ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sailaja Polavarapu <spolavar...@hortonworks.com>
Subject Re: Review Request 72136: RANGER-2723: Support ldap attribute based document level control for solr plugin
Date Tue, 03 Mar 2020 21:17:44 GMT


> On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java
> > Lines 45 (patched)
> > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line45>
> >
> >     Is it required that Solr service definition is updated to include this context-enricher?
If so, it needs to be included in this patch. Also, if it is included, a Java patch for upgrading
Solr service definition also needs to be included.

Ldap attribute based authorization is optional. Since there is a public api to update service
def, I didn't include the context-enricher config in Solr Service definition by default


> On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java
> > Lines 74 (patched)
> > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line74>
> >
> >     If the class-name for UserStoreRetriever is not provided, should it default
to some known class (which populates UserStore using adminRESTClient)?

In case the class name is not provided, we are logging an error. I don't think we need to
process any further.


> On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java
> > Lines 504 (patched)
> > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line504>
> >
> >     Is this intended to the implementation of RangerUserStoreRetriever.retrieveUserStoreInfo()?
Please review.

Removed this as this is implemented in RangerAdminUserStoreRetriever which extends RangerUserStoreRetriever


> On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRetriever.java
> > Lines 28 (patched)
> > <https://reviews.apache.org/r/72136/diff/1/?file=2211350#file2211350line28>
> >
> >     A class implementing RangerUserStoreRetriever needs to be included in the patch.
Please review.

RangerAdminUserStoreRetriever class extends RangerUserStoreRetriever and has the implementations.


- Sailaja


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72136/#review219596
-----------------------------------------------------------


On March 3, 2020, 9:06 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72136/
> -----------------------------------------------------------
> 
> (Updated March 3, 2020, 9:06 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2723
>     https://issues.apache.org/jira/browse/RANGER-2723
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Added new context enricher to download userstore to solr plugin. Also integrated Sentry
changes to RangerSolrAuthorizer to use the ldap attributes and add it to the filter query
to while querying documents in solr.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
87d0190e6 
>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java 58eb00a4e

>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
e5f97477b 
>   agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminUserStoreRetriever.java
PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java
PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRetriever.java
PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
bd980ce09 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 0b492ab99

>   plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/FieldToAttributeMapping.java
PRE-CREATION 
>   plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
4538a5bf2 
>   plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/SubsetQueryPlugin.java
PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/72136/diff/2/
> 
> 
> Testing
> -------
> 
> 1. Patched test cluster and verified userstore is download to solr plugin
> 2. Also verified basic funtionality based on some ldap attributes while querying solr
documents.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message