Github user bbende commented on the issue:
https://github.com/apache/nifi/pull/574
@YolandaMDavis thanks for reviewing! Working on some changes based on your
feedback.
Regarding the need for RangerBasePluginWithPolicies... unfortunately the
PolicyEngine is a private member variable of RangerBasePlugin and there is no
getter for it, so no way to access it. I think most other plugins would never
need to, but for NiFi we need to know if the reason for denying access was
because no policy exists for the resource, or because a specific policy exists
that doesn't match the incoming request.
So the best I could come up with was to intercept when the policies are
refreshed and store the resource ids so that when RangerAccessResult
getIsAllowed() returns false we can then do a second check to see if there was
even a policy for the given resource, and if not then return resource not
found, rather than denied.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
