ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 55659: Ranger enhancement to support authorization of namespace operations
Date Mon, 23 Jan 2017 16:55:52 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55659/#review162650
-----------------------------------------------------------


Fix it, then Ship it!





hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
(line 648)
<https://reviews.apache.org/r/55659/#comment233987>

    If "user.name" is set to "bob", use "alice" else use "bob" - the logic is confusing to
read. I guess it because 'user.name' has been given all privilges on global and here the test
is for someother user?
    
    In that case, can't "alice" be always used here?
    
    Same logic in testCloneSnapshotAsGroupPublic() as well.



hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
(line 686)
<https://reviews.apache.org/r/55659/#comment233988>

    Instead of calling it "GroupPublic", it might be better to call 'NonQAGroup' - as this
test is about policy for QA group.


- Madhan Neethiraj


On Jan. 18, 2017, 2:13 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/55659/
> -----------------------------------------------------------
> 
> (Updated Jan. 18, 2017, 2:13 a.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1314
>     https://issues.apache.org/jira/browse/RANGER-1314
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Currently namespace operations, like 'clone snapshot', require the user to have global
'admin' privilege. Ranger authorizer should be enhanced to allow these operations for users
haivng 'admin' privilege on specific namespaces.
> 
> 
> Diffs
> -----
> 
>   hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
cc61a83 
>   hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
8fe6284 
>   hbase-agent/src/test/resources/hbase-policies.json 30088c6 
> 
> Diff: https://reviews.apache.org/r/55659/diff/
> 
> 
> Testing
> -------
> 
> Wrote and ran clone_snapshot unit tests successfully
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message