[jira] [Updated] (RANGER-4075) Add support for table functions to trino ranger plugin
[
https://issues.apache.org/jira/browse/RANGER-4075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4075:
--
Issue Type: Improvement (was: Bug)
> Add support for table functions to trino ranger plugin
> --
>
> Key: RANGER-4075
> URL: https://issues.apache.org/jira/browse/RANGER-4075
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
>Reporter: Mahebub Sayyed
>Assignee: Siddhant Sontakke
>Priority: Minor
>
> Table functions were added to trino from 388 onwards and
> {{SystemAccessControl}} methods were updated to accommodate this change
> later. Therefore, to make the table function work with the Trino-Rangerplugin
> we need to re-implement method {{checkCanExecuteFunction}} with a new
> argument{{{}FunctionKind{}}}
> Relevant links
> Trino Slack: [https://trinodb.slack.com/archives/CGB0QHWSW/p1655456620535959]
> [trinodb/trino#12544|https://github.com/trinodb/trino/pull/12544]
> [trinodb/trino#12833|https://github.com/trinodb/trino/issues/12833]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke resolved RANGER-4037.
---
Resolution: Fixed
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Ranger - 4037 ticket testing.pdf
>
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4037:
--
Attachment: Ranger - 4037 ticket testing.pdf
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Ranger - 4037 ticket testing.pdf
>
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4037:
--
Attachment: Ranger - 4037 ticket testing.pdf
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Ranger - 4037 ticket testing.pdf
>
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4037:
--
Attachment: (was: Ranger - 4037 ticket testing.pdf)
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Ranger - 4037 ticket testing.pdf
>
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17736125#comment-17736125
]
Siddhant Sontakke commented on RANGER-4037:
---
[~anupamrai2303] could you please take a look? I have tested the ticket, and
everything is working fine in my case. I am sharing a document in which I have
mentioned all the steps to reproduce the issue. Could you review it?
[^Ranger - 4037 ticket testing.pdf]
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Ranger - 4037 ticket testing.pdf
>
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4037) Audits are not getting generated for policy enforcement works based on policy condition
[
https://issues.apache.org/jira/browse/RANGER-4037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke reassigned RANGER-4037:
-
Assignee: Siddhant Sontakke
> Audits are not getting generated for policy enforcement works based on policy
> condition
>
>
> Key: RANGER-4037
> URL: https://issues.apache.org/jira/browse/RANGER-4037
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Anupam Rai
>Assignee: Siddhant Sontakke
>Priority: Major
>
> Audits are not getting generated for policy enforcement works based on policy
> condition :
> RangerNoneOfExpectedTagsPresentConditionEvaluator
> Steps to reproduce :
> - Apply policy conditions in service defs
> {code:java}
> "policyConditions": [
> {
> "itemId": 1,
> "name": "all-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerTagsAllPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Tags All Present?",
> "description": "Tags All Present?"
> },
> {
> "itemId": 2,
> "name": "none-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerNoneOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "None of Tags Present?",
> "description": "None of Tags Present?"
> },
> {
> "itemId": 3,
> "name": "any-of-tag-present",
> "evaluator":
> "org.apache.ranger.plugin.conditionevaluator.RangerAnyOfExpectedTagsPresentConditionEvaluator",
> "evaluatorOptions": {},
> "label": "Any of Tags Present?",
> "description": "Any of Tags Present?"
> } ], {code}
> Add tag based policy for with
> RangerNoneOfExpectedTagsPresentConditionEvaluator tag including tag which is
> used to created policy and give hive access to user
> Try access tag related attribute in beeline
> User will be denied and policy is enforced but in audit logs denied policy
> wont be available .
