You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2016/05/24 09:48:18 UTC

Review Request 47762: RANGER-993 : Create and update call of column masking and row level filter policy is not generating transaction logs

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47762/
-----------------------------------------------------------

Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.

Bugs: RANGER-993
https://issues.apache.org/jira/browse/RANGER-993

Repository: ranger

Description
-------

**Problem Statement:**
There are few issues with the auditing of the row filtering and column masking
1) Editing of the row filter and column masking policy is not getting logged on Admin audit log
2) creation of the row filter and column masking policy is getting logged but its audit entry is not showing the allowed policy items.

**Proposed Solution:**
Enabled 'dataMaskPolicyItems' and 'rowFilterPolicyItems' field for transaction logs.
Added processDataMaskPolicyItemsForTrxLog() method to process transaction logs of Masked policy items.
Added processRowFilterPolicyItemForTrxLog() method to process transaction logs of Row level filtering policy item.
Added compareTwoDataMaskingPolicyItemList() method to compare the difference in Two Data masking policy items list.
Added compareTwoRowFilterPolicyItemList() method to compare the difference in two Row level filtering policy items list.
UI script has been added and updated to render row level filter and data masking policy items logs in tabular and readable format.

Diffs
-----

security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 7987057
security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 800eed7
security-admin/src/main/webapp/styles/xa.css f8e7273
security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html 5ed8d00
security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html d2a4f80

Diff: https://reviews.apache.org/r/47762/diff/

Testing
-------

**Case-1 : Create Data masking policy.**
Steps performed :
a) Created a masking policy 'my_mask_policy1' under a hive service.
b) Visited Audit menu-> Admin tab
Expected Result :
Create policy log of 'my_mask_policy1' should appear and clicking over that log should display details of 'my_mask_policy1'.
Actual Result : Was able to view policy log of 'my_mask_policy1' and details of 'my_mask_policy1' was displayed after clicking on row of 'my_mask_policy1' create log.
**Case-2 : Update Data masking policy.**
Steps performed :
a) Updated details of masking policy 'my_mask_policy1'.
b) Visited Audit menu-> Admin tab
Expected Result :
Update policy log of 'my_mask_policy1' should appear and clicking over that log should display difference of 'my_mask_policy1' before and after update snapshot.
Actual Result : Was able to view policy update log of 'my_mask_policy1' and difference of 'my_mask_policy1' was visible. additional changes was seen in green background while removed changed were in red background.
**Case-3 : Create Row level filtering policy.**
Steps performed :
a) Created a Row level filtering 'my_filter_policy1' under a hive service.
b) Visited Audit menu-> Admin tab
Expected Result :
Create policy log of 'my_filter_policy1' should appear and clicking over that log should display details of 'my_filter_policy1'.
Actual Result : Was able to view policy log of 'my_filter_policy1' and details of 'my_filter_policy1' was displayed after clicking on row of 'my_filter_policy1' create log.
**Case-4 : Update Data masking policy.**
Steps performed :
a) Updated details of masking policy 'my_filter_policy1'.
b) Visited Audit menu-> Admin tab
Expected Result :
Update policy log of 'my_filter_policy1' should appear and clicking over that log should display difference of 'my_filter_policy1' before and after update snapshot.
Actual Result : Was able to view policy update log of 'my_filter_policy1' and difference of 'my_filter_policy1' was visible. additional changes was seen in green background while removed changed were in red background.

Thanks,

Pradeep Agrawal

Re: Review Request 47762: RANGER-993 : Create and update call of column masking and row level filter policy is not generating transaction logs

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47762/#review134566
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On May 24, 2016, 11:57 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47762/
> -----------------------------------------------------------
> 
> (Updated May 24, 2016, 11:57 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-993
>     https://issues.apache.org/jira/browse/RANGER-993
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:**
> There are few issues with the auditing of the row filtering and column masking
> 1) Editing of the row filter and column masking policy is not getting logged on Admin audit log
> 2) creation of the row filter and column masking policy is getting logged but its audit entry is not showing the allowed policy items.
> 
> **Proposed Solution:**
> Enabled 'dataMaskPolicyItems' and 'rowFilterPolicyItems' field for transaction logs.
> Added processDataMaskPolicyItemsForTrxLog() method to process transaction logs of Masked policy items.
> Added processRowFilterPolicyItemForTrxLog() method to process transaction logs of Row level filtering policy item.
> Added compareTwoDataMaskingPolicyItemList() method to compare the difference in Two Data masking policy items list.
> Added compareTwoRowFilterPolicyItemList() method to compare the difference in two Row level filtering policy items list.
> UI script has been added and updated to render row level filter and data masking policy items logs in tabular and readable format.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 7987057 
>   security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 800eed7 
>   security-admin/src/main/webapp/styles/xa.css f8e7273 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html 5ed8d00 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html d2a4f80 
> 
> Diff: https://reviews.apache.org/r/47762/diff/
> 
> 
> Testing
> -------
> 
> **Case-1 : Create Data masking policy.**
> Steps performed : 
> a) Created a masking policy 'my_mask_policy1' under a hive service.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Create policy log of 'my_mask_policy1' should appear and clicking over that log should display details of 'my_mask_policy1'.
> Actual Result : Was able to view policy log of 'my_mask_policy1' and details of 'my_mask_policy1' was displayed after clicking on row of 'my_mask_policy1' create log.
> **Case-2 : Update Data masking policy.**
> Steps performed : 
> a) Updated details of masking policy 'my_mask_policy1'.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Update policy log of 'my_mask_policy1' should appear and clicking over that log should display difference of 'my_mask_policy1' before and after update snapshot.
> Actual Result : Was able to view policy update log of 'my_mask_policy1' and difference of 'my_mask_policy1' was visible. additional changes was seen in green background while removed changed were in red background.
> **Case-3 : Create Row level filtering policy.**
> Steps performed : 
> a) Created a Row level filtering 'my_filter_policy1' under a hive service.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Create policy log of 'my_filter_policy1' should appear and clicking over that log should display details of 'my_filter_policy1'.
> Actual Result : Was able to view policy log of 'my_filter_policy1' and details of 'my_filter_policy1' was displayed after clicking on row of 'my_filter_policy1' create log.
> **Case-4 : Update Data masking policy.**
> Steps performed : 
> a) Updated details of masking policy 'my_filter_policy1'.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Update policy log of 'my_filter_policy1' should appear and clicking over that log should display difference of 'my_filter_policy1' before and after update snapshot.
> Actual Result : Was able to view policy update log of 'my_filter_policy1' and difference of 'my_filter_policy1' was visible. additional changes was seen in green background while removed changed were in red background.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 47762: RANGER-993 : Create and update call of column masking and row level filter policy is not generating transaction logs

Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.

(Updated May 24, 2016, 11:57 a.m.)

Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.

Changes
-------

Addressed review comments

Bugs: RANGER-993
https://issues.apache.org/jira/browse/RANGER-993

Repository: ranger

Description
-------

Diffs (updated)
-----

Diff: https://reviews.apache.org/r/47762/diff/

Testing
-------

Thanks,

Pradeep Agrawal

Re: Review Request 47762: RANGER-993 : Create and update call of column masking and row level filter policy is not generating transaction logs

Posted by Madhan Neethiraj <ma...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47762/#review134562
-----------------------------------------------------------


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java (line 312)
<https://reviews.apache.org/r/47762/#comment199414>

    Update the comment: "denyExceptions" ==> "dataMaskPolicyItems"



security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java (line 316)
<https://reviews.apache.org/r/47762/#comment199415>

    Update the comment: "denyExceptions" ==> "rowFilterPolicyItems"


- Madhan Neethiraj


On May 24, 2016, 9:48 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47762/
> -----------------------------------------------------------
> 
> (Updated May 24, 2016, 9:48 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-993
>     https://issues.apache.org/jira/browse/RANGER-993
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:**
> There are few issues with the auditing of the row filtering and column masking
> 1) Editing of the row filter and column masking policy is not getting logged on Admin audit log
> 2) creation of the row filter and column masking policy is getting logged but its audit entry is not showing the allowed policy items.
> 
> **Proposed Solution:**
> Enabled 'dataMaskPolicyItems' and 'rowFilterPolicyItems' field for transaction logs.
> Added processDataMaskPolicyItemsForTrxLog() method to process transaction logs of Masked policy items.
> Added processRowFilterPolicyItemForTrxLog() method to process transaction logs of Row level filtering policy item.
> Added compareTwoDataMaskingPolicyItemList() method to compare the difference in Two Data masking policy items list.
> Added compareTwoRowFilterPolicyItemList() method to compare the difference in two Row level filtering policy items list.
> UI script has been added and updated to render row level filter and data masking policy items logs in tabular and readable format.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java 7987057 
>   security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js 800eed7 
>   security-admin/src/main/webapp/styles/xa.css f8e7273 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html 5ed8d00 
>   security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html d2a4f80 
> 
> Diff: https://reviews.apache.org/r/47762/diff/
> 
> 
> Testing
> -------
> 
> **Case-1 : Create Data masking policy.**
> Steps performed : 
> a) Created a masking policy 'my_mask_policy1' under a hive service.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Create policy log of 'my_mask_policy1' should appear and clicking over that log should display details of 'my_mask_policy1'.
> Actual Result : Was able to view policy log of 'my_mask_policy1' and details of 'my_mask_policy1' was displayed after clicking on row of 'my_mask_policy1' create log.
> **Case-2 : Update Data masking policy.**
> Steps performed : 
> a) Updated details of masking policy 'my_mask_policy1'.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Update policy log of 'my_mask_policy1' should appear and clicking over that log should display difference of 'my_mask_policy1' before and after update snapshot.
> Actual Result : Was able to view policy update log of 'my_mask_policy1' and difference of 'my_mask_policy1' was visible. additional changes was seen in green background while removed changed were in red background.
> **Case-3 : Create Row level filtering policy.**
> Steps performed : 
> a) Created a Row level filtering 'my_filter_policy1' under a hive service.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Create policy log of 'my_filter_policy1' should appear and clicking over that log should display details of 'my_filter_policy1'.
> Actual Result : Was able to view policy log of 'my_filter_policy1' and details of 'my_filter_policy1' was displayed after clicking on row of 'my_filter_policy1' create log.
> **Case-4 : Update Data masking policy.**
> Steps performed : 
> a) Updated details of masking policy 'my_filter_policy1'.
> b) Visited Audit menu-> Admin tab
> Expected Result :
> Update policy log of 'my_filter_policy1' should appear and clicking over that log should display difference of 'my_filter_policy1' before and after update snapshot.
> Actual Result : Was able to view policy update log of 'my_filter_policy1' and difference of 'my_filter_policy1' was visible. additional changes was seen in green background while removed changed were in red background.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>