---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74441/
---
(Updated May 23, 2023, 7:22 p.m.)
Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
Changes
---
RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger
Authorization
Summary (updated)
-
RANGER-4165: Support SELF_OR_PREFIX resource matching scope in Ranger
Authorization
Bugs: RANGER-4165
https://issues.apache.org/jira/browse/RANGER-4165
Repository: ranger
Description
---
RANGER-4165:API to find whether a user/group is authorized to the given
operation on any resource of give type
Diffs (updated)
-
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
e0a86c398
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
6a38747f4
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
e561c4c7c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java
4887c0112
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestWrapper.java
6aec330d7
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
b5b26702c
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
f89d51e35
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
eee1e1f1b
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
e887730c9
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
032d4487c
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
c421388e7
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java
5fa5b68d4
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
0cb3e0fed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java
ee2fff3ed
agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
5df4f1e3a
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
b505f495b
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceEvaluatorsRetriever.java
e60fe055b
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java
30a7215a6
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
b2a5151e5
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java
e31437fc1
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java
ad21b3239
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java
8fe3be9cc
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcherTest.java
2b7f27200
agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java
ea7bc01f2
agents-common/src/test/resources/policyengine/test_policyengine_aws.json
118bef534
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
PRE-CREATION
Diff: https://reviews.apache.org/r/74441/diff/2/
Changes: https://reviews.apache.org/r/74441/diff/1-2/
Testing
---
Testing done with TestCase.
-- Request has to set the resource = " " and resourceMatchingScope =
"SELF_OR_PREFIX",
example:
{"name":"Any topic Consume access for user3",
"request":{
"resource":{"elements":{"topic":""}}, "resourceMatchingScope":
"SELF_OR_PREFIX",
"accessType":"consume","user":"user3","userGroups":[],
"context": {"RESOURCE_TYPE": "topic"}
},
"result":{"isAudited":true,"isAllowed":true,"policyId":102}
}
-- Policy maintained => user1 will have access to consume on several topics,
this call should result in "ALLOWED".
-- Testing done with new tests in
agents-common/src/test/resources/policyengine/test_policyengine_kafka.json
-- Ran all the PolicyEngine and plugin tests.
Thanks,
Ramesh Mani