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-3800) Add unimplemented checkCanSetTableAuthorization and checkCanSetTableProperties methods in trino-plugin
[
https://issues.apache.org/jira/browse/RANGER-3800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke reassigned RANGER-3800:
-
Assignee: (was: Siddhant Sontakke)
> Add unimplemented checkCanSetTableAuthorization and
> checkCanSetTableProperties methods in trino-plugin
> --
>
> Key: RANGER-3800
> URL: https://issues.apache.org/jira/browse/RANGER-3800
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
>Affects Versions: 2.3.0
>Reporter: Aakash Nand
>Priority: Major
> Fix For: 3.0.0
>
> Attachments:
> 0001-RANGER-3800-Add-unimplemented-methods-for-trino-plug.patch
>
>
> {color:#de350b}checkCanSetTableAuthorization{color} and
> {color:#de350b}checkCanSetTableProperties{color} methods are not implemented
> in trino-ranger-plugin this gives `AccessDeniedException` when executing
> queries like
>
> {{ALTER TABLE XXX SET AUTHORIZATION}}
>
>
> and
>
> {{ALTER TABLE XXX SET PROPERTIES}}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-3800) Add unimplemented checkCanSetTableAuthorization and checkCanSetTableProperties methods in trino-plugin
[
https://issues.apache.org/jira/browse/RANGER-3800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke reassigned RANGER-3800:
-
Assignee: Siddhant Sontakke
> Add unimplemented checkCanSetTableAuthorization and
> checkCanSetTableProperties methods in trino-plugin
> --
>
> Key: RANGER-3800
> URL: https://issues.apache.org/jira/browse/RANGER-3800
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
>Affects Versions: 2.3.0
>Reporter: Aakash Nand
>Assignee: Siddhant Sontakke
>Priority: Major
> Fix For: 3.0.0
>
> Attachments:
> 0001-RANGER-3800-Add-unimplemented-methods-for-trino-plug.patch
>
>
> {color:#de350b}checkCanSetTableAuthorization{color} and
> {color:#de350b}checkCanSetTableProperties{color} methods are not implemented
> in trino-ranger-plugin this gives `AccessDeniedException` when executing
> queries like
>
> {{ALTER TABLE XXX SET AUTHORIZATION}}
>
>
> and
>
> {{ALTER TABLE XXX SET PROPERTIES}}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4239) Upgrade trino version
[ https://issues.apache.org/jira/browse/RANGER-4239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17729983#comment-17729983 ] Siddhant Sontakke commented on RANGER-4239: --- I tried the Trino 417 server version for testing, and the Ranger plugin was installed successfully. I executed a basic query, which worked fine, and I could view the audits in the UI. Review Board Link - https://reviews.apache.org/r/74460/ > Upgrade trino version > - > > Key: RANGER-4239 > URL: https://issues.apache.org/jira/browse/RANGER-4239 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: qingbo jiao >Assignee: Siddhant Sontakke >Priority: Minor > > The current version of trino integrated in the ranger is 377, and the latest > version of trino has reached 417. Should the version of trino be upgraded to > 4XX? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4075) Add support for table functions to trino ranger plugin
[
https://issues.apache.org/jira/browse/RANGER-4075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke reassigned RANGER-4075:
-
Assignee: Siddhant Sontakke
> Add support for table functions to trino ranger plugin
> --
>
> Key: RANGER-4075
> URL: https://issues.apache.org/jira/browse/RANGER-4075
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Mahebub Sayyed
>Assignee: Siddhant Sontakke
>Priority: Minor
>
> Table functions were added to trino from 388 onwards and
> {{SystemAccessControl}} methods were updated to accommodate this change
> later. Therefore, to make the table function work with the Trino-Rangerplugin
> we need to re-implement method {{checkCanExecuteFunction}} with a new
> argument{{{}FunctionKind{}}}
> Relevant links
> Trino Slack: [https://trinodb.slack.com/archives/CGB0QHWSW/p1655456620535959]
> [trinodb/trino#12544|https://github.com/trinodb/trino/pull/12544]
> [trinodb/trino#12833|https://github.com/trinodb/trino/issues/12833]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4239) Upgrade trino version
