----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72155/#review220005 -----------------------------------------------------------
Ship it! Ship It! - Mehul Parikh On Feb. 21, 2020, 9:48 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72155/ > ----------------------------------------------------------- > > (Updated Feb. 21, 2020, 9:48 a.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Nitin Galave, Nixon Rodrigues, Ramesh Mani, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2735 > https://issues.apache.org/jira/browse/RANGER-2735 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** Currently RANGER-2734 and RANGER-2755 patch does not > add mentioned new opertations in the older version of ranger having atlas > ranger service def. If anyone will upgrade his ranger from previous version > to 2.1.0 then he won't able to see the new operations in the atlas policies > and default policies for the new operations will not be added. > > > **Proposed Solution:** Proposed solution has a java patch J10034 which shall > add the new operations in the atlas service def and create default policy for > the mentioned operation in each service of atlas service def. > > > Diffs > ----- > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 47618f6b3 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > e59e7de61 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 37ea61912 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > bd1c47cc4 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 22e1746f2 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddEntityLabelAndBusinessMetadata_J10034.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72155/diff/2/ > > > Testing > ------- > > **Steps Performed (without patch):** > 1. After mvn Build; untar the Ranger-2.0.0 module and updated > install.properties for MySQL DB flavor. > 2. Called setup.sh to install Ranger-admin. > 3. Started Ranger-admin. > 4. Created atlas service in ranger-admin which has 5 default policies. > 5. Stopped ranger-admin > > **Steps Performed (with patch):** > 1. After mvn Build; untar the Ranger-2.1.0 module and updated > install.properties for MySQL DB flavor with same settings used in previous > step. > 2. Executed setup.sh to install Ranger-admin. > 3. Setup process should apply patch J10034 and create default > policies.(Referred ranger_db_patch.log file to see patch applied or not) > 4. Started Ranger-admin. > 5. Visited atlas service page in ranger-admin UI which has 2 new policies > now. one for the Label and another for the business metadata. > 6. Compared policy json with latest running Ranger admin(after commit of > RANGER-2734) > > **Expected Behavior:** > 1. Ranger installation should finish successfully and java patch J10034 > should get applied successfully. > 2. Policy with name "all - entity-type, entity-classification, entity, > entity-label" should get created. > 3. Policy with name "all - entity-type, entity-classification, entity, > entity-business-metadata" should get created. > > **Actual Behavior: ** > 1. Ranger installation finished successfully and java patch J10034 was > applied successfully. > 2. Policy with name "all - entity-type, entity-classification, entity, > entity-label" was created with 2 policy items. > first policy item was having "Add Label" and "Remove Label" access to user > 'admin' and 'atlas' with delegated admin set to true. > second policy item was having "Read Entity" access to user 'rangertagsync' > and to group 'public' with delegated admin set to false > 3. Policy with name "all - entity-type, entity-classification, entity, > entity-business-metadata" was created with 2 policy items. > first policy item was having "Add Label" and "Remove Label" access to user > 'admin' and 'atlas' with delegated admin set to true. > second policy item was having "Read Entity" access to user 'rangertagsync' > and to group 'public' with delegated admin set to false > > **Note:** > 1. Patch has been tested only on MySQL DB Flavor. > 2. New Policies will not be added in any security zone except the unzone one. > > > Thanks, > > Pradeep Agrawal > >
