You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@gmail.com> on 2020/02/21 09:48:51 UTC
Review Request 72155: RANGER-2735: Update Atlas serviceDef for
upgrade case of RANGER-2734
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72155/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, Nixon Rodrigues, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-2735
https://issues.apache.org/jira/browse/RANGER-2735
Repository: ranger
Description
-------
**Problem Statement:** Currently RANGER-2734 patch does not add mentioned new opertations in the older version of ranger having atlas ranger service def. If anyone will upgrade his ranger from previous version to 2.1.0 then he won't able to see the new operations in the atlas policies and default policies for the new operations will not be added.
**Proposed Solution:** Proposed solution has a java patch J10034 which shall add the new operations in the atlas service def and create default policy for the mentioned operation in each service of atlas service def.
Diffs
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 47618f6b3
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql e59e7de61
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 37ea61912
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bd1c47cc4
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 22e1746f2
security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndNamespace_J10034.java PRE-CREATION
Diff: https://reviews.apache.org/r/72155/diff/1/
Testing
-------
**Steps Performed (without patch):**
1. After mvn Build; untar the Ranger-2.0.0 module and updated install.properties for MySQL DB flavor.
2. Called setup.sh to install Ranger-admin.
3. Started Ranger-admin.
4. Created atlas service in ranger-admin which has 5 default policies.
5. Stopped ranger-admin
**Steps Performed (with patch):**
1. After mvn Build; untar the Ranger-2.1.0 module and updated install.properties for MySQL DB flavor with same settings used in previous step.
2. Executed setup.sh to install Ranger-admin.
3. Setup process should apply patch J10034 and create default policies.(Referred ranger_db_patch.log file to see patch applied or not)
4. Started Ranger-admin.
5. Visited atlas service page in ranger-admin UI which has 2 new policies now. one for the Label and another for the namespace.
6. Compared policy json with latest running Ranger admin(after commit of RANGER-2734)
**Expected Behavior:**
1. Ranger installation should finish successfully and java patch J10035 should get applied successfully.
2. Policy with name "all - entity-type, entity-classification, entity, entity-label" should get created.
3. Policy with name "all - entity-type, entity-classification, entity, entity-namespace" should get created.
**Actual Behavior: **
1. Ranger installation finished successfully and java patch J10035 was applied successfully.
2. Policy with name "all - entity-type, entity-classification, entity, entity-label" was created with 2 policy items.
first policy item was having "Add Label" and "Remove Label" access to user 'admin' and 'atlas' with delegated admin set to true.
second policy item was having "Read Entity" access to user 'rangertagsync' and to group 'public' with delegated admin set to false
3. Policy with name "all - entity-type, entity-classification, entity, entity-namespace" was created with 2 policy items.
first policy item was having "Add Label" and "Remove Label" access to user 'admin' and 'atlas' with delegated admin set to true.
second policy item was having "Read Entity" access to user 'rangertagsync' and to group 'public' with delegated admin set to false
**Note:**
1. Patch has been tested only on MySQL DB Flavor.
2. New Policies will not be added in any security zone except the unzone one.
Thanks,
Pradeep Agrawal
Re: Review Request 72155: RANGER-2735: Update Atlas serviceDef for
upgrade case of RANGER-2734
Posted by Mehul Parikh <xs...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72155/#review220005
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On Feb. 21, 2020, 9:48 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72155/
> -----------------------------------------------------------
>
> (Updated Feb. 21, 2020, 9:48 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, Nixon Rodrigues, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-2735
> https://issues.apache.org/jira/browse/RANGER-2735
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** Currently RANGER-2734 and RANGER-2755 patch does not add mentioned new opertations in the older version of ranger having atlas ranger service def. If anyone will upgrade his ranger from previous version to 2.1.0 then he won't able to see the new operations in the atlas policies and default policies for the new operations will not be added.
>
>
> **Proposed Solution:** Proposed solution has a java patch J10034 which shall add the new operations in the atlas service def and create default policy for the mentioned operation in each service of atlas service def.
>
>
> Diffs
> -----
>
> security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 47618f6b3
> security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql e59e7de61
> security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 37ea61912
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql bd1c47cc4
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 22e1746f2
> security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/72155/diff/2/
>
>
> Testing
> -------
>
> **Steps Performed (without patch):**
> 1. After mvn Build; untar the Ranger-2.0.0 module and updated install.properties for MySQL DB flavor.
> 2. Called setup.sh to install Ranger-admin.
> 3. Started Ranger-admin.
> 4. Created atlas service in ranger-admin which has 5 default policies.
> 5. Stopped ranger-admin
>
> **Steps Performed (with patch):**
> 1. After mvn Build; untar the Ranger-2.1.0 module and updated install.properties for MySQL DB flavor with same settings used in previous step.
> 2. Executed setup.sh to install Ranger-admin.
> 3. Setup process should apply patch J10034 and create default policies.(Referred ranger_db_patch.log file to see patch applied or not)
> 4. Started Ranger-admin.
> 5. Visited atlas service page in ranger-admin UI which has 2 new policies now. one for the Label and another for the business metadata.
> 6. Compared policy json with latest running Ranger admin(after commit of RANGER-2734)
>
> **Expected Behavior:**
> 1. Ranger installation should finish successfully and java patch J10034 should get applied successfully.
> 2. Policy with name "all - entity-type, entity-classification, entity, entity-label" should get created.
> 3. Policy with name "all - entity-type, entity-classification, entity, entity-business-metadata" should get created.
>
> **Actual Behavior: **
> 1. Ranger installation finished successfully and java patch J10034 was applied successfully.
> 2. Policy with name "all - entity-type, entity-classification, entity, entity-label" was created with 2 policy items.
> first policy item was having "Add Label" and "Remove Label" access to user 'admin' and 'atlas' with delegated admin set to true.
> second policy item was having "Read Entity" access to user 'rangertagsync' and to group 'public' with delegated admin set to false
> 3. Policy with name "all - entity-type, entity-classification, entity, entity-business-metadata" was created with 2 policy items.
> first policy item was having "Add Label" and "Remove Label" access to user 'admin' and 'atlas' with delegated admin set to true.
> second policy item was having "Read Entity" access to user 'rangertagsync' and to group 'public' with delegated admin set to false
>
> **Note:**
> 1. Patch has been tested only on MySQL DB Flavor.
> 2. New Policies will not be added in any security zone except the unzone one.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>