----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62969/#review187950 -----------------------------------------------------------
Ship it! Ship It! - Gautam Borad On Oct. 13, 2017, 9:49 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62969/ > ----------------------------------------------------------- > > (Updated Oct. 13, 2017, 9:49 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1832 > https://issues.apache.org/jira/browse/RANGER-1832 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** Currently, Export REST API returns partial matching > results also even if polResource param is provided. > Use Case : > 1) Create a ranger hdfs policy with resource path /tmp/abcdefg > 2) Call REST API to export policy for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"; > > Expected Result: REST call should not return policy for resource /tmp/abcdefg > Actual Result: REST call is returning policy for resource /tmp/abcdefg > > **Proposed Solution:** > Added a method in ServiceUtil.getMatchingPoliciesForResource() which shall > filter out partial matching resource policies according to given resource. > > ** Note :** Proposed solution is having support of only HDFS and Hive > service/resource type; support for other services can be added later. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java > 6864c5a > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 9330edd > > > Diff: https://reviews.apache.org/r/62969/diff/1/ > > > Testing > ------- > > **Steps Performed (with patch):** > 1. After mvn Build; untar the Ranger module and updated install.properties > for MySQL DB flavor. > 2. Called setup.sh to execute Ranger setup script. > 3. Started Ranger admin. > > **Steps for HDFS service:** > 1. Created a hdfs service 'source_hadoop'. > 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg > 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd > 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: > /tmp/abcd/file.txt > 5. Called below given REST API to export policies for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop&polResource=/tmp/abcd&resource:path=/tmp/abcd&serviceType=hdfs&resourceMatchScope=self_or_ancestor"; > > **Expected Behavior:** > Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which > are having resource /tmp/abcd and /tmp/abcd/file.txt respectively. > > **Actual Behavior:** > Returned JSON response was having only two policies(hdfs_policy2 and > hdfs_policy3). > > --- > > **Steps for HIVE service:** > 1. Created a hive service 'source_hive'. > 2. Created a ranger hive policy(hive_policy1) with > resource:database=default123,table=*,column=* > 3. Created a ranger hive policy(hive_policy2) with > resource:database=default,table=*,column=* > 4. Created a ranger hive datamask policy(hive_policy3) with > resource:database=default,table=table1,column=column1 > 5. Created a ranger hive rowlevel filter policy(hive_policy4) with > resource:database=default,table=table2 > 6. Called below given REST API to export policies for > resource:database=default > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive&polResource=default&resource:database=default&serviceType=hive&resourceMatchScope=self_or_ancestor"; > > **Expected Behavior:** > Above REST should return three policies(hive_policy2, hive_policy3 and > hive_policy4). > > **Actual Behavior:** > Returned JSON response was having only three policies(hive_policy2, > hive_policy3 and hive_policy4). > > > Thanks, > > Pradeep Agrawal > >
