You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2017/05/26 11:36:03 UTC

Review Request 59603: RANGER-1612 : When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59603/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1612
    https://issues.apache.org/jira/browse/RANGER-1612


Repository: ranger


Description
-------

** Problem Statement : **
During the upgrade/migration of hive service def When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it. 
Now, hive service def has changed (because URL as a resource is added to it). So when servicedef is updated, enableDenyPolicies property is updated in the database to be "false".
this should not happen so migration script for service-def needs to check what the real value of this property (in the database) and preserve it across migration.

** Proposed Solution : **
Read service-def using dao object before starting upgrade and preserve def_options field value.
Let the upgrade happen as its working currently.
Update the servicedef with def_options received before upgrade.


Diffs
-----

  NOTICE.txt 0cd1f15 
  security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d 
  security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java e0c6a65 


Diff: https://reviews.apache.org/r/59603/diff/1/


Testing
-------

**Without patch case:**
Tried to reproduce the case in Ranger 0.7 and master branch without patch.
in Ranger 0.7 installation found that hive servicedef def_options field is having value '{}', while in master branch fresh Ranger installation shows hive servicedef def_options field is having value   '{"enableDenyAndExceptionsInPolicies":"false"}'; which should not be there.

**With patch:**
Ranger 0.7 and master branch Ranger both are having value '{}' 

**Other use cases tested :**
If before upgrade servicedef def_options is having : { "key1", "value1" }; then after upgrade servicedef def_options should remain same.

If before upgrade servicedef def_options is having { "key1", "value1", "enableDenyAndExceptionsInPolicies":"true" }; then after upgrade also servicedef def_options should remain same.


Thanks,

Pradeep Agrawal

Re: Review Request 59603: RANGER-1612 : When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59603/#review176189
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On May 26, 2017, 11:36 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59603/
> -----------------------------------------------------------
> 
> (Updated May 26, 2017, 11:36 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1612
>     https://issues.apache.org/jira/browse/RANGER-1612
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> ** Problem Statement : **
> During the upgrade/migration of hive service def When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it. 
> Now, hive service def has changed (because URL as a resource is added to it). So when servicedef is updated, enableDenyPolicies property is updated in the database to be "false".
> this should not happen so migration script for service-def needs to check what the real value of this property (in the database) and preserve it across migration.
> 
> ** Proposed Solution : **
> Read service-def using dao object before starting upgrade and preserve def_options field value.
> Let the upgrade happen as its working currently.
> Update the servicedef with def_options received before upgrade.
> 
> 
> Diffs
> -----
> 
>   NOTICE.txt 0cd1f15 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java e0c6a65 
> 
> 
> Diff: https://reviews.apache.org/r/59603/diff/1/
> 
> 
> Testing
> -------
> 
> **Without patch case:**
> Tried to reproduce the case in Ranger 0.7 and master branch without patch.
> in Ranger 0.7 installation found that hive servicedef def_options field is having value '{}', while in master branch fresh Ranger installation shows hive servicedef def_options field is having value   '{"enableDenyAndExceptionsInPolicies":"false"}'; which should not be there.
> 
> **With patch:**
> Ranger 0.7 and master branch Ranger both are having value '{}' 
> 
> **Other use cases tested :**
> If before upgrade servicedef def_options is having : { "key1", "value1" }; then after upgrade servicedef def_options should remain same.
> 
> If before upgrade servicedef def_options is having { "key1", "value1", "enableDenyAndExceptionsInPolicies":"true" }; then after upgrade also servicedef def_options should remain same.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 59603: RANGER-1612 : When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it.

Posted by Ankita Sinha <an...@freestoneinfotech.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59603/#review176190
-----------------------------------------------------------


Ship it!




Ship It!

- Ankita Sinha


On May 26, 2017, 11:36 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59603/
> -----------------------------------------------------------
> 
> (Updated May 26, 2017, 11:36 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1612
>     https://issues.apache.org/jira/browse/RANGER-1612
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> ** Problem Statement : **
> During the upgrade/migration of hive service def When servicedef is accessed, one of the properties "enableDenyAndExceptionsInPolicies" is returned as "false" if there is no value set for it. 
> Now, hive service def has changed (because URL as a resource is added to it). So when servicedef is updated, enableDenyPolicies property is updated in the database to be "false".
> this should not happen so migration script for service-def needs to check what the real value of this property (in the database) and preserve it across migration.
> 
> ** Proposed Solution : **
> Read service-def using dao object before starting upgrade and preserve def_options field value.
> Let the upgrade happen as its working currently.
> Update the servicedef with def_options received before upgrade.
> 
> 
> Diffs
> -----
> 
>   NOTICE.txt 0cd1f15 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java 7d6a23d 
>   security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10007.java e0c6a65 
> 
> 
> Diff: https://reviews.apache.org/r/59603/diff/1/
> 
> 
> Testing
> -------
> 
> **Without patch case:**
> Tried to reproduce the case in Ranger 0.7 and master branch without patch.
> in Ranger 0.7 installation found that hive servicedef def_options field is having value '{}', while in master branch fresh Ranger installation shows hive servicedef def_options field is having value   '{"enableDenyAndExceptionsInPolicies":"false"}'; which should not be there.
> 
> **With patch:**
> Ranger 0.7 and master branch Ranger both are having value '{}' 
> 
> **Other use cases tested :**
> If before upgrade servicedef def_options is having : { "key1", "value1" }; then after upgrade servicedef def_options should remain same.
> 
> If before upgrade servicedef def_options is having { "key1", "value1", "enableDenyAndExceptionsInPolicies":"true" }; then after upgrade also servicedef def_options should remain same.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>