[jira] [Updated] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
[ https://issues.apache.org/jira/browse/RANGER-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4684: --- Description: Currently when the creator of dataset or any gds Object is deleted from ranger we get Error as cannot Delete the user because the mapping exist for the Gds objects for the column addedById, so when the delete operation will be performed the values for fields createdBy and updatedBy should be changed from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1 ) (was: Currently when the creator of dataset or any gds Object is deleted from ranger we get Error as cannot Delete the user because the mapping exist for the Gds objects for the column addedById, so when the delete operation will be performed the values for fields createdBy and updatedBy should be changed from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1)) > Need to update createdBy ,updatedBy field for gds objects in case the creator > is deleted > > > Key: RANGER-4684 > URL: https://issues.apache.org/jira/browse/RANGER-4684 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when the creator of dataset or any gds Object is deleted from > ranger we get Error as cannot Delete the user because the mapping exist for > the Gds objects for the column addedById, so when the delete operation will > be performed the values for fields createdBy and updatedBy should be changed > from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1 ) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
[ https://issues.apache.org/jira/browse/RANGER-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4684: -- Assignee: Prashant Satam > Need to update createdBy ,updatedBy field for gds objects in case the creator > is deleted > > > Key: RANGER-4684 > URL: https://issues.apache.org/jira/browse/RANGER-4684 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when the creator of dataset or any gds Object is deleted from > ranger we get Error as cannot Delete the user because the mapping exist for > the Gds objects for the column addedById, so when the delete operation will > be performed the values for fields createdBy and updatedBy should be changed > from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1) -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74860: RANGER-4684 : Need to update createdBy , updatedBy field for gds objects in case the creator is deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74860/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4684 https://issues.apache.org/jira/browse/RANGER-4684 Repository: ranger Description --- Currently when the creator of dataset or any gds Object is deleted from ranger we get Error as cannot Delete the user because the mapping exist for the Gds objects for the column addedById, so when the delete operation will be performed the values for fields createdBy and updatedBy should be changed from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1) Diffs - security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java a0ff18948 security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java 85e457efa Diff: https://reviews.apache.org/r/74860/diff/1/ Testing --- Steps to check 1) Create user User1 2) create a dataset by the User1 account so the createdBy,updatedBy field will have login Id of user1 3) delete this User1 from ranger 4) Now the values for field createdBy,updatedBy for dataset will change to "Admin" Thanks, Prashant Satam
[jira] [Updated] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
[ https://issues.apache.org/jira/browse/RANGER-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4684: --- Description: Currently when the creator of dataset or any gds Object is deleted from ranger we get Error as cannot Delete the user because the mapping exist for the Gds objects for the column addedById, so when the delete operation will be performed the values for fields createdBy and updatedBy should be changed from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1) > Need to update createdBy ,updatedBy field for gds objects in case the creator > is deleted > > > Key: RANGER-4684 > URL: https://issues.apache.org/jira/browse/RANGER-4684 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently when the creator of dataset or any gds Object is deleted from > ranger we get Error as cannot Delete the user because the mapping exist for > the Gds objects for the column addedById, so when the delete operation will > be performed the values for fields createdBy and updatedBy should be changed > from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
Prashant Satam created RANGER-4684: -- Summary: Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted Key: RANGER-4684 URL: https://issues.apache.org/jira/browse/RANGER-4684 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74811: RANGER-4630:Need to add pagination support and searchFilters for tag related APIs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74811/ --- (Updated Jan. 30, 2024, 12:30 p.m.) Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, and Subhrat Chaudhary. Bugs: RANGER-4630 https://issues.apache.org/jira/browse/RANGER-4630 Repository: ranger Description --- Currently for Tag related GET-APIs i.e for (RangerTags,RangerTagDefs,RangerServiceResource) we dont support pagination,and also we need additional searchFilters for them Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java ad304f88f security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 59b57370b security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 6d0019f70 security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java 9e78cf0e8 security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java 3a4ccf83d security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java 329d3eeec security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java 8f677995b security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java 929a4b06b security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java 3a90bd8a9 security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java 2e2c04f47 security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 570ce874b Diff: https://reviews.apache.org/r/74811/diff/2/ Changes: https://reviews.apache.org/r/74811/diff/1-2/ Testing --- 1)Tags Request > /service/tags/tags? Supported Query Params Search Fields tagId,tagDefId,tagType,tagTypePartial Sort Fields tagId,tagDefId,createTime,updateTime Supports Pagination 2)TagDefs Request > /service/tags/tagdefs? Supported Query Params Search Fields tagDefId,tagDefGuid,tagType,tagTypePartial,tagSource, tagSourcePartial Sort Fields tagDefId,tagType,createTime,updateTime Supports Pagination 3)ServiceResource Request > /service/tags/resources? Supported Query Params Search Fields resourceId,tagServiceId,tagServiceName,tagServiceNamePartial,resourceGuid,resourceSignature Sort Fields resourceId,tagServiceId,createTime,updateTime Supports Pagination Thanks, Prashant Satam
Review Request 74859: RANGER-4682 : Need a Export API for tagResourceMaps
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74859/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary. Bugs: RANGER-4682 https://issues.apache.org/jira/browse/RANGER-4682 Repository: ranger Description --- Currently we dont have a Export api for tagResourceMaps it will be helpful if we have a export API in format (csv,excel,json) Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 00a3d9c47 security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 6d0019f70 security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java 9e78cf0e8 security-admin/src/main/java/org/apache/ranger/service/RangerTagResourceMapServiceBase.java 97b8150d3 security-admin/src/main/java/org/apache/ranger/view/RangerExportTagResourceMapList.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/RangerTagResourceMapList.java PRE-CREATION Diff: https://reviews.apache.org/r/74859/diff/1/ Testing --- Done testing using GET-APIs 1)For JSON => /service/tags/export/json/tagresourcemaps 2)For CSV => /service/tags/export/csv/tagresourcemaps 3)For EXCEL => /service/tags/export/excel/tagresourcemaps Thanks, Prashant Satam
[jira] [Updated] (RANGER-4682) Need a Export API for tagResourceMaps
[ https://issues.apache.org/jira/browse/RANGER-4682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4682: --- Description: Currently we dont have a Export api for tagResourceMaps it will be helpful if we have a export API in format (csv,excel,json) > Need a Export API for tagResourceMaps > - > > Key: RANGER-4682 > URL: https://issues.apache.org/jira/browse/RANGER-4682 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently we dont have a Export api for tagResourceMaps it will be helpful if > we have a export API in format (csv,excel,json) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4682) Need a Export API for tagResourceMaps
[ https://issues.apache.org/jira/browse/RANGER-4682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4682: -- Assignee: Prashant Satam > Need a Export API for tagResourceMaps > - > > Key: RANGER-4682 > URL: https://issues.apache.org/jira/browse/RANGER-4682 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4682) Need a Export API for tagResourceMaps
Prashant Satam created RANGER-4682: -- Summary: Need a Export API for tagResourceMaps Key: RANGER-4682 URL: https://issues.apache.org/jira/browse/RANGER-4682 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Attachment: (was: image-2024-01-23-12-20-46-315.png) > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > Attachments: Regression.png > > > There was change in behaviour of DatasetInDataShare Object for below > mentioned 2 cases > case 1 : > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to GRANTED the response is 200 expected > response is 400 with validation message stating (Not a ADMIN for dataset) > case 2: > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to DENIED the response is 200 expected response > is 400 with validation message stating (Not a ADMIN for dataset) > The Below image describes the 2 cases and its behaviour Before the change > (currently we get Response as 200 ) > !Regression.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Attachment: (was: Regression-Behaviour.png) > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > Attachments: Regression.png > > > There was change in behaviour of DatasetInDataShare Object for below > mentioned 2 cases > case 1 : > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to GRANTED the response is 200 expected > response is 400 with validation message stating (Not a ADMIN for dataset) > case 2: > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to DENIED the response is 200 expected response > is 400 with validation message stating (Not a ADMIN for dataset) > The Below image describes the 2 cases and its behaviour Before the change > (currently we get Response as 200 ) > !Regression.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74852: RANGER-4671 : Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74852/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4671 https://issues.apache.org/jira/browse/RANGER-4671 Repository: ranger Description --- There was change in behaviour of DatasetInDataShare Object for below mentioned 2 cases case 1 : 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to GRANTED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) case 2: 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to DENIED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) Diffs - security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java a42a11ffb Diff: https://reviews.apache.org/r/74852/diff/1/ Testing --- Steps to check : For the above mentioned 2 cases we get response as 400 with validation message stating (Not a Dataset Admin) Response Message "msgDesc": "[ Validation failure: error code[4106], reason[User [Test-User-6] is not an admin for dataset [Test_Dataset1]], field[null], subfield[null], type[]]" Thanks, Prashant Satam
