[
https://issues.apache.org/jira/browse/RANGER-5162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-5162:
--------------------------------------
Description:
Steps to repro the issue using Docker setup
# Apply patch to create file based tag.
# Setup Ranger Docker
#
{code:java}
use below command to up ranger docker
docker-compose -f docker-compose.ranger.yml -f
docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f
docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d {code}
#
{code:java}
restart tagsync docket to get file based tags into ranger
docker restart ranger-tagsync
exit
docker exec -u root -it ranger-usersync bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit{code}
#
{code:java}
get inside hive container
docker exec -u root -it ranger-hive bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit
docker exec -u hive -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n hive(command to connect beeline)
create database vehicle;
use vehicle;
create table cars(car_id int, car_name string, car_color string, car_price int);
exit
{code}
# create tag policy into Ranger using tag "TAG_1" assign all permission to
user finuser1 created in step 4
#
{code:java}
Now perform verification
docker exec -u finuser1 -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n finuser1(command to connect beeline)
select * from vehicle.cars; {code}
# access will get denied where as it's expected to allow by tag policy created
in steps 6
was:
Steps to repro the issue using Docker setup
# Apply patch to create file based tag.
# Setup Ranger Docker
#
{code:java}
use below command to up ranger docker
docker-compose -f docker-compose.ranger.yml -f
docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f
docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d {code}
#
{code:java}
restart tagsync docket to get file based tags into ranger
docker restart ranger-tagsync
exit
docker exec -u root -it ranger-usersync bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit{code}
#
{code:java}
get inside hive container
docker exec -u root -it ranger-hive bash
groupadd finance
useradd -m finuser1 && passwd finuser1
useradd -m finuser2 && passwd finuser2
usermod -a -G finance finuser1 && usermod -a -G finance finuser2
exit
docker exec -u hive -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n hive(command to connect beeline)
create database vehicle;
use vehicle;
create table cars(car_id int, car_name string, car_color string, car_price int);
exit
{code}
# create tag policy into Ranger using tag "TAG_1" assign all permission to
user finuser1 created in step 4
#
{code:java}
Now perform verification
docker exec -u finuser1 -it ranger-hive bashbeeline -u
jdbc:hive2://localhost:10000 -n finuser1(command to connect beeline)
select * from vehicle.cars; {code}
# step 7 access will get denied where as expected to allow by tag policy
created in steps 6
> Tag Allowed policy is not being enforced
> ----------------------------------------
>
> Key: RANGER-5162
> URL: https://issues.apache.org/jira/browse/RANGER-5162
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.6.0
> Reporter: Dineshkumar Yadav
> Priority: Critical
> Attachments: 0001-Tag-Allowed-policy-is-not-being-enforced.patch
>
>
> Steps to repro the issue using Docker setup
> # Apply patch to create file based tag.
> # Setup Ranger Docker
> #
> {code:java}
> use below command to up ranger docker
> docker-compose -f docker-compose.ranger.yml -f
> docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
> docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f
> docker-compose.ranger-hadoop.yml -f docker-compose.ranger-hive.yml up -d
> {code}
> #
> {code:java}
> restart tagsync docket to get file based tags into ranger
> docker restart ranger-tagsync
> exit
> docker exec -u root -it ranger-usersync bash
> groupadd finance
> useradd -m finuser1 && passwd finuser1
> useradd -m finuser2 && passwd finuser2
> usermod -a -G finance finuser1 && usermod -a -G finance finuser2
> exit{code}
> #
> {code:java}
> get inside hive container
> docker exec -u root -it ranger-hive bash
> groupadd finance
> useradd -m finuser1 && passwd finuser1
> useradd -m finuser2 && passwd finuser2
> usermod -a -G finance finuser1 && usermod -a -G finance finuser2
> exit
> docker exec -u hive -it ranger-hive bashbeeline -u
> jdbc:hive2://localhost:10000 -n hive(command to connect beeline)
> create database vehicle;
> use vehicle;
> create table cars(car_id int, car_name string, car_color string, car_price
> int);
> exit
> {code}
> # create tag policy into Ranger using tag "TAG_1" assign all permission to
> user finuser1 created in step 4
> #
> {code:java}
> Now perform verification
> docker exec -u finuser1 -it ranger-hive bashbeeline -u
> jdbc:hive2://localhost:10000 -n finuser1(command to connect beeline)
> select * from vehicle.cars; {code}
> # access will get denied where as it's expected to allow by tag policy
> created in steps 6
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
