ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 70257: RANGER-2375: RangerAuthContext is not correctly initialized
Date Thu, 21 Mar 2019 05:06:07 GMT


> On March 20, 2019, 8:45 p.m., Zsombor Gegesy wrote:
> > Could you add a simple unit test for RangerAuthContext which checks that addOrReplaceRequestContextEnricher
and preProcess(RangerAccessRequest) works as expected?

Added unit test.


- Abhay


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70257/#review213850
-----------------------------------------------------------


On March 21, 2019, 5:06 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70257/
> -----------------------------------------------------------
> 
> (Updated March 21, 2019, 5:06 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-2375
>     https://issues.apache.org/jira/browse/RANGER-2375
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RangerAuthContext object may be used to provide consistent view of authorization policies
database across multiple authorization API calls. It maintains a list of context enrichers,
if defined, to provide context enrichment for access requests. When this list is not maintained
correctly, context for authorization will not be initialized correctly, and authorization
calls made with RangerAuthContext will fail.
> 
> This seems to a regression introduced by RANGER-2341.
> 
> The fix consists of creating a RangerAuthContext object before a RangerPolicyEngine is
created from policies.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
ddc6df2fa 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
b2cccef5c 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
e52d4de28 
>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestProjectProvider.java
PRE-CREATION 
>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestRangerAuthContext.java
PRE-CREATION 
>   agents-common/src/test/resources/policyengine/plugin/resourceTags.json PRE-CREATION

>   agents-common/src/test/resources/policyengine/plugin/test_auth_context.json PRE-CREATION

>   agents-common/src/test/resources/policyengine/plugin/userText.txt PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70257/diff/2/
> 
> 
> Testing
> -------
> 
> Tested with policies containing policy conditions that depended on context of access-request
to be populated correctly. Verified that context is populated correctly and policies with
conditions work as expected.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message