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Description: There was change in behaviour of DatasetInDataShare Object for below mentioned 2 cases case 1 : 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to GRANTED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) case 2: 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to DENIED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) The Below image describes the 2 cases and its behaviour Before the change (currently we get Response as 200 ) !Regression.png! was: There was change in behaviour of DatasetInDataShare Object for below mentioned 2 cases case 1 : 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to GRANTED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) case 2: 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to DENIED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) !image-2024-01-23-12-20-46-315.png! > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > Attachments: Regression-Behaviour.png, Regression.png, > image-2024-01-23-12-20-46-315.png > > > There was change in behaviour of DatasetInDataShare Object for below > mentioned 2 cases > case 1 : > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to GRANTED the response is 200 expected > response is 400 with validation message stating (Not a ADMIN for dataset) > case 2: > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to DENIED the response is 200 expected response > is 400 with validation message stating (Not a ADMIN for dataset) > The Below image describes the 2 cases and its behaviour Before the change > (currently we get Response as 200 ) > !Regression.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Attachment: Regression.png > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > Attachments: Regression-Behaviour.png, Regression.png, > image-2024-01-23-12-20-46-315.png > > > There was change in behaviour of DatasetInDataShare Object for below > mentioned 2 cases > case 1 : > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to GRANTED the response is 200 expected > response is 400 with validation message stating (Not a ADMIN for dataset) > case 2: > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to DENIED the response is 200 expected response > is 400 with validation message stating (Not a ADMIN for dataset) > > !image-2024-01-23-12-20-46-315.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Attachment: Regression-Behaviour.png > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > Attachments: Regression-Behaviour.png, > image-2024-01-23-12-20-46-315.png > > > There was change in behaviour of -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Attachment: image-2024-01-23-12-20-46-315.png > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > Attachments: Regression-Behaviour.png, > image-2024-01-23-12-20-46-315.png > > > There was change in behaviour of -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Description: There was change in behaviour of DatasetInDataShare Object for below mentioned 2 cases case 1 : 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to GRANTED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) case 2: 1) create a user with Ranger ROLE as ROLE_USER 2)create a dataShare with the same user's account so the user will be dataShare Admin 3)create a dataset the above user should be absent in dataset ACL 4)create DatasetInDataShare object for these dataset,dataShare with status as ACTIVE 5)update this DatasetInDataShare object by the above created user's account change the status from ACTIVE to DENIED the response is 200 expected response is 400 with validation message stating (Not a ADMIN for dataset) !image-2024-01-23-12-20-46-315.png! was:There was change in behaviour of > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > Attachments: Regression-Behaviour.png, > image-2024-01-23-12-20-46-315.png > > > There was change in behaviour of DatasetInDataShare Object for below > mentioned 2 cases > case 1 : > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to GRANTED the response is 200 expected > response is 400 with validation message stating (Not a ADMIN for dataset) > case 2: > 1) create a user with Ranger ROLE as ROLE_USER > 2)create a dataShare with the same user's account so the user will be > dataShare Admin > 3)create a dataset the above user should be absent in dataset ACL > 4)create DatasetInDataShare object for these dataset,dataShare with status as > ACTIVE > 5)update this DatasetInDataShare object by the above created user's account > change the status from ACTIVE to DENIED the response is 200 expected response > is 400 with validation message stating (Not a ADMIN for dataset) > > !image-2024-01-23-12-20-46-315.png! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4671: --- Description: There was change in behaviour of > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > There was change in behaviour of -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
[ https://issues.apache.org/jira/browse/RANGER-4671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4671: -- Assignee: Prashant Satam > Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases > -- > > Key: RANGER-4671 > URL: https://issues.apache.org/jira/browse/RANGER-4671 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4671) Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases
Prashant Satam created RANGER-4671: -- Summary: Noticed a change in Behaviour of DatasetInDataShare Object for 2 cases Key: RANGER-4671 URL: https://issues.apache.org/jira/browse/RANGER-4671 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74841: RANGER-4662 : GdsVersion should update after deleting user, group
> On Jan. 19, 2024, 6:10 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > > Lines 2173 (patched) > > <https://reviews.apache.org/r/74841/diff/1/?file=2284865#file2284865line2173> > > > > updateDatasetPolicy()/updateProjectPolicy() can fail if the caller is > > not have admin or dataset/project admin privilege. > > > > Consider handling this inside ServiceDBStore.updatePolicy(), to call > > updateGdsVersionForDataset()/ updateGdsVersionForProject() for GDS service > > policies. For deletion of user/group it is only allowed if incomming user is ranger ADMIN if not the flow is blocked , and for update of Gds Policy we would need to call prepareDatasetPolicy() in GdsDBStore so we cannot directly go by ServiceDBStore.updatePolicy() method also the GdsDBStore.updateDatasetPolicy() internally calls ServiceDBStore.updatePolicy() method - Prashant --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74841/#review226156 ------- On Jan. 18, 2024, 6:51 a.m., Prashant Satam wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74841/ > --- > > (Updated Jan. 18, 2024, 6:51 a.m.) > > > Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan > Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita > Ubale. > > > Bugs: RANGER-4662 > https://issues.apache.org/jira/browse/RANGER-4662 > > > Repository: ranger > > > Description > --- > > Currently when we delete user,group which is referenced in gds policy then > GdsVersion (can check by GET API /service/gds/download/{serviceName})is not > updated after the action it needs to be updated. > > Steps : > > 1)create a user and resource service > > 2)create a dataset , and dataShare (with the resource service),and a > sharedResource (with dataShare),also create mapping of dataset with dataShare > as ACTIVE > > 3)create a GDS policy for the dataset > > 4)Update dataset policy and add created user to it for this actions the > GdsVersion is updated we can check by (GET API > /service/gds/download/{serviceName}) > > 5)but when we delete the created user which is in Gds dataset policy then the > GdsVersion is not updated we need to update it > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 287400259 > security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java > ce48c8279 > > > Diff: https://reviews.apache.org/r/74841/diff/1/ > > > Testing > --- > > Steps to check : > 1)create a user and resource service > > 2)create a dataset , and dataShare (with the resource service),and a > sharedResource (with dataShare),also create mapping of dataset with dataShare > as ACTIVE > > 3)create a GDS policy for the dataset > > 4)Update dataset policy and add created user to it > > 5)when we delete the created user then the GdsVersion is updated > > > Thanks, > > Prashant Satam > >
Review Request 74845: RANGER-4651 : Need to update Gds objects ACL if ranger principal is deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74845/ --- Review request for ranger, Akshay Tupe, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Repository: ranger Description --- This Review Request is in addition with the (https://reviews.apache.org/r/74836/) in the previous review request there is change in name of jpa query in DAO class(XXGdsDatasetDao,XXGdsDataShareDao,XXGdsProjectDao) and the jpa xml file Diffs - security-admin/src/main/resources/META-INF/jpa_named_queries.xml b3557d5ae Diff: https://reviews.apache.org/r/74845/diff/1/ Testing --- Validated the Jpa query with this The Gds Object ACLs are updated when we delete any Principal in Ranger Thanks, Prashant Satam
[jira] [Resolved] (RANGER-4665) Need a validation message while creating SharedResource with empty Resources
[ https://issues.apache.org/jira/browse/RANGER-4665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam resolved RANGER-4665. Resolution: Invalid > Need a validation message while creating SharedResource with empty Resources > > > Key: RANGER-4665 > URL: https://issues.apache.org/jira/browse/RANGER-4665 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4665) Need a validation message while creating SharedResource with empty Resources
Prashant Satam created RANGER-4665: -- Summary: Need a validation message while creating SharedResource with empty Resources Key: RANGER-4665 URL: https://issues.apache.org/jira/browse/RANGER-4665 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4665) Need a validation message while creating SharedResource with empty Resources
[ https://issues.apache.org/jira/browse/RANGER-4665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4665: -- Assignee: Prashant Satam > Need a validation message while creating SharedResource with empty Resources > > > Key: RANGER-4665 > URL: https://issues.apache.org/jira/browse/RANGER-4665 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4614) GDS : Need new apis to get audit history of dataset/datashare
[ https://issues.apache.org/jira/browse/RANGER-4614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4614: -- Assignee: Prashant Satam > GDS : Need new apis to get audit history of dataset/datashare > - > > Key: RANGER-4614 > URL: https://issues.apache.org/jira/browse/RANGER-4614 > Project: Ranger > Issue Type: Task > Components: admin >Reporter: Anand Nadar > Assignee: Prashant Satam >Priority: Major > > Need api to get the audit log of a particular dataset/datashare. > Dataset history should contain > 1. Changes on dataset object > 2. Change on dataset policy > 3. Changes on DatashareInDataset object. > Datashare history should contain > 1. Changes on Datashare object. > 2. Changes on its SharedResources. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74841: RANGER-4662 : GdsVersion should update after deleting user, group
