From dev-return-8395-apmail-ranger-dev-archive=ranger.apache.org@ranger.incubator.apache.org Thu Sep 1 22:52:42 2016 Return-Path: X-Original-To: apmail-ranger-dev-archive@www.apache.org Delivered-To: apmail-ranger-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 440B318488 for ; Thu, 1 Sep 2016 22:52:42 +0000 (UTC) Received: (qmail 81090 invoked by uid 500); 1 Sep 2016 22:52:42 -0000 Delivered-To: apmail-ranger-dev-archive@ranger.apache.org Received: (qmail 81051 invoked by uid 500); 1 Sep 2016 22:52:42 -0000 Mailing-List: contact dev-help@ranger.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.incubator.apache.org Delivered-To: mailing list dev@ranger.incubator.apache.org Received: (qmail 80963 invoked by uid 99); 1 Sep 2016 22:52:41 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2016 22:52:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id F2566CB60B for ; Thu, 1 Sep 2016 22:52:40 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.538 X-Spam-Level: X-Spam-Status: No, score=-2.538 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.519] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id yVeK9nbieC0P for ; Thu, 1 Sep 2016 22:52:39 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with SMTP id 3D7FD61207 for ; Thu, 1 Sep 2016 22:52:38 +0000 (UTC) Received: (qmail 80905 invoked by uid 99); 1 Sep 2016 22:52:37 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2016 22:52:37 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id B01F32D15A9; Thu, 1 Sep 2016 22:52:36 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============7493193784149790648==" MIME-Version: 1.0 Subject: Re: Review Request 51232: Ranger policy should support variables like {user} From: Abhay Kulkarni To: ranger , Abhay Kulkarni Date: Thu, 01 Sep 2016 22:52:36 -0000 Message-ID: <20160901225236.12123.2392@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Abhay Kulkarni X-ReviewGroup: ranger X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/51232/ X-Sender: Abhay Kulkarni References: <20160901213336.12091.43478@reviews.apache.org> In-Reply-To: <20160901213336.12091.43478@reviews.apache.org> X-ReviewBoard-Diff-For: agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java X-ReviewBoard-Diff-For: agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json X-ReviewBoard-Diff-For: agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json Reply-To: Abhay Kulkarni X-ReviewRequest-Repository: ranger --===============7493193784149790648== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51232/ ----------------------------------------------------------- (Updated Sept. 1, 2016, 10:52 p.m.) Review request for ranger and Madhan Neethiraj. Bugs: RANGER-698 https://issues.apache.org/jira/browse/RANGER-698 Repository: ranger Description ------- Support for variables in Ranger policy resource values can make it easy to manage policies; in many cases can help use a single policy to manage access permissions for a large number of resources. The replacement algorithm for converting encoded policy-resource-specification into actual resource-identifier requires a little more work. Also, need to put in more detailed debugging information. Therefore, this is sent only to you for early review and feedback. Thanks! Diffs ----- agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesAccessedTogetherCondition.java fc9842e agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesNotAccessedTogetherCondition.java 3b8e009 agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerServiceResourceMatcher.java cf7b8e7 agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 5b60a53 agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java f6931b3 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java a5e92da agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 6d3645f agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java 514884f agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerCachedPolicyEvaluator.java 91a53d8 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java eb46353 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java e2c715f agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java 00b24d1 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b60e06e agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java 80e46f5 agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java 8bde807 agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java a8810e5 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java 574f2eb agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java 0a11be0 agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java d508f3f agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java 8f1cebe agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java 39eb339 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java 0ce3721 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRequestedResources.java 0f10deb agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java 2079487 agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 0a2b451 agents-common/src/main/java/org/apache/ranger/plugin/util/StringTokenReplacer.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java 48bc6ee agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcherTest.java d2fb62c agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcherTest.java c9d207f agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestResourceMatcher.java 9b870d4 agents-common/src/test/resources/policyengine/test_policyengine_hdfs_resourcespec.json da0a629 agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json 918c30f agents-common/src/test/resources/resourcematcher/test_resourcematcher_dynamic.json PRE-CREATION agents-common/src/test/resources/resourcematcher/test_resourcematcher_path.json 25b0eb7 agents-common/src/test/resources/resourcematcher/test_resourcematcher_wildcards_as_delimiters.json PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 5e8c540 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 90b146b Diff: https://reviews.apache.org/r/51232/diff/ Testing ------- Ran all unit tests successfully. Thanks, Abhay Kulkarni --===============7493193784149790648==--