subject:"Review Request 74441\: RANGER\-4165\: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization"

Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization

2023-05-23 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
---

(Updated May 23, 2023, 11:18 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Changes
---

Updated the test case in the description


Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
---

RANGER-4165:API to find whether a user/group is authorized to the given 
operation on any resource of give type


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
 e0a86c398 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
 6a38747f4 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
 e561c4c7c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java
 4887c0112 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestWrapper.java
 6aec330d7 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 b5b26702c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
 f89d51e35 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 eee1e1f1b 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 e887730c9 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
 032d4487c 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
 c421388e7 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
 5fa5b68d4 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
 0cb3e0fed 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java
 ee2fff3ed 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
 5df4f1e3a 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 b505f495b 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java
 e60fe055b 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java
 30a7215a6 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 b2a5151e5 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java
 e31437fc1 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java
 ad21b3239 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java
 8fe3be9cc 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcherTest.java
 2b7f27200 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
 ea7bc01f2 
  agents-common/src/test/resources/policyengine/test_policyengine_aws.json 
118bef534 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json 
PRE-CREATION 


Diff: https://reviews.apache.org/r/74441/diff/2/


Testing (updated)
---

Testing done with TestCase.
-- Request has to set the resource = " " and  resourceMatchingScope =  
"SELF_OR_PREFIX",
example:  
{"name":"Any topic Consume access for user3",
  "request":{
"resource":{"elements":{"topic":""}}, "resourceMatchingScope": 
"SELF_OR_PREFIX",
"accessType":"consume","user":"user3","userGroups":[]
  },
  "result":{"isAudited":true,"isAllowed":true,"policyId":102}
}
-- Policy maintained => user1 will have access to consume on several topics, 
this call should result in "ALLOWED".

-- Testing done with new tests in 
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json


-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani

Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization

2023-05-23 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
---

(Updated May 23, 2023, 7:22 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Changes
---

RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger 
Authorization


Summary (updated)
-

RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger 
Authorization


Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165


Repository: ranger


Description
---

RANGER-4165:API to find whether a user/group is authorized to the given 
operation on any resource of give type


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
 e0a86c398 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
 6a38747f4 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
 e561c4c7c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java
 4887c0112 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestWrapper.java
 6aec330d7 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
 b5b26702c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
 f89d51e35 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 eee1e1f1b 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 e887730c9 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
 032d4487c 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
 c421388e7 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
 5fa5b68d4 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
 0cb3e0fed 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java
 ee2fff3ed 
  
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
 5df4f1e3a 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 b505f495b 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java
 e60fe055b 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java
 30a7215a6 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 b2a5151e5 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java
 e31437fc1 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java
 ad21b3239 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java
 8fe3be9cc 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcherTest.java
 2b7f27200 
  
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
 ea7bc01f2 
  agents-common/src/test/resources/policyengine/test_policyengine_aws.json 
118bef534 
  agents-common/src/test/resources/policyengine/test_policyengine_kafka.json 
PRE-CREATION 


Diff: https://reviews.apache.org/r/74441/diff/2/

Changes: https://reviews.apache.org/r/74441/diff/1-2/


Testing
---

Testing done with TestCase.
-- Request has to set the resource = " " and  resourceMatchingScope =  
"SELF_OR_PREFIX",
example:  
{"name":"Any topic Consume access for user3",
  "request":{
"resource":{"elements":{"topic":""}}, "resourceMatchingScope": 
"SELF_OR_PREFIX",
"accessType":"consume","user":"user3","userGroups":[],
"context": {"RESOURCE_TYPE": "topic"}
  },
  "result":{"isAudited":true,"isAllowed":true,"policyId":102}
}
-- Policy maintained => user1 will have access to consume on several topics, 
this call should result in "ALLOWED".

-- Testing done with new tests in 
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json


-- Ran all the PolicyEngine and plugin tests.


Thanks,

Ramesh Mani

Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization

Re: Review Request 74441: RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger Authorization

2 matches

Site Navigation

Mail list logo

Footer information