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74841/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4662 https://issues.apache.org/jira/browse/RANGER-4662 Repository: ranger Description --- Currently when we delete user,group which is referenced in gds policy then GdsVersion (can check by GET API /service/gds/download/{serviceName})is not updated after the action it needs to be updated. Steps : 1)create a user and resource service 2)create a dataset , and dataShare (with the resource service),and a sharedResource (with dataShare),also create mapping of dataset with dataShare as ACTIVE 3)create a GDS policy for the dataset 4)Update dataset policy and add created user to it for this actions the GdsVersion is updated we can check by (GET API /service/gds/download/{serviceName}) 5)but when we delete the created user which is in Gds dataset policy then the GdsVersion is not updated we need to update it Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 287400259 security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java ce48c8279 Diff: https://reviews.apache.org/r/74841/diff/1/ Testing --- Steps to check : 1)create a user and resource service 2)create a dataset , and dataShare (with the resource service),and a sharedResource (with dataShare),also create mapping of dataset with dataShare as ACTIVE 3)create a GDS policy for the dataset 4)Update dataset policy and add created user to it 5)when we delete the created user then the GdsVersion is updated Thanks, Prashant Satam
[jira] [Updated] (RANGER-4662) GdsVersion should update after deleting user,group
[ https://issues.apache.org/jira/browse/RANGER-4662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4662: --- Description: Currently when we delete user,group which is referenced in gds policy then GdsVersion ()is not updated after the action it needs to be updated. Steps : 1)create a user and resource service 2)create a dataset , and dataShare (with the resource service),and a sharedResource (with dataShare),also create mapping of dataset with dataShare as ACTIVE 3)create a GDS policy for the dataset 4)Update dataset policy and add created user to it for this actions the GdsVersion is updated we can check by (GET API /service/gds/download/\{serviceName}) 5)but when we delete the created user then the GdsVersion is not updated we need to update it was: Currently when we delete user,group which is referenced in gds policy then GdsVersion ()is not updated after the action it needs to be updated. Steps : 1)create a user and resource service 2)create a dataset , and dataShare (with the resource service),and a sharedResource (with dataShare),also create mapping of dataset with dataShare as ACTIVE 3)create a GDS policy for the dataset 4)Update dataset policy and add created user to it for this actions the GdsVersion is updated we can check by (GET API /service/gds/download/\{serviceName}) 5)but when we delete the created user then the GdsVersion is not updated > GdsVersion should update after deleting user,group > --- > > Key: RANGER-4662 > URL: https://issues.apache.org/jira/browse/RANGER-4662 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when we delete user,group which is referenced in gds policy then > GdsVersion ()is not updated after the action it needs to be updated. > Steps : > 1)create a user and resource service > 2)create a dataset , and dataShare (with the resource service),and a > sharedResource (with dataShare),also create mapping of dataset with dataShare > as ACTIVE > 3)create a GDS policy for the dataset > 4)Update dataset policy and add created user to it for this actions the > GdsVersion is updated we can check by (GET API > /service/gds/download/\{serviceName}) > 5)but when we delete the created user then the GdsVersion is not updated we > need to update it > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74842: RANGER-4651 : Need to update Gds objects ACL if ranger principal is deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74842/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4651 https://issues.apache.org/jira/browse/RANGER-4651 Repository: ranger Description --- Currently if any principal i.e user/group/role stored in ranger is deleted the GdsObject ACLs still have this principals they dont get removed from the ACL we need to remove this principals from gdsObject ACLs Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java a69647948 security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java abf2b0c8c security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java d961bc50c security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java 8acca8f89 security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java 5743ad702 security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java 76bab8611 security-admin/src/main/resources/META-INF/jpa_named_queries.xml 52ecf8a3e Diff: https://reviews.apache.org/r/74842/diff/1/ Testing --- Steps to check 1)create a user/group/role in ranger 2)create a dataset and add the above created user/group/role in dataset ACL 3)Delete the user/group/role from ranger 4)The user/group/role will also be removed from ACL of the dataset as well Thanks, Prashant Satam
[jira] [Assigned] (RANGER-4662) GdsVersion should update after deleting user,group
[ https://issues.apache.org/jira/browse/RANGER-4662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4662: -- Assignee: Prashant Satam > GdsVersion should update after deleting user,group > --- > > Key: RANGER-4662 > URL: https://issues.apache.org/jira/browse/RANGER-4662 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when we delete user,group which is referenced in gds policy then > GdsVersion ()is not updated after the action it needs to be updated. > Steps : > 1)create a user and resource service > 2)create a dataset , and dataShare (with the resource service),and a > sharedResource (with dataShare),also create mapping of dataset with dataShare > as ACTIVE > 3)create a GDS policy for the dataset > 4)Update dataset policy and add created user to it for this actions the > GdsVersion is updated we can check by (GET API > /service/gds/download/\{serviceName}) > 5)but when we delete the created user then the GdsVersion is not updated > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4662) GdsVersion should update after deleting user,group
[ https://issues.apache.org/jira/browse/RANGER-4662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4662: --- Description: Currently when we delete user,group which is referenced in gds policy then GdsVersion ()is not updated after the action it needs to be updated. Steps : 1)create a user and resource service 2)create a dataset , and dataShare (with the resource service),and a sharedResource (with dataShare),also create mapping of dataset with dataShare as ACTIVE 3)create a GDS policy for the dataset 4)Update dataset policy and add created user to it for this actions the GdsVersion is updated we can check by (GET API /service/gds/download/\{serviceName}) 5)but when we delete the created user then the GdsVersion is not updated > GdsVersion should update after deleting user,group > --- > > Key: RANGER-4662 > URL: https://issues.apache.org/jira/browse/RANGER-4662 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently when we delete user,group which is referenced in gds policy then > GdsVersion ()is not updated after the action it needs to be updated. > Steps : > 1)create a user and resource service > 2)create a dataset , and dataShare (with the resource service),and a > sharedResource (with dataShare),also create mapping of dataset with dataShare > as ACTIVE > 3)create a GDS policy for the dataset > 4)Update dataset policy and add created user to it for this actions the > GdsVersion is updated we can check by (GET API > /service/gds/download/\{serviceName}) > 5)but when we delete the created user then the GdsVersion is not updated > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4662) GdsVersion should update after deleting user,group
Prashant Satam created RANGER-4662: -- Summary: GdsVersion should update after deleting user,group Key: RANGER-4662 URL: https://issues.apache.org/jira/browse/RANGER-4662 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74836: RANGER-4651 : Need to update Gds objects ACL if ranger principal is deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74836/ --- (Updated Jan. 17, 2024, 5:11 a.m.) Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4651 https://issues.apache.org/jira/browse/RANGER-4651 Repository: ranger Description --- Currently if any principal i.e user/group/role stored in ranger is deleted the GdsObject ACLs still have this principals they dont get removed from the ACL we need to remove this principals from gdsObject ACLs Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java a69647948 security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java abf2b0c8c security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java d961bc50c security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java 8acca8f89 security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java 5743ad702 security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java 76bab8611 security-admin/src/main/resources/META-INF/jpa_named_queries.xml 52ecf8a3e Diff: https://reviews.apache.org/r/74836/diff/2/ Changes: https://reviews.apache.org/r/74836/diff/1-2/ Testing --- Steps to check 1)create a user/group/role in ranger 2)create a dataset and add the above created user/group/role in dataset ACL 3)Delete the user/group/role from ranger 4)The user/group/role will also be removed from ACL of the dataset as well Thanks, Prashant Satam
[jira] [Assigned] (RANGER-4651) Need to update Gds objects ACL if ranger principal is deleted
[ https://issues.apache.org/jira/browse/RANGER-4651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4651: -- Assignee: Prashant Satam Patch in review => [https://reviews.apache.org/r/74836/diff/1#index_header] > Need to update Gds objects ACL if ranger principal is deleted > - > > Key: RANGER-4651 > URL: https://issues.apache.org/jira/browse/RANGER-4651 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently if any principal i.e user/group/role stored in ranger is deleted > the GdsObject ACLs still have this principals they dont get removed from the > ACL we need to remove this principals from gdsObject ACLs -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74836: RANGER-4651 : Need to update Gds objects ACL if ranger principal is deleted
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74836/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4651 https://issues.apache.org/jira/browse/RANGER-4651 Repository: ranger Description --- Currently if any principal i.e user/group/role stored in ranger is deleted the GdsObject ACLs still have this principals they dont get removed from the ACL we need to remove this principals from gdsObject ACLs Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java a69647948 security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java abf2b0c8c security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java d961bc50c security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java 8acca8f89 security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java 5743ad702 security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java 76bab8611 security-admin/src/main/resources/META-INF/jpa_named_queries.xml 52ecf8a3e Diff: https://reviews.apache.org/r/74836/diff/1/ Testing --- Steps to check 1)create a user/group/role in ranger 2)create a dataset and add the above created user/group/role in dataset ACL 3)Delete the user/group/role from ranger 4)The user/group/role will also be removed from ACL of the dataset as well Thanks, Prashant Satam
