You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2017/10/13 09:49:05 UTC

Review Request 62969: RANGER-1832: Export REST API should return exact matching results if polResource param is provided

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1832
    https://issues.apache.org/jira/browse/RANGER-1832


Repository: ranger


Description
-------

**Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
Use Case : 
1) Create a ranger hdfs policy with resource path /tmp/abcdefg
2) Call REST API to export policy for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"

Expected Result: REST call should not return policy for resource /tmp/abcdefg
Actual Result: REST call is returning policy for resource /tmp/abcdefg

**Proposed Solution:**
Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource. 

** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd 


Diff: https://reviews.apache.org/r/62969/diff/1/


Testing
-------

**Steps Performed (with patch):**
1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor. 
2. Called setup.sh to execute Ranger setup script. 
3. Started Ranger admin.

**Steps for HDFS service:**
1. Created a hdfs service 'source_hadoop'.
2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
5. Called below given REST API to export policies for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"

**Expected Behavior:**
Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.

**Actual Behavior:**
Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).

---

**Steps for HIVE service:**
1. Created a hive service 'source_hive'.
2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
6. Called below given REST API to export policies for resource:database=default
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"

**Expected Behavior:**
Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).

**Actual Behavior:**
Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).


Thanks,

Pradeep Agrawal

Re: Review Request 62969: RANGER-1832: Export REST API should return exact matching results if polResource param is provided

Posted by Velmurugan Periasamy <vp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/#review187949
-----------------------------------------------------------


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 13, 2017, 9:49 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62969/
> -----------------------------------------------------------
> 
> (Updated Oct. 13, 2017, 9:49 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1832
>     https://issues.apache.org/jira/browse/RANGER-1832
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
> Use Case : 
> 1) Create a ranger hdfs policy with resource path /tmp/abcdefg
> 2) Call REST API to export policy for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
> 
> Expected Result: REST call should not return policy for resource /tmp/abcdefg
> Actual Result: REST call is returning policy for resource /tmp/abcdefg
> 
> **Proposed Solution:**
> Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource. 
> 
> ** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd 
> 
> 
> Diff: https://reviews.apache.org/r/62969/diff/1/
> 
> 
> Testing
> -------
> 
> **Steps Performed (with patch):**
> 1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor. 
> 2. Called setup.sh to execute Ranger setup script. 
> 3. Started Ranger admin.
> 
> **Steps for HDFS service:**
> 1. Created a hdfs service 'source_hadoop'.
> 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
> 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
> 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
> 5. Called below given REST API to export policies for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
> 
> **Expected Behavior:**
> Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
> 
> **Actual Behavior:**
> Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).
> 
> ---
> 
> **Steps for HIVE service:**
> 1. Created a hive service 'source_hive'.
> 2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
> 3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
> 4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
> 5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
> 6. Called below given REST API to export policies for resource:database=default
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"
> 
> **Expected Behavior:**
> Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).
> 
> **Actual Behavior:**
> Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 62969: RANGER-1832: Export REST API should return exact matching results if polResource param is provided

Posted by Gautam Borad <gb...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/#review187950
-----------------------------------------------------------


Ship it!




Ship It!

- Gautam Borad


On Oct. 13, 2017, 9:49 a.m., Pradeep Agrawal wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62969/
> -----------------------------------------------------------
> 
> (Updated Oct. 13, 2017, 9:49 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1832
>     https://issues.apache.org/jira/browse/RANGER-1832
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement:** Currently, Export REST API returns partial matching results also even if polResource param is provided.
> Use Case : 
> 1) Create a ranger hdfs policy with resource path /tmp/abcdefg
> 2) Call REST API to export policy for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
> 
> Expected Result: REST call should not return policy for resource /tmp/abcdefg
> Actual Result: REST call is returning policy for resource /tmp/abcdefg
> 
> **Proposed Solution:**
> Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall filter out partial matching resource policies according to given resource. 
> 
> ** Note :** Proposed solution is having support of only HDFS and Hive service/resource type; support for other services can be added later.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 6864c5a 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd 
> 
> 
> Diff: https://reviews.apache.org/r/62969/diff/1/
> 
> 
> Testing
> -------
> 
> **Steps Performed (with patch):**
> 1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor. 
> 2. Called setup.sh to execute Ranger setup script. 
> 3. Started Ranger admin.
> 
> **Steps for HDFS service:**
> 1. Created a hdfs service 'source_hadoop'.
> 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
> 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
> 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt
> 5. Called below given REST API to export policies for resource path: /tmp/abcd
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"
> 
> **Expected Behavior:**
> Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
> 
> **Actual Behavior:**
> Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3).
> 
> ---
> 
> **Steps for HIVE service:**
> 1. Created a hive service 'source_hive'.
> 2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=*,column=*
> 3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=*,column=*
> 4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1
> 5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2
> 6. Called below given REST API to export policies for resource:database=default
> http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"
> 
> **Expected Behavior:**
> Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4).
> 
> **Actual Behavior:**
> Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4).
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>