You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2017/10/13 09:49:05 UTC
Review Request 62969: RANGER-1832: Export REST API should return exact
matching results if polResource param is provided
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1832
https://issues.apache.org/jira/browse/RANGER-1832
Repository: ranger
Description
-------
**Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
Use Case :
1) Create a ranger hdfs policy with resource path /tmp/abcdefg
2) Call REST API to export policy for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
Expected Result: REST call should not return policy for resource /tmp/abcdefg
Actual Result: REST call is returning policy for resource /tmp/abcdefg
**Proposed Solution:**
Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource.
** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd
Diff: https://reviews.apache.org/r/62969/diff/1/
Testing
-------
**Steps Performed (with patch):**
1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor.
2. Called setup.sh to execute Ranger setup script.
3. Started Ranger admin.
**Steps for HDFS service:**
1. Created a hdfs service 'source_hadoop'.
2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
5. Called below given REST API to export policies for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
**Expected Behavior:**
Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
**Actual Behavior:**
Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).
---
**Steps for HIVE service:**
1. Created a hive service 'source_hive'.
2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
6. Called below given REST API to export policies for resource:database=default
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"
**Expected Behavior:**
Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).
**Actual Behavior:**
Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).
Thanks,
Pradeep Agrawal
Re: Review Request 62969: RANGER-1832: Export REST API should return
exact matching results if polResource param is provided
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/#review187949
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Oct. 13, 2017, 9:49 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62969/
> -----------------------------------------------------------
>
> (Updated Oct. 13, 2017, 9:49 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1832
> https://issues.apache.org/jira/browse/RANGER-1832
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
> Use Case :
> 1) Create a ranger hdfs policy with resource path /tmp/abcdefg
> 2) Call REST API to export policy for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
>
> Expected Result: REST call should not return policy for resource /tmp/abcdefg
> Actual Result: REST call is returning policy for resource /tmp/abcdefg
>
> **Proposed Solution:**
> Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource.
>
> ** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd
>
>
> Diff: https://reviews.apache.org/r/62969/diff/1/
>
>
> Testing
> -------
>
> **Steps Performed (with patch):**
> 1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor.
> 2. Called setup.sh to execute Ranger setup script.
> 3. Started Ranger admin.
>
> **Steps for HDFS service:**
> 1. Created a hdfs service 'source_hadoop'.
> 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
> 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
> 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
> 5. Called below given REST API to export policies for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
>
> **Expected Behavior:**
> Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
>
> **Actual Behavior:**
> Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).
>
> ---
>
> **Steps for HIVE service:**
> 1. Created a hive service 'source_hive'.
> 2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
> 3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
> 4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
> 5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
> 6. Called below given REST API to export policies for resource:database=default
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"
>
> **Expected Behavior:**
> Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).
>
> **Actual Behavior:**
> Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 62969: RANGER-1832: Export REST API should return
exact matching results if polResource param is provided
Posted by Gautam Borad <gb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/#review187950
-----------------------------------------------------------
Ship it!
Ship It!
- Gautam Borad
On Oct. 13, 2017, 9:49 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62969/
> -----------------------------------------------------------
>
> (Updated Oct. 13, 2017, 9:49 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1832
> https://issues.apache.org/jira/browse/RANGER-1832
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
> Use Case :
> 1) Create a ranger hdfs policy with resource path /tmp/abcdefg
> 2) Call REST API to export policy for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
>
> Expected Result: REST call should not return policy for resource /tmp/abcdefg
> Actual Result: REST call is returning policy for resource /tmp/abcdefg
>
> **Proposed Solution:**
> Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource.
>
> ** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd
>
>
> Diff: https://reviews.apache.org/r/62969/diff/1/
>
>
> Testing
> -------
>
> **Steps Performed (with patch):**
> 1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor.
> 2. Called setup.sh to execute Ranger setup script.
> 3. Started Ranger admin.
>
> **Steps for HDFS service:**
> 1. Created a hdfs service 'source_hadoop'.
> 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
> 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
> 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
> 5. Called below given REST API to export policies for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
>
> **Expected Behavior:**
> Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
>
> **Actual Behavior:**
> Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).
>
> ---
>
> **Steps for HIVE service:**
> 1. Created a hive service 'source_hive'.
> 2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
> 3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
> 4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
> 5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
> 6. Called below given REST API to export policies for resource:database=default
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"
>
> **Expected Behavior:**
> Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).
>
> **Actual Behavior:**
> Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).
>
>
> Thanks,
>
> Pradeep Agrawal
>
>