----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69471/ -----------------------------------------------------------
(Updated Nov. 29, 2018, 6:32 p.m.) Review request for ranger and Madhan Neethiraj. Changes ------- Updated for generating no audit log records when authorizer is called for getContentSummary, and using default authorizer for snapshots when authorizing getContentSummary. Bugs: RANGER-2297 https://issues.apache.org/jira/browse/RANGER-2297 Repository: ranger Description ------- Parameter values for authorization API call for getContentSummary have changed with fix for HDFS-12130. This causes Ranger authorizer to fail. Ranger authorizer needs to be updated to accommodate for NameNode changes in authorizing getContentSummary() use-case. Here are the details of the proposed updates: Ranger authorizer currently constructs the path to authorize from the given INodeAttributes Ranger authorizer will use the following alternate approach to construct the path - only when checkPermission() is called with single entry arrays for inodes and inodeAttributes parameters, and the given inode has a parent. – get path to authorize from the given inode by calling getFullPathName() – if snapshotId != Snapshot.CURRENT_STATE_ID, remove "/.snapshot" from the path obtained from getFullPathName() Diffs (updated) ----- hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 65a397d09 Diff: https://reviews.apache.org/r/69471/diff/2/ Changes: https://reviews.apache.org/r/69471/diff/1-2/ Testing ------- Tested with local VM. Thanks, Abhay Kulkarni