[jira] [Commented] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName

Fri, 14 Apr 2023 01:23:05 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712259#comment-17712259
 ] 

Siddhant Sontakke commented on RANGER-4128:
-------------------------------------------

I did not found any issue with this scenario.

Steps i did :-

1) Put  - [http://localhost:6080/service/public/v2/api/service/dev_hive/tags]

context-type : application/json

Service file - 
{{{}}
{{     "op":"add_or_update",}}
{{     "tagVersion":0,}}
{{     "tagDefinitions":{}}
{{          "0":{}}
{{               "name":"{*}TESTING{*}",}}
{{               "source":"privacera",}}
{{               "attributeDefs":[}}
 
{{                    ],}}
{{             "id":0,}}
{{             "isEnabled":true}}
{{          }}}
{{     },}}
{{     "tags":{}}
{{          "0":{}}
{{          "type":"{*}TESTING{*}",}}
{{          "owner":0,}}
{{          "attributes":{}}
 
{{               },}}
{{          "id":0,}}
{{          "isEnabled":true}}
{{               }}}
{{      },}}
{{     "serviceResources":[}}
{{          {}}
{{               "resourceElements":{}}
{{               "database":{}}
{{               "values":[}}
{{               "{*}testdb{*}"}}
{{               ],}}
{{               "isExcludes":false,}}
{{               "isRecursive":false}}
{{          },}}
{{     "table":{}}
{{          "values":[}}
{{          "{*}test_table{*}"}}
{{          ],}}
{{          "isExcludes":false,}}
{{          "isRecursive":false}}
{{     },}}
{{     "column":{}}
{{          "values":[}}
{{               "{*}tid{*}"}}
{{          ],}}
{{          "isExcludes":false,}}
{{          "isRecursive":false}}
{{          }}}
{{     },}}
{{     "id":0,}}
{{     "isEnabled":true}}
{{          }}}
{{     ],}}
{{     "resourceToTagIds":{}}
{{          "0":[}}
{{              0}}
{{          ]}}
{{     }}}
{{}}}
!image-2023-04-14-12-59-13-128.png|width=827,height=506!
Here i got 204 Not Content
2) Get - [http://localhost:6080/service/tags/download/dev_hive]
 
!image-2023-04-14-13-01-11-416.png|width=851,height=532!
Here you can see my tag is properly set for hive resources.
 
3) Now in ranger dashboard i created tag based policy for TESTING tag.
 
!image-2023-04-14-13-22-07-588.png|width=905,height=444!
Here i used TESTING tag successfully while creating new policy.
 
4) Audit Screenshoot : - 
!image-2023-04-14-13-43-58-983.png|width=711,height=341!
 
Here you can see user siddhant access TESTING tag resources successfully.

> serviceName, if not specified in the resource, should be taken from the 
> ServiceTags.serviceName
> -----------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4128
>                 URL: https://issues.apache.org/jira/browse/RANGER-4128
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Fateh Singh
>            Priority: Major
>         Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot 
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png, 
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png, 
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png, 
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same 
> set of resources gives the below error: 
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204, 
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence 
> Services - 2.7.12.v20230209-e5c4074ef3): 
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: 
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique 
> constraint "x_service_resource_idx_svc_id_resource_signature"\n  Detail: Key 
> (service_id, resource_signature)=(4, 
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already 
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id, 
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id, 
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]' 
> {code}
> How a serviceResource in the request look like to reproduce above 
> scenario/error:
> {code:java}
>   {
> "resourceElements": {
>     "database": {
>       ...
>     },
>     "column": {
>       ...
>     },
>     "table": {
>       ...
>     }
>   },
>   "resourceSignature": 
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
>   "id": 1,
>   "isEnabled": true,
>   "version": 2
>   } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the 
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
>   "serviceName":"dev_hive",
>   "resourceElements": {
>     "database": {
>       ...
>     },
>     "column": {
>       ...
>     },
>     "table": {
>       ...
>     }
>   },
>   "resourceSignature": 
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
>   "id": 1,
>   "isEnabled": true,
>   "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to