----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75084/#review226674 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On July 12, 2024, 11:16 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75084/ > ----------------------------------------------------------- > > (Updated July 12, 2024, 11:16 p.m.) > > > Review request for ranger, madhan, Madhan Neethiraj, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-4852 > https://issues.apache.org/jira/browse/RANGER-4852 > > > Repository: ranger > > > Description > ------- > > When tags are de-duplicated and tag deltas are enabled, multiple tagged > entities point to the same base tag object. Removing tag association from any > of the tagged entities may cause all entities to lose their associations with > the base tag. > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminTagRetriever.java > b2b7d5f71 > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerFileBasedTagRetriever.java > 2a3643399 > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java > 0208e6892 > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagRetriever.java > d7c737525 > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceTags.java > 59288f7d5 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCommonConstants.java > 23689790d > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerServiceTagsDeltaUtil.java > f2e68aed9 > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java > 39110357d > security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java > 9ecbb14ac > > security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java > 2aecc4388 > > > Diff: https://reviews.apache.org/r/75084/diff/2/ > > > Testing > ------- > > Passed all unit tests. > > Tested the following scenario in the cluster: > > Create a table in Hive, table_1 > > 1. Create table table_1(c0 int); > 2. Create a tag > 3. Associate the tag to table_1 > 3. Create a table in Hive, table_2 as below > 4. Create table table_2(c0 int); > 5. Associate the same tag to table_2. > 5. Create a tag policy in Ranger, on tag tag_1, allowing "Select", "Update", > "Create", "Drop", "Alter", "Index", "All" permissions to another test user, > say hrt_21. > 6. As hrt_21 user, run the following queries > > select * from table_1; > select * from table_2; > Both the queries should be allowed. > 7. Remove tag from table_1 > 8. As hrt_21 user, try a select operation from table_1, it will be denied > (Expected behaviour as the tag is not associated with the table). > 9. As hrt_21 user, try a select operation from table_2, it is denied. The > expected behaviour in this scenario is that the select operation should be > allowed as the tag is still associated with table_2. > > > Thanks, > > Abhay Kulkarni > >