[ https://issues.apache.org/jira/browse/RANGER-4239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke reassigned RANGER-4239: - Assignee: Siddhant Sontakke > Upgrade trino version > - > > Key: RANGER-4239 > URL: https://issues.apache.org/jira/browse/RANGER-4239 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: qingbo jiao >Assignee: Siddhant Sontakke >Priority: Minor > > The current version of trino integrated in the ranger is 377, and the latest > version of trino has reached 417. Should the version of trino be upgraded to > 4XX? -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Description: h4. In trino service while creating policy add permission is rendering incorrectly. Actual : - !image-2023-05-31-14-45-34-388.png|width=669,height=304! Expected : - !image-2023-05-31-14-41-35-775.png|width=664,height=298! was: h4. In trino service while creating policy add permission is rendering incorrectly. Actual : - !image-2023-05-31-14-45-34-388.png|width=693,height=315! Expected : - !image-2023-05-31-14-41-35-775.png|width=684,height=307! > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: image-2023-05-31-14-41-35-775.png, > image-2023-05-31-14-45-34-388.png, scrnli_31_05_2023_14-39-04.webm > > > h4. In trino service while creating policy add permission is rendering > incorrectly. > Actual : - > !image-2023-05-31-14-45-34-388.png|width=669,height=304! > Expected : - > !image-2023-05-31-14-41-35-775.png|width=664,height=298! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Description: h4. In trino service while creating policy add permission is rendering incorrectly. Actual : - !image-2023-05-31-14-45-34-388.png|width=693,height=315! Expected : - !image-2023-05-31-14-41-35-775.png|width=684,height=307! was:h1. In trino service while creating policy add permission is rendering incorrectly. > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: image-2023-05-31-14-41-35-775.png, > image-2023-05-31-14-45-34-388.png, scrnli_31_05_2023_14-39-04.webm > > > h4. In trino service while creating policy add permission is rendering > incorrectly. > Actual : - > !image-2023-05-31-14-45-34-388.png|width=693,height=315! > Expected : - > !image-2023-05-31-14-41-35-775.png|width=684,height=307! -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Attachment: image-2023-05-31-14-45-34-388.png > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: image-2023-05-31-14-41-35-775.png, > image-2023-05-31-14-45-34-388.png, scrnli_31_05_2023_14-39-04.webm > > > h1. In trino service while creating policy add permission is rendering > incorrectly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Attachment: image-2023-05-31-14-41-35-775.png > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: image-2023-05-31-14-41-35-775.png, > scrnli_31_05_2023_14-39-04.webm > > > h1. In trino service while creating policy add permission is rendering > incorrectly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Description: h1. In trino service while creating policy add permission is rendering incorrectly. > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: scrnli_31_05_2023_14-39-04.webm > > > h1. In trino service while creating policy add permission is rendering > incorrectly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
[ https://issues.apache.org/jira/browse/RANGER-4260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke updated RANGER-4260: -- Attachment: scrnli_31_05_2023_14-39-04.webm > In trino service while creating policy add permission is rendering > incorrectly. > --- > > Key: RANGER-4260 > URL: https://issues.apache.org/jira/browse/RANGER-4260 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Siddhant Sontakke >Assignee: Stalin Nadar >Priority: Major > Attachments: scrnli_31_05_2023_14-39-04.webm > > > h1. In trino service while creating policy add permission is rendering > incorrectly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4260) In trino service while creating policy add permission is rendering incorrectly.
Siddhant Sontakke created RANGER-4260: - Summary: In trino service while creating policy add permission is rendering incorrectly. Key: RANGER-4260 URL: https://issues.apache.org/jira/browse/RANGER-4260 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Siddhant Sontakke Assignee: Stalin Nadar -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17724781#comment-17724781
]
Siddhant Sontakke commented on RANGER-4128:
---
Review Board link for Jira 4128
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png,
> image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png,
> image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-3451) Audits are not being generated for Hive "Alter table add constraint" commands
[
https://issues.apache.org/jira/browse/RANGER-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17723928#comment-17723928
]
Siddhant Sontakke commented on RANGER-3451:
---
This issue is blocked by HIVE-27326. Once this is fixed, audits for alter
queries will be generated automatically.
> Audits are not being generated for Hive "Alter table add constraint" commands
> -
>
> Key: RANGER-3451
> URL: https://issues.apache.org/jira/browse/RANGER-3451
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhishek
>Assignee: Siddhant Sontakke
>Priority: Major
>
> Audits are not being generated for Hive "Alter table add constraint" commands.
> But audits are being generated for other "Alter table" commands.
> Steps to reproduce :-
> # Create a policy in Hadoop SQL repo for hrt_qa user:-
> database-*, table - *, column - *, and allow all access to hrt_qa user.
