> On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java > > Lines 45 (patched) > > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line45> > > > > Is it required that Solr service definition is updated to include this > > context-enricher? If so, it needs to be included in this patch. Also, if it > > is included, a Java patch for upgrading Solr service definition also needs > > to be included.
Ldap attribute based authorization is optional. Since there is a public api to update service def, I didn't include the context-enricher config in Solr Service definition by default > On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java > > Lines 74 (patched) > > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line74> > > > > If the class-name for UserStoreRetriever is not provided, should it > > default to some known class (which populates UserStore using > > adminRESTClient)? In case the class name is not provided, we are logging an error. I don't think we need to process any further. > On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java > > Lines 504 (patched) > > <https://reviews.apache.org/r/72136/diff/1/?file=2211349#file2211349line504> > > > > Is this intended to the implementation of > > RangerUserStoreRetriever.retrieveUserStoreInfo()? Please review. Removed this as this is implemented in RangerAdminUserStoreRetriever which extends RangerUserStoreRetriever > On Feb. 15, 2020, 8 p.m., Abhay Kulkarni wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRetriever.java > > Lines 28 (patched) > > <https://reviews.apache.org/r/72136/diff/1/?file=2211350#file2211350line28> > > > > A class implementing RangerUserStoreRetriever needs to be included in > > the patch. Please review. RangerAdminUserStoreRetriever class extends RangerUserStoreRetriever and has the implementations. - Sailaja ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72136/#review219596 ----------------------------------------------------------- On March 3, 2020, 9:06 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72136/ > ----------------------------------------------------------- > > (Updated March 3, 2020, 9:06 p.m.) > > > Review request for ranger, Abhay Kulkarni, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-2723 > https://issues.apache.org/jira/browse/RANGER-2723 > > > Repository: ranger > > > Description > ------- > > Added new context enricher to download userstore to solr plugin. Also > integrated Sentry changes to RangerSolrAuthorizer to use the ldap attributes > and add it to the filter query to while querying documents in solr. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java > 87d0190e6 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java > 58eb00a4e > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > e5f97477b > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminUserStoreRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > bd980ce09 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 0b492ab99 > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/FieldToAttributeMapping.java > PRE-CREATION > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > 4538a5bf2 > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/SubsetQueryPlugin.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72136/diff/2/ > > > Testing > ------- > > 1. Patched test cluster and verified userstore is download to solr plugin > 2. Also verified basic funtionality based on some ldap attributes while > querying solr documents. > > > Thanks, > > Sailaja Polavarapu > >
