From dev-return-19495-archive-asf-public=cust-asf.ponee.io@ranger.apache.org  Fri Oct  5 17:48:54 2018
Return-Path: <dev-return-19495-archive-asf-public=cust-asf.ponee.io@ranger.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 2558D180649
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  5 Oct 2018 17:48:53 +0200 (CEST)
Received: (qmail 74517 invoked by uid 500); 5 Oct 2018 15:48:53 -0000
Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ranger.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ranger.apache.org>
List-Post: <mailto:dev@ranger.apache.org>
List-Id: <dev.ranger.apache.org>
Reply-To: dev@ranger.apache.org
Delivered-To: mailing list dev@ranger.apache.org
Received: (qmail 74506 invoked by uid 99); 5 Oct 2018 15:48:52 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Oct 2018 15:48:52 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 35D83C7D89;
	Fri,  5 Oct 2018 15:48:52 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.95
X-Spam-Level:
X-Spam-Status: No, score=0.95 tagged_above=-999 required=6.31
	tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=2,
	KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id UmKDcMdeyOss; Fri,  5 Oct 2018 15:48:51 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 63A515F56E;
	Fri,  5 Oct 2018 15:48:50 +0000 (UTC)
Received: from reviews.apache.org (unknown [10.41.0.12])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id B1DA9E0101;
	Fri,  5 Oct 2018 15:48:49 +0000 (UTC)
Received: from reviews-vm2.apache.org (localhost [IPv6:::1])
	by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 84089C40542;
	Fri,  5 Oct 2018 15:48:49 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============8591044353897370151=="
MIME-Version: 1.0
Subject: Re: Review Request 68855: RANGER-2222: Apache RangerKafkaPlugin
 support to handle Kafka Cluster as a new resource
From: Ramesh Mani <rmani@hortonworks.com>
To: Velmurugan Periasamy <vperiasamy@hortonworks.com>,
 Madhan Neethiraj <madhan@apache.org>,
 Abhay Kulkarni <akulkarni@hortonworks.com>
Cc: Ramesh Mani <rmani@hortonworks.com>, ranger <dev@ranger.apache.org>
Date: Fri, 05 Oct 2018 15:48:49 -0000
Message-ID: <20181005154849.58433.49973@reviews-vm2.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: Ramesh Mani <noreply@reviews.apache.org>
X-ReviewGroup: ranger
X-Auto-Response-Suppress: DR, RN, OOF, AutoReply
X-ReviewRequest-URL: https://reviews.apache.org/r/68855/
X-Sender: Ramesh Mani <noreply@reviews.apache.org>
References: <20180928222729.7668.31214@reviews-vm2.apache.org>
In-Reply-To: <20180928222729.7668.31214@reviews-vm2.apache.org>
X-ReviewBoard-Diff-For: security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java
X-ReviewBoard-Diff-For: plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java
X-ReviewBoard-Diff-For: plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java
Reply-To: Ramesh Mani <rmani@hortonworks.com>
X-ReviewRequest-Repository: ranger

--===============8591044353897370151==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit



> On Sept. 28, 2018, 10:27 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json
> > Lines 41 (patched)
> > <https://reviews.apache.org/r/68855/diff/3/?file=2092726#file2092726line41>
> >
> >     Need to review the resource hierarchy for Kafka resources. Can cluster be modeled as parent of topic, with a subset of accesses allowed for it?

There is no hierarchy with it the resources of Kafka cluster.


- Ramesh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68855/#review209109
-----------------------------------------------------------


On Oct. 5, 2018, 3:43 p.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68855/
> -----------------------------------------------------------
> 
> (Updated Oct. 5, 2018, 3:43 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2222
>     https://issues.apache.org/jira/browse/RANGER-2222
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-2222: Apache RangerKafkaPlugin support to handle Kafka Cluster as a new resource
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json ca3e0fe 
>   plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuditHandler.java PRE-CREATION 
>   plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java eab869a 
>   plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java c1386fe 
>   plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java PRE-CREATION 
>   plugin-kafka/src/test/resources/kafka-policies.json 0c07604 
>   plugin-kafka/src/test/resources/kafka_kerberos.jaas 1de804b 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 3f23b00 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql bafdb96 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 2bc58ac 
>   security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 1b64eea 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 4a216fe 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10025.java PRE-CREATION 
>   src/main/assembly/plugin-kafka.xml 97ff8ad 
> 
> 
> Diff: https://reviews.apache.org/r/68855/diff/4/
> 
> 
> Testing
> -------
> 
> - This patch addresses "Cluster" and "DelegationToken" as resource in Ranger plugin.
> - Tested in local vm and added unit test for TopicCreation.
> - Upgrade patch tested for default policy creation for cluster and delegation token as resource.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>


--===============8591044353897370151==--