[
https://issues.apache.org/jira/browse/RANGER-4316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899740#comment-17899740
]
Vishal Bhavsar edited comment on RANGER-4316 at 11/20/24 12:34 PM:
-------------------------------------------------------------------
Hello [~madhan] ,
We were testing the usecase mentioned in the above description but encountered
issue for the path 3.
Below steps were performed during testing:
1) On apache master branch we set up Docker environment having Ranger & Hadoop
container.
2) Accessed ranger-hadoop container as "hdfs" user created directories.
command used to connect container : docker exec -u hdfs -it ranger-hadoop bash
command to create hdfs directories: hdfs dfs -mkdir -p /app/hive/default/test
3) Created hdfs allow policy as below, screenshot attached for policy.
Resource Path: /app/hive/ (Recursive: True)
user: hbase ; Permission: Read, Write, Execute
4) Now accessed ranger-hadoop container as "hbase" user and performed below
touch operation
hdfs dfs -touch /app/hive/file1.txt
Observed this touch operation is failing, as per our understanding this should
had been allowed via policy created at step 3.
Request to kindly review and confirm.
was (Author: JIRAUSER298660):
[~madhan]
We were testing the usecase mentioned in the above description but encountered
issue for the path 3.
Below steps were performed during testing:
1) On apache master branch we set up Docker environment having Ranger & Hadoop
container.
2) Accessed ranger-hadoop container as "hdfs" user created directories.
command used to connect container : docker exec -u hdfs -it ranger-hadoop bash
command to create hdfs directories: hdfs dfs -mkdir -p /app/hive/default/test
3) Created hdfs allow policy as below, screenshot attached for policy.
Resource Path: /app/hive/ (Recursive: True)
user: hbase ; Permission: Read, Write, Execute
4) Now accessed ranger-hadoop container as "hbase" user and performed below
touch operation
hdfs dfs -touch /app/hive/file1.txt
Observed this touch operation is failing, as per our understanding this should
had been allowed via policy created at step 3.
Request to kindly review and confirm.
> Path resource matcher handling of resource ending with separator
> ----------------------------------------------------------------
>
> Key: RANGER-4316
> URL: https://issues.apache.org/jira/browse/RANGER-4316
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Reporter: Madhan Neethiraj
> Assignee: Madhan Neethiraj
> Priority: Major
> Fix For: 3.0.0, 2.5.0
>
> Attachments: RANGER-4316.patch, Screenshot from 2024-11-20
> 18-02-50.png
>
>
> HDFS policy { path: /app/hive/, isRecursive: true } should match all paths
> given below:
> # {{/app/hive/default}}
> # {{/app/hive/default/test}}
> # {{/app/hive/}}
> However, the policy does not match for path #3 above. This needs to be
> reviewed and fixed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
