[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712259#comment-17712259
]
Siddhant Sontakke edited comment on RANGER-4128 at 4/14/23 1:53 PM:
--------------------------------------------------------------------
[~fateh288] I tried to reproduce the issue but it worked fine for me.
Bellow are the steps can you check once and let me know if we need to do some
additional steps to reproduce the issue.
1) Creating a new tag "TESTING"
*Request* -
[API -
http://localhost:6080/service/public/v2/api/service/dev_hive/tags|http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
{*}Request Metho{*}d - PUT
*Request Body* -
{code:java}
{
"op":"add_or_update",
"tagVersion":0,
"tagDefinitions":{
"0":{
"name":"TESTING",
"source":"tabsource",
"attributeDefs":[
],
"id":0,
"isEnabled":true
}
},
"tags":{
"0":{
"type":"TESTING",
"owner":0,
"attributes":{
},
"id":0,
"isEnabled":true
}
},
"serviceResources":[
{
"resourceElements":{
"database":{
"values":[
"testdb"
],
"isExcludes":false,
"isRecursive":false
},
"table":{
"values":[
"test_table"
],
"isExcludes":false,
"isRecursive":false
},
"column":{
"values":[
"tid"
],
"isExcludes":false,
"isRecursive":false
}
},
"id":0,
"isEnabled":true
}
],
"resourceToTagIds":{
"0":[
0
]
}
}{code}
{{{}{}}}!image-2023-04-14-19-20-08-056.png|width=608,height=368!
*Response* - 204 Not Content
2) Checking whether the tag got pushed to ranger
*Request* -
[API - |http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
[http://localhost:6080/service/tags/download/dev_hive]
{*}Request Metho{*}d - GET
!image-2023-04-14-19-21-09-315.png|width=1281,height=264!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard I created tag based policy for TESTING tag.
!image-2023-04-14-19-22-01-270.png|width=610,height=302!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-19-22-28-641.png|width=612,height=301!
Here you can see user siddhant access TESTING tag resources successfully.
[~jai96] [~sneethiraj]
was (Author: JIRAUSER299722):
I did not found any issue with this scenario.
Steps i did :-
1) Put - [http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
context-type : application/json
Service file -
{{{}}
{{ "op":"add_or_update",}}
{{ "tagVersion":0,}}
{{ "tagDefinitions":{}}
{{ "0":{}}
{{ "name":"{*}TESTING{*}",}}
{{ "source":"privacera",}}
{{ "attributeDefs":[}}
{{ ],}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "tags":{}}
{{ "0":{}}
{{ "type":"{*}TESTING{*}",}}
{{ "owner":0,}}
{{ "attributes":{}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "serviceResources":[}}
{{ {}}
{{ "resourceElements":{}}
{{ "database":{}}
{{ "values":[}}
{{ "{*}testdb{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "table":{}}
{{ "values":[}}
{{ "{*}test_table{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "column":{}}
{{ "values":[}}
{{ "{*}tid{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ }}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ ],}}
{{ "resourceToTagIds":{}}
{{ "0":[}}
{{ 0}}
{{ ]}}
{{ }}}
{{}}}
!image-2023-04-14-12-59-13-128.png|width=827,height=506!
Here i got 204 Not Content
2) Get - [http://localhost:6080/service/tags/download/dev_hive]
!image-2023-04-14-13-01-11-416.png|width=851,height=532!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard i created tag based policy for TESTING tag.
!image-2023-04-14-13-22-07-588.png|width=905,height=444!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-13-43-58-983.png|width=711,height=341!
Here you can see user siddhant access TESTING tag resources successfully.
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> -----------------------------------------------------------------------------------------------
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Fateh Singh
> Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png,
> image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png,
> image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