[jira] [Updated] (RANGER-4651) Need to update Gds objects ACL if ranger principal is deleted
[ https://issues.apache.org/jira/browse/RANGER-4651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4651: --- Issue Type: Bug (was: Improvement) > Need to update Gds objects ACL if ranger principal is deleted > - > > Key: RANGER-4651 > URL: https://issues.apache.org/jira/browse/RANGER-4651 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently if any principal i.e user/group/role stored in ranger is deleted > the GdsObject ACLs still have this principals they dont get removed from the > ACL we need to remove this principals from gdsObject ACLs -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4651) Need to update Gds objects ACL if ranger principal is deleted
[ https://issues.apache.org/jira/browse/RANGER-4651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4651: --- Description: Currently if any principal i.e user/group/role stored in ranger is deleted the GdsObject ACLs still have this principals they dont get removed from the ACL we need to remove this principals from gdsObject ACLs (was: Currently if any principal i.e user/group/role stored in ranger is ) > Need to update Gds objects ACL if ranger principal is deleted > - > > Key: RANGER-4651 > URL: https://issues.apache.org/jira/browse/RANGER-4651 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently if any principal i.e user/group/role stored in ranger is deleted > the GdsObject ACLs still have this principals they dont get removed from the > ACL we need to remove this principals from gdsObject ACLs -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4651) Need to update Gds objects ACL as per changes in Ranger principals
[ https://issues.apache.org/jira/browse/RANGER-4651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4651: --- Description: Currently if any principal i.e user/group/role stored in ranger is > Need to update Gds objects ACL as per changes in Ranger principals > -- > > Key: RANGER-4651 > URL: https://issues.apache.org/jira/browse/RANGER-4651 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently if any principal i.e user/group/role stored in ranger is -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4651) Need to update Gds objects ACL if ranger principal is deleted
[ https://issues.apache.org/jira/browse/RANGER-4651?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4651: --- Summary: Need to update Gds objects ACL if ranger principal is deleted (was: Need to update Gds objects ACL as per changes in Ranger principals) > Need to update Gds objects ACL if ranger principal is deleted > - > > Key: RANGER-4651 > URL: https://issues.apache.org/jira/browse/RANGER-4651 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently if any principal i.e user/group/role stored in ranger is -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4651) Need to update Gds objects ACL as per changes in Ranger principals
Prashant Satam created RANGER-4651: -- Summary: Need to update Gds objects ACL as per changes in Ranger principals Key: RANGER-4651 URL: https://issues.apache.org/jira/browse/RANGER-4651 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74830: RANGER-4649 : Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74830/ --- Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, and Subhrat Chaudhary. Bugs: RANGER-4649 https://issues.apache.org/jira/browse/RANGER-4649 Repository: ranger Description --- There are junit test case failure in : TestServiceREST > test71DeleteClusterServices, TestAssetREST ---> testCountXAssets, TestXAuditREST --> Test7searchXAccessAudits Diffs - security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 180742bcd security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java ff5fe218a security-admin/src/test/java/org/apache/ranger/rest/TestXAuditREST.java 2864cd36c Diff: https://reviews.apache.org/r/74830/diff/1/ Testing --- The above mentioned junit test cases are passing and ranger is able to build Thanks, Prashant Satam
[jira] [Updated] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4649: --- Description: There are junit test case failure in : TestServiceREST > test71DeleteClusterServices, TestAssetREST ---> testCountXAssets, was: There are junit test case failure in : TestServiceREST > test71DeleteClusterServices > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > There are junit test case failure in : > TestServiceREST > test71DeleteClusterServices, > TestAssetREST ---> testCountXAssets, > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4649: --- Description: There are junit test case failure in : TestServiceREST > test71DeleteClusterServices, TestAssetREST ---> testCountXAssets, TestXAuditREST --> Test7searchXAccessAudits was: There are junit test case failure in : TestServiceREST > test71DeleteClusterServices, TestAssetREST ---> testCountXAssets, > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > There are junit test case failure in : > TestServiceREST > test71DeleteClusterServices, > TestAssetREST ---> testCountXAssets, > TestXAuditREST --> Test7searchXAccessAudits > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4649: --- Description: There are junit test case failure in : TestServiceREST > test71DeleteClusterServices was: There are junit test case failure in : > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > There are junit test case failure in : > TestServiceREST > test71DeleteClusterServices > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4649: --- Description: There are junit test case failure in : > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > There are junit test case failure in : > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4649: --- Description: There are junit test case failure in : was: There are junit test case failure in : > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > There are junit test case failure in : > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
[ https://issues.apache.org/jira/browse/RANGER-4649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4649: -- Assignee: Prashant Satam > Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST > > > Key: RANGER-4649 > URL: https://issues.apache.org/jira/browse/RANGER-4649 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4649) Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST
Prashant Satam created RANGER-4649: -- Summary: Junit failing in TestServiceREST , TestAssetREST, TestXAuditREST Key: RANGER-4649 URL: https://issues.apache.org/jira/browse/RANGER-4649 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4634: -- Assignee: Prashant Satam > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related > entities(i.e shared-resources, dataShareInDatasets) connected to it we get > error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74821: RANGER-4634 : Need cascade delete for service
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74821/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4634 https://issues.apache.org/jira/browse/RANGER-4634 Repository: ranger Description --- Currently when we delete a service which has datashares and related entities(i.e shared-resources, dataShareInDatasets) connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 49386d08c Diff: https://reviews.apache.org/r/74821/diff/1/ Testing --- Steps to check 1)create a resource service 2)create a datashare and link it to the service 3)delete this service ,Now the service will be deleted and the connected datashare will be deleted Thanks, Prashant Satam
[jira] [Updated] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4634: --- Description: Currently when we delete a service which has datashares and related entities(i.e shared-resources, dataShareInDatasets) connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service was: Currently when we delete a service which has datashares and related entities connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related > entities(i.e shared-resources, dataShareInDatasets) connected to it we get > error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4634) Need cascade delete for service
[ https://issues.apache.org/jira/browse/RANGER-4634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4634: --- Description: Currently when we delete a service which has datashares and related entities connected to it we get error while deleting the service. It is Expected that we should be able to delete the service by cascade deleting the datashares and related entities connected to this service > Need cascade delete for service > --- > > Key: RANGER-4634 > URL: https://issues.apache.org/jira/browse/RANGER-4634 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently when we delete a service which has datashares and related entities > connected to it we get error while deleting the service. > It is Expected that we should be able to delete the service by cascade > deleting the datashares and related entities connected to this service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4634) Need cascade delete for service
Prashant Satam created RANGER-4634: -- Summary: Need cascade delete for service Key: RANGER-4634 URL: https://issues.apache.org/jira/browse/RANGER-4634 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4633) Need to generate Admin Audits for tag and tagdef
[ https://issues.apache.org/jira/browse/RANGER-4633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4633: -- Assignee: Prashant Satam > Need to generate Admin Audits for tag and tagdef > - > > Key: RANGER-4633 > URL: https://issues.apache.org/jira/browse/RANGER-4633 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently when we ADD/UPDATE/DELETE tag and tagdef we dont generate > Transaction logs for it so we dont get Admin Audits for this operations it > will be helpful if we generate them -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74819: RANGER-4633 : Need to generate Admin Audits for tag and tagdef
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74819/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4633 https://issues.apache.org/jira/browse/RANGER-4633 Repository: ranger Description --- Currently when we ADD/UPDATE/DELETE tag and tagdef we dont generate Transaction logs for it so we dont get Admin Audits for this operations it will be helpful if we generate them Diffs - security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java fb912d4f8 security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java 8f677995b security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java 3a90bd8a9 Diff: https://reviews.apache.org/r/74819/diff/1/ Testing --- Tested we get transaction logs during ADD/UPDATE/DELETE of tag and tagdef 1)Tag = we get transaction logs for UPDATE operation for fields owner,attributes,options,validityPeriods 2)TagDef = we get transaction logs for UPDATE operation for fields source,attributeDefs Thanks, Prashant Satam
[jira] [Updated] (RANGER-4633) Need to generate Admin Audits for tag and tagdef
