date:20220701

[jira] [Created] (RANGER-3816) update getResourceACLs() API to handle macros in resource names

2022-07-01 Thread Madhan Neethiraj (Jira)

Madhan Neethiraj created RANGER-3816:


 Summary: update getResourceACLs() API to handle macros in resource 
names
 Key: RANGER-3816
 URL: https://issues.apache.org/jira/browse/RANGER-3816
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Reporter: Madhan Neethiraj
Assignee: Madhan Neethiraj


getResourceACL() method returns all permissions specified for a given resource 
in Ranger policies. In case of policies with macros in resource names, like 
{{{}test_{USER{, {{{}/department/$\{{USER.dept{}, getResourceACLs() 
should return ACCESS_CONDITIONAL, since the access depends of 
user/user/attributes. Currently getResourceACLs() doesn't include 
users/groups/roles listed in such policies. This should be fixed to have these 
users/groups/roles as having conditional access.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74042: Fix ConcurrentModificationException in UnixUserGroupBuilder

2022-07-01 Thread Sailaja Polavarapu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74042/#review224539
---




ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Line 246 (original), 240 (patched)


It is better to use Iterator for traversal. Please don't change this.



ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Line 373 (original), 359 (patched)


I think it will be sufficient to use Iterator for traversal in order to fix 
the ConcurrentModificationException. Please check



ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Line 382 (original)


I think we still need this block. This could be the case where getent 
groups (as part of parseMembers()) have returned some users that we don't want 
to process isn't it?



ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Line 549 (original)


It doesn't harm to check for null?



ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
Line 583 (original)


Same as above. Please check


- Sailaja Polavarapu


On July 1, 2022, 7:40 p.m., Abhishek  Kumar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74042/
> ---
> 
> (Updated July 1, 2022, 7:40 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-3813
> https://issues.apache.org/jira/browse/RANGER-3813
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Line number 426 in 
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  updates the map while iteration which raises the exception 
> ConcurrentModificationException.
> 
> 
> Steps to reproduce the issue:
> 1. Set nss and enumerateGroupMembers to true.
> 2. Create a user with userid < minimumUserId.
> 3. Add it to a group with groupId >= minimumGroupId.
> 4. Ensure the user is part of multiple groups and any one group that the user 
> is part of does not show the user as its member on executing: getent group
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  7653dfdbe 
> 
> 
> Diff: https://reviews.apache.org/r/74042/diff/2/
> 
> 
> Testing
> ---
> 
> Pending.
> 
> 
> Thanks,
> 
> Abhishek  Kumar
> 
>

Re: Review Request 74042: Fix ConcurrentModificationException in UnixUserGroupBuilder

2022-07-01 Thread Abhishek Kumar


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74042/
---

(Updated July 1, 2022, 7:40 p.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, and 
Sailaja Polavarapu.


Bugs: RANGER-3813
https://issues.apache.org/jira/browse/RANGER-3813


Repository: ranger


Description (updated)
---

Line number 426 in 
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 updates the map while iteration which raises the exception 
ConcurrentModificationException.


Steps to reproduce the issue:
1. Set nss and enumerateGroupMembers to true.
2. Create a user with userid < minimumUserId.
3. Add it to a group with groupId >= minimumGroupId.
4. Ensure the user is part of multiple groups and any one group that the user 
is part of does not show the user as its member on executing: getent group


Diffs (updated)
-

  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 7653dfdbe 


Diff: https://reviews.apache.org/r/74042/diff/2/

Changes: https://reviews.apache.org/r/74042/diff/1-2/


Testing
---

Pending.


Thanks,

Abhishek  Kumar

[jira] [Created] (RANGER-3816) update getResourceACLs() API to handle macros in resource names

Re: Review Request 74042: Fix ConcurrentModificationException in UnixUserGroupBuilder

Re: Review Request 74042: Fix ConcurrentModificationException in UnixUserGroupBuilder

3 matches

Site Navigation

Mail list logo

Footer information