You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2020/10/31 00:42:37 UTC
Review Request 72997: RANGER-3065: RangerServiceResource model object
needs
to be enhanced to store/track any additional information about the resource
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/
-----------------------------------------------------------
Review request for ranger and Madhan Neethiraj.
Bugs: RANGER-3065
https://issues.apache.org/jira/browse/RANGER-3065
Repository: ranger
Description
-------
RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
Diff: https://reviews.apache.org/r/72997/diff/1/
Testing
-------
Thanks,
Abhay Kulkarni
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Madhan Neethiraj <ma...@apache.org>.
> On Oct. 31, 2020, 1:30 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java
> > Line 158 (original), 158 (patched)
> > <https://reviews.apache.org/r/72997/diff/1/?file=2241756#file2241756line158>
> >
> > Only resourceElements is currently handled by serializtation/deserialization; 'ownerName' field is not handled:-(
> >
> > I suggest to consider a DB patch, to update existing values in XXRMSServiceResource.serviceResourceElements column to hold following structure (instead of directly Map<String, RangerPolicyResource>):
> >
> >
> > public static StoredServiceResource implements java.io.Serializable {
> > private Map<String, RangerPolicyResource> resourceElements;
> > private String ownerName;
> > private Map<String, String> additonalInfo;
> > }
> >
> > This will help avoid parsing for SERVICE_RESOURCE_ADDITIONAL_INFO_DELIMITER_STRING during every read here after.
>
> Abhay Kulkarni wrote:
> Should this be done for the XXServiceResourceDao class as well? If so, a java patch will be equired to update more tables.
Updates to XXServiceResource can be handled in a separate patch. Given there could be large number of entries in this table, it might be useful to not perform migration, and handle it dynamically by looking for a prefix like "v2:" (similar to the current patch that looks for presence of RangerServiceResource.SERVICE_RESOURCE_ADDITIONAL_INFO_DELIMITER_STRING) :
String serializedStringFromDb = xxServiceResource.getServiceResourceElements();
if (serializedStringFromDb.beginsWith("v2:")) {
StoredServiceResource storedServiceResource = gsonBuilder.fromJson(serializedStringFromDb.substring("v2:".length, STORED_SERVICE_RESOURCE_TYPE);
ret.setResourceElements(storedServiceResource.getResourceElements());
ret.setOwnerName(storedServiceResource.getOwnerName());
ret.setAdditionalInfo(storedServiceResource.getAdditionalInfo());
} else {
Map<String, RangerPolicy.RangerPolicyResource> serviceResourceElements = gsonBuilder.fromJson(serializedStringFromDb, subsumedDataType);
ret.setResourceElements(serviceResourceElements);
}
While saving the data, add prefix "v2:"
- Madhan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/#review222153
-----------------------------------------------------------
On Oct. 31, 2020, 12:42 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72997/
> -----------------------------------------------------------
>
> (Updated Oct. 31, 2020, 12:42 a.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-3065
> https://issues.apache.org/jira/browse/RANGER-3065
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
> security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
>
>
> Diff: https://reviews.apache.org/r/72997/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
> On Oct. 31, 2020, 1:30 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java
> > Line 158 (original), 158 (patched)
> > <https://reviews.apache.org/r/72997/diff/1/?file=2241756#file2241756line158>
> >
> > Only resourceElements is currently handled by serializtation/deserialization; 'ownerName' field is not handled:-(
> >
> > I suggest to consider a DB patch, to update existing values in XXRMSServiceResource.serviceResourceElements column to hold following structure (instead of directly Map<String, RangerPolicyResource>):
> >
> >
> > public static StoredServiceResource implements java.io.Serializable {
> > private Map<String, RangerPolicyResource> resourceElements;
> > private String ownerName;
> > private Map<String, String> additonalInfo;
> > }
> >
> > This will help avoid parsing for SERVICE_RESOURCE_ADDITIONAL_INFO_DELIMITER_STRING during every read here after.
