You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Fateh Singh <fa...@gmail.com> on 2022/07/22 15:58:24 UTC

Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------

Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3836
    https://issues.apache.org/jira/browse/RANGER-3836


Repository: ranger


Description
-------

The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.

Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2


Diffs
-----

  intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36 
  intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733 
  security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521 


Diff: https://reviews.apache.org/r/74067/diff/1/


Testing
-------

Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using 
i) user with ROLE_USER and 
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users


Thanks,

Fateh Singh

Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/#review224602
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Lines 422 (patched)
<https://reviews.apache.org/r/74067/#comment313386>

    Instead of returning policyVersion, consider returning RangerServiceVersionInfo (a new class that mirrors XXServiceVersionInfo). This will enable the API to return following details:
     - policyVersion
     - policyUpdateTime
     - tagVersion
     - tagUpdateTime
     - roleVersion
     - roleUpdateTime
    
    This approach will also handle any details that might be added later.


- Madhan Neethiraj


On July 29, 2022, 9:38 p.m., Fateh Singh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74067/
> -----------------------------------------------------------
> 
> (Updated July 29, 2022, 9:38 p.m.)
> 
> 
> Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3836
>     https://issues.apache.org/jira/browse/RANGER-3836
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
> 
> Proposed Solution::
> 1) Introduced REST api for ServiceREST.java
> 2) Introduced corresponding REST api for PublicAPIsv2.java
> 3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
> 
> 
> Diffs
> -----
> 
>   intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36 
>   intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733 
>   security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521 
> 
> 
> Diff: https://reviews.apache.org/r/74067/diff/3/
> 
> 
> Testing
> -------
> 
> Tested this functionality by calling the created REST api using both java and python client.
> Scenarios tested -- get policy version using created API by authenticating using 
> i) user with ROLE_USER and 
> ii) user with ROLE_SYS_ADMIN.
> Was able to successfully get correct policy version for a given service for both the users
> 
> 
> File Attachments
> ----------------
> 
> 0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
>   https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
> 
> 
> Thanks,
> 
> Fateh Singh
> 
>

Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins

Posted by Fateh Singh <fa...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------

(Updated July 29, 2022, 9:38 p.m.)


Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Changed API endpoint to /services/policyVersion/{serviceName}


Bugs: RANGER-3836
    https://issues.apache.org/jira/browse/RANGER-3836


Repository: ranger


Description
-------

The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.

Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2


Diffs (updated)
-----

  intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36 
  intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733 
  security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521 


Diff: https://reviews.apache.org/r/74067/diff/2/

Changes: https://reviews.apache.org/r/74067/diff/1-2/


Testing
-------

Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using 
i) user with ROLE_USER and 
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users


File Attachments
----------------

0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
  https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch


Thanks,

Fateh Singh

Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins

Posted by Fateh Singh <fa...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------

(Updated July 28, 2022, 6:17 a.m.)


Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

Changed API endpoint


Bugs: RANGER-3836
    https://issues.apache.org/jira/browse/RANGER-3836


Repository: ranger


Description
-------

The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.

Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2


Diffs
-----

  intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36 
  intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733 
  security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521 


Diff: https://reviews.apache.org/r/74067/diff/1/


Testing
-------

Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using 
i) user with ROLE_USER and 
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users


File Attachments (updated)
----------------

0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
  https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch


Thanks,

Fateh Singh

Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins

Posted by Pradeep Agrawal <pr...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/#review224587
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Lines 419 (patched)
<https://reviews.apache.org/r/74067/#comment313382>

    Change the API to : 
    
    /api/services/policyVersion/{serviceName}
    
    or
    
    /api/services/service/policyVersion/{serviceName}


- Pradeep Agrawal


On July 22, 2022, 3:58 p.m., Fateh Singh wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74067/
> -----------------------------------------------------------
> 
> (Updated July 22, 2022, 3:58 p.m.)
> 
> 
> Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3836
>     https://issues.apache.org/jira/browse/RANGER-3836
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
> 
> Proposed Solution::
> 1) Introduced REST api for ServiceREST.java
> 2) Introduced corresponding REST api for PublicAPIsv2.java
> 3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
> 
> 
> Diffs
> -----
> 
>   intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36 
>   intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733 
>   security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521 
> 
> 
> Diff: https://reviews.apache.org/r/74067/diff/1/
> 
> 
> Testing
> -------
> 
> Tested this functionality by calling the created REST api using both java and python client.
> Scenarios tested -- get policy version using created API by authenticating using 
> i) user with ROLE_USER and 
> ii) user with ROLE_SYS_ADMIN.
> Was able to successfully get correct policy version for a given service for both the users
> 
> 
> Thanks,
> 
> Fateh Singh
> 
>