ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 69471: RANGER-2297: getContentSummary validation failure
Date Thu, 29 Nov 2018 18:32:35 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69471/
-----------------------------------------------------------

(Updated Nov. 29, 2018, 6:32 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
-------

Updated for generating no audit log records when authorizer is called for getContentSummary,
and using default authorizer for snapshots when authorizing getContentSummary.


Bugs: RANGER-2297
    https://issues.apache.org/jira/browse/RANGER-2297


Repository: ranger


Description
-------

Parameter values for authorization API call for getContentSummary have changed with fix for
HDFS-12130. This causes Ranger authorizer to fail.

Ranger authorizer needs to be updated to accommodate for NameNode changes in authorizing getContentSummary()
use-case. Here are the details of the proposed updates:

Ranger authorizer currently constructs the path to authorize from the given INodeAttributes
Ranger authorizer will use the following alternate approach to construct the path - only when
checkPermission() is called with single entry arrays for inodes and inodeAttributes parameters,
and the given inode has a parent.
– get path to authorize from the given inode by calling getFullPathName()
– if snapshotId != Snapshot.CURRENT_STATE_ID, remove "/.snapshot" from the path obtained
from getFullPathName()


Diffs (updated)
-----

  hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
65a397d09 


Diff: https://reviews.apache.org/r/69471/diff/2/

Changes: https://reviews.apache.org/r/69471/diff/1-2/


Testing
-------

Tested with local VM.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message