You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Siddhant Sontakke (Jira)" <ji...@apache.org> on 2023/04/14 13:54:00 UTC
[jira] [Comment Edited] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[ https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712259#comment-17712259 ]
Siddhant Sontakke edited comment on RANGER-4128 at 4/14/23 1:53 PM:
--------------------------------------------------------------------
[~fateh288] I tried to reproduce the issue but it worked fine for me.
Bellow are the steps can you check once and let me know if we need to do some additional steps to reproduce the issue.
1) Creating a new tag "TESTING"
*Request* -
[API - http://localhost:6080/service/public/v2/api/service/dev_hive/tags|http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
{*}Request Metho{*}d - PUT
*Request Body* -
{code:java}
{
"op":"add_or_update",
"tagVersion":0,
"tagDefinitions":{
"0":{
"name":"TESTING",
"source":"tabsource",
"attributeDefs":[
],
"id":0,
"isEnabled":true
}
},
"tags":{
"0":{
"type":"TESTING",
"owner":0,
"attributes":{
},
"id":0,
"isEnabled":true
}
},
"serviceResources":[
{
"resourceElements":{
"database":{
"values":[
"testdb"
],
"isExcludes":false,
"isRecursive":false
},
"table":{
"values":[
"test_table"
],
"isExcludes":false,
"isRecursive":false
},
"column":{
"values":[
"tid"
],
"isExcludes":false,
"isRecursive":false
}
},
"id":0,
"isEnabled":true
}
],
"resourceToTagIds":{
"0":[
0
]
}
}{code}
{{{}{}}}!image-2023-04-14-19-20-08-056.png|width=608,height=368!
*Response* - 204 Not Content
2) Checking whether the tag got pushed to ranger
*Request* -
[API - |http://localhost:6080/service/public/v2/api/service/dev_hive/tags] [http://localhost:6080/service/tags/download/dev_hive]
{*}Request Metho{*}d - GET
!image-2023-04-14-19-21-09-315.png|width=1281,height=264!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard I created tag based policy for TESTING tag.
!image-2023-04-14-19-22-01-270.png|width=610,height=302!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-19-22-28-641.png|width=612,height=301!
Here you can see user siddhant access TESTING tag resources successfully.
[~jai96] [~sneethiraj]
was (Author: JIRAUSER299722):
I did not found any issue with this scenario.
Steps i did :-
1) Put - [http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
context-type : application/json
Service file -
{{{}}
{{ "op":"add_or_update",}}
{{ "tagVersion":0,}}
{{ "tagDefinitions":{}}
{{ "0":{}}
{{ "name":"{*}TESTING{*}",}}
{{ "source":"privacera",}}
{{ "attributeDefs":[}}
{{ ],}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "tags":{}}
{{ "0":{}}
{{ "type":"{*}TESTING{*}",}}
{{ "owner":0,}}
{{ "attributes":{}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "serviceResources":[}}
{{ {}}
{{ "resourceElements":{}}
{{ "database":{}}
{{ "values":[}}
{{ "{*}testdb{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "table":{}}
{{ "values":[}}
{{ "{*}test_table{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "column":{}}
{{ "values":[}}
{{ "{*}tid{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ }}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ ],}}
{{ "resourceToTagIds":{}}
{{ "0":[}}
{{ 0}}
{{ ]}}
{{ }}}
{{}}}
!image-2023-04-14-12-59-13-128.png|width=827,height=506!
Here i got 204 Not Content
2) Get - [http://localhost:6080/service/tags/download/dev_hive]
!image-2023-04-14-13-01-11-416.png|width=851,height=532!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard i created tag based policy for TESTING tag.
!image-2023-04-14-13-22-07-588.png|width=905,height=444!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-13-43-58-983.png|width=711,height=341!
Here you can see user siddhant access TESTING tag resources successfully.
> serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
> -----------------------------------------------------------------------------------------------
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Fateh Singh
> Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png, image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png, image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png, image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png, image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png, image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204, status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.12.v20230209-e5c4074ef3): org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key (service_id, resource_signature)=(4, 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id, ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id, service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]' {code}
> How a serviceResource in the request look like to reproduce above scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature": "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature": "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)