You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Haoxiang Ma <mh...@gmail.com> on 2020/06/11 17:51:15 UTC
Review Request 72588: RANGER-2856: A policy should be deleted if it
has no policyItems
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-2856
https://issues.apache.org/jira/browse/RANGER-2856
Repository: ranger
Description
-------
A policy should be deleted if it has no policyItems
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9be61f2eb
Diff: https://reviews.apache.org/r/72588/diff/1/
Testing
-------
1.Compilation OK
2.Already used in production environment
Thanks,
Haoxiang Ma
Re: Review Request 72588: RANGER-2856: A policy should be deleted if
it has no policyItems
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/#review220999
-----------------------------------------------------------
Why you want to delete such policies. Can you give more details on your side use case or the problem you are facing here. Also there could be many users who want such policies as madhan explained above.
So if you really want this fix in your environment i would suggest to make it configurable through either approach:
1) At the service level through service config page and add a custom property there. if the value of that property is set to true then only your code shall delete the policy. by default property shall not be there so its value will be false and in that case policies should not be deleted.
or
2) The same configuration can be added at the application level in ranger-admin-default-site.xml and default value shall be false and in that case policies should not be deleted.
- Pradeep Agrawal
On June 11, 2020, 5:51 p.m., Haoxiang Ma wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72588/
> -----------------------------------------------------------
>
> (Updated June 11, 2020, 5:51 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2856
> https://issues.apache.org/jira/browse/RANGER-2856
>
>
> Repository: ranger
>
>
> Description
> -------
>
> A policy should be deleted if it has no policyItems
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9be61f2eb
>
>
> Diff: https://reviews.apache.org/r/72588/diff/1/
>
>
> Testing
> -------
>
> 1.Compilation OK
> 2.Already used in production environment
>
>
> Thanks,
>
> Haoxiang Ma
>
>
Re: Review Request 72588: RANGER-2856: A policy should be deleted if
it has no policyItems
Posted by Pradeep Agrawal <pr...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/#review221142
-----------------------------------------------------------
Ship it!
Ship It!
- Pradeep Agrawal
On July 2, 2020, 5:23 p.m., Bill Ricky wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72588/
> -----------------------------------------------------------
>
> (Updated July 2, 2020, 5:23 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2856
> https://issues.apache.org/jira/browse/RANGER-2856
>
>
> Repository: ranger
>
>
> Description
> -------
>
> A policy should be deleted if it has no policyItems
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 564a2e764
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 4862442c9
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 2a507dd8e
>
>
> Diff: https://reviews.apache.org/r/72588/diff/2/
>
>
> Testing
> -------
>
> 1.Compilation OK
> 2.Already used in production environment
>
>
> File Attachments
> ----------------
>
> RANGER-2856.patch
> https://reviews.apache.org/media/uploaded/files/2020/06/14/e6fee3bc-4d58-41e9-9efd-b07d0b47646e__RANGER-2856.patch
>
>
> Thanks,
>
> Bill Ricky
>
>
Re: Review Request 72588: RANGER-2856: A policy should be deleted if
it has no policyItems
Posted by Bill Ricky <mh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/
-----------------------------------------------------------
(Updated δΈζ 2, 2020, 5:23 p.m.)
Review request for ranger.
Bugs: RANGER-2856
https://issues.apache.org/jira/browse/RANGER-2856
Repository: ranger
Description
-------
A policy should be deleted if it has no policyItems
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 564a2e764
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 4862442c9
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 2a507dd8e
Diff: https://reviews.apache.org/r/72588/diff/2/
Changes: https://reviews.apache.org/r/72588/diff/1-2/
Testing
-------
1.Compilation OK
2.Already used in production environment
File Attachments
----------------
RANGER-2856.patch
https://reviews.apache.org/media/uploaded/files/2020/06/14/e6fee3bc-4d58-41e9-9efd-b07d0b47646e__RANGER-2856.patch
Thanks,
Bill Ricky
Re: Review Request 72588: RANGER-2856: A policy should be deleted if
it has no policyItems
Posted by Haoxiang Ma <mh...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/
-----------------------------------------------------------
(Updated ε
ζ 14, 2020, 3:05 p.m.)
Review request for ranger.
Bugs: RANGER-2856
https://issues.apache.org/jira/browse/RANGER-2856
Repository: ranger
Description
-------
A policy should be deleted if it has no policyItems
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9be61f2eb
Diff: https://reviews.apache.org/r/72588/diff/1/
Testing
-------
1.Compilation OK
2.Already used in production environment
File Attachments (updated)
----------------
RANGER-2856.patch
https://reviews.apache.org/media/uploaded/files/2020/06/14/e6fee3bc-4d58-41e9-9efd-b07d0b47646e__RANGER-2856.patch
Thanks,
Haoxiang Ma
Re: Review Request 72588: RANGER-2856: A policy should be deleted if
it has no policyItems
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72588/#review220997
-----------------------------------------------------------
The side effect is deleting such policies is potential skipping of audit logs for the resources covered by the policy i.e. if there is no audit-enabled policy that matches the accessed resource, Ranger plugins would not generate audit logs. I suggest to not delete policies having no items automatically.
- Madhan Neethiraj
On June 11, 2020, 5:51 p.m., Haoxiang Ma wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72588/
> -----------------------------------------------------------
>
> (Updated June 11, 2020, 5:51 p.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-2856
> https://issues.apache.org/jira/browse/RANGER-2856
>
>
> Repository: ranger
>
>
> Description
> -------
>
> A policy should be deleted if it has no policyItems
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9be61f2eb
>
>
> Diff: https://reviews.apache.org/r/72588/diff/1/
>
>
> Testing
> -------
>
> 1.Compilation OK
> 2.Already used in production environment
>
>
> Thanks,
>
> Haoxiang Ma
>
>