ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: Review Request 71260: RANGER-2512:RangerRolesRESTClient for serving user group roles to the plugins for evaluation
Date Fri, 27 Sep 2019 00:16:00 GMT


> On Sept. 12, 2019, 10:18 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
> > Lines 700 (patched)
> > <https://reviews.apache.org/r/71260/diff/5/?file=2164084#file2164084line700>
> >
> >     PluginInfo updates are managed here. Is there corresponding GUI code change
included here to display it?

UI changes are not part of this patch. I shall address it in another patch


> On Sept. 12, 2019, 10:18 p.m., Abhay Kulkarni wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
> > Lines 275 (patched)
> > <https://reviews.apache.org/r/71260/diff/5/?file=2164085#file2164085line275>
> >
> >     The global state for maintaing role version (across all services) may cause
unnecessary role-downloads when a role that is not used in any policy of a service is modified.
Is using global role version in x_global_state for determining if roles need to be downloaded
helpful here?

x_service_version_info table will also have role_version against serviceID now.


- Ramesh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71260/#review217710
-----------------------------------------------------------


On Sept. 27, 2019, 12:14 a.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71260/
> -----------------------------------------------------------
> 
> (Updated Sept. 27, 2019, 12:14 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2512
>     https://issues.apache.org/jira/browse/RANGER-2512
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-2512:RangerRolesRESTClient for serving user group
>  roles to the plugins for evaluation
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
6367235 
>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java b09a9be

>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
5939f38 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java e3f9f15

>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyDelta.java 1b69d8d

>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
d201aa6 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
015ca09 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
c23a2d4 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
842c58b 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
cf833b7 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java 0e52c31

>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java bdb77e7

>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRoles.java PRE-CREATION

>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java
PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesUtil.java PRE-CREATION

>   agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 8c63434

>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
d0e0cfc 
>   knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
5dcce11 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 8e42bd9 
>   security-admin/db/mysql/patches/043-add-role-version-in-serviceVersionInfo.sql PRE-CREATION

>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 1b158c9 
>   security-admin/db/oracle/patches/043-add-role-version-in-serviceVersionInfo.sql PRE-CREATION

>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 0034759 
>   security-admin/db/postgres/patches/043-add-role-version-in-serviceVersionInfo.sql PRE-CREATION

>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 9dc7656

>   security-admin/db/sqlanywhere/patches/043-add-role-version-in-serviceVersionInfo.sql
PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 9383d1a

>   security-admin/db/sqlserver/patches/042-add-role-version-in-serviceVersionInfo.sql
PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 63959c9 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 7a67e9c 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 92436ac 
>   security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java PRE-CREATION

>   security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java f6b9e1a 
>   security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java cef3863

>   security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4af768a 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cfeaadd 
>   security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java 8857afd

> 
> 
> Diff: https://reviews.apache.org/r/71260/diff/6/
> 
> 
> Testing
> -------
> 
> - Testing done in Local Vm for
>  1) Role cache file creation along with Policy file.
>  2) Role based authorization happening based on the user / group role in the plugin.
>  3) Ranger Admin now has role version and based on the roles are to be fetched to the
plugin.
>  4) RoleREST
> curl -u user:password -H "Accept: application/json" -H "Content-Type: application/json"
-X GET "http://`hostname -f`:6080/service/roles/secure/download/cm_hive?lastKnownRoleVersion=-1"
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message