----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74029/#review224517 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java Line 2495 (original), 2495 (patched) <https://reviews.apache.org/r/74029/#comment313266> Please review this line. Without this changes user is not getting created during patch execution, but user is created only after the patch execution fails or completes. Hence review this and please find if there will be any impact of this change. - Pradeep Agrawal On June 17, 2022, 11:41 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74029/ > ----------------------------------------------------------- > > (Updated June 17, 2022, 11:41 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3795 > https://issues.apache.org/jira/browse/RANGER-3795 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** During kafka policy porting to new db schema via java > patch PatchForMigratingOldRegimePolicyJson_J10046, it finds a kafka default > policy which has user kafka and rangerlookup in it. If these users do not > exist in ranger-admin then ranger policy porting to new schema may fail. > > Note: The issue is observed only when older version of ranger installation > does not have PatchForMigratingOldRegimePolicyJson_J10046 applied in it. > > **Proposed solution:** Earlier Ranger has restriction that policy user should > be created before policy creation, but in current version ranger policy > creation API can create the policy user if it does not exist in ranger db. > During the porting/migrating the ranger policy to new ranger db schema we can > add the same implementation to avoid any upgrade failure and make the ranger > upgrade step consistent with run time behavior. > > I have made similar changes in older patches also J10019 and J10033. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 4f2527223 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java > 9302c130f > > security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java > 74ea7b2c6 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java > 6dcf3f264 > > > Diff: https://reviews.apache.org/r/74029/diff/1/ > > > Testing > ------- > > 1) Installed ranger from 1.x branch build and created kafka service and > policy in it without the "kafka" or "rangerlookup" in the kafka service or > policy. > 2) Applied the patch on Apache ranger master branch, build and generate the > tar file. > 3) Untar the ranger admin and provide the same config which was used in > ranger 1.x version (refer step 1 above) > 4) Run the setup.sh script and it will apply all the java patches without any > failure. > 5) restart ranger-admin and check the kafka service policies. > > > Thanks, > > Pradeep Agrawal > >
