Re: Review Request 73032: RANGER-3082: User with delegated-admin is unable to create policy

Fri, 20 Nov 2020 21:36:42 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73032/#review222221
-----------------------------------------------------------




agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
Lines 381 (patched)
<https://reviews.apache.org/r/73032/#comment311269>

    Consider creating the context in the caller, and send as argument to this 
method - to avoid creating one in each policy-evaluator.



agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
Line 509 (original), 509 (patched)
<https://reviews.apache.org/r/73032/#comment311270>

    Consider replacing the macros in 'resources' parameter in the caller - to 
avoid scanning and replacing values in every isMatch() call.


- Madhan Neethiraj


On Nov. 21, 2020, 3:36 a.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73032/
> -----------------------------------------------------------
> 
> (Updated Nov. 21, 2020, 3:36 a.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3082
>     https://issues.apache.org/jira/browse/RANGER-3082
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When macros like {USER} are used in resource names, users with 
> delegated-admin are unable to set up policies.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  f3e0dab2f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  979488181 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
>  8f6facda5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
>  0cb3e0fed 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
>  a22027a46 
> 
> 
> Diff: https://reviews.apache.org/r/73032/diff/1/
> 
> 
> Testing
> -------
> 
> Passed all unit tests. Tested by creating delegated-admin policies with 
> {USER} embedded in resource name and ensured the designated user can set up 
> policy with macro in the resource name expanded with designated user's name.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to