/plugin/resourceTags.json:
##########
@@ -37,7 +37,7 @@
"tags": {
"1": {
"type": "EXPIRES_ON",
- "attributes": { "expiry_date": "2026/06/15" },
+ "attributes": { "expiry_date": "2099/12/31" },
Review Comment:
Please use a separate JIRA and PR to update `expiry_date` in tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
