Re: Review Request 74441: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74441/#review225474 --- Ship it! Ship It! - Abhay Kulkarni On May 16, 2023, 6:33 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74441/ > --- > > (Updated May 16, 2023, 6:33 p.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-4165 > https://issues.apache.org/jira/browse/RANGER-4165 > > > Repository: ranger > > > Description > --- > > RANGER-4165:API to find whether a user/group is authorized to the given > operation on any resource of give type > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 6a38747f4 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java > f89d51e35 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 96e232b43 > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java > c421388e7 > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java > 5fa5b68d4 > > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java > 5df4f1e3a > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > b505f495b > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java > 30a7215a6 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > b2a5151e5 > > agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java > 8fe3be9cc > agents-common/src/test/resources/policyengine/test_policyengine_kafka.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/74441/diff/1/ > > > Testing > --- > > Testing done with TestCase. > -- Request has to set the resource = " " and resourceMatchingScope = > "SELF_OR_PREFIX", > example: > {"name":"Any topic Consume access for user3", > "request":{ > "resource":{"elements":{"topic":""}}, "resourceMatchingScope": > "SELF_OR_PREFIX", > "accessType":"consume","user":"user3","userGroups":[], > "context": {"RESOURCE_TYPE": "topic"} > }, > "result":{"isAudited":true,"isAllowed":true,"policyId":102} > } > -- Policy maintained => user1 will have access to consume on several topics, > this call should result in "ALLOWED". > > -- Testing done with new tests in > agents-common/src/test/resources/policyengine/test_policyengine_kafka.json > > > -- Ran all the PolicyEngine and plugin tests. > > > Thanks, > > Ramesh Mani > >
Re: Review Request 74441: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74441/ --- (Updated May 16, 2023, 6:33 p.m.) Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Bugs: RANGER-4165 https://issues.apache.org/jira/browse/RANGER-4165 Repository: ranger Description --- RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type Diffs - agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 96e232b43 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 5fa5b68d4 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java 8fe3be9cc agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION Diff: https://reviews.apache.org/r/74441/diff/1/ Testing (updated) --- Testing done with TestCase. -- Request has to set the resource = " " and resourceMatchingScope = "SELF_OR_PREFIX", example: {"name":"Any topic Consume access for user3", "request":{ "resource":{"elements":{"topic":""}}, "resourceMatchingScope": "SELF_OR_PREFIX", "accessType":"consume","user":"user3","userGroups":[], "context": {"RESOURCE_TYPE": "topic"} }, "result":{"isAudited":true,"isAllowed":true,"policyId":102} } -- Policy maintained => user1 will have access to consume on several topics, this call should result in "ALLOWED". -- Testing done with new tests in agents-common/src/test/resources/policyengine/test_policyengine_kafka.json -- Ran all the PolicyEngine and plugin tests. Thanks, Ramesh Mani
Review Request 74441: RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74441/ --- Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Bugs: RANGER-4165 https://issues.apache.org/jira/browse/RANGER-4165 Repository: ranger Description --- RANGER-4165:API to find whether a user/group is authorized to the given operation on any resource of give type Diffs - agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 6a38747f4 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java f89d51e35 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 96e232b43 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java c421388e7 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java 5fa5b68d4 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 5df4f1e3a agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java b505f495b agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPathResourceTrie.java 30a7215a6 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b2a5151e5 agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java 8fe3be9cc agents-common/src/test/resources/policyengine/test_policyengine_kafka.json PRE-CREATION Diff: https://reviews.apache.org/r/74441/diff/1/ Testing --- Thanks, Ramesh Mani