ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 71504: RANGER-2571 Need to add Knox proxy configuration support in Ranger plugins
Date Wed, 18 Sep 2019 16:27:48 GMT


> On Sept. 18, 2019, 3:33 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java
> > Lines 145 (patched)
> > <https://reviews.apache.org/r/71504/diff/1/?file=2165625#file2165625line145>
> >
> >     GrantRevokeRequest is generated by the plugin itself and sent to Ranger admin.
Does it make sense for these attributes to have any values other than the plugins IP address?
Please review.

the plugins should send the ip-address & forwarded-ip addresses to Ranger Admin, in GrantRevokeRequest
- so that appropriate IP address will be used in policy-conditions (when necessary) when Ranger
Admin evaluates the policies.


- Madhan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71504/#review217818
-----------------------------------------------------------


On Sept. 18, 2019, 1:54 p.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71504/
> -----------------------------------------------------------
> 
> (Updated Sept. 18, 2019, 1:54 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal,
and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2571
>     https://issues.apache.org/jira/browse/RANGER-2571
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Need to add support for below property in the ranger-<plugin>-security.xml
> 
> ranger.plugin.<serviceType>.use.x-forwarded-for.ipaddress=true
> ranger.plugin.<serviceType>.trusted.proxy.ipaddress which should be set to IP addresses
of Knox hosts .
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 870ec96

>   hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
5729eb2 
>   hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
7b2882c 
>   plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
b49fb8a 
> 
> 
> Diff: https://reviews.apache.org/r/71504/diff/1/
> 
> 
> Testing
> -------
> 
> Tested for Hive, atlas
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message