Review Request 74471: RANGER-4274: updated security-zones to support admin-roles and audit-roles

Madhan Neethiraj Wed, 07 Jun 2023 18:44:36 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74471/
-----------------------------------------------------------


Review request for ranger, Ankita Sinha, Dhaval Rajpara, Abhay Kulkarni, Mehul 
Parikh, Mugdha Varadkar, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Sailaja 
Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.


Bugs: RANGER-4274
    https://issues.apache.org/jira/browse/RANGER-4274


Repository: ranger


Description
-------

- added attributes: RangerSecurityZone.adminRoles, RangerSecurityZone.auditRoles
-


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 f44b9d9a1 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
 7327f3fe2 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerSecurityZoneValidator.java
 ca899979a 
  intg/src/main/python/apache_ranger/model/ranger_security_zone.py 9b3eec623 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 66ae5060a 
  security-admin/db/mysql/patches/066-create-sz-role-ref-table.sql PRE-CREATION 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
bfa6dd572 
  security-admin/db/oracle/patches/066-create-sz-ref-role-table.sql 
PRE-CREATION 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
8dd90c1b8 
  security-admin/db/postgres/patches/066-create-sz-ref-role-table.sql 
PRE-CREATION 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
3a614e44e 
  security-admin/db/sqlanywhere/patches/066-create-sz-ref-role-table.sql 
PRE-CREATION 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
bbef08859 
  security-admin/db/sqlserver/patches/066-create-sz-ref-role-table.sql 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java c19e3e1a1 
  
security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneRefUpdater.java 
ebc26528c 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 77f86a0ad 
  security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
10d73a76c 
  
security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefRoleDao.java 
PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneRefRole.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
53aafae94 
  
security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
 dfa9fbb69 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml d3cdecdca 


Diff: https://reviews.apache.org/r/74471/diff/1/


Testing
-------

- verified that adminRoles and auditRoles specified in security zone are 
persisted in Ranger
- verified that users in adminRoles are allowed to update admin and audit 
users/groups/roles
- verified that roles referenced in security-zone could not be removed


Thanks,

Madhan Neethiraj

Review Request 74471: RANGER-4274: updated security-zones to support admin-roles and audit-roles

Reply via email to