> # In beeline, run the following commands
> {code:java}
> Drop table if exists hr;
> Create table hr(c0 int);
> ALTER TABLE hr SET TBLPROPERTIES ('notes'="Please don't drop this table.");
> ALTER TABLE hr ADD CONSTRAINT unique_key_const UNIQUE (c0) DISABLE
> NOVALIDATE;{code}
> In Ranger Admin, audits are generated for the first 3 commands, but audits
> are not generated for the fourth command.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-3476) Audits are not being generated for Hive "Alter table partition compact" and "Alter table partition concatenate" statements
[ https://issues.apache.org/jira/browse/RANGER-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17723927#comment-17723927 ] Siddhant Sontakke commented on RANGER-3476: --- This issue is blocked by HIVE-27326. Once this is fixed, audits for alter queries will be generated automatically. > Audits are not being generated for Hive "Alter table partition compact" and > "Alter table partition concatenate" statements > -- > > Key: RANGER-3476 > URL: https://issues.apache.org/jira/browse/RANGER-3476 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Siddhant Sontakke >Priority: Major > > Audits are not being generated for Hive "Alter table partition compact" and > "Alter table partition concatenate" statements. > Steps to reproduce :- > # Create a policy which allows all access on all databases, tables and > columns for a user. > # Run the following queries > Create table temp(c0 int) partitioned by (c1 int); > Insert into temp values(1,1); > ALTER TABLE temp PARTITION (c1=1) COMPACT 'minor'; > ALTER TABLE temp PARTITION (c1=1) CONCATENATE; > Insert into temp values(1,1); > # If the audits are checked, then the audits are logged only for the create > and insert statements and not for the alter statements -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17720408#comment-17720408
]
Siddhant Sontakke commented on RANGER-4128:
---
[~fateh288] - Could you pls review above comment? If it looks good can we
close the ticket?
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png,
> image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png,
> image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17720406#comment-17720406
]
Siddhant Sontakke commented on RANGER-4128:
---
@Fateh Singh - Could you pls review above comment? If it looks good can we
close the ticket?
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png,
> image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png,
> image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[ https://issues.apache.org/jira/browse/RANGER-4128 ]
Siddhant Sontakke deleted comment on RANGER-4128:
---
was (Author: JIRAUSER299722):
@Fateh Singh - Could you pls review above comment? If it looks good can we
close the ticket?
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Assignee: Siddhant Sontakke
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png,
> image-2023-04-14-19-20-08-056.png, image-2023-04-14-19-21-09-315.png,
> image-2023-04-14-19-22-01-270.png, image-2023-04-14-19-22-28-641.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-3476) Audits are not being generated for Hive "Alter table partition compact" and "Alter table partition concatenate" statements
[ https://issues.apache.org/jira/browse/RANGER-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Siddhant Sontakke reassigned RANGER-3476: - Assignee: Siddhant Sontakke > Audits are not being generated for Hive "Alter table partition compact" and > "Alter table partition concatenate" statements > -- > > Key: RANGER-3476 > URL: https://issues.apache.org/jira/browse/RANGER-3476 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Siddhant Sontakke >Priority: Major > > Audits are not being generated for Hive "Alter table partition compact" and > "Alter table partition concatenate" statements. > Steps to reproduce :- > # Create a policy which allows all access on all databases, tables and > columns for a user. > # Run the following queries > Create table temp(c0 int) partitioned by (c1 int); > Insert into temp values(1,1); > ALTER TABLE temp PARTITION (c1=1) COMPACT 'minor'; > ALTER TABLE temp PARTITION (c1=1) CONCATENATE; > Insert into temp values(1,1); > # If the audits are checked, then the audits are logged only for the create > and insert statements and not for the alter statements -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-3451) Audits are not being generated for Hive "Alter table add constraint" commands
[
https://issues.apache.org/jira/browse/RANGER-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke reassigned RANGER-3451:
-
Assignee: Siddhant Sontakke
> Audits are not being generated for Hive "Alter table add constraint" commands
> -
>
> Key: RANGER-3451
> URL: https://issues.apache.org/jira/browse/RANGER-3451
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhishek
>Assignee: Siddhant Sontakke
>Priority: Major
>
> Audits are not being generated for Hive "Alter table add constraint" commands.
> But audits are being generated for other "Alter table" commands.
> Steps to reproduce :-
> # Create a policy in Hadoop SQL repo for hrt_qa user:-
> database-*, table - *, column - *, and allow all access to hrt_qa user.
> # In beeline, run the following commands
> {code:java}
> Drop table if exists hr;
> Create table hr(c0 int);
> ALTER TABLE hr SET TBLPROPERTIES ('notes'="Please don't drop this table.");
> ALTER TABLE hr ADD CONSTRAINT unique_key_const UNIQUE (c0) DISABLE
> NOVALIDATE;{code}
> In Ranger Admin, audits are generated for the first 3 commands, but audits
> are not generated for the fourth command.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17712259#comment-17712259
]
Siddhant Sontakke edited comment on RANGER-4128 at 4/14/23 1:53 PM:
[~fateh288] I tried to reproduce the issue but it worked fine for me.
Bellow are the steps can you check once and let me know if we need to do some
additional steps to reproduce the issue.
