> On June 13, 2024, 11:07 p.m., Madhan Neethiraj wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > > Lines 255 (patched) > > <https://reviews.apache.org/r/75047/diff/1/?file=2288756#file2288756line266> > > > > It should be safe to assume that the value was stored with a call to > > setAllRequestedAccessTypeGroups(). So, consider replacing the call to > > convertToSetofSets() with a cast: > > return (Set<Set<String>>) val;
Unit tests initialize the request context using JSON lists. For executing such unit tests, this conversion is necessary. Now, the unit test framework is updated to convert Lists to Sets for values in request context. - Abhay ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75047/#review226540 ----------------------------------------------------------- On June 15, 2024, 9:09 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75047/ > ----------------------------------------------------------- > > (Updated June 15, 2024, 9:09 p.m.) > > > Review request for ranger, Dineshkumar Yadav, madhan, Madhan Neethiraj, > Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-4820 > https://issues.apache.org/jira/browse/RANGER-4820 > > > Repository: ranger > > > Description > ------- > > Currently, Ranger policy engine supports authorization of multiple accesses > for a given resource in a single call to the Ranger plugin's > isAccessAllowed() API. However, it has some limitations which are addressed > by this JIRA. > > Limitation: If multiple accesses are to be authorized, then the current > authorization logic in Ranger policy engine is designed to allow the request > to succeed (that is, grant access) only if all requested accesses are granted. > > This Jira supports organizing accesses in groups where each group is granted > access if any access in the group is allowed, and the request is successful > (that is, user is allowed access) only if all groups are granted access. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > b0dc7a461 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java > 6a6709254 > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > c43ec4c2f > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java > df0352ca9 > > agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json > 8962c5a3f > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > c892bced3 > > > Diff: https://reviews.apache.org/r/75047/diff/2/ > > > Testing > ------- > > Updated the unit tests for muliple access > (agents-common/src/test/resources/policyengine/test_policyengine_hdfs_multiple_accesses.json). > > Ran all unit tests successfully. > > > Thanks, > > Abhay Kulkarni > >