[ https://issues.apache.org/jira/browse/RANGER-4633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4633: --- Description: Currently when we ADD/UPDATE/DELETE tag and tagdef we dont generate Transaction logs for it so we dont get Admin Audits for this operations it will be helpful if we generate them > Need to generate Admin Audits for tag and tagdef > - > > Key: RANGER-4633 > URL: https://issues.apache.org/jira/browse/RANGER-4633 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently when we ADD/UPDATE/DELETE tag and tagdef we dont generate > Transaction logs for it so we dont get Admin Audits for this operations it > will be helpful if we generate them -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4633) Need to generate Admin Audits for tag and tagdef
Prashant Satam created RANGER-4633: -- Summary: Need to generate Admin Audits for tag and tagdef Key: RANGER-4633 URL: https://issues.apache.org/jira/browse/RANGER-4633 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74818: RANGER-4448 : GDS CRUD APIs should return proper response and message in case of failure
> On Jan. 4, 2024, 9:49 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > > Lines 319 (patched) > > <https://reviews.apache.org/r/74818/diff/1/?file=2284386#file2284386line319> > > > > existingSharedResourceNameId could be same as existing.getId() - in > > which case, it is not an error condition. Please review and update. have done accordingly please review - Prashant --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74818/#review226102 --- On Jan. 5, 2024, 9:21 a.m., Prashant Satam wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74818/ > --- > > (Updated Jan. 5, 2024, 9:21 a.m.) > > > Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan > Neethiraj, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. > > > Bugs: RANGER-4448 > https://issues.apache.org/jira/browse/RANGER-4448 > > > Repository: ranger > > > Description > --- > > Description: We need to handle following cases and return proper error > message and response: # In many cases 400 or 500 is thrown, in case the use > does not have permissions to execute the API. We need to handle such cases > and throw 403 and return proper error message. > > In case where user is trying to enter duplicate records, the error is thrown > with SQL query in response. In such cases, we need to throw 400 and return > proper error message. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 03de8e023 > security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java > 4aaf36442 > > security-admin/src/main/java/org/apache/ranger/db/XXGdsSharedResourceDao.java > d3bd4d65b > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 043d00b59 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java > da41d > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java > ab74e90e4 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > c5a3f38ff > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 0502512eb > > > Diff: https://reviews.apache.org/r/74818/diff/2/ > > > Testing > --- > > We get proper error messages in response > 1)When user is not ADMIN for dataset/datashare/shared-resource we now get 403 > status code > Error message | STATUS CODE : 403 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4106], reason[User > [Test-User-1] is not an admin for dataset [Test_GDS_Dataset112]], > field[null], subfield[null], type[]]", > "messageList": [ > { > "name": "OPER_NO_PERMISSION", > "rbKey": "xa.error.oper_no_permission", > "message": "User doesn't have permission to perform this > operation" > } > ] > } > > 2)When user renames dataset/datashare/shared-resource with pre-existing name ' > Error message | STATUS CODE : 400 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4108], reason[Dataset with > name [Test_GDS_Dataset1] already exists. ID=[2]], field[name], > subfield[null], type[]]", > "messageList": [ > { > "name": "INVALID_INPUT_DATA", > "rbKey": "xa.validation.invalid_input_data", > "message": "Invalid input data" > } > ] > } > > 3)When user tries to add duplicate entry for shared-resource > Error messsage | STATUS CODE : 400 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4121], reason[Shared > resource with name [res2] already exists in data share [RangerDataShare2]. > ID=[9]], field[name], subfield[null], type[]]", > "messageList": [ > { > "name": "INVALID_INPUT_DATA", > "rbKey": "xa.validation.invalid_input_data", > "message": "Invalid input data" > } > ] > } > > > Thanks, > > Prashant Satam > >
Re: Review Request 74818: RANGER-4448 : GDS CRUD APIs should return proper response and message in case of failure
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74818/ --- (Updated Jan. 5, 2024, 9:21 a.m.) Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4448 https://issues.apache.org/jira/browse/RANGER-4448 Repository: ranger Description --- Description: We need to handle following cases and return proper error message and response: # In many cases 400 or 500 is thrown, in case the use does not have permissions to execute the API. We need to handle such cases and throw 403 and return proper error message. In case where user is trying to enter duplicate records, the error is thrown with SQL query in response. In such cases, we need to throw 400 and return proper error message. Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 03de8e023 security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java 4aaf36442 security-admin/src/main/java/org/apache/ranger/db/XXGdsSharedResourceDao.java d3bd4d65b security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 043d00b59 security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java da41d security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java ab74e90e4 security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java c5a3f38ff security-admin/src/main/resources/META-INF/jpa_named_queries.xml 0502512eb Diff: https://reviews.apache.org/r/74818/diff/2/ Changes: https://reviews.apache.org/r/74818/diff/1-2/ Testing --- We get proper error messages in response 1)When user is not ADMIN for dataset/datashare/shared-resource we now get 403 status code Error message | STATUS CODE : 403 { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4106], reason[User [Test-User-1] is not an admin for dataset [Test_GDS_Dataset112]], field[null], subfield[null], type[]]", "messageList": [ { "name": "OPER_NO_PERMISSION", "rbKey": "xa.error.oper_no_permission", "message": "User doesn't have permission to perform this operation" } ] } 2)When user renames dataset/datashare/shared-resource with pre-existing name ' Error message | STATUS CODE : 400 { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4108], reason[Dataset with name [Test_GDS_Dataset1] already exists. ID=[2]], field[name], subfield[null], type[]]", "messageList": [ { "name": "INVALID_INPUT_DATA", "rbKey": "xa.validation.invalid_input_data", "message": "Invalid input data" } ] } 3)When user tries to add duplicate entry for shared-resource Error messsage | STATUS CODE : 400 { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4121], reason[Shared resource with name [res2] already exists in data share [RangerDataShare2]. ID=[9]], field[name], subfield[null], type[]]", "messageList": [ { "name": "INVALID_INPUT_DATA", "rbKey": "xa.validation.invalid_input_data", "message": "Invalid input data" } ] } Thanks, Prashant Satam
Re: Review Request 74818: RANGER-4448 : GDS CRUD APIs should return proper response and message in case of failure
> On Jan. 4, 2024, 9:49 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java > > Lines 224 (patched) > > <https://reviews.apache.org/r/74818/diff/1/?file=2284383#file2284383line224> > > > > Is @Produces annotation necessary for methods that return void? If not, > > please remove #224, #583, #908, #1099. Yes @Produce will be needed for DELETE methods to show any validation Errors that occured during the delete operation - Prashant --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74818/#review226102 --- On Jan. 4, 2024, 1:09 p.m., Prashant Satam wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74818/ > --- > > (Updated Jan. 4, 2024, 1:09 p.m.) > > > Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan > Neethiraj, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. > > > Bugs: RANGER-4448 > https://issues.apache.org/jira/browse/RANGER-4448 > > > Repository: ranger > > > Description > --- > > Description: We need to handle following cases and return proper error > message and response: # In many cases 400 or 500 is thrown, in case the use > does not have permissions to execute the API. We need to handle such cases > and throw 403 and return proper error message. > > In case where user is trying to enter duplicate records, the error is thrown > with SQL query in response. In such cases, we need to throw 400 and return > proper error message. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java > 03de8e023 > security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java > 4aaf36442 > > security-admin/src/main/java/org/apache/ranger/db/XXGdsSharedResourceDao.java > d3bd4d65b > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 043d00b59 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java > da41d > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java > ab74e90e4 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > c5a3f38ff > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 0502512eb > > > Diff: https://reviews.apache.org/r/74818/diff/1/ > > > Testing > --- > > We get proper error messages in response > 1)When user is not ADMIN for dataset/datashare/shared-resource we now get 403 > status code > Error message | STATUS CODE : 403 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4106], reason[User > [Test-User-1] is not an admin for dataset [Test_GDS_Dataset112]], > field[null], subfield[null], type[]]", > "messageList": [ > { > "name": "OPER_NO_PERMISSION", > "rbKey": "xa.error.oper_no_permission", > "message": "User doesn't have permission to perform this > operation" > } > ] > } > > 2)When user renames dataset/datashare/shared-resource with pre-existing name ' > Error message | STATUS CODE : 400 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4108], reason[Dataset with > name [Test_GDS_Dataset1] already exists. ID=[2]], field[name], > subfield[null], type[]]", > "messageList": [ > { > "name": "INVALID_INPUT_DATA", > "rbKey": "xa.validation.invalid_input_data", > "message": "Invalid input data" > } > ] > } > > 3)When user tries to add duplicate entry for shared-resource > Error messsage | STATUS CODE : 400 > { > "statusCode": 1, > "msgDesc": "[ Validation failure: error code[4121], reason[Shared > resource with name [res2] already exists in data share [RangerDataShare2]. > ID=[9]], field[name], subfield[null], type[]]", > "messageList": [ > { > "name": "INVALID_INPUT_DATA", > "rbKey": "xa.validation.invalid_input_data", > "message": "Invalid input data" > } > ] > } > > > Thanks, > > Prashant Satam > >
Review Request 74818: RANGER-4448 : GDS CRUD APIs should return proper response and message in case of failure
