ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 73451: RANGER-3334:Enhance Ranger admin REST Client to use cookie for policy, tag and role download
Date Mon, 19 Jul 2021 23:29:45 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73451/#review223248
-----------------------------------------------------------




knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
Lines 658 (patched)
<https://reviews.apache.org/r/73451/#comment312333>

    Line #658 can cause isRangerCookieEnabled to be set to false temporarily. Consider the
following reorg:
    
      if (isRangerCookieEnabled) {
        String sessionCookie = null; 
    
        for (String cookieName : cookieMap.keySet()) {
          if (StringUtils.equalsIgnoreCase(cookieName, rangerAdminCookieName)) {
            sessionCookie = cookieMap.get(cookieName);
            
            break;
          }
        }
    
        policyDownloadSessionId            = sessionCookie; 
        isValidPolicyDownloadSessionCookie = StringUtils.isNotBlank(policyDownloadSessionId);
      }
    
    Similar updates for following methods as well:
     - setCookieReceivedFromTagDownloadSession()
     - setCookieReceivedFromRoleDownloadSession()



knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
Lines 1111 (patched)
<https://reviews.apache.org/r/73451/#comment312334>

    Is 'if' at #1111 necessary? i.e. it is not necessary to check whether cookie value has
changed or not. Consider replacing #1111 - #1116 with:
      if (cookieName.equalsIgnoreCase(rangerAdminCookieName)) {
        roleDownloadSessionId            = cookieMap.get(cookieName);
        isValidRoleDownloadSessionCookie = StringUtils.isNotEmpty(roleDownloadSessionId);
        
        break;
      }


- Madhan Neethiraj


On July 10, 2021, 6:57 a.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73451/
> -----------------------------------------------------------
> 
> (Updated July 10, 2021, 6:57 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh,
Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3334
>     https://issues.apache.org/jira/browse/RANGER-3334
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-3334:Enhance Ranger admin REST Client to use cookie for policy, tag and role download
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
e0d7a9b71 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java
ed2dffd91 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 216b6b2a9

>   knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java
fa17f5d4b 
> 
> 
> Diff: https://reviews.apache.org/r/73451/diff/1/
> 
> 
> Testing
> -------
> 
> - Testing done in local vm for policy, tag and role download.
> - Access log in ranger admin will show the 401 for authentication call for the first
download and if there are no changes only 304 response will be there. There won't be any 401
kerberos authentication call each time when downloads are happening.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message