ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 70257: RANGER-2375: RangerAuthContext is not correctly initialized
Date Thu, 21 Mar 2019 05:06:03 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70257/
-----------------------------------------------------------

(Updated March 21, 2019, 5:06 a.m.)


Review request for ranger, Madhan Neethiraj and Ramesh Mani.


Changes
-------

Addressed review comment


Bugs: RANGER-2375
    https://issues.apache.org/jira/browse/RANGER-2375


Repository: ranger


Description
-------

RangerAuthContext object may be used to provide consistent view of authorization policies
database across multiple authorization API calls. It maintains a list of context enrichers,
if defined, to provide context enrichment for access requests. When this list is not maintained
correctly, context for authorization will not be initialized correctly, and authorization
calls made with RangerAuthContext will fail.

This seems to a regression introduced by RANGER-2341.

The fix consists of creating a RangerAuthContext object before a RangerPolicyEngine is created
from policies.


Diffs (updated)
-----

  agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
ddc6df2fa 
  agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java b2cccef5c

  agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java e52d4de28

  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestProjectProvider.java
PRE-CREATION 
  agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestRangerAuthContext.java
PRE-CREATION 
  agents-common/src/test/resources/policyengine/plugin/resourceTags.json PRE-CREATION 
  agents-common/src/test/resources/policyengine/plugin/test_auth_context.json PRE-CREATION

  agents-common/src/test/resources/policyengine/plugin/userText.txt PRE-CREATION 


Diff: https://reviews.apache.org/r/70257/diff/2/

Changes: https://reviews.apache.org/r/70257/diff/1-2/


Testing
-------

Tested with policies containing policy conditions that depended on context of access-request
to be populated correctly. Verified that context is populated correctly and policies with
conditions work as expected.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message