-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75240/
-----------------------------------------------------------
Review request for ranger, madhan, Madhan Neethiraj, Mahesh Bandal, Velmurugan
Periasamy, and Vyom Tiwari.
Bugs: RANGER-4966
https://issues.apache.org/jira/browse/RANGER-4966
Repository: ranger
Description
-------
If the policy-deltas are enabled, then when two policies have a common subset
of resources and are defined on same user (or subset of users, through groups
or direct users), if one of these policies is modified (on anything: name,
resource, user), it is the only one in effect during access evaluation. Until a
restart of the underlying service.
The underlying cause is a ResourceTrie node referring to modified
policy-evaluator is removed even when it contains wildcard-evaluator(s).
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
3a3a80e53
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
34f1f07f4
agents-common/src/test/resources/policyengine/test_policyengine_hdfs_incremental_update_for_wildcard_evaluators.json
PRE-CREATION
Diff: https://reviews.apache.org/r/75240/diff/1/
Testing
-------
Added a unit test for the scenario.
Ran all unit tests successfully.
Thanks,
Abhay Kulkarni