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74818/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4448 https://issues.apache.org/jira/browse/RANGER-4448 Repository: ranger Description --- Description: We need to handle following cases and return proper error message and response: # In many cases 400 or 500 is thrown, in case the use does not have permissions to execute the API. We need to handle such cases and throw 403 and return proper error message. In case where user is trying to enter duplicate records, the error is thrown with SQL query in response. In such cases, we need to throw 400 and return proper error message. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java 03de8e023 security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java 4aaf36442 security-admin/src/main/java/org/apache/ranger/db/XXGdsSharedResourceDao.java d3bd4d65b security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 043d00b59 security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java da41d security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java ab74e90e4 security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java c5a3f38ff security-admin/src/main/resources/META-INF/jpa_named_queries.xml 0502512eb Diff: https://reviews.apache.org/r/74818/diff/1/ Testing --- We get proper error messages in response 1)When user is not ADMIN for dataset/datashare/shared-resource we now get 403 status code Error message { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4106], reason[User [Test-User-1] is not an admin for dataset [Test_GDS_Dataset112]], field[null], subfield[null], type[]]", "messageList": [ { "name": "OPER_NO_PERMISSION", "rbKey": "xa.error.oper_no_permission", "message": "User doesn't have permission to perform this operation" } ] } 2)When user renames dataset/datashare/shared-resource with pre-existing name ' Error message { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4108], reason[Dataset with name [Test_GDS_Dataset1] already exists. ID=[2]], field[name], subfield[null], type[]]", "messageList": [ { "name": "INVALID_INPUT_DATA", "rbKey": "xa.validation.invalid_input_data", "message": "Invalid input data" } ] } 3)When user tries to add duplicate entry for shared-resource Error messsage { "statusCode": 1, "msgDesc": "[ Validation failure: error code[4121], reason[Shared resource with name [res2] already exists in data share [RangerDataShare2]. ID=[9]], field[name], subfield[null], type[]]", "messageList": [ { "name": "INVALID_INPUT_DATA", "rbKey": "xa.validation.invalid_input_data", "message": "Invalid input data" } ] } Thanks, Prashant Satam
Review Request 74811: RANGER-4630:Need to add pagination support and searchFilters for tag related APIs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74811/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, and Subhrat Chaudhary. Bugs: RANGER-4630 https://issues.apache.org/jira/browse/RANGER-4630 Repository: ranger Description --- Currently for Tag related GET-APIs i.e for (RangerTags,RangerTagDefs,RangerServiceResource) we dont support pagination,and also we need additional searchFilters for them Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 0f6611f45 security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java de72ff140 security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 6d0019f70 security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java 9e78cf0e8 security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java 3a4ccf83d security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java 329d3eeec security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java 8f677995b security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java 929a4b06b security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java 3a90bd8a9 security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java 2e2c04f47 Diff: https://reviews.apache.org/r/74811/diff/1/ Testing --- 1)Tags Request > /service/tags/tags? Supported Query Params Search Fields tagId,tagDefId,tagType,tagTypePartial Sort Fields tagId,tagDefId,createTime,updateTime Supports Pagination 2)TagDefs Request > /service/tags/tagdefs? Supported Query Params Search Fields tagDefId,tagDefGuid,tagType,tagTypePartial,tagSource, tagSourcePartial Sort Fields tagDefId,tagType,createTime,updateTime Supports Pagination 3)ServiceResource Request > /service/tags/resources? Supported Query Params Search Fields resourceId,tagServiceId,tagServiceName,tagServiceNamePartial,resourceGuid,resourceSignature Sort Fields resourceId,tagServiceId,createTime,updateTime Supports Pagination Thanks, Prashant Satam
[jira] [Updated] (RANGER-4630) Need to add pagination support and searchFilters for tag related APIs
[ https://issues.apache.org/jira/browse/RANGER-4630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4630: --- Description: Currently for Tag related GET-APIs i.e for (RangerTags,RangerTagDefs,RangerServiceResource) we dont support pagination,and also we need additional searchFilters for them > Need to add pagination support and searchFilters for tag related APIs > - > > Key: RANGER-4630 > URL: https://issues.apache.org/jira/browse/RANGER-4630 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Minor > > Currently for Tag related GET-APIs i.e for > (RangerTags,RangerTagDefs,RangerServiceResource) we dont support > pagination,and also we need additional searchFilters for them -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4630) Need to add pagination support and searchFilters for tag related APIs
[ https://issues.apache.org/jira/browse/RANGER-4630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4630: -- Assignee: Prashant Satam > Need to add pagination support and searchFilters for tag related APIs > - > > Key: RANGER-4630 > URL: https://issues.apache.org/jira/browse/RANGER-4630 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Minor > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4630) Need to add pagination support and searchFilters for tag related APIs
Prashant Satam created RANGER-4630: -- Summary: Need to add pagination support and searchFilters for tag related APIs Key: RANGER-4630 URL: https://issues.apache.org/jira/browse/RANGER-4630 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4393) with direct API call, ranger is allowing to add more than 1 dataset in a dataset policy
[ https://issues.apache.org/jira/browse/RANGER-4393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam resolved RANGER-4393. Resolution: Invalid > with direct API call, ranger is allowing to add more than 1 dataset in a > dataset policy > --- > > Key: RANGER-4393 > URL: https://issues.apache.org/jira/browse/RANGER-4393 > Project: Ranger > Issue Type: Task > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > With direct API call, ranger is allowing to add more than 1 dataset > i.e(datasetName) in a dataset policy. It is blocked from UI. We need to block > it from backend also. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] (RANGER-4494) get Dataset summary for logged in user based on dataset-policy.
[ https://issues.apache.org/jira/browse/RANGER-4494 ] Prashant Satam deleted comment on RANGER-4494: was (Author: JIRAUSER300185): Patch in Review --> https://reviews.apache.org/r/74697/ > get Dataset summary for logged in user based on dataset-policy. > --- > > Key: RANGER-4494 > URL: https://issues.apache.org/jira/browse/RANGER-4494 > Project: Ranger > Issue Type: Bug > Components: admin > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > We need a new API URI--->(/dataset/summary/sharedwithme) to extend the > /dataset/summary API added in > https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary > for datasets which are shared with the logged in user, based on policy. > Use of The API > This API will return dataset summary objects which are accessible for the > logged in user by the dataset policy -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4490) Need new API for DataShare in Dataset Summary
[ https://issues.apache.org/jira/browse/RANGER-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4490: --- Description: Get dataShareInDataset Summary objects with filters The API is required for "My Requests" page to show mapping of dataset with datashare Required Fields for the page are (datasetName,dataShareName,sharedStatus,createTime,updateTime,createdBy) Details of the API FIELDS (datasetId,datasetName,dataShareId,dataShareName,serviceId,serviceName,zoneId,resoueceCount(based on dataShare),zoneName,shareStatus,) Supported Query Params datasetName,dataShareName,datasetNamePartial,dataShareNamePartial,approver,shareStatus,createdBy,serviceName,zoneName,serviceId,zoneId was: Get dataShareInDataset Summary objects with filters The API is required for "My Requests" page to show mapping of dataset with datashare Required Fields for the page are (datasetName,dataShareName,sharedStatus,createTime,updateTime,createdBy) Need to add new query params linkedServiceId/linkedServiceName -> in case of dataShares we need this query param to ensure we get only those dataShares that are linked to the given service AND also have datasets linked to them linkedZoneId/linkedZoneName -> in case of dataShares we need this query param to ensure we get only those dataShares that are linked to the given security-zone AND also have datasets linked to them linkedProjectId/linkedProjectName -> in case of datasets we need this query param to ensure we only get datasets that are connected to the given project AND also have dataShares linked to them In case of dataShares the Existing query Params like serviceId/serviceName only return dataShares connected to the service but this do not ensure that the same dataShare is connected to any dataset Also for query param zoneId/zoneName from dataShare side only return dataShares connected to the given security-zone but this do not ensure that the same dataShare is connected to any dataset in case of dataset the Existing param projectId/projectName will only return the datasets connected to the project but this do not ensure that the dataset is connected to any dataShare Details of the API -- FIELDS (datasetId,datasetName,dataShareId,dataShareName,serviceId,serviceName,zoneId,resoueceCount(based on dataShare),zoneName,shareStatus,) Supported Query Params linkedServiceId,linkedServiceName,linkedServiceNamePartial,linkedZoneId,linkedZoneName,linkedZoneNamePartial,linkedProjectId,linkedProjectName,linkedProjectNamePartial > Need new API for DataShare in Dataset Summary > - > > Key: RANGER-4490 > URL: https://issues.apache.org/jira/browse/RANGER-4490 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > Get dataShareInDataset Summary objects with filters > The API is required for "My Requests" page to show mapping of dataset with > datashare > Required Fields for the page are > (datasetName,dataShareName,sharedStatus,createTime,updateTime,createdBy) > Details of the API > FIELDS > (datasetId,datasetName,dataShareId,dataShareName,serviceId,serviceName,zoneId,resoueceCount(based > on dataShare),zoneName,shareStatus,) > Supported Query Params > datasetName,dataShareName,datasetNamePartial,dataShareNamePartial,approver,shareStatus,createdBy,serviceName,zoneName,serviceId,zoneId -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74688: RANGER:4490:Need new API for DataShare in Dataset Summary
: 1, "serviceName": "Ranger_hive", "zoneId": 2, "zoneName": "test-Zone-1", "resourceCount": 0, "shareStatus": "NONE", "approver":"admin", "callerPermissionOnDataset": "VIEW", "callerPermissionOnDataShare": "VIEW" } ], "listSize": 1 } Thanks, Prashant Satam
Review Request 74807: RANGER-4629:We need ACL evaluation in GET API for shared-resource
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74807/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4629 https://issues.apache.org/jira/browse/RANGER-4629 Repository: ranger Description --- Currently there is no validation for GET API of shared-resource we need to add ACL evaluation (i.e respective dataShares ACL evaluation) for the GET API of shared resource Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java e38d0d15c Diff: https://reviews.apache.org/r/74807/diff/1/ Testing --- Steps to check 1)We have enforced respective dataShare ACL for GET API of shared-resource Thanks, Prashant Satam
