You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Fateh Singh <fa...@gmail.com> on 2022/07/22 15:58:24 UTC
Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------
Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3836
https://issues.apache.org/jira/browse/RANGER-3836
Repository: ranger
Description
-------
The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
Diffs
-----
intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36
intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521
Diff: https://reviews.apache.org/r/74067/diff/1/
Testing
-------
Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using
i) user with ROLE_USER and
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users
Thanks,
Fateh Singh
Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/#review224602
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Lines 422 (patched)
<https://reviews.apache.org/r/74067/#comment313386>
Instead of returning policyVersion, consider returning RangerServiceVersionInfo (a new class that mirrors XXServiceVersionInfo). This will enable the API to return following details:
- policyVersion
- policyUpdateTime
- tagVersion
- tagUpdateTime
- roleVersion
- roleUpdateTime
This approach will also handle any details that might be added later.
- Madhan Neethiraj
On July 29, 2022, 9:38 p.m., Fateh Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74067/
> -----------------------------------------------------------
>
> (Updated July 29, 2022, 9:38 p.m.)
>
>
> Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3836
> https://issues.apache.org/jira/browse/RANGER-3836
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
>
> Proposed Solution::
> 1) Introduced REST api for ServiceREST.java
> 2) Introduced corresponding REST api for PublicAPIsv2.java
> 3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
>
>
> Diffs
> -----
>
> intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36
> intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521
>
>
> Diff: https://reviews.apache.org/r/74067/diff/3/
>
>
> Testing
> -------
>
> Tested this functionality by calling the created REST api using both java and python client.
> Scenarios tested -- get policy version using created API by authenticating using
> i) user with ROLE_USER and
> ii) user with ROLE_SYS_ADMIN.
> Was able to successfully get correct policy version for a given service for both the users
>
>
> File Attachments
> ----------------
>
> 0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
> https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
>
>
> Thanks,
>
> Fateh Singh
>
>
Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins
Posted by Fateh Singh <fa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------
(Updated July 29, 2022, 9:38 p.m.)
Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Changed API endpoint to /services/policyVersion/{serviceName}
Bugs: RANGER-3836
https://issues.apache.org/jira/browse/RANGER-3836
Repository: ranger
Description
-------
The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
Diffs (updated)
-----
intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36
intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521
Diff: https://reviews.apache.org/r/74067/diff/2/
Changes: https://reviews.apache.org/r/74067/diff/1-2/
Testing
-------
Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using
i) user with ROLE_USER and
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users
File Attachments
----------------
0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
Thanks,
Fateh Singh
Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins
Posted by Fateh Singh <fa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/
-----------------------------------------------------------
(Updated July 28, 2022, 6:17 a.m.)
Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Changed API endpoint
Bugs: RANGER-3836
https://issues.apache.org/jira/browse/RANGER-3836
Repository: ranger
Description
-------
The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
Proposed Solution::
1) Introduced REST api for ServiceREST.java
2) Introduced corresponding REST api for PublicAPIsv2.java
3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
Diffs
-----
intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36
intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521
Diff: https://reviews.apache.org/r/74067/diff/1/
Testing
-------
Tested this functionality by calling the created REST api using both java and python client.
Scenarios tested -- get policy version using created API by authenticating using
i) user with ROLE_USER and
ii) user with ROLE_SYS_ADMIN.
Was able to successfully get correct policy version for a given service for both the users
File Attachments (updated)
----------------
0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
https://reviews.apache.org/media/uploaded/files/2022/07/28/e7777890-250b-43d4-9a6f-f6c7830d54ea__0001-RANGER-3836-REST-API-to-get-policy-version-for-a-giv.patch
Thanks,
Fateh Singh
Re: Review Request 74067: RANGER-3836 Support getting the service version for a service, or allow rangerClient.getService() to return policyVersion for non-admins
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74067/#review224587
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
Lines 419 (patched)
<https://reviews.apache.org/r/74067/#comment313382>
Change the API to :
/api/services/policyVersion/{serviceName}
or
/api/services/service/policyVersion/{serviceName}
- Pradeep Agrawal
On July 22, 2022, 3:58 p.m., Fateh Singh wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74067/
> -----------------------------------------------------------
>
> (Updated July 22, 2022, 3:58 p.m.)
>
>
> Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3836
> https://issues.apache.org/jira/browse/RANGER-3836
>
>
> Repository: ranger
>
>
> Description
> -------
>
> The policy version for a service can be retrieved from the /service/plugins/services/<serviceID> Ranger REST endpoint. We make a GET call to this endpoint and read the policyVersion json field in the response. For Ozone multi-tenancy, we use this to detect whether changes have been made to Ranger that require us to check for divergence. It would be helpful for our use case if this operation were supported by the Ranger Client, so we did not need to set up security and manually make the REST call for this information.
>
> Proposed Solution::
> 1) Introduced REST api for ServiceREST.java
> 2) Introduced corresponding REST api for PublicAPIsv2.java
> 3) Introduced python and java client in the the intg module to interact with the PublicAPIsv2
>
>
> Diffs
> -----
>
> intg/src/main/java/org/apache/ranger/RangerClient.java f92116d36
> intg/src/main/python/apache_ranger/client/ranger_client.py 85f66a43e
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 18d52fea3
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b79188733
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 18afe8521
>
>
> Diff: https://reviews.apache.org/r/74067/diff/1/
>
>
> Testing
> -------
>
> Tested this functionality by calling the created REST api using both java and python client.
> Scenarios tested -- get policy version using created API by authenticating using
> i) user with ROLE_USER and
> ii) user with ROLE_SYS_ADMIN.
> Was able to successfully get correct policy version for a given service for both the users
>
>
> Thanks,
>
> Fateh Singh
>
>