You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2020/01/02 12:26:37 UTC

Review Request 71945: RANGER-2682 : - Add new authorization privilege - "admin-purge" in Ranger-Atlas service.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71945/
-----------------------------------------------------------

Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, Sidharth Mishra, and Velmurugan Periasamy.


Bugs: RANGER-2682
    https://issues.apache.org/jira/browse/RANGER-2682


Repository: ranger


Description
-------

Adding new authorization privilege - "admin-purge" in Ranger-Atlas service defination for Atlas Service resource.


Diffs
-----

  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7a6f0b936 


Diff: https://reviews.apache.org/r/71945/diff/1/


Testing
-------

Updated atlas plugin service def using below curl call. "admin-purge" permission is seen in create policy UI for resource atlas-service.  


curl -i --header "Accept:application/json" -H "Content-Type: application/json" -u admin:admin123 -X PUT http://rangerhost:6080/service/plugins/definitions/{id} -d  '{"id":15,"guid":"311a79b7-16f5-46f4-9829-a0224b9999c5","isEnabled":true,"createTime":1577434414072,"updateTime":1577434414072,"version":1,"name":"atlas","displayName":"atlas","implClass":"org.apache.ranger.services.atlas.RangerServiceAtlas","label":"Atlas Metadata Server","description":"Atlas Metadata Server","options":{"enableDenyAndExceptionsInPolicies":"true"},"configs":[{"itemId":1,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":2,"name":"password","type":"password","mandatory":true,"label":"Password"},{"itemId":3,"name":"atlas.rest.address","type":"string","mandatory":true,"defaultValue":"http://localhost:21000"},{"itemId":4,"name":"commonNameForCertificate","type":"string","mandatory":false,"label":"Common Name for Certificate"}],"resources":[{"itemId":1,"name":"type-category","type"
 :"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Catagory","description":"Type Catagory","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":3,"name":"entity-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Type","description":"Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":6,"name":"atlas-service","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions"
 :{"wildCard":"true","ignoreCase":"true"},"label":"Atlas Service","description":"Atlas Service","accessTypeRestrictions":["admin-import","admin-export","admin-purge"],"isValidLeaf":true},{"itemId":7,"name":"relationship-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Relationship Type","description":"Relationship Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Type","description":"End1 Entity Type","accessTypeRest
 rictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Classification","description":"Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Name","description":"Type Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level":3
 0,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Classification","description":"End1 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity ID","description":"Entity ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","ty
 pe":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity ID","description":"End1 Entity ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Type","description":"End2 Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiveS
 upported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Classification","description":"End2 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity ID","description":"End2 Entity ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":"t
 ype-delete","label":"Delete Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update Relationship","impliedGrants":
 []},{"itemId":15,"name":"remove-relationship","label":"Remove Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'


Thanks,

Nixon Rodrigues

Re: Review Request 71945: RANGER-2682 : - Add new authorization privilege - "admin-purge" in Ranger-Atlas service.

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71945/#review219112
-----------------------------------------------------------



@Nixon - changes to service-def look good. To update service-def in existing deployments, please add a patch similar to PatchForKafkaServiceDefUpdate_J10025.

- Madhan Neethiraj


On Jan. 2, 2020, 12:26 p.m., Nixon Rodrigues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71945/
> -----------------------------------------------------------
> 
> (Updated Jan. 2, 2020, 12:26 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, Sidharth Mishra, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2682
>     https://issues.apache.org/jira/browse/RANGER-2682
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Adding new authorization privilege - "admin-purge" in Ranger-Atlas service defination for Atlas Service resource.
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7a6f0b936 
> 
> 
> Diff: https://reviews.apache.org/r/71945/diff/1/
> 
> 
> Testing
> -------
> 
> Updated atlas plugin service def using below curl call. "admin-purge" permission is seen in create policy UI for resource atlas-service.  
> 
> 
> curl -i --header "Accept:application/json" -H "Content-Type: application/json" -u admin:admin123 -X PUT http://rangerhost:6080/service/plugins/definitions/{id} -d  '{"id":15,"guid":"311a79b7-16f5-46f4-9829-a0224b9999c5","isEnabled":true,"createTime":1577434414072,"updateTime":1577434414072,"version":1,"name":"atlas","displayName":"atlas","implClass":"org.apache.ranger.services.atlas.RangerServiceAtlas","label":"Atlas Metadata Server","description":"Atlas Metadata Server","options":{"enableDenyAndExceptionsInPolicies":"true"},"configs":[{"itemId":1,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":2,"name":"password","type":"password","mandatory":true,"label":"Password"},{"itemId":3,"name":"atlas.rest.address","type":"string","mandatory":true,"defaultValue":"http://localhost:21000"},{"itemId":4,"name":"commonNameForCertificate","type":"string","mandatory":false,"label":"Common Name for Certificate"}],"resources":[{"itemId":1,"name":"type-category","typ
 e":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Catagory","description":"Type Catagory","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":3,"name":"entity-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Type","description":"Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":6,"name":"atlas-service","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOption
 s":{"wildCard":"true","ignoreCase":"true"},"label":"Atlas Service","description":"Atlas Service","accessTypeRestrictions":["admin-import","admin-export","admin-purge"],"isValidLeaf":true},{"itemId":7,"name":"relationship-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Relationship Type","description":"Relationship Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Type","description":"End1 Entity Type","accessTypeRe
 strictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Classification","description":"Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Name","description":"Type Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level"
 :30,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Classification","description":"End1 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity ID","description":"Entity ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","
 type":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity ID","description":"End1 Entity ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Type","description":"End2 Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiv
 eSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Classification","description":"End2 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity ID","description":"End2 Entity ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":
 "type-delete","label":"Delete Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update Relationship","impliedGrants
 ":[]},{"itemId":15,"name":"remove-relationship","label":"Remove Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>