Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-24 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
---

(Updated Feb. 25, 2022, 1:56 a.m.)


Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
Ramesh Mani.


Changes
---

incorporated review comments


Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
---

RangerSolrAuthorizer is a common implementation call for both SearchComponent 
(for Document level Authorization) and AuthorizationPlugin (for collection 
level Authorization). RangerSolrAuthorizer implementation close() shutdowns the 
plugin and should be avoided when the call is for SearchComponent. Added check 
to get the authorizer class name to determine if the call is for 
SearchComponent of for the authorization plugin.


Diffs (updated)
-

  
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/3/

Changes: https://reviews.apache.org/r/73863/diff/2-3/


Testing
---

1. Patched cluster with the changes and verified the end to end functionality 
with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-24 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224099
---


Fix it, then Ship it!





ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 130 (patched)


I think following will make it a little easier to read; please consider:

  // close() to be forwarded only for authorizer instances
  // see: 
https://solr.apache.org/docs/8_11_1/solr-core/org/apache/solr/core/SolrInfoBean.html#getName--
  boolean isAuthorizer = StringUtils.equals(super.getName(), 
RANGER_SOLR_AUTHORIZER_IMPL_CLASSNAME);

  if (isAuthorizer) {
   ...
  } else {
if (LOG.isDebugEnabled()) {
  LOG.debug("RangerSolrAuthorizer.close(): not forwarding for instance 
'" + super.getName() + "'");
}
  }


- Madhan Neethiraj


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> ---
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
> Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent 
> (for Document level Authorization) and AuthorizationPlugin (for collection 
> level Authorization). RangerSolrAuthorizer implementation close() shutdowns 
> the plugin and should be avoided when the call is for SearchComponent. Added 
> check to get the authorizer class name to determine if the call is for 
> SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -
> 
>   
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Patched cluster with the changes and verified the end to end functionality 
> with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-24 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224098
---


Ship it!




Ship It!

- Ramesh Mani


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> ---
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
> Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent 
> (for Document level Authorization) and AuthorizationPlugin (for collection 
> level Authorization). RangerSolrAuthorizer implementation close() shutdowns 
> the plugin and should be avoided when the call is for SearchComponent. Added 
> check to get the authorizer class name to determine if the call is for 
> SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -
> 
>   
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Patched cluster with the changes and verified the end to end functionality 
> with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-24 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224097
---


Ship it!




Ship It!

- Abhay Kulkarni


On Feb. 24, 2022, 2:31 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> ---
> 
> (Updated Feb. 24, 2022, 2:31 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
> Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent 
> (for Document level Authorization) and AuthorizationPlugin (for collection 
> level Authorization). RangerSolrAuthorizer implementation close() shutdowns 
> the plugin and should be avoided when the call is for SearchComponent. Added 
> check to get the authorizer class name to determine if the call is for 
> SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -
> 
>   
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Patched cluster with the changes and verified the end to end functionality 
> with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-24 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
---

(Updated Feb. 24, 2022, 2:31 p.m.)


Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
Ramesh Mani.


Changes
---

Placed comments before checking the authorizer class name


Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
---

RangerSolrAuthorizer is a common implementation call for both SearchComponent 
(for Document level Authorization) and AuthorizationPlugin (for collection 
level Authorization). RangerSolrAuthorizer implementation close() shutdowns the 
plugin and should be avoided when the call is for SearchComponent. Added check 
to get the authorizer class name to determine if the call is for 
SearchComponent of for the authorization plugin.


Diffs (updated)
-

  
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/2/

Changes: https://reviews.apache.org/r/73863/diff/1-2/


Testing
---

1. Patched cluster with the changes and verified the end to end functionality 
with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu

Re: Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-23 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/#review224093
---




ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 144 (patched)


Is this a misplaced comment, which needs to be before line 134?


- Abhay Kulkarni


On Feb. 24, 2022, 2:12 a.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73863/
> ---
> 
> (Updated Feb. 24, 2022, 2:12 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
> Ramesh Mani.
> 
> 
> Bugs: RANGER-3638
> https://issues.apache.org/jira/browse/RANGER-3638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerSolrAuthorizer is a common implementation call for both SearchComponent 
> (for Document level Authorization) and AuthorizationPlugin (for collection 
> level Authorization). RangerSolrAuthorizer implementation close() shutdowns 
> the plugin and should be avoided when the call is for SearchComponent. Added 
> check to get the authorizer class name to determine if the call is for 
> SearchComponent of for the authorization plugin.
> 
> 
> Diffs
> -
> 
>   
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  dfa219670 
> 
> 
> Diff: https://reviews.apache.org/r/73863/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Patched cluster with the changes and verified the end to end functionality 
> with and without Document level authorization
> 2. Verified basic functional tests and audits for regression testing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Review Request 73863: RANGER-3638: Solr Ranger document level security breaks solr if collection is reloaded

2022-02-23 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73863/
---

Review request for ranger, Abhay Kulkarni, Mateen Mansoori, Mehul Parikh, and 
Ramesh Mani.


Bugs: RANGER-3638
https://issues.apache.org/jira/browse/RANGER-3638


Repository: ranger


Description
---

RangerSolrAuthorizer is a common implementation call for both SearchComponent 
(for Document level Authorization) and AuthorizationPlugin (for collection 
level Authorization). RangerSolrAuthorizer implementation close() shutdowns the 
plugin and should be avoided when the call is for SearchComponent. Added check 
to get the authorizer class name to determine if the call is for 
SearchComponent of for the authorization plugin.


Diffs
-

  
ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 dfa219670 


Diff: https://reviews.apache.org/r/73863/diff/1/


Testing
---

1. Patched cluster with the changes and verified the end to end functionality 
with and without Document level authorization
2. Verified basic functional tests and audits for regression testing.


Thanks,

Sailaja Polavarapu