You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Gautam Borad <gb...@gmail.com> on 2016/01/11 06:13:53 UTC
Review Request 42105: RANGER-806 : Java cli utility to delete users
from Ranger DB
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42105/
-----------------------------------------------------------
Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-806
https://issues.apache.org/jira/browse/RANGER-806
Repository: ranger
Description
-------
Problem Statement:
As of now, Delete Users feature is not available in Ranger UI.
Proposed Solution:
This JIRA provides, java utility patch that users can use to delete list of users from Ranger database. Utility can accept an input file which should have users need to be deleted and a replacing user, which shall be used to change references of deleted user. if replacing user does not exist or not provided then system shall pick one available user with role 'ROLE_SYS_ADMIN'.
After Ranger admin is installed successfully, User should be able to execute this command line utility by providing Driver jar file according to his Ranger DB Flavour.
A sample command need to be provided and documented so that user can execute them by changing path of Ranger Admin install dir, libraries and logs according to his environment.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java aaa4fa5
security-admin/src/main/java/org/apache/ranger/db/XXAuditMapDao.java 481e486
security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java 4c9bdc5
security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java ffc3c32
security-admin/src/main/java/org/apache/ranger/db/XXPermMapDao.java 23c5c48
security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java 40a0da1
security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java 393252c
security-admin/src/main/java/org/apache/ranger/db/XXPortalUserRoleDao.java 99d0fe2
security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java 2db6fd6
security-admin/src/main/java/org/apache/ranger/patch/cliutil/DeleteUserUtil.java PRE-CREATION
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 55c4f1c
Diff: https://reviews.apache.org/r/42105/diff/
Testing
-------
Steps performed (with patch) :
1. After Ranger installation, started Ranger admin and usersync to sync unix os users.
2. Created one input file and added user names from the list of synced users.
3. Executed below given command to delete users:
/usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/java -Dlogdir=/tmp/ranger-0.5.0-admin/ews/logs -Dlog4j.configuration=db_patch.log4j.xml -cp /tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/META-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar org.apache.ranger.patch.cliutil.DeleteUserUtil -f /tmp/user.txt -ru admin
Result/Behavior:
1. Browsed user/group page in Ranger Admin UI and found that users name added in user.txt are now not appearing in UI.
2. Picked a deleted user and Checked reference of that user in various ranger db tables, references were replaced with 'admin' user as it was given with '-ru' switch.
Thanks,
Gautam Borad
Re: Review Request 42105: RANGER-806 : Java cli utility to delete
users from Ranger DB
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42105/#review113903
-----------------------------------------------------------
Can you please update the JIRA with usecases for this utility? I see that the patch replaces existing references to the user being deleted with another user; there should be a better approach, like:
1) do not delete such users
2) set the references to null (or simply remove these users - if in policy)
3) set reference to a built-in user 'Unknown' (similar to 'public' group)
Also, this utility should support deleting groups as well.
- Madhan Neethiraj
On Jan. 11, 2016, 5:13 a.m., Gautam Borad wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42105/
> -----------------------------------------------------------
>
> (Updated Jan. 11, 2016, 5:13 a.m.)
>
>
> Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-806
> https://issues.apache.org/jira/browse/RANGER-806
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Problem Statement:
> As of now, Delete Users feature is not available in Ranger UI.
>
> Proposed Solution:
> This JIRA provides, java utility patch that users can use to delete list of users from Ranger database. Utility can accept an input file which should have users need to be deleted and a replacing user, which shall be used to change references of deleted user. if replacing user does not exist or not provided then system shall pick one available user with role 'ROLE_SYS_ADMIN'.
>
> After Ranger admin is installed successfully, User should be able to execute this command line utility by providing Driver jar file according to his Ranger DB Flavour.
>
> A sample command need to be provided and documented so that user can execute them by changing path of Ranger Admin install dir, libraries and logs according to his environment.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java aaa4fa5
> security-admin/src/main/java/org/apache/ranger/db/XXAuditMapDao.java 481e486
> security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java 4c9bdc5
> security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java ffc3c32
> security-admin/src/main/java/org/apache/ranger/db/XXPermMapDao.java 23c5c48
> security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java 40a0da1
> security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java 393252c
> security-admin/src/main/java/org/apache/ranger/db/XXPortalUserRoleDao.java 99d0fe2
> security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java 2db6fd6
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/DeleteUserUtil.java PRE-CREATION
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 55c4f1c
>
> Diff: https://reviews.apache.org/r/42105/diff/
>
>
> Testing
> -------
>
> Steps performed (with patch) :
> 1. After Ranger installation, started Ranger admin and usersync to sync unix os users.
> 2. Created one input file and added user names from the list of synced users.
> 3. Executed below given command to delete users:
> /usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/java -Dlogdir=/tmp/ranger-0.5.0-admin/ews/logs -Dlog4j.configuration=db_patch.log4j.xml -cp /tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/conf:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/META-INF/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/lib/*:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/:/tmp/ranger-0.5.0-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/mysql-connector-java.jar org.apache.ranger.patch.cliutil.DeleteUserUtil -f /tmp/user.txt -ru admin
>
> Result/Behavior:
> 1. Browsed user/group page in Ranger Admin UI and found that users name added in user.txt are now not appearing in UI.
> 2. Picked a deleted user and Checked reference of that user in various ranger db tables, references were replaced with 'admin' user as it was given with '-ru' switch.
>
>
> Thanks,
>
> Gautam Borad
>
>