-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73653/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Sailaja
Polavarapu.
Bugs: RANGER-3481
https://issues.apache.org/jira/browse/RANGER-3481
Repository: ranger
Description
-------
If Ranger has multiple security zones configured and policies from a single
security zone are modified, then the incremental policy update is not processed
correctly which results in incorrect enforcement of policies in remaining
security zones.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/PolicyEngine.java
eee1b7a45
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPolicyDeltaUtil.java
8866eed56
Diff: https://reviews.apache.org/r/73653/diff/1/
Testing
-------
- Compiled and passed all unit tests.
- Tested the following scenario in the cluster:
1. Ensured that the cluser was set up with incremental policy update feature
enabled.
2. Created multiple security zones spanning HDFS and Hive services
3. Updated one policy from one zone to remove permission for one user
4. After the policies were synced with services, ensure that the access
evaluation resources falling in each of the security zone was correctly
evaluated.
Thanks,
Abhay Kulkarni