Review Request 74806: RANGER-4628: Need to add Validations for Security-Zone partial update API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74806/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4628 https://issues.apache.org/jira/browse/RANGER-4628 Repository: ranger Description --- For Partial Update of Security-Zone API ===> /service/public/v2/api/zones-v2/{id}/partial 1)We can add existing admins/auditors to the zone and still get 200 as response 2)We can add existing tagServices to the zone and still get 200 as response 3)While removing the existing resources in zone if we pass invalid serviceName we still get 200 as response though the zone is not getting updated Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java 72ec4a4c7 Diff: https://reviews.apache.org/r/74806/diff/1/ Testing --- steps to check : 1)We get validation when adding existing admins/auditors to the zone 2)We get validation when adding existing tagServices to the zone 3)We get validation when pass invalid serviceName for removing existing resources from zone Thanks, Prashant Satam
[jira] [Updated] (RANGER-4629) We need ACL evaluation in GET API for shared-resource
[ https://issues.apache.org/jira/browse/RANGER-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4629: --- Description: Currently there is no validation for GET API of shared-resource we need to add ACL evaluation (i.e respective dataShares ACL evaluation) for the GET API of shared resource > We need ACL evaluation in GET API for shared-resource > - > > Key: RANGER-4629 > URL: https://issues.apache.org/jira/browse/RANGER-4629 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > Currently there is no validation for GET API of shared-resource we need to > add ACL evaluation (i.e respective dataShares ACL evaluation) for the GET API > of shared resource -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4629) We need ACL evaluation in GET API for shared-resource
[ https://issues.apache.org/jira/browse/RANGER-4629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4629: -- Assignee: Prashant Satam > We need ACL evaluation in GET API for shared-resource > - > > Key: RANGER-4629 > URL: https://issues.apache.org/jira/browse/RANGER-4629 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently there is no validation for GET API of shared-resource we need to > add ACL evaluation (i.e respective dataShares ACL evaluation) for the GET API > of shared resource -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4629) We need ACL evaluation in GET API for shared-resource
Prashant Satam created RANGER-4629: -- Summary: We need ACL evaluation in GET API for shared-resource Key: RANGER-4629 URL: https://issues.apache.org/jira/browse/RANGER-4629 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4628) Need to add Validations for Security-Zone partial update API
[ https://issues.apache.org/jira/browse/RANGER-4628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4628: --- Description: For Partial Update of Security-Zone API ===> /service/public/v2/api/zones-v2/\{id}/partial 1)We can add existing admins/auditors to the zone and still get 200 as response 2)We can add existing tagServices to the zone and still get 200 as response 3)While removing the existing resources in zone if we pass invalid serviceName we still get 200 as response though the zone is not getting updated > Need to add Validations for Security-Zone partial update API > > > Key: RANGER-4628 > URL: https://issues.apache.org/jira/browse/RANGER-4628 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > For Partial Update of Security-Zone API ===> > /service/public/v2/api/zones-v2/\{id}/partial > 1)We can add existing admins/auditors to the zone and still get 200 as > response > 2)We can add existing tagServices to the zone and still get 200 as response > 3)While removing the existing resources in zone if we pass invalid > serviceName we still get 200 as response though the zone is not getting > updated -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4628) Need to add Validations for Security-Zone partial update API
[ https://issues.apache.org/jira/browse/RANGER-4628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4628: -- Assignee: Prashant Satam > Need to add Validations for Security-Zone partial update API > > > Key: RANGER-4628 > URL: https://issues.apache.org/jira/browse/RANGER-4628 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4628) Need to add Validations for Security-Zone partial update API
Prashant Satam created RANGER-4628: -- Summary: Need to add Validations for Security-Zone partial update API Key: RANGER-4628 URL: https://issues.apache.org/jira/browse/RANGER-4628 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74799: RANGER-4618: Need to add displayName field in zoneSummary Object
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74799/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4618 https://issues.apache.org/jira/browse/RANGER-4618 Repository: ranger Description --- In the zoneSummary Object services section we have name field to display serviceName but it will be helpful if we add displayName field also to the same Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java 4ea6cdee6 security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 422dd0fe5 Diff: https://reviews.apache.org/r/74799/diff/1/ Testing --- 1)create a securityZone by adding a service to it 2)get securityZone by (/service/zones/summary/) you will get displayName field in zoneSummaryList Request > /service/zones/summary Response ==> { "startIndex": 0, "pageSize": 1, "totalCount": 5, "resultSize": 1, "sortType": null, "sortBy": null, "queryTimeMS": 1702981470678, "list": [ { "id": 2, "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 1699352435000, "updateTime": 1701843223000, "name": "Test-Zone-1", "description": "ZZ", "totalResourceCount": 1, "adminCount": { "GROUP": 0, "ROLE": 1, "USER": 2 }, "auditorCount": { "GROUP": 0, "ROLE": 0, "USER": 1 }, "services": [ { "id": 1, "name": "Ranger_hive", "type": "hive", "displayName": "Ranger_hive_DISPLAY", "resourceCount": 1 } ] } ], "listSize": 1 } Thanks, Prashant Satam
[jira] [Updated] (RANGER-4618) Need to add displayName field in zoneSummary Object
[ https://issues.apache.org/jira/browse/RANGER-4618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4618: --- Description: In the zoneSummary Object services section we have name field to display serviceName but it will be helpful if we add displayName field also to the same > Need to add displayName field in zoneSummary Object > --- > > Key: RANGER-4618 > URL: https://issues.apache.org/jira/browse/RANGER-4618 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > In the zoneSummary Object services section we have name field to display > serviceName but it will be helpful if we add displayName field also to the > same -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4618) Need to add displayName field in zoneSummary Object
Prashant Satam created RANGER-4618: -- Summary: Need to add displayName field in zoneSummary Object Key: RANGER-4618 URL: https://issues.apache.org/jira/browse/RANGER-4618 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4618) Need to add displayName field in zoneSummary Object
[ https://issues.apache.org/jira/browse/RANGER-4618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4618: -- Assignee: Prashant Satam > Need to add displayName field in zoneSummary Object > --- > > Key: RANGER-4618 > URL: https://issues.apache.org/jira/browse/RANGER-4618 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74798: RANGER-4617: Need to add ACL principal details in dataset summary API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74798/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Siddhesh Phatak, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4617 https://issues.apache.org/jira/browse/RANGER-4617 Repository: ranger Description --- Currently in dataset-summary API we have a field "principalsCount" which gives details of principal in dataset policy ,Also adding field "aclPrincipalsCount" which will give details of principals in dataset ACL will also be helpful for getting more information for a dataset Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java d10a70f23 security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java bf348e4ed Diff: https://reviews.apache.org/r/74798/diff/1/ Testing --- 1)create user,group,role 2)Create a dataset and add the above principals in Dataset-ACL 3)get the dataset by service/gds/dataset/summary API in field "aclPrincipalsCount" you will get count of above added principals in datasetSummary Request ===> service/gds/dataset/summary/ Response ==> { "startIndex": 0, "pageSize": 1, "totalCount": 9, "resultSize": 1, "sortType": "asc", "sortBy": "datasetId", "queryTimeMS": 1702979335915, "list": [ { "id": 1, "guid": "bbfe0bb4-94c8-49e1-8a2a-2c2997839b2f", "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 169942971, "updateTime": 1700740815000, "version": 2, "name": "Test_GDS_Dataset112", "description": "This is GDS description", "permissionForCaller": "ADMIN", "principalsCount": { "ROLE": 0, "GROUP": 0, "USER": 0 }, "aclPrincipalsCount": { "ROLE": 0, "GROUP": 0, "USER": 2 }, "projectsCount": 1, "totalResourceCount": 1, "dataShares": [ { "id": 1, "guid": "604513a0-2c69-40c4-8ea8-ccecadf47888", "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 1699352449000, "updateTime": 1702453784000, "version": 7, "dataShareId": 1, "dataShareName": "RangerDataShare22", "serviceId": 1, "serviceName": "Ranger_hive", "zoneId": 2, "zoneName": "Test-Zone-1", "resourceCount": 1, "shareStatus": "ACTIVE", "approver": "admin" } ] } ], "listSize": 1 } Thanks, Prashant Satam
[jira] [Updated] (RANGER-4617) Need to add ACL principal details in dataset summary API
[ https://issues.apache.org/jira/browse/RANGER-4617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4617: --- Description: Currently in dataset-summary API we have a field "principalsCount" which gives details of principal in dataset policy ,Also adding field "aclPrincipalsCount" which will give details of principals in dataset ACL will also be helpful for getting more information for a dataset > Need to add ACL principal details in dataset summary API > - > > Key: RANGER-4617 > URL: https://issues.apache.org/jira/browse/RANGER-4617 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > Currently in dataset-summary API we have a field > "principalsCount" which gives details of principal in dataset policy ,Also > adding field "aclPrincipalsCount" which will give details of principals in > dataset ACL will also be helpful for getting more information for a dataset -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4617) Need to add ACL principal details in dataset summary API
Prashant Satam created RANGER-4617: -- Summary: Need to add ACL principal details in dataset summary API Key: RANGER-4617 URL: https://issues.apache.org/jira/browse/RANGER-4617 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4617) Need to add ACL principal details in dataset summary API
