ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Review Request 70642: RANGER-2427: Tag policies are not evaluated if no security zones are configured
Date Tue, 14 May 2019 17:34:58 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70642/
-----------------------------------------------------------

Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan Periasamy.


Bugs: RANGER-2427
    https://issues.apache.org/jira/browse/RANGER-2427


Repository: ranger


Description
-------

Policies downloaded to plugin have empty string as a value for zone-name. This causes the
check for zone-name of policy(empty string) and zone-name of accessed resource(null) to fail.
Consequently, none of the tag policies will match.

zone-name check condition is fixed to account for empty zone-name in policy.


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
365edcf35 


Diff: https://reviews.apache.org/r/70642/diff/1/


Testing
-------

Tested with a cluster with no configured security zone and with a tag policy. Ensured that
tag policy is selected for evaluation when the accessed resource matches tagged resource.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message