-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69471/
-----------------------------------------------------------
(Updated Nov. 29, 2018, 6:32 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Updated for generating no audit log records when authorizer is called for
getContentSummary, and using default authorizer for snapshots when authorizing
getContentSummary.
Bugs: RANGER-2297
https://issues.apache.org/jira/browse/RANGER-2297
Repository: ranger
Description
-------
Parameter values for authorization API call for getContentSummary have changed
with fix for HDFS-12130. This causes Ranger authorizer to fail.
Ranger authorizer needs to be updated to accommodate for NameNode changes in
authorizing getContentSummary() use-case. Here are the details of the proposed
updates:
Ranger authorizer currently constructs the path to authorize from the given
INodeAttributes
Ranger authorizer will use the following alternate approach to construct the
path - only when checkPermission() is called with single entry arrays for
inodes and inodeAttributes parameters, and the given inode has a parent.
– get path to authorize from the given inode by calling getFullPathName()
– if snapshotId != Snapshot.CURRENT_STATE_ID, remove "/.snapshot" from the path
obtained from getFullPathName()
Diffs (updated)
-----
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
65a397d09
Diff: https://reviews.apache.org/r/69471/diff/2/
Changes: https://reviews.apache.org/r/69471/diff/1-2/
Testing
-------
Tested with local VM.
Thanks,
Abhay Kulkarni
