https://github.com/apache/ranger
zift version 0.1.1
zift scan .
There's an entire section called RangerPolicy that is, as far as I can tell, a mechanism for building policy rules to be enforced by Ranger. Much of that should be a big "hey, this entire subsystem needs to be replaced" , but I only saw a couple of minor mentions in zift.
Ranger is doing a lot of things with a lot of different 3rd party systems, so it's probably infeasible to replace them all with OPA and Rego. But I'm surprised that zift didn't flag more of these subsystems as being authorization-related.
I've included some manual finds I did to identify potential sources of authorization, compared to what we got from zift.
ranger_authori_find.txt
ranger_polic_find.txt
ranger_priv_find.txt
ranger_zift.txt
https://github.com/apache/rangerzift version 0.1.1
zift scan .There's an entire section called RangerPolicy that is, as far as I can tell, a mechanism for building policy rules to be enforced by Ranger. Much of that should be a big "hey, this entire subsystem needs to be replaced" , but I only saw a couple of minor mentions in zift.
Ranger is doing a lot of things with a lot of different 3rd party systems, so it's probably infeasible to replace them all with OPA and Rego. But I'm surprised that zift didn't flag more of these subsystems as being authorization-related.
I've included some manual finds I did to identify potential sources of authorization, compared to what we got from zift.
ranger_authori_find.txt
ranger_polic_find.txt
ranger_priv_find.txt
ranger_zift.txt