1) Creating a new tag "TESTING"
*Request* -
[API -
http://localhost:6080/service/public/v2/api/service/dev_hive/tags|http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
{*}Request Metho{*}d - PUT
*Request Body* -
{code:java}
{
"op":"add_or_update",
"tagVersion":0,
"tagDefinitions":{
"0":{
"name":"TESTING",
"source":"tabsource",
"attributeDefs":[
],
"id":0,
"isEnabled":true
}
},
"tags":{
"0":{
"type":"TESTING",
"owner":0,
"attributes":{
},
"id":0,
"isEnabled":true
}
},
"serviceResources":[
{
"resourceElements":{
"database":{
"values":[
"testdb"
],
"isExcludes":false,
"isRecursive":false
},
"table":{
"values":[
"test_table"
],
"isExcludes":false,
"isRecursive":false
},
"column":{
"values":[
"tid"
],
"isExcludes":false,
"isRecursive":false
}
},
"id":0,
"isEnabled":true
}
],
"resourceToTagIds":{
"0":[
0
]
}
}{code}
{{{}{}}}!image-2023-04-14-19-20-08-056.png|width=608,height=368!
*Response* - 204 Not Content
2) Checking whether the tag got pushed to ranger
*Request* -
[API - |http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
[http://localhost:6080/service/tags/download/dev_hive]
{*}Request Metho{*}d - GET
!image-2023-04-14-19-21-09-315.png|width=1281,height=264!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard I created tag based policy for TESTING tag.
!image-2023-04-14-19-22-01-270.png|width=610,height=302!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-19-22-28-641.png|width=612,height=301!
Here you can see user siddhant access TESTING tag resources successfully.
[~jai96] [~sneethiraj]
was (Author: JIRAUSER299722):
I did not found any issue with this scenario.
Steps i did :-
1) Put - [http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
context-type : application/json
Service file -
{{{}}
{{ "op":"add_or_update",}}
{{ "tagVersion":0,}}
{{ "tagDefinitions":{}}
{{ "0":{}}
{{ "name":"{*}TESTING{*}",}}
{{ "source":"privacera",}}
{{ "attributeDefs":[}}
{{ ],}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "tags":{}}
{{ "0":{}}
{{ "type":"{*}TESTING{*}",}}
{{ "owner":0,}}
{{ "attributes":{}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "serviceResources":[}}
{{ {}}
{{ "resourceElements":{}}
{{ "database":{}}
{{ "values":[}}
{{ "{*}testdb{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "table":{}}
{{ "values":[}}
{{ "{*}test_table{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "column":{}}
{{ "values":[}}
{{ "{*}tid{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ }}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ ],}}
{{ "resourceToTagIds":{}}
{{ "0":[}}
{{ 0}}
{{ ]}}
{{ }}}
{{}}}
!image-2023-04-14-12-59-13-128.png|width=827,height=506!
Here i got 204 Not Content
2) Get - [http://localhost:6080/service/tags/download/dev_hive]
!image-2023-04-14-13-01-11-416.png|width=851,height=532!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard i created tag based policy for TESTING tag.
!image-2023-04-14-13-22-07-588.png|width=905,height=444!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-13-43-58-983.png|width=711,height=341!
Here you can see user siddhant access TESTING tag resources
[jira] [Commented] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17712259#comment-17712259
]
Siddhant Sontakke commented on RANGER-4128:
---
I did not found any issue with this scenario.
Steps i did :-
1) Put - [http://localhost:6080/service/public/v2/api/service/dev_hive/tags]
context-type : application/json
Service file -
{{{}}
{{ "op":"add_or_update",}}
{{ "tagVersion":0,}}
{{ "tagDefinitions":{}}
{{ "0":{}}
{{ "name":"{*}TESTING{*}",}}
{{ "source":"privacera",}}
{{ "attributeDefs":[}}
{{ ],}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "tags":{}}
{{ "0":{}}
{{ "type":"{*}TESTING{*}",}}
{{ "owner":0,}}
{{ "attributes":{}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ },}}
{{ "serviceResources":[}}
{{ {}}
{{ "resourceElements":{}}
{{ "database":{}}
{{ "values":[}}
{{ "{*}testdb{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "table":{}}
{{ "values":[}}
{{ "{*}test_table{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ },}}
{{ "column":{}}
{{ "values":[}}
{{ "{*}tid{*}"}}
{{ ],}}
{{ "isExcludes":false,}}
{{ "isRecursive":false}}
{{ }}}
{{ },}}
{{ "id":0,}}
{{ "isEnabled":true}}
{{ }}}
{{ ],}}
{{ "resourceToTagIds":{}}
{{ "0":[}}
{{ 0}}
{{ ]}}
{{ }}}
{{}}}
!image-2023-04-14-12-59-13-128.png|width=827,height=506!
