Review Request 74029: RANGER-3795: Fix java patch J10033 and J10046 failure

Fri, 17 Jun 2022 04:41:32 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74029/
-----------------------------------------------------------

Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan 
Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3795
    https://issues.apache.org/jira/browse/RANGER-3795


Repository: ranger


Description
-------

**Problem Statement:** During kafka policy porting to new db schema via java 
patch PatchForMigratingOldRegimePolicyJson_J10046,  it finds a kafka default 
policy which has user kafka and rangerlookup in it. If these users do not exist 
in ranger-admin then ranger policy porting to new schema may fail. 

Note: The issue is observed only when older version of ranger installation does 
not have PatchForMigratingOldRegimePolicyJson_J10046 applied in it.

**Proposed solution:** Earlier Ranger has restriction that policy user should 
be created before policy creation, but in current version ranger policy 
creation API can create the policy user if it does not exist in ranger db. 
During the porting/migrating the ranger policy to new ranger db schema we can 
add the same implementation to avoid any upgrade failure and make the ranger 
upgrade step consistent with run time behavior. 

I have made similar changes in older patches also J10019 and J10033.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 4f2527223 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
 9302c130f 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
 74ea7b2c6 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
 6dcf3f264 


Diff: https://reviews.apache.org/r/74029/diff/1/


Testing
-------

1) Installed ranger from 1.x branch build and created kafka service and policy 
in it without the "kafka" or "rangerlookup" in the kafka service or policy.
2) Applied the patch on Apache ranger master branch, build and generate the tar 
file.
3) Untar the ranger admin and provide the same config which was used in ranger 
1.x version (refer step 1 above)
4) Run the setup.sh script and it will apply all the java patches without any 
failure.
5) restart ranger-admin and check the kafka service policies.


Thanks,

Pradeep Agrawal

Reply via email to