You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Nixon Rodrigues <ni...@freestoneinfotech.com> on 2020/01/02 12:26:37 UTC
Review Request 71945: RANGER-2682 : - Add new authorization privilege
- "admin-purge" in Ranger-Atlas service.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71945/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, Sidharth Mishra, and Velmurugan Periasamy.
Bugs: RANGER-2682
https://issues.apache.org/jira/browse/RANGER-2682
Repository: ranger
Description
-------
Adding new authorization privilege - "admin-purge" in Ranger-Atlas service defination for Atlas Service resource.
Diffs
-----
agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7a6f0b936
Diff: https://reviews.apache.org/r/71945/diff/1/
Testing
-------
Updated atlas plugin service def using below curl call. "admin-purge" permission is seen in create policy UI for resource atlas-service.
curl -i --header "Accept:application/json" -H "Content-Type: application/json" -u admin:admin123 -X PUT http://rangerhost:6080/service/plugins/definitions/{id} -d '{"id":15,"guid":"311a79b7-16f5-46f4-9829-a0224b9999c5","isEnabled":true,"createTime":1577434414072,"updateTime":1577434414072,"version":1,"name":"atlas","displayName":"atlas","implClass":"org.apache.ranger.services.atlas.RangerServiceAtlas","label":"Atlas Metadata Server","description":"Atlas Metadata Server","options":{"enableDenyAndExceptionsInPolicies":"true"},"configs":[{"itemId":1,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":2,"name":"password","type":"password","mandatory":true,"label":"Password"},{"itemId":3,"name":"atlas.rest.address","type":"string","mandatory":true,"defaultValue":"http://localhost:21000"},{"itemId":4,"name":"commonNameForCertificate","type":"string","mandatory":false,"label":"Common Name for Certificate"}],"resources":[{"itemId":1,"name":"type-category","type"
:"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Catagory","description":"Type Catagory","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":3,"name":"entity-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Type","description":"Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":6,"name":"atlas-service","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions"
:{"wildCard":"true","ignoreCase":"true"},"label":"Atlas Service","description":"Atlas Service","accessTypeRestrictions":["admin-import","admin-export","admin-purge"],"isValidLeaf":true},{"itemId":7,"name":"relationship-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Relationship Type","description":"Relationship Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Type","description":"End1 Entity Type","accessTypeRest
rictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Classification","description":"Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Name","description":"Type Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level":3
0,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Classification","description":"End1 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity ID","description":"Entity ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","ty
pe":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity ID","description":"End1 Entity ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Type","description":"End2 Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiveS
upported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Classification","description":"End2 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity ID","description":"End2 Entity ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":"t
ype-delete","label":"Delete Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update Relationship","impliedGrants":
[]},{"itemId":15,"name":"remove-relationship","label":"Remove Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'
Thanks,
Nixon Rodrigues
Re: Review Request 71945: RANGER-2682 : - Add new authorization
privilege - "admin-purge" in Ranger-Atlas service.
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71945/#review219112
-----------------------------------------------------------
@Nixon - changes to service-def look good. To update service-def in existing deployments, please add a patch similar to PatchForKafkaServiceDefUpdate_J10025.
- Madhan Neethiraj
On Jan. 2, 2020, 12:26 p.m., Nixon Rodrigues wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71945/
> -----------------------------------------------------------
>
> (Updated Jan. 2, 2020, 12:26 p.m.)
>
>
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sarath Subramanian, Sidharth Mishra, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2682
> https://issues.apache.org/jira/browse/RANGER-2682
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Adding new authorization privilege - "admin-purge" in Ranger-Atlas service defination for Atlas Service resource.
>
>
> Diffs
> -----
>
> agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7a6f0b936
>
>
> Diff: https://reviews.apache.org/r/71945/diff/1/
>
>
> Testing
> -------
>
> Updated atlas plugin service def using below curl call. "admin-purge" permission is seen in create policy UI for resource atlas-service.
>
>
> curl -i --header "Accept:application/json" -H "Content-Type: application/json" -u admin:admin123 -X PUT http://rangerhost:6080/service/plugins/definitions/{id} -d '{"id":15,"guid":"311a79b7-16f5-46f4-9829-a0224b9999c5","isEnabled":true,"createTime":1577434414072,"updateTime":1577434414072,"version":1,"name":"atlas","displayName":"atlas","implClass":"org.apache.ranger.services.atlas.RangerServiceAtlas","label":"Atlas Metadata Server","description":"Atlas Metadata Server","options":{"enableDenyAndExceptionsInPolicies":"true"},"configs":[{"itemId":1,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":2,"name":"password","type":"password","mandatory":true,"label":"Password"},{"itemId":3,"name":"atlas.rest.address","type":"string","mandatory":true,"defaultValue":"http://localhost:21000"},{"itemId":4,"name":"commonNameForCertificate","type":"string","mandatory":false,"label":"Common Name for Certificate"}],"resources":[{"itemId":1,"name":"type-category","typ
e":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Catagory","description":"Type Catagory","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":3,"name":"entity-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Type","description":"Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":6,"name":"atlas-service","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOption
s":{"wildCard":"true","ignoreCase":"true"},"label":"Atlas Service","description":"Atlas Service","accessTypeRestrictions":["admin-import","admin-export","admin-purge"],"isValidLeaf":true},{"itemId":7,"name":"relationship-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Relationship Type","description":"Relationship Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Type","description":"End1 Entity Type","accessTypeRe
strictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity Classification","description":"Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type Name","description":"Type Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level"
:30,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity Classification","description":"End1 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity ID","description":"Entity ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","
type":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1 Entity ID","description":"End1 Entity ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Type","description":"End2 Entity Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiv
eSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity Classification","description":"End2 Entity Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2 Entity ID","description":"End2 Entity ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":
"type-delete","label":"Delete Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update Relationship","impliedGrants
":[]},{"itemId":15,"name":"remove-relationship","label":"Remove Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'
>
>
> Thanks,
>
> Nixon Rodrigues
>
>