Should this be done for the XXServiceResourceDao class as well? If so, a java patch will be equired to update more tables.
- Abhay
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/#review222153
-----------------------------------------------------------
On Oct. 31, 2020, 12:42 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72997/
> -----------------------------------------------------------
>
> (Updated Oct. 31, 2020, 12:42 a.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-3065
> https://issues.apache.org/jira/browse/RANGER-3065
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
> security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
>
>
> Diff: https://reviews.apache.org/r/72997/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/#review222153
-----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
Lines 90 (patched)
<https://reviews.apache.org/r/72997/#comment311217>
Is it critical to return null when map is empty? If not, I suggest to return the value as is.
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java
Lines 110 (patched)
<https://reviews.apache.org/r/72997/#comment311218>
Is it critical to assign null when incoming map is empty? If not, I suggest to assign the value as is.
security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java
Line 158 (original), 158 (patched)
<https://reviews.apache.org/r/72997/#comment311219>
Only resourceElements is currently handled by serializtation/deserialization; 'ownerName' field is not handled:-(
I suggest to consider a DB patch, to update existing values in XXRMSServiceResource.serviceResourceElements column to hold following structure (instead of directly Map<String, RangerPolicyResource>):
public static StoredServiceResource implements java.io.Serializable {
private Map<String, RangerPolicyResource> resourceElements;
private String ownerName;
private Map<String, String> additonalInfo;
}
This will help avoid parsing for SERVICE_RESOURCE_ADDITIONAL_INFO_DELIMITER_STRING during every read here after.
- Madhan Neethiraj
On Oct. 31, 2020, 12:42 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72997/
> -----------------------------------------------------------
>
> (Updated Oct. 31, 2020, 12:42 a.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-3065
> https://issues.apache.org/jira/browse/RANGER-3065
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
> security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
>
>
> Diff: https://reviews.apache.org/r/72997/diff/1/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/#review222204
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On Nov. 13, 2020, 12:18 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72997/
> -----------------------------------------------------------
>
> (Updated Nov. 13, 2020, 12:18 a.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-3065
> https://issues.apache.org/jira/browse/RANGER-3065
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
> agents-common/src/main/java/org/apache/ranger/plugin/store/StoredServiceResource.java PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
>
>
> Diff: https://reviews.apache.org/r/72997/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Abhay Kulkarni
>
>
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/
-----------------------------------------------------------
(Updated Nov. 13, 2020, 12:18 a.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Moved StoredServiceResource class out of model class RangerServiceResource
Bugs: RANGER-3065
https://issues.apache.org/jira/browse/RANGER-3065
Repository: ranger
Description
-------
RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
agents-common/src/main/java/org/apache/ranger/plugin/store/StoredServiceResource.java PRE-CREATION
security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
Diff: https://reviews.apache.org/r/72997/diff/3/
Changes: https://reviews.apache.org/r/72997/diff/2-3/
Testing
-------
Thanks,
Abhay Kulkarni
Re: Review Request 72997: RANGER-3065: RangerServiceResource model
object
needs to be enhanced to store/track any additional information about the
resource
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72997/
-----------------------------------------------------------
(Updated Nov. 12, 2020, 10:10 p.m.)
Review request for ranger and Madhan Neethiraj.
Changes
-------
Updated per comments
Bugs: RANGER-3065
https://issues.apache.org/jira/browse/RANGER-3065
Repository: ranger
Description
-------
RangerServiceResource model class represents, in Ranger, an entity that may be authorized by Ranger. It is useful to have it store, in a generic way, any additional information that may be useful during authorization.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java bdd3e544c
security-admin/src/main/java/org/apache/ranger/db/XXRMSServiceResourceDao.java 8938e6df2
Diff: https://reviews.apache.org/r/72997/diff/2/
Changes: https://reviews.apache.org/r/72997/diff/1-2/
Testing
-------
Thanks,
Abhay Kulkarni