Re: Review Request 58034: 'Ranger KMS' repo is not getting created in manual installation

Mon, 03 Apr 2017 10:14:40 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58034/#review170896
-----------------------------------------------------------


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
Lines 163 (patched)
<https://reviews.apache.org/r/58034/#comment243759>

    I think just the tag-name for the policy would be better - "EXPIRES_ON", 
instead of "expires_on-tag_policy"



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
Lines 2524 (patched)
<https://reviews.apache.org/r/58034/#comment243760>

    Consider excluding user names like {OWNER}, {USER} from here.


- Madhan Neethiraj


On March 31, 2017, 7:31 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58034/
> -----------------------------------------------------------
> 
> (Updated March 31, 2017, 7:31 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1482
>     https://issues.apache.org/jira/browse/RANGER-1482
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When KMS default policies are created as part of KMS repo creation, two 
> service users (defined by Ranger-Admin configuration variables in 
> ranger-admin-site.xml, viz ranger.kms.service.user.hdfs and 
> ranger.kms.service.user.hive) are expected to be pre-created. They are 
> precreated when Ranger is installed with Ambari. For manual installation of 
> Ranger, they may not have been pre-created before KMS repo is created. 
> 
> The fix is to parse default policies that need to be created to find any 
> users/groups that do not exist in Ranger, and create them before attempting 
> to create default policies.
> 
> 
> Diffs
> -----
> 
>   
> agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
>  4d6acda 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 2a9c003 
> 
> 
> Diff: https://reviews.apache.org/r/58034/diff/2/
> 
> 
> Testing
> -------
> 
> Provided non-existent user-names as values of ranger.kms.service.user.hdfs 
> and ranger.kms.service.user.hive configuration variables, and successfully 
> created a KMS repo. The users configured as ranger.kms.service.user.hdfs and 
> ranger.kms.service.user.hive were created in Ranger.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to