ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to support list-of-values in access reource
Date Mon, 05 Mar 2018 16:18:46 GMT


> On March 5, 2018, 9:57 a.m., Zsombor Gegesy wrote:
> > Instead of using Objects, and casting to Collection or String, why didn't you use
either just Collection<String> - and use Collection.singleton(resourceName), or introduce
a new 'ResourceMatch' type, with a 'SingleResourceMatch' and a 'AnyOfResourceMatch' subtypes
? So later a 'AllOfResourceMatch' could be introduced, if needed. Sure, a better name could
be easily picked.
> >  Relaying on runtime class casts from 'Object' makes the code more fragile - it
will be easy to forget later to update the code, because the compiler won't complain.

@Zsombor - having generic 'Object' as the type for access-resouce value can enable extensions
that can use types other than string/collection<string>. Policy engine framework doesn't
need to be restricted on specific types. Only 2 places need to deal with this: resource-matcher
and trie-lookup. With this commit, I updated both to deal with string/collection<string>
type values. Current framework allows for registration of new type of resouce-matcher along
with service-def. Not sure if such approach is feasible for trie-lookup - which arranges the
policies based on string type resource values; for other resource types, trie can simply return
complete policy-list.


- Madhan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/#review198619
-----------------------------------------------------------


On March 1, 2018, 8:41 p.m., Madhan Neethiraj wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65854/
> -----------------------------------------------------------
> 
> (Updated March 1, 2018, 8:41 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, and Ramesh
Mani.
> 
> 
> Bugs: RANGER-1999
>     https://issues.apache.org/jira/browse/RANGER-1999
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Updated policy engine module to handle resources with multiple values
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 2835cddd

>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
2ee616a1 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
58004862 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
18bb1f44 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
9fcefbe0 
>   agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
415263ee 
>   agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
acd599a7 
>   agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
a7399eed 
>   agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
8183dedb 
>   agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
eab9dbc7 
>   agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
aad78340 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java f6c1e4d5

>   agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
bcd15779 
>   agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java
e2c7c270 
>   agents-common/src/test/resources/policyengine/test_policyengine_atlas.json PRE-CREATION

>   hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
e4eafc69 
>   ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
0008808e 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 5b7d0859 
> 
> 
> Diff: https://reviews.apache.org/r/65854/diff/2/
> 
> 
> Testing
> -------
> 
> - added unit tests to validate the enhancements
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message