You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Dineshkumar Yadav <di...@outlook.com> on 2021/06/24 07:18:29 UTC
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/
-----------------------------------------------------------
(Updated June 24, 2021, 7:18 a.m.)
Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
Bugs: RANGER-3259
https://issues.apache.org/jira/browse/RANGER-3259
Repository: ranger
Description
-------
Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
Similar observation was found for User & Group.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 6483bbe1d
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 50ab32f9b
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
Diff: https://reviews.apache.org/r/73432/diff/2/
Changes: https://reviews.apache.org/r/73432/diff/1-2/
Testing
-------
Testing Done
use case :1
Delete User when that user is present in ranger audit filters in some service plugin.
use case :2
Delete Group when that group is present in ranger audit filters in some service plugin.
use case :3
Delete Role when that role is present in ranger audit filters in some service plugin.
Thanks,
Dineshkumar Yadav
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Mehul Parikh <xs...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/#review223294
-----------------------------------------------------------
Ship it!
Ship It!
- Mehul Parikh
On July 29, 2021, 6:45 a.m., Dineshkumar Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73432/
> -----------------------------------------------------------
>
> (Updated July 29, 2021, 6:45 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
>
>
> Bugs: RANGER-3259
> https://issues.apache.org/jira/browse/RANGER-3259
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
> Similar observation was found for User & Group.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java df3fabb0b
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java a888d91ce
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
> security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
>
>
> Diff: https://reviews.apache.org/r/73432/diff/5/
>
>
> Testing
> -------
>
> Testing Done
> use case :1
> Delete User when that user is present in ranger audit filters in some service plugin.
> use case :2
> Delete Group when that group is present in ranger audit filters in some service plugin.
> use case :3
> Delete Role when that role is present in ranger audit filters in some service plugin.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/#review223291
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On July 29, 2021, 6:45 a.m., Dineshkumar Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73432/
> -----------------------------------------------------------
>
> (Updated July 29, 2021, 6:45 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
>
>
> Bugs: RANGER-3259
> https://issues.apache.org/jira/browse/RANGER-3259
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
> Similar observation was found for User & Group.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java df3fabb0b
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java a888d91ce
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
> security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
>
>
> Diff: https://reviews.apache.org/r/73432/diff/5/
>
>
> Testing
> -------
>
> Testing Done
> use case :1
> Delete User when that user is present in ranger audit filters in some service plugin.
> use case :2
> Delete Group when that group is present in ranger audit filters in some service plugin.
> use case :3
> Delete Role when that role is present in ranger audit filters in some service plugin.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Dineshkumar Yadav <di...@outlook.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/
-----------------------------------------------------------
(Updated July 29, 2021, 6:45 a.m.)
Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
Bugs: RANGER-3259
https://issues.apache.org/jira/browse/RANGER-3259
Repository: ranger
Description
-------
Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
Similar observation was found for User & Group.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java df3fabb0b
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java a888d91ce
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
Diff: https://reviews.apache.org/r/73432/diff/5/
Changes: https://reviews.apache.org/r/73432/diff/4-5/
Testing
-------
Testing Done
use case :1
Delete User when that user is present in ranger audit filters in some service plugin.
use case :2
Delete Group when that group is present in ranger audit filters in some service plugin.
use case :3
Delete Role when that role is present in ranger audit filters in some service plugin.
Thanks,
Dineshkumar Yadav
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Dineshkumar Yadav <di...@outlook.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/
-----------------------------------------------------------
(Updated July 8, 2021, 1:28 p.m.)
Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
Changes
-------
code changes to handle single audit filter item
Bugs: RANGER-3259
https://issues.apache.org/jira/browse/RANGER-3259
Repository: ranger
Description
-------
Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
Similar observation was found for User & Group.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 6483bbe1d
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 50ab32f9b
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
Diff: https://reviews.apache.org/r/73432/diff/4/
Changes: https://reviews.apache.org/r/73432/diff/3-4/
Testing
-------
Testing Done
use case :1
Delete User when that user is present in ranger audit filters in some service plugin.
use case :2
Delete Group when that group is present in ranger audit filters in some service plugin.
use case :3
Delete Role when that role is present in ranger audit filters in some service plugin.
Thanks,
Dineshkumar Yadav
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Dineshkumar Yadav <di...@outlook.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/
-----------------------------------------------------------
(Updated June 25, 2021, 6:33 a.m.)
Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
Bugs: RANGER-3259
https://issues.apache.org/jira/browse/RANGER-3259
Repository: ranger
Description
-------
Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
Similar observation was found for User & Group.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 6483bbe1d
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 50ab32f9b
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
Diff: https://reviews.apache.org/r/73432/diff/3/
Changes: https://reviews.apache.org/r/73432/diff/2-3/
Testing
-------
Testing Done
use case :1
Delete User when that user is present in ranger audit filters in some service plugin.
use case :2
Delete Group when that group is present in ranger audit filters in some service plugin.
use case :3
Delete Role when that role is present in ranger audit filters in some service plugin.
Thanks,
Dineshkumar Yadav
Re: Review Request 73432: RANGER-3259 : [Ranger Audit Filter] Ranger
role is allowed to delete, even if its used in audit filters
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73432/#review223190
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 5771 (patched)
<https://reviews.apache.org/r/73432/#comment312289>
Can this method be marked private?
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 5776 (patched)
<https://reviews.apache.org/r/73432/#comment312290>
Please consider having one return from this method.
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 5793 (patched)
<https://reviews.apache.org/r/73432/#comment312293>
If this method is always called with only one of removeUser/removeGroup/removeRole to be true, then consider replacing the signature of the method by replacing them with and enum {USER, GROUP, ROLE} for readability.
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 5838 (patched)
<https://reviews.apache.org/r/73432/#comment312291>
Please consider changing logging level to DEBUG.
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 5843 (patched)
<https://reviews.apache.org/r/73432/#comment312292>
Please consider changing logging level to DEBUG
- Abhay Kulkarni
On June 24, 2021, 7:18 a.m., Dineshkumar Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73432/
> -----------------------------------------------------------
>
> (Updated June 24, 2021, 7:18 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Vishal Suvagia.
>
>
> Bugs: RANGER-3259
> https://issues.apache.org/jira/browse/RANGER-3259
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Observed that we are able to delete ranger role, even if the role is used in ranger audit filters in some service plugin.
> Similar observation was found for User & Group.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 6483bbe1d
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 50ab32f9b
> security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 624232644
> security-admin/src/main/java/org/apache/ranger/db/XXServiceConfigMapDao.java 00d1a32b7
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3ef8ba32f
>
>
> Diff: https://reviews.apache.org/r/73432/diff/2/
>
>
> Testing
> -------
>
> Testing Done
> use case :1
> Delete User when that user is present in ranger audit filters in some service plugin.
> use case :2
> Delete Group when that group is present in ranger audit filters in some service plugin.
> use case :3
> Delete Role when that role is present in ranger audit filters in some service plugin.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>