-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72155/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Nitin Galave, Nixon Rodrigues, Ramesh Mani, Sailaja Polavarapu,
and Velmurugan Periasamy.
Bugs: RANGER-2735
https://issues.apache.org/jira/browse/RANGER-2735
Repository: ranger
Description
-------
**Problem Statement:** Currently RANGER-2734 patch does not add mentioned new
opertations in the older version of ranger having atlas ranger service def. If
anyone will upgrade his ranger from previous version to 2.1.0 then he won't
able to see the new operations in the atlas policies and default policies for
the new operations will not be added.
**Proposed Solution:** Proposed solution has a java patch J10034 which shall
add the new operations in the atlas service def and create default policy for
the mentioned operation in each service of atlas service def.
Diffs
-----
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 47618f6b3
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
e59e7de61
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
37ea61912
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
bd1c47cc4
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
22e1746f2
security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndNamespace_J10034.java
PRE-CREATION
Diff: https://reviews.apache.org/r/72155/diff/1/
Testing
-------
**Steps Performed (without patch):**
1. After mvn Build; untar the Ranger-2.0.0 module and updated
install.properties for MySQL DB flavor.
2. Called setup.sh to install Ranger-admin.
3. Started Ranger-admin.
4. Created atlas service in ranger-admin which has 5 default policies.
5. Stopped ranger-admin
**Steps Performed (with patch):**
1. After mvn Build; untar the Ranger-2.1.0 module and updated
install.properties for MySQL DB flavor with same settings used in previous step.
2. Executed setup.sh to install Ranger-admin.
3. Setup process should apply patch J10034 and create default
policies.(Referred ranger_db_patch.log file to see patch applied or not)
4. Started Ranger-admin.
5. Visited atlas service page in ranger-admin UI which has 2 new policies now.
one for the Label and another for the namespace.
6. Compared policy json with latest running Ranger admin(after commit of
RANGER-2734)
**Expected Behavior:**
1. Ranger installation should finish successfully and java patch J10035 should
get applied successfully.
2. Policy with name "all - entity-type, entity-classification, entity,
entity-label" should get created.
3. Policy with name "all - entity-type, entity-classification, entity,
entity-namespace" should get created.
**Actual Behavior: **
1. Ranger installation finished successfully and java patch J10035 was applied
successfully.
2. Policy with name "all - entity-type, entity-classification, entity,
entity-label" was created with 2 policy items.
first policy item was having "Add Label" and "Remove Label" access to user
'admin' and 'atlas' with delegated admin set to true.
second policy item was having "Read Entity" access to user 'rangertagsync'
and to group 'public' with delegated admin set to false
3. Policy with name "all - entity-type, entity-classification, entity,
entity-namespace" was created with 2 policy items.
first policy item was having "Add Label" and "Remove Label" access to user
'admin' and 'atlas' with delegated admin set to true.
second policy item was having "Read Entity" access to user 'rangertagsync'
and to group 'public' with delegated admin set to false
**Note:**
1. Patch has been tested only on MySQL DB Flavor.
2. New Policies will not be added in any security zone except the unzone one.
Thanks,
Pradeep Agrawal
