Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-09 Thread Madhan Neethiraj

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218168
---


Ship it!




Ship It!

- Madhan Neethiraj


On Oct. 10, 2019, midnight, Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 10, 2019, midnight)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  251a0ec 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
>  5cd82d8 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 2fec9a0 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 190c6f5 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/10/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-09 Thread Abhay Kulkarni

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218167
---


Ship it!




Ship It!

- Abhay Kulkarni


On Oct. 10, 2019, midnight, Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 10, 2019, midnight)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  251a0ec 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
>  5cd82d8 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 2fec9a0 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 190c6f5 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/10/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-09 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 10, 2019, midnight)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Review comments updated


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 251a0ec 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
 5cd82d8 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
2fec9a0 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/10/

Changes: https://reviews.apache.org/r/71583/diff/9-10/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-09 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 9, 2019, 6:25 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

update patch after review


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 251a0ec 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
 5cd82d8 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
2fec9a0 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/9/

Changes: https://reviews.apache.org/r/71583/diff/8-9/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-09 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 9, 2019, 6:36 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Fixed review comment


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 251a0ec 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
 5cd82d8 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
2fec9a0 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/8/

Changes: https://reviews.apache.org/r/71583/diff/7-8/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-08 Thread Madhan Neethiraj

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218145
---




agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Lines 62 (patched)


getRangerRoles() can return null if roleVersion is same as the currnet role 
version in DB - which will leave rangerRoles as null. Please review and update 
to handle this case.



agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
Line 65 (original), 72 (patched)


updatedServicePolicies() needs to be called even when no change in 
policyVersion ('if' at #64 is false) but roleVersion has changed. This will be 
missed since this line is inside 'if' block at #64. Please review and update.


- Madhan Neethiraj


On Oct. 9, 2019, 1:01 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 9, 2019, 1:01 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  251a0ec 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
>  5cd82d8 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 2fec9a0 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 190c6f5 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/7/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-08 Thread Abhay Kulkarni

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218144
---


Ship it!




Ship It!

- Abhay Kulkarni


On Oct. 9, 2019, 1:01 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 9, 2019, 1:01 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  251a0ec 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
>  5cd82d8 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
> 2fec9a0 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 190c6f5 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/7/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-08 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 9, 2019, 1:01 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Review requested addressed


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 251a0ec 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
 5cd82d8 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
2fec9a0 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/7/

Changes: https://reviews.apache.org/r/71583/diff/6-7/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-08 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 8, 2019, 11:04 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Addressed review comments, Addressed issue with Delegate admin privilege with 
Role policy.


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 251a0ec 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCacheForEngineOptions.java
 5cd82d8 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
2fec9a0 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 190c6f5 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/6/

Changes: https://reviews.apache.org/r/71583/diff/5-6/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-07 Thread Madhan Neethiraj

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218123
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 3501 (patched)


Instead of creating a new HashSet in every call to this method, consider 
taking the Set as a parameter:

private void collectRoleNames(List policyItems, 
Set roleNames) {
  ..
}


- Madhan Neethiraj


On Oct. 7, 2019, 6:05 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 7, 2019, 6:05 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/5/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-07 Thread Abhay Kulkarni

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218120
---


Ship it!




Ship It!

- Abhay Kulkarni


On Oct. 7, 2019, 6:05 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 7, 2019, 6:05 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/5/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-07 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 7, 2019, 6:05 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Review comments fixed


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/5/

Changes: https://reviews.apache.org/r/71583/diff/4-5/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-07 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 7, 2019, 6:44 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

Fixed review comments


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/4/

Changes: https://reviews.apache.org/r/71583/diff/3-4/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-06 Thread Madhan Neethiraj

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218105
---




security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Line 3412 (original), 3425 (patched)


In addition to policyItems, get roles from denyPolicyItems, allowExceptions 
and denyExceptions as well.

Please review for other such occurances.


- Madhan Neethiraj


On Oct. 7, 2019, 5:07 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 7, 2019, 5:07 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> edc886c 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/3/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-06 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 7, 2019, 5:07 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

review comments fixed


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
edc886c 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/3/

Changes: https://reviews.apache.org/r/71583/diff/2-3/


Testing
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-06 Thread Madhan Neethiraj

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218102
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 3473 (patched)


'ret' is already assigned to 'roleNames' in line #3454. So, line #3473 
seems unnecessary. In fact, 'ret' itself is unncessary.


- Madhan Neethiraj


On Oct. 6, 2019, 6:31 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 6, 2019, 6:31 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 51e08e1 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/2/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.support.for.service.specific.role.download" introduced to enable 
> role download by service. By default it is "false" and it will download all 
> the roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-06 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/
---

(Updated Oct. 6, 2019, 6:31 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Changes
---

review comments addressed


Bugs: RANGER-2512
https://issues.apache.org/jira/browse/RANGER-2512


Repository: ranger


Description
---

RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
for evaluation -part2


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
51e08e1 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
  security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
  security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
e168278 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 


Diff: https://reviews.apache.org/r/71583/diff/2/

Changes: https://reviews.apache.org/r/71583/diff/1-2/


Testing (updated)
---

- Addressed review comments in preview patch.
- "ranger.support.for.service.specific.role.download" introduced to enable role 
download by service. By default it is "false" and it will download all the 
roles when add or update of roles happens. If set to "true" only these services 
which uses the roles will get the updated roles.


Thanks,

Ramesh Mani



Re: Review Request 71583: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation -part2

2019-10-05 Thread Abhay Kulkarni

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71583/#review218095
---




security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
Lines 139 (patched)


The configuration variable "ranger.role.download.by.service.enabled" is 
read in two separate places (here and in ServiceDBStore. Please see if it can 
be read only at one place (in ServiceDBStore.initStore()) and returned by a 
public static function in ServiceDBStore class. Also consider to rename the 
configuration variable as "ranger.support.for.service.specific.role.download" 
of type boolean.


- Abhay Kulkarni


On Oct. 5, 2019, 1:58 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71583/
> ---
> 
> (Updated Oct. 5, 2019, 1:58 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
> https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins 
> for evaluation -part2
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 9151a72 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 51e08e1 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 0d46ca8 
>   security-admin/src/main/java/org/apache/ranger/db/XXRoleDao.java c1ec629 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 
> e168278 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1a6b0bd 
> 
> 
> Diff: https://reviews.apache.org/r/71583/diff/1/
> 
> 
> Testing
> ---
> 
> - Addressed review comments in preview patch.
> - "ranger.role.download.by.service.enabled" introduced to enable role 
> download by service. By default it is "false" and it will download all the 
> roles when add or update of roles happens. If set to "true" only these 
> services which uses the roles will get the updated roles.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>