ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 69471: RANGER-2297: getContentSummary validation failure
Date Thu, 29 Nov 2018 18:32:35 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Nov. 29, 2018, 6:32 p.m.)

Review request for ranger and Madhan Neethiraj.


Updated for generating no audit log records when authorizer is called for getContentSummary,
and using default authorizer for snapshots when authorizing getContentSummary.

Bugs: RANGER-2297

Repository: ranger


Parameter values for authorization API call for getContentSummary have changed with fix for
HDFS-12130. This causes Ranger authorizer to fail.

Ranger authorizer needs to be updated to accommodate for NameNode changes in authorizing getContentSummary()
use-case. Here are the details of the proposed updates:

Ranger authorizer currently constructs the path to authorize from the given INodeAttributes
Ranger authorizer will use the following alternate approach to construct the path - only when
checkPermission() is called with single entry arrays for inodes and inodeAttributes parameters,
and the given inode has a parent.
– get path to authorize from the given inode by calling getFullPathName()
– if snapshotId != Snapshot.CURRENT_STATE_ID, remove "/.snapshot" from the path obtained
from getFullPathName()

Diffs (updated)


Diff: https://reviews.apache.org/r/69471/diff/2/

Changes: https://reviews.apache.org/r/69471/diff/1-2/


Tested with local VM.


Abhay Kulkarni

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message