-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62969/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam
Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan
Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1832
https://issues.apache.org/jira/browse/RANGER-1832
Repository: ranger
Description
-------
**Problem Statement:** Currently, Export REST API returns partial matching
results also even if polResource param is provided.
Use Case :
1) Create a ranger hdfs policy with resource path /tmp/abcdefg
2) Call REST API to export policy for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor";
Expected Result: REST call should not return policy for resource /tmp/abcdefg
Actual Result: REST call is returning policy for resource /tmp/abcdefg
**Proposed Solution:**
Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall
filter out partial matching resource policies according to given resource.
** Note :** Proposed solution is having support of only HDFS and Hive
service/resource type; support for other services can be added later.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
6864c5a
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9330edd
Diff: https://reviews.apache.org/r/62969/diff/1/
Testing
-------
**Steps Performed (with patch):**
1. After mvn Build; untar the Ranger module and updated install.properties for
MySQL DB flavor.
2. Called setup.sh to execute Ranger setup script.
3. Started Ranger admin.
**Steps for HDFS service:**
1. Created a hdfs service 'source_hadoop'.
2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg
3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd
4. Created a ranger hdfs policy(hdfs_policy3) with resource path:
/tmp/abcd/file.txt
5. Called below given REST API to export policies for resource path: /tmp/abcd
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor";
**Expected Behavior:**
Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are
having resource /tmp/abcd and /tmp/abcd/file.txt respectively.
**Actual Behavior:**
Returned JSON response was having only two policies(hdfs_policy2 and
hdfs_policy3).
---
**Steps for HIVE service:**
1. Created a hive service 'source_hive'.
2. Created a ranger hive policy(hive_policy1) with
resource:database=default123,table=*,column=*
3. Created a ranger hive policy(hive_policy2) with
resource:database=default,table=*,column=*
4. Created a ranger hive datamask policy(hive_policy3) with
resource:database=default,table=table1,column=column1
5. Created a ranger hive rowlevel filter policy(hive_policy4) with
resource:database=default,table=table2
6. Called below given REST API to export policies for resource:database=default
http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor";
**Expected Behavior:**
Above REST should return three policies(hive_policy2, hive_policy3 and
hive_policy4).
**Actual Behavior:**
Returned JSON response was having only three policies(hive_policy2,
hive_policy3 and hive_policy4).
Thanks,
Pradeep Agrawal
