-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74833/
-----------------------------------------------------------
(Updated Jan. 16, 2024, 6:04 p.m.)
Review request for ranger, Dineshkumar Yadav, madhan, Madhan Neethiraj, Pradeep
Agrawal, Ramesh Mani, and Velmurugan Periasamy.
Changes
-------
Added missing unit test
Bugs: RANGER-4655
https://issues.apache.org/jira/browse/RANGER-4655
Repository: ranger
Description
-------
This bug is shown up when multiple accesses are requested using one
access-request and all of the requested accesses need to be granted in order
the access-request to be allowed.
This appears to be regression introduced by RANGER-3999
Test Case:
Policy 1: Granted the "public" group "execute" permission to "/" HDFS policy
recursively.
Policy 2: Granted only the "read" permission to user for "/hdp"
Doing a list on "/hdp" fails with permission denied for access READ_EXECUTE.
However, the same works when "execute" permission is granted in Policy 2.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
252482c8e
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
7fe2a2eb3
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
92a4fe02e
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
2afbfebd4
agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json
PRE-CREATION
Diff: https://reviews.apache.org/r/74833/diff/5/
Changes: https://reviews.apache.org/r/74833/diff/4-5/
Testing
-------
Passes all unit tests.
Added unit test for checking the patch.
Thanks,
Abhay Kulkarni
