Re: Review Request 73673: RANGER-3502: Make GET zones API accessible to authorized users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73673/ --- (Updated Nov. 2, 2021, 2:08 p.m.) Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Changes --- Similar access restrictions added in GetById & GetByName APIs Bugs: RANGER-3502 https://issues.apache.org/jira/browse/RANGER-3502 Repository: ranger Description --- Currently get zones API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module. Steps to reproduce: Create a internal user name, test_user1 Remove the permission on Security Zone module for a user Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab Access the API using curl curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://:6182/service/zones/zones" Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java fcf843370 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java d6384a694 Diff: https://reviews.apache.org/r/73673/diff/2/ Changes: https://reviews.apache.org/r/73673/diff/1-2/ Testing --- 1. mvn clean compile package install verify 2. Verified UI login with admin user 3. Verified curl (GET zones API) with admin user 4. Verified UI login with non-admin user having access to zone module 5. Verified curl (GET zones API) with non-admin user having access to zone module 6. Verified UI login with non-admin user having NO access to zone module 7. Verified curl (GET zones API) with non-admin user having NO access to zone module 8. Created /Updated deleted services 9. Created /Updated deleted policies 10. Created /Updated deleted zones & associated attached them to services Thanks, Kishor Gollapalliwar
Re: Review Request 73673: RANGER-3502: Make GET zones API accessible to authorized users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73673/#review223702 --- Ship it! Ship It! - Abhay Kulkarni On Oct. 29, 2021, 1:59 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73673/ > --- > > (Updated Oct. 29, 2021, 1:59 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, > Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and > Velmurugan Periasamy. > > > Bugs: RANGER-3502 > https://issues.apache.org/jira/browse/RANGER-3502 > > > Repository: ranger > > > Description > --- > > Currently get zones API returns all zones even for users who are not > authorized to zone modules. Restrict this API to only users who are > authorized to zone module. > > Steps to reproduce: > > Create a internal user name, test_user1 > Remove the permission on Security Zone module for a user > Login as test_user1 user to Ranger Admin, user should not be able to see > Security Zone tab > Access the API using curl > curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H > "Content-Type:application/json" > "https://:6182/service/zones/zones" > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java > fcf843370 > > security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java > d6384a694 > > > Diff: https://reviews.apache.org/r/73673/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install verify > 2. Verified UI login with admin user > 3. Verified curl (GET zones API) with admin user > 4. Verified UI login with non-admin user having access to zone module > 5. Verified curl (GET zones API) with non-admin user having access to zone > module > 6. Verified UI login with non-admin user having NO access to zone module > 7. Verified curl (GET zones API) with non-admin user having NO access to zone > module > 8. Created /Updated deleted services > 9. Created /Updated deleted policies > 10. Created /Updated deleted zones & associated attached them to services > > > Thanks, > > Kishor Gollapalliwar > >
Review Request 73673: RANGER-3502: Make GET zones API accessible to authorized users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73673/ --- Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-3502 https://issues.apache.org/jira/browse/RANGER-3502 Repository: ranger Description --- Currently get zones API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module. Steps to reproduce: Create a internal user name, test_user1 Remove the permission on Security Zone module for a user Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab Access the API using curl curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://:6182/service/zones/zones" Diffs - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java fcf843370 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java d6384a694 Diff: https://reviews.apache.org/r/73673/diff/1/ Testing --- 1. mvn clean compile package install verify 2. Verified UI login with admin user 3. Verified curl (GET zones API) with admin user 4. Verified UI login with non-admin user having access to zone module 5. Verified curl (GET zones API) with non-admin user having access to zone module 6. Verified UI login with non-admin user having NO access to zone module 7. Verified curl (GET zones API) with non-admin user having NO access to zone module 8. Created /Updated deleted services 9. Created /Updated deleted policies 10. Created /Updated deleted zones & associated attached them to services Thanks, Kishor Gollapalliwar