Here i got 204 Not Content
2) Get - [http://localhost:6080/service/tags/download/dev_hive]
!image-2023-04-14-13-01-11-416.png|width=851,height=532!
Here you can see my tag is properly set for hive resources.
3) Now in ranger dashboard i created tag based policy for TESTING tag.
!image-2023-04-14-13-22-07-588.png|width=905,height=444!
Here i used TESTING tag successfully while creating new policy.
4) Audit Screenshoot : -
!image-2023-04-14-13-43-58-983.png|width=711,height=341!
Here you can see user siddhant access TESTING tag resources successfully.
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
>
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-13-43-58-983.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: Screenshot 2023-04-14 at 1.41.48 PM.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png, Screenshot
> 2023-04-14 at 1.41.48 PM.png, image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png,
> image-2023-04-14-13-22-07-588.png, image-2023-04-14-13-43-58-983.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-13-22-07-588.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png,
> image-2023-04-14-12-36-34-803.png, image-2023-04-14-12-36-53-668.png,
> image-2023-04-14-12-40-36-377.png, image-2023-04-14-12-59-13-128.png,
> image-2023-04-14-13-01-11-416.png, image-2023-04-14-13-22-07-588.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: Screenshot 2023-04-14 at 1.20.51 PM.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: Screenshot 2023-04-14 at 1.20.51 PM.png,
> image-2023-04-14-12-36-34-803.png, image-2023-04-14-12-36-53-668.png,
> image-2023-04-14-12-40-36-377.png, image-2023-04-14-12-59-13-128.png,
> image-2023-04-14-13-01-11-416.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-13-01-11-416.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png, image-2023-04-14-13-01-11-416.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-12-59-13-128.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png,
> image-2023-04-14-12-59-13-128.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-12-40-36-377.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png, image-2023-04-14-12-40-36-377.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-12-36-53-668.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4128) serviceName, if not specified in the resource, should be taken from the ServiceTags.serviceName
[
https://issues.apache.org/jira/browse/RANGER-4128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siddhant Sontakke updated RANGER-4128:
--
Attachment: image-2023-04-14-12-36-34-803.png
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> ---
>
> Key: RANGER-4128
> URL: https://issues.apache.org/jira/browse/RANGER-4128
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Fateh Singh
>Priority: Major
> Attachments: image-2023-04-14-12-36-34-803.png,
> image-2023-04-14-12-36-53-668.png
>
>
> Current scenario-
> REST endpoint: "tags/importservicetags"
> Client: ranger python client (ranger_client.import_service_tags)
> Scenario: Above endpoint called multiple times with different tags but same
> set of resources gives the below error:
> {code:java}
> PUT service/public/v2/api/service/dev_hive/tags failed: expected_status=204,
> status=400, message=b'Exception [EclipseLink-4002] (Eclipse Persistence
> Services - 2.7.12.v20230209-e5c4074ef3):
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception:
> org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique
> constraint "x_service_resource_idx_svc_id_resource_signature"\n Detail: Key
> (service_id, resource_signature)=(4,
> 688974a2b40b6536631f952c66b065ad31c8c1588bfa658953a6218ef503d38e) already
> exists.\nError Code: 0\nCall: INSERT INTO x_service_resource (id,
> ADDED_BY_ID, CREATE_TIME, guid, is_enabled, resource_signature, service_id,
> service_resource_elements_text, tags_text, UPDATE_TIME, UPD_BY_ID, version)
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [12 parameters bound]'
> {code}
> How a serviceResource in the request look like to reproduce above
> scenario/error:
> {code:java}
> {
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Found bug and workaround:
> serviceName, if not specified in the resource, should be taken from the
> ServiceTags.serviceName
> How a serviceResource should look like to fix above bug:
> {code:java}
> {
> "serviceName":"dev_hive",
> "resourceElements": {
> "database": {
> ...
> },
> "column": {
> ...
> },
> "table": {
> ...
> }
> },
> "resourceSignature":
> "40c20f3a1909b0958b61451499e9a58e9ece1661f82072388f39f9685996c0dc",
> "id": 1,
> "isEnabled": true,
> "version": 2
> } {code}
> Here, dev_hive is the serviceName for which service tags are being imported
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