[ https://issues.apache.org/jira/browse/RANGER-4617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4617: -- Assignee: Prashant Satam > Need to add ACL principal details in dataset summary API > - > > Key: RANGER-4617 > URL: https://issues.apache.org/jira/browse/RANGER-4617 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74793: RANGER-4608:Need to add ACL evaluation for get datashare by ID API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74793/ --- Review request for ranger, Akshay Tupe, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4608 https://issues.apache.org/jira/browse/RANGER-4608 Repository: ranger Description --- For GET API for datashare by ID need to add ACL evaluation Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java af70daa9d Diff: https://reviews.apache.org/r/74793/diff/1/ Testing --- Steps to Test 1)create a datashare 2)Get the datashare by a user(this user should not be in ACL of datashare)using GET API service/gds/datashare/{id} 3)Will get Error as user has no permission on the datashare Thanks, Prashant Satam
[jira] [Updated] (RANGER-4608) Need to add ACL evaluation for get datashare by ID API
[ https://issues.apache.org/jira/browse/RANGER-4608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4608: --- Description: For GET API for datashare by ID need to add ACL evaluation (was: For GET API of datashare by ID need to add ACL evaluation ) > Need to add ACL evaluation for get datashare by ID API > --- > > Key: RANGER-4608 > URL: https://issues.apache.org/jira/browse/RANGER-4608 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam >Priority: Major > > For GET API for datashare by ID need to add ACL evaluation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4608) Need to add ACL evaluation for get datashare by ID API
Prashant Satam created RANGER-4608: -- Summary: Need to add ACL evaluation for get datashare by ID API Key: RANGER-4608 URL: https://issues.apache.org/jira/browse/RANGER-4608 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam For GET API of datashare by ID need to add ACL evaluation -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74790: RANGER-4604: Need to add query param createdBy for security-zone GET API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74790/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4604 https://issues.apache.org/jira/browse/RANGER-4604 Repository: ranger Description --- We need to add a query param createdBy for security-zone GET API. It will be useful to filter list of security-zones created by user, especially to get the security-zone created by self Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/SecurityZonePredicateUtil.java 54b477502 agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 719ec3005 security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 87a278674 Diff: https://reviews.apache.org/r/74790/diff/1/ Testing --- Steps to test 1)create a Security-zone by Test-user-1 2)GET security-zones using GET API /service/zones/zones by using query param createdBy 3)Request > (/service/zones/zones?createdBy=Test-user-1) in Response you will get zones which are created by Test-user-1 Thanks, Prashant Satam
Review Request 74788: RANGER:4603 : Need to add query param createdBy for dataset GET API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74788/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4603 https://issues.apache.org/jira/browse/RANGER-4603 Repository: ranger Description --- Currently we have dataset GET APIs to get list datasets based on ACL. It will be useful to be able filter the list based on users who created the dataset, especially to get the datasets created by self. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 719ec3005 security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java af70daa9d security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java e8d672015 Diff: https://reviews.apache.org/r/74788/diff/1/ Testing --- Steps to check 1)create 2 users with userName user1,user2 2)create 1 dataset by user 1 and add user 2 in dataset ACL with permission VIEW 3)use GET API (service/gds/dataset) with query param createdBy we will get dataset in response 4)Request ==> (service/gds/dataset?createdBy=user2) Thanks, Prashant Satam
[jira] [Updated] (RANGER-4604) Need to add query param createdBy for security-zone GET API
[ https://issues.apache.org/jira/browse/RANGER-4604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4604: --- Description: We need to add a query param createdBy for security-zone GET API. It will be useful to filter list of security-zones created by user, especially to get the security-zone created by self (was: We need to add a query param createdBy for security-zone GET API) > Need to add query param createdBy for security-zone GET API > --- > > Key: RANGER-4604 > URL: https://issues.apache.org/jira/browse/RANGER-4604 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > We need to add a query param createdBy for security-zone GET API. It will be > useful to filter list of security-zones created by user, especially to get > the security-zone created by self -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4603) Need to add query param createdBy for dataset GET API
[ https://issues.apache.org/jira/browse/RANGER-4603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4603: --- Description: Currently we have dataset GET APIs to get list datasets based on ACL. It will be useful to be able filter the list based on users who created the dataset, especially to get the datasets created by self. (was: Currently we have dataset GET APIs to get list datasets based on ACL. It will be useful to be able filter the list based users who created the dataset, especially to get the datasets created by self.) > Need to add query param createdBy for dataset GET API > - > > Key: RANGER-4603 > URL: https://issues.apache.org/jira/browse/RANGER-4603 > Project: Ranger > Issue Type: Sub-task > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently we have dataset GET APIs to get list datasets based on ACL. It will > be useful to be able filter the list based on users who created the dataset, > especially to get the datasets created by self. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4603) Need to add query param createdBy for dataset GET API
[ https://issues.apache.org/jira/browse/RANGER-4603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4603: --- Description: Currently we have dataset GET APIs to get list datasets based on ACL. It will be useful to be able filter the list based users who created the dataset, especially to get the datasets created by self. (was: We need add a query param createdBy for dataset GET API it will be needed in case of (/dataset/summary) API ) > Need to add query param createdBy for dataset GET API > - > > Key: RANGER-4603 > URL: https://issues.apache.org/jira/browse/RANGER-4603 > Project: Ranger > Issue Type: Sub-task > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > Currently we have dataset GET APIs to get list datasets based on ACL. It will > be useful to be able filter the list based users who created the dataset, > especially to get the datasets created by self. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4604) Need to add query param createdBy for security-zone GET API
[ https://issues.apache.org/jira/browse/RANGER-4604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4604: -- Assignee: Prashant Satam > Need to add query param createdBy for security-zone GET API > --- > > Key: RANGER-4604 > URL: https://issues.apache.org/jira/browse/RANGER-4604 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > We need to add a query param createdBy for security-zone GET API -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4603) Need to add query param createdBy for dataset GET API
Prashant Satam created RANGER-4603: -- Summary: Need to add query param createdBy for dataset GET API Key: RANGER-4603 URL: https://issues.apache.org/jira/browse/RANGER-4603 Project: Ranger Issue Type: Sub-task Components: Ranger Reporter: Prashant Satam We need add a query param createdBy for dataset GET API it will be needed in case of (/dataset/summary) API -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4604) Need to add query param createdBy for security-zone GET API
Prashant Satam created RANGER-4604: -- Summary: Need to add query param createdBy for security-zone GET API Key: RANGER-4604 URL: https://issues.apache.org/jira/browse/RANGER-4604 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Prashant Satam We need to add a query param createdBy for security-zone GET API -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4603) Need to add query param createdBy for dataset GET API
[ https://issues.apache.org/jira/browse/RANGER-4603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4603: -- Assignee: Prashant Satam > Need to add query param createdBy for dataset GET API > - > > Key: RANGER-4603 > URL: https://issues.apache.org/jira/browse/RANGER-4603 > Project: Ranger > Issue Type: Sub-task > Components: Ranger > Reporter: Prashant Satam > Assignee: Prashant Satam >Priority: Major > > We need add a query param createdBy for dataset GET API it will be needed in > case of (/dataset/summary) API -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74767: RANGER-4542 : Need to add support of search by zoneNamePartial and sort by zoneName, createTime query params in zone-summary api
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74767/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Repository: ranger Description --- For GET API service/zones/summary we need to add support for query param search by zoneNamePartial , and sort by zoneName, createTime (Both ASC and DESC order) When we pass just sortTpye/sortBy params single or together we dont get response accordingly Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java 07c561506 agents-common/src/main/java/org/apache/ranger/plugin/store/SecurityZonePredicateUtil.java 9164091ae security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 6c6ddc49f Diff: https://reviews.apache.org/r/74767/diff/1/ Testing --- Steps to Test 1)Create multiple security-zones 2)Use /service/zones/summary?sortBy=zoneName&sortType=DESC only using (sortTpye/sortBy) we get response according to this params 3)Use just /service/zones/summary?sortType=DESC we get response according to this param 4)Create 2 security-zones with similar names i.e Test-zone-1 and Test-zone-11 5)Use /service/zones/summary?zoneNamePartial=Test-zone-1 we get 2 security-zones in response Thanks, Prashant Satam
Re: Review Request 74749: RANGER-4534 : Use of Query param GdsPermission with value NONE gives incorrect response for GDS GET APIs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74749/ --- (Updated Nov. 29, 2023, 9:25 a.m.) Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. Bugs: RANGER-4534 https://issues.apache.org/jira/browse/RANGER-4534 Repository: ranger Description --- When we use GDS GET APIs for (dataset/datashare/project) and pass query param gdsPermission=NONE we get all the objects in response which is not expected Example : When the param gdsPermission=NONE is passed in request, in the GET APIs e.g. GET /gds/dataset, whole dataset list is returned in response, even if the calling user is not added in the ACLs in any of the datasets. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java 1cc87399b Diff: https://reviews.apache.org/r/74749/diff/2/ Changes: https://reviews.apache.org/r/74749/diff/1-2/ Testing (updated) --- Steps to Test 1)Create Test-User-1 2)Create 2 datasets each with ACL permission for Test-User-1 as NONE,VIEW 3)Use GET API service/gds/dataset with query param as gdsPermission=NONE 4)Response will be empty Thanks, Prashant Satam