Re: Review Request 72237: RANGER-2758 :Option to create missing users/groups while creating/updating roles

Tue, 17 Mar 2020 06:07:21 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72237/
-----------------------------------------------------------

(Updated March 17, 2020, 1:06 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Gautam Borad, Jayendra 
Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Nitin Galave, Nixon Rodrigues, Pradeep Agrawal, Ramesh Mani, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
-------

added reviewers


Repository: ranger


Description
-------

Problem Statement: Currently Ranger dose not allow to create or update roles 
while it passes non-existing users or groups during role creation or updating.

Solution: 1. Now this option will be available with one additional optional 
Queryparam "createNonExistUserGroup" which is boolean value. If we wanted to 
create role with non existing  groups or roles, pass the value true in 
queryparam otherwise false. Role will be get created or updated.   
2. Default value for QueryParam "createNonExistUserGroup" is false and this is 
optional, so that existing api dose not get affected with this changes.
3. This changes done for create and update Role for both internal and public 
api.


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java
 bc3459852 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
7da43d518 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
baacfa4d8 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 5be8d9de8 
  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
3742bd687 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
1a8394978 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java d690297bf 


Diff: https://reviews.apache.org/r/72237/diff/1/


Testing
-------

Steps Performed (without patch):
 1. Try to create role using non-existing users/groups. It won't allow to 
create.
  
Steps Performed (with patch):  
Note we have to pass optional Queryparam createNonExistUserGroup=true
1. Try same steps as mentioned above this time role will get created.
2. Try to update role with non- exisitng users/groups. It will allow to update.
3. without Queryparam or createNonExistUserGroup=false it will behave as per 
existing behavior


Thanks,

Dineshkumar Yadav

Reply via email to