subject:"Review Request 70658\: RANGER\-2436 \- Custom condition\: Access from cluster"

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

2019-05-21 Thread Pradeep Agrawal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/#review215443
---


Ship it!




Ship It!

- Pradeep Agrawal


On May 21, 2019, 1:27 p.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70658/
> ---
> 
> (Updated May 21, 2019, 1:27 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2436
> https://issues.apache.org/jira/browse/RANGER-2436
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Include a custom-condition that checks if the current cluster-name matches 
> one of the condition values. This will enable setting up different 
> authorization policies depending on the cluster from which access was 
> performed.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedFromClusterCondition.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedNotFromClusterCondition.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70658/diff/3/
> 
> 
> Testing
> ---
> 
> 1.Tested If cluster name condition is provided in policy/policyItem condition 
> then access is granted if that cluster name is given in policy condition 
> while setting up the policy.
> 2.If condition is specified with some cluster names and the cluster from 
> which access request is coming is not present in condition then access is 
> denied.
> 3.Tested for hive plugin
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

2019-05-21 Thread Velmurugan Periasamy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/#review215414
---


Ship it!




Ship It!

- Velmurugan Periasamy


On May 21, 2019, 1:27 p.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70658/
> ---
> 
> (Updated May 21, 2019, 1:27 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2436
> https://issues.apache.org/jira/browse/RANGER-2436
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Include a custom-condition that checks if the current cluster-name matches 
> one of the condition values. This will enable setting up different 
> authorization policies depending on the cluster from which access was 
> performed.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedFromClusterCondition.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedNotFromClusterCondition.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70658/diff/3/
> 
> 
> Testing
> ---
> 
> 1.Tested If cluster name condition is provided in policy/policyItem condition 
> then access is granted if that cluster name is given in policy condition 
> while setting up the policy.
> 2.If condition is specified with some cluster names and the cluster from 
> which access request is coming is not present in condition then access is 
> denied.
> 3.Tested for hive plugin
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

2019-05-21 Thread Nikhil P


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/
---

(Updated May 21, 2019, 6:57 p.m.)


Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, 
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
Velmurugan Periasamy.


Bugs: RANGER-2436
https://issues.apache.org/jira/browse/RANGER-2436


Repository: ranger


Description
---

Include a custom-condition that checks if the current cluster-name matches one 
of the condition values. This will enable setting up different authorization 
policies depending on the cluster from which access was performed.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedFromClusterCondition.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAccessedNotFromClusterCondition.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/70658/diff/3/

Changes: https://reviews.apache.org/r/70658/diff/2-3/


Testing
---

1.Tested If cluster name condition is provided in policy/policyItem condition 
then access is granted if that cluster name is given in policy condition while 
setting up the policy.
2.If condition is specified with some cluster names and the cluster from which 
access request is coming is not present in condition then access is denied.
3.Tested for hive plugin


Thanks,

Nikhil P

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

2019-05-17 Thread Velmurugan Periasamy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/#review215340
---




security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
Lines 127 (patched)


I don't think this needs to be included in the service def by default. If 
required, users can register the policy condition.


- Velmurugan Periasamy


On May 17, 2019, 1:21 p.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70658/
> ---
> 
> (Updated May 17, 2019, 1:21 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2436
> https://issues.apache.org/jira/browse/RANGER-2436
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Include a custom-condition that checks if the current cluster-name matches 
> one of the condition values. This will enable setting up different 
> authorization policies depending on the cluster from which access was 
> performed.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerClusterMatcher.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
>  5b66539 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
>  0c078a8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  45231e7 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
> 370ff56 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
>  a54d69e 
> 
> 
> Diff: https://reviews.apache.org/r/70658/diff/2/
> 
> 
> Testing
> ---
> 
> 1.Tested If cluster name condition is provided in policy/policyItem condition 
> then access is granted if that cluster name is given in policy condition 
> while setting up the policy.
> 2.If condition is specified with some cluster names and the cluster from 
> which access request is coming is not present in condition then access is 
> denied.
> 3.Tested for hive plugin
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

2019-05-17 Thread Nikhil P


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70658/
---

(Updated May 17, 2019, 6:51 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Summary (updated)
-

RANGER-2436 - Custom condition: Access from cluster


Bugs: RANGER-2436
https://issues.apache.org/jira/browse/RANGER-2436


Repository: ranger


Description
---

Include a custom-condition that checks if the current cluster-name matches one 
of the condition values. This will enable setting up different authorization 
policies depending on the cluster from which access was performed.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerClusterMatcher.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
 5b66539 
  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
 0c078a8 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
 45231e7 
  agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
370ff56 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
 a54d69e 


Diff: https://reviews.apache.org/r/70658/diff/2/


Testing
---

1.Tested If cluster name condition is provided in policy/policyItem condition 
then access is granted if that cluster name is given in policy condition while 
setting up the policy.
2.If condition is specified with some cluster names and the cluster from which 
access request is coming is not present in condition then access is denied.
3.Tested for hive plugin


Thanks,

Nikhil P

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

Re: Review Request 70658: RANGER-2436 - Custom condition: Access from cluster

5 matches

Site Navigation

Mail list logo

Footer information