Review Request 71945: RANGER-2682 : - Add new authorization privilege - "admin-purge" in Ranger-Atlas service.

Nixon Rodrigues Thu, 02 Jan 2020 04:27:30 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71945/
-----------------------------------------------------------


Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, 
Sarath Subramanian, Sidharth Mishra, and Velmurugan Periasamy.


Bugs: RANGER-2682
    https://issues.apache.org/jira/browse/RANGER-2682


Repository: ranger


Description
-------

Adding new authorization privilege - "admin-purge" in Ranger-Atlas service 
defination for Atlas Service resource.


Diffs
-----

  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
7a6f0b936 


Diff: https://reviews.apache.org/r/71945/diff/1/


Testing
-------

Updated atlas plugin service def using below curl call. "admin-purge" 
permission is seen in create policy UI for resource atlas-service.  


curl -i --header "Accept:application/json" -H "Content-Type: application/json" 
-u admin:admin123 -X PUT 
http://rangerhost:6080/service/plugins/definitions/{id} -d  
'{"id":15,"guid":"311a79b7-16f5-46f4-9829-a0224b9999c5","isEnabled":true,"createTime":1577434414072,"updateTime":1577434414072,"version":1,"name":"atlas","displayName":"atlas","implClass":"org.apache.ranger.services.atlas.RangerServiceAtlas","label":"Atlas
 Metadata Server","description":"Atlas Metadata 
Server","options":{"enableDenyAndExceptionsInPolicies":"true"},"configs":[{"itemId":1,"name":"username","type":"string","mandatory":true,"label":"Username"},{"itemId":2,"name":"password","type":"password","mandatory":true,"label":"Password"},{"itemId":3,"name":"atlas.rest.address","type":"string","mandatory":true,"defaultValue":"http://localhost:21000"},{"itemId":4,"name":"commonNameForCertificate","type":"string","mandatory":false,"label":"Common
 Name for Certificate"}],"resources":[{"itemId":1,"name":"type-category","type"
 
:"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type
 Catagory","description":"Type 
Catagory","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":3,"name":"entity-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity
 Type","description":"Entity 
Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":6,"name":"atlas-service","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions"
 :{"wildCard":"true","ignoreCase":"true"},"label":"Atlas 
Service","description":"Atlas 
Service","accessTypeRestrictions":["admin-import","admin-export","admin-purge"],"isValidLeaf":true},{"itemId":7,"name":"relationship-type","type":"string","level":10,"mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Relationship
 Type","description":"Relationship 
Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":8,"name":"end-one-entity-type","type":"string","level":20,"parent":"relationship-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
 Entity Type","description":"End1 Entity Type","accessTypeRest
 
rictions":[],"isValidLeaf":false},{"itemId":4,"name":"entity-classification","type":"string","level":20,"parent":"entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity
 Classification","description":"Entity 
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":2,"name":"type","type":"string","level":20,"parent":"type-category","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Type
 Name","description":"Type 
Name","accessTypeRestrictions":["type-create","type-delete","type-update"],"isValidLeaf":true},{"itemId":9,"name":"end-one-entity-classification","type":"string","level":3
 
0,"parent":"end-one-entity-type","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
 Entity Classification","description":"End1 Entity 
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":5,"name":"entity","type":"string","level":30,"parent":"entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"Entity
 ID","description":"Entity 
ID","accessTypeRestrictions":["entity-read","entity-create","entity-update","entity-delete","entity-remove-classification","entity-add-classification","entity-update-classification"],"isValidLeaf":true},{"itemId":10,"name":"end-one-entity","ty
 
pe":"string","level":40,"parent":"end-one-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End1
 Entity ID","description":"End1 Entity 
ID","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":11,"name":"end-two-entity-type","type":"string","level":50,"parent":"end-one-entity","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
 Entity Type","description":"End2 Entity 
Type","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":12,"name":"end-two-entity-classification","type":"string","level":60,"parent":"end-two-entity-type","mandatory":true,"lookupSupported":true,"recursiveS
 
upported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
 Entity Classification","description":"End2 Entity 
Classification","accessTypeRestrictions":[],"isValidLeaf":false},{"itemId":13,"name":"end-two-entity","type":"string","level":70,"parent":"end-two-entity-classification","mandatory":true,"lookupSupported":true,"recursiveSupported":false,"excludesSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":{"wildCard":"true","ignoreCase":"true"},"label":"End2
 Entity ID","description":"End2 Entity 
ID","accessTypeRestrictions":["remove-relationship","update-relationship","add-relationship"],"isValidLeaf":true}],"accessTypes":[{"itemId":1,"name":"type-create","label":"Create
 
Type","impliedGrants":[]},{"itemId":2,"name":"type-update","label":"UpdateType","impliedGrants":[]},{"itemId":3,"name":"t
 ype-delete","label":"Delete 
Type","impliedGrants":[]},{"itemId":4,"name":"entity-read","label":"Read 
Entity","impliedGrants":[]},{"itemId":5,"name":"entity-create","label":"Create 
Entity","impliedGrants":[]},{"itemId":6,"name":"entity-update","label":"Update 
Entity","impliedGrants":[]},{"itemId":7,"name":"entity-delete","label":"Delete 
Entity","impliedGrants":[]},{"itemId":8,"name":"entity-add-classification","label":"Add
 
Classification","impliedGrants":[]},{"itemId":9,"name":"entity-update-classification","label":"Update
 
Classification","impliedGrants":[]},{"itemId":10,"name":"entity-remove-classification","label":"Remove
 
Classification","impliedGrants":[]},{"itemId":11,"name":"admin-export","label":"Admin
 Export","impliedGrants":[]},{"itemId":12,"name":"admin-import","label":"Admin 
Import","impliedGrants":[]},{"itemId":13,"name":"add-relationship","label":"Add 
Relationship","impliedGrants":[]},{"itemId":14,"name":"update-relationship","label":"Update
 Relationship","impliedGrants":
 []},{"itemId":15,"name":"remove-relationship","label":"Remove 
Relationship","impliedGrants":[]},{"itemId":16,"name":"admin-purge","label":"Admin
 
Purge","impliedGrants":[]}],"policyConditions":[],"contextEnrichers":[],"enums":[],"dataMaskDef":{"maskTypes":[],"accessTypes":[],"resources":[]},"rowFilterDef":{"accessTypes":[],"resources":[]}}'


Thanks,

Nixon Rodrigues

Review Request 71945: RANGER-2682 : - Add new authorization privilege - "admin-purge" in Ranger-Atlas service.

Reply via email to