You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2020/06/26 10:55:41 UTC
Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
Bugs: RANGER-2821
https://issues.apache.org/jira/browse/RANGER-2821
Repository: ranger
Description
-------
This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
Also addded Java patch to handle upgrade scenerio for old ranger deployments
Diffs
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626
security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION
Diff: https://reviews.apache.org/r/72621/diff/1/
Testing
-------
Testing:-
Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
Upgrade case:-
Packaged Ranger-2.0.0 from release bits and installed and tested UI.
Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
Thanks,
Nixon Rodrigues
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
> On July 7, 2020, 3:57 a.m., Pradeep Agrawal wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java
> > Lines 39 (patched)
> > <https://reviews.apache.org/r/72621/diff/1/?file=2235021#file2235021line39>
> >
> > Can you review the changes done in patch https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65
> >
> >
> > I think this additional patch J10039 is not required. J10034 should address the required changes. if its not then you can add the required code change from J10039 to J10034.
> > Please review again and post analysis if there is any problem with adding the changes in J10034.
>
> Nixon Rodrigues wrote:
> Pradeep thanks for review.
>
> You are right that patch J10034 will handle the upgrade case, but since some internal snapshot deployments where java patch J10034 is already applied and admin-purge permission in accessTypeRestrictions is missing in serviceDef will need patch J10039.
>
> Let me know if you need any information for this patch.
>
> Pradeep Agrawal wrote:
> J10034 was introduced in current master branch(after 2.0.0 release) and 2.1.0 is not released yet. Hence it will be good to add the necessary changes in patch J10034 only.
>
> Only your local dev env may already have J10034, in that case you can refresh your database or rerun the patch manually to make it work.
Thanks Pradeep for review and your idea of reapplying patch makes sense. I have updated the patch to add "admin-purge" permission in accessTypeRestrictions which is missing in serviceDef
- Nixon
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/#review221141
-----------------------------------------------------------
On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72621/
> -----------------------------------------------------------
>
> (Updated June 26, 2020, 10:55 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2821
> https://issues.apache.org/jira/browse/RANGER-2821
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
>
> Also addded Java patch to handle upgrade scenerio for old ranger deployments
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72621/diff/1/
>
>
> Testing
> -------
>
> Testing:-
>
> Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
>
> Upgrade case:-
> Packaged Ranger-2.0.0 from release bits and installed and tested UI.
> Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
> On July 7, 2020, 3:57 a.m., Pradeep Agrawal wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java
> > Lines 39 (patched)
> > <https://reviews.apache.org/r/72621/diff/1/?file=2235021#file2235021line39>
> >
> > Can you review the changes done in patch https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65
> >
> >
> > I think this additional patch J10039 is not required. J10034 should address the required changes. if its not then you can add the required code change from J10039 to J10034.
> > Please review again and post analysis if there is any problem with adding the changes in J10034.
Pradeep thanks for review.
You are right that patch J10034 will handle the upgrade case, but since some internal snapshot deployments where java patch J10034 is already applied and admin-purge permission in accessTypeRestrictions is missing in serviceDef will need patch J10039.
Let me know if you need any information for this patch.
- Nixon
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/#review221141
-----------------------------------------------------------
On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72621/
> -----------------------------------------------------------
>
> (Updated June 26, 2020, 10:55 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2821
> https://issues.apache.org/jira/browse/RANGER-2821
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
>
> Also addded Java patch to handle upgrade scenerio for old ranger deployments
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72621/diff/1/
>
>
> Testing
> -------
>
> Testing:-
>
> Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
>
> Upgrade case:-
> Packaged Ranger-2.0.0 from release bits and installed and tested UI.
> Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/#review221141
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java
Lines 39 (patched)
<https://reviews.apache.org/r/72621/#comment309932>
Can you review the changes done in patch https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65
I think this additional patch J10039 is not required. J10034 should address the required changes. if its not then you can add the required code change from J10039 to J10034.
Please review again and post analysis if there is any problem with adding the changes in J10034.
- Pradeep Agrawal
On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72621/
> -----------------------------------------------------------
>
> (Updated June 26, 2020, 10:55 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2821
> https://issues.apache.org/jira/browse/RANGER-2821
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
>
> Also addded Java patch to handle upgrade scenerio for old ranger deployments
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72621/diff/1/
>
>
> Testing
> -------
>
> Testing:-
>
> Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
>
> Upgrade case:-
> Packaged Ranger-2.0.0 from release bits and installed and tested UI.
> Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/#review221081
-----------------------------------------------------------
Can you review the changes done in patch https://github.com/apache/ranger/blob/master/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java#L65
I think this additional patch J10039 is not required. J10034 should address the required changes. if its not then you can add the required code change from J10039 to J10034.
Please review again and post analysis if there is any problem with adding the changes in J10034.
- Pradeep Agrawal
On June 26, 2020, 10:55 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72621/
> -----------------------------------------------------------
>
> (Updated June 26, 2020, 10:55 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2821
> https://issues.apache.org/jira/browse/RANGER-2821
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
>
> Also addded Java patch to handle upgrade scenerio for old ranger deployments
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 832d650cf
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 4576e9677
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 6a0941ff6
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b663f3b02
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 695615626
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddAdminPurge_J10039.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72621/diff/1/
>
>
> Testing
> -------
>
> Testing:-
>
> Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
>
> Upgrade case:-
> Packaged Ranger-2.0.0 from release bits and installed and tested UI.
> Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/#review221229
-----------------------------------------------------------
Ship it!
Ship It!
- Pradeep Agrawal
On July 15, 2020, 11:21 a.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72621/
> -----------------------------------------------------------
>
> (Updated July 15, 2020, 11:21 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2821
> https://issues.apache.org/jira/browse/RANGER-2821
>
>
> Repository: ranger
>
>
> Description
> -------
>
> This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
>
> Also addded Java patch to handle upgrade scenerio for old ranger deployments
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
>
>
> Diff: https://reviews.apache.org/r/72621/diff/2/
>
>
> Testing
> -------
>
> Testing:-
>
> Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
>
> Upgrade case:-
> Packaged Ranger-2.0.0 from release bits and installed and tested UI.
> Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
>
>
> Thanks,
>
> Nixon Rodrigues
>
>
Re: Review Request 72621: RANGER-2821 :- Update ranger authorizer for
Atlas to add admin-purge and Java patch to handle upgrade.
Posted by Nixon Rodrigues <ni...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72621/
-----------------------------------------------------------
(Updated July 15, 2020, 11:21 a.m.)
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, and Velmurugan Periasamy.
Changes
-------
Handled review comments from Pradeep.
Bugs: RANGER-2821
https://issues.apache.org/jira/browse/RANGER-2821
Repository: ranger
Description
-------
This patch adds admin-purge permission into accessTypeRestrictions for atlas-service resource.
Also addded Java patch to handle upgrade scenerio for old ranger deployments
Diffs (updated)
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json f93d7282b
Diff: https://reviews.apache.org/r/72621/diff/2/
Changes: https://reviews.apache.org/r/72621/diff/1-2/
Testing
-------
Testing:-
Packaged Ranger 2.1.0 snapshot from master and installed and tested policy UI for Atlas - Able to see "Admin Purge" permission for atlas-service resource.
Upgrade case:-
Packaged Ranger-2.0.0 from release bits and installed and tested UI.
Packaged Ranger-2.1.0 from master and used same install.properties from 2.0.0 and executed setup.py and started Ranger. Able to see "Admin Purge" permission for atlas-service resource.
Thanks,
Nixon Rodrigues