You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Velmurugan Periasamy <vp...@hortonworks.com> on 2017/05/26 12:03:40 UTC
Re: Review Request 59603: RANGER-1612 : When servicedef is accessed,
one of the properties "enableDenyAndExceptionsInPolicies" is returned
as "false" if there is no value set for it.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59603/#review176189
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On May 26, 2017, 11:36 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59603/
> -----------------------------------------------------------
>
> (Updated May 26, 2017, 11:36 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1612
> https://issues.apache.org/jira/browse/RANGER-1612
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** Problem Statement : **
> During the upgrade/migration of hive service def When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.
> Now, hive service def has changed (because URL as a resource is added to it). So when servicedef is updated, enableDenyPolicies property is updated in the database to be "false".
> this should not happen so migration script for service-def needs to check what the real value of this property (in the database) and preserve it across migration.
>
> ** Proposed Solution : **
> Read service-def using dao object before starting upgrade and preserve def_options field value.
> Let the upgrade happen as its working currently.
> Update the servicedef with def_options received before upgrade.
>
>
> Diffs
> -----
>
> NOTICE.txt 0cd1f15
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java e0c6a65
>
>
> Diff: https://reviews.apache.org/r/59603/diff/1/
>
>
> Testing
> -------
>
> **Without patch case:**
> Tried to reproduce the case in Ranger 0.7 and master branch without patch.
> in Ranger 0.7 installation found that hive servicedef def_options field is having value '{}', while in master branch fresh Ranger installation shows hive servicedef def_options field is having value '{"enableDenyAndExceptionsInPolicies":"false"}'; which should not be there.
>
> **With patch:**
> Ranger 0.7 and master branch Ranger both are having value '{}'
>
> **Other use cases tested :**
> If before upgrade servicedef def_options is having : { "key1", "value1" }; then after upgrade servicedef def_options should remain same.
>
> If before upgrade servicedef def_options is having { "key1", "value1", "enableDenyAndExceptionsInPolicies":"true" }; then after upgrade also servicedef def_options should remain same.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>