Re: Review Request 73696: RANGER-3508: enhanced script condition expression for easier access to user/group/tag/resource attributes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73696/ --- (Updated Nov. 16, 2021, 5:04 a.m.) Review request for ranger, Abhishek Kumar, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- refactoried to move ScriptEngine instantiation to ScriptEngineUtil Bugs: RANGER-3508 https://issues.apache.org/jira/browse/RANGER-3508 Repository: ranger Description --- Updated script evaluator to enable access to user/group/tag/resource attributes with following expressions: - USER.state == 'CA' - UGROUP['test'].dept == 'MKTG' - REQ.accessType == 'SELECT' - RES.database == 'hr' - RES.table == 'employee' - TAG._type == 'PII' - TAG.attr1 == 'value1' - TAGS.length == 2 - TNAMES.indexOf('PCI') != -1 Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java 3221f79d5 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java d04f4b388 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java e57f599d7 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java 3563fd8e2 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java 8616c6660 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 57a4b4bd5 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java 75132d800 agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java 9f3fb23df agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java PRE-CREATION Diff: https://reviews.apache.org/r/73696/diff/4/ Changes: https://reviews.apache.org/r/73696/diff/3-4/ Testing --- - added unit tests to validate new expressions - verified that existing unit tests pass successfully Thanks, Madhan Neethiraj
Re: Review Request 73696: RANGER-3508: enhanced script condition expression for easier access to user/group/tag/resource attributes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73696/#review223734 --- Ship it! Ship It! - Abhay Kulkarni On Nov. 10, 2021, 11:02 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73696/ > --- > > (Updated Nov. 10, 2021, 11:02 p.m.) > > > Review request for ranger, Abhishek Kumar, Ankita Sinha, Kishor > Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-3508 > https://issues.apache.org/jira/browse/RANGER-3508 > > > Repository: ranger > > > Description > --- > > Updated script evaluator to enable access to user/group/tag/resource > attributes with following expressions: > > - USER.state == 'CA' > - UGROUP['test'].dept == 'MKTG' > - REQ.accessType == 'SELECT' > - RES.database == 'hr' > - RES.table == 'employee' > - TAG._type == 'PII' > - TAG.attr1 == 'value1' > - TAGS.length == 2 > - TNAMES.indexOf('PCI') != -1 > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java > 3221f79d5 > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java > d04f4b388 > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java > e57f599d7 > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java > 3563fd8e2 > > agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java > 8616c6660 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 57a4b4bd5 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java > 75132d800 > > agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java > 9f3fb23df > > agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73696/diff/3/ > > > Testing > --- > > - added unit tests to validate new expressions > - verified that existing unit tests pass successfully > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 73696: RANGER-3508: enhanced script condition expression for easier access to user/group/tag/resource attributes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73696/ --- (Updated Nov. 10, 2021, 11:02 p.m.) Review request for ranger, Abhishek Kumar, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3508 https://issues.apache.org/jira/browse/RANGER-3508 Repository: ranger Description --- Updated script evaluator to enable access to user/group/tag/resource attributes with following expressions: - USER.state == 'CA' - UGROUP['test'].dept == 'MKTG' - REQ.accessType == 'SELECT' - RES.database == 'hr' - RES.table == 'employee' - TAG._type == 'PII' - TAG.attr1 == 'value1' - TAGS.length == 2 - TNAMES.indexOf('PCI') != -1 Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java 3221f79d5 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java d04f4b388 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java e57f599d7 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java 3563fd8e2 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java 8616c6660 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 57a4b4bd5 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java 75132d800 agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java 9f3fb23df agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java PRE-CREATION Diff: https://reviews.apache.org/r/73696/diff/3/ Changes: https://reviews.apache.org/r/73696/diff/2-3/ Testing --- - added unit tests to validate new expressions - verified that existing unit tests pass successfully Thanks, Madhan Neethiraj
Re: Review Request 73696: RANGER-3508: enhanced script condition expression for easier access to user/group/tag/resource attributes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73696/ --- (Updated Nov. 10, 2021, 3 a.m.) Review request for ranger, Abhishek Kumar, Ankita Sinha, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- updated to support accessing attributes from all user-groups using UGA.value, UGA.values Bugs: RANGER-3508 https://issues.apache.org/jira/browse/RANGER-3508 Repository: ranger Description --- Updated script evaluator to enable access to user/group/tag/resource attributes with following expressions: - USER.state == 'CA' - UGROUP['test'].dept == 'MKTG' - REQ.accessType == 'SELECT' - RES.database == 'hr' - RES.table == 'employee' - TAG._type == 'PII' - TAG.attr1 == 'value1' - TAGS.length == 2 - TNAMES.indexOf('PCI') != -1 Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerAnyOfExpectedTagsPresentConditionEvaluator.java 3221f79d5 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerNoneOfExpectedTagsPresentConditionEvaluator.java d04f4b388 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java e57f599d7 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java 3563fd8e2 agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerTagsAllPresentConditionEvaluator.java 8616c6660 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 57a4b4bd5 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java 75132d800 agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java 9f3fb23df agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerRequestScriptEvaluatorTest.java PRE-CREATION Diff: https://reviews.apache.org/r/73696/diff/2/ Changes: https://reviews.apache.org/r/73696/diff/1-2/ Testing --- - added unit tests to validate new expressions - verified that existing unit tests pass successfully Thanks, Madhan Neethiraj