Re: Review Request 74974: RANGER-4789: Admin audits for security-zone are blank for new and old value, when compression is enabled

[Subhrat Chaudhary via Review Board]

> On May 6, 2024, 10:54 p.m., Madhan Neethiraj wrote:
> > > For the change only in security-zone resource name (resource count of the 
> > > zone is same), admin audit is not generated.
> > Subhrat - instead of skipping admin audit in this scenario, I suggest audit 
> > to indicate that resources have been updated in services - with text like 
> > '{ "dev_hdfs": "resources updated", "dev_hbase": "resources updated" }
> > 
> > if (oldValue == null || oldValue.equalsIgnoreCase(value)) { // existing 
> > line #357
> >   Map resourceUpdateSummary = 
> > getResourceUpdateSummary(securityZoneDB.getServices(), 
> > vSecurityZone.getServices());
> > 
> >   if (MapUtils.isNotEmpty(resourceUpdateSummary)) {
> > oldValue = "";
> > value= new Gson().toJson(resourceUpdateSummary, Map.class);
> >   } else {
> > continue;
> >   }
> > } else {
> >   continue; // existing line #358
> > } // existing line #359

Json of Map does not work, since UI is expecting json of 
Map>.
Please review the changes. One drawback with approach is - if there are mutiple 
services in the zone and resource name for only one service is updated, audit 
for all the service will be updated as -- service_name : resources updated. 
Please refer the image attached.

Proper solution for this would be to implement 
getResourceUpdateSummary(securityZoneDB.getServices(), 
vSecurityZone.getServices()), iterating thorugh each service, comparing 
resource json with older version, updating for the ones for which resource have 
changed and return json of Map>.
I tried working on this approach, but changes were getting too complex and 
extensive for this case. Please suggest.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74974/#review226415
---


On May 9, 2024, 10:09 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74974/
> ---
> 
> (Updated May 9, 2024, 10:09 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, 
> Monika Kachhadiya, and Siddhesh Phatak.
> 
> 
> Bugs: RANGER-4789
> https://issues.apache.org/jira/browse/RANGER-4789
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In security-zone when resource name is updated, admin audit is generated for 
> same, with details about old and new value.
> 
> When the json data compression is enabled in the security-zone with the 
> property:
> 
> ranger.admin.store.security.zone.compress.json_data
> 
> the old and new value in the generated admin audit is blank, when only the 
> resource name is changed. The reason for this is, if compression is enabled, 
> only the resource count is added in the new and old values. Hence if the 
> resource count does not change, change details in the admin audit is blank.
> 
> In the code flow to update security-zone, when no change is noticed in the 
> new and old values, a dummy admin audit is being added with null for old and 
> new values. In this fix, removing the that code block.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
>  a4b7616e1 
> 
> 
> Diff: https://reviews.apache.org/r/74974/diff/2/
> 
> 
> Testing
> ---
> 
> Validations done:
> 1. For the change only in security-zone resource name (resource count of the 
> zone is same), admin audit is not generated.
> 2. For above case x_service_version_info.policy_version is incremented (same 
> as existing behavior).
> 3. If a resource is added or removed from the security-zone, admin audit is 
> generated for same.
> 4. All the existing Junits are passing
> 
> 
> File Attachments
> 
> 
> audit.png
>   
> https://reviews.apache.org/media/uploaded/files/2024/05/09/e0b4debc-b20e-41a2-a635-1bf766d87efd__audit.png
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74974: RANGER-4789: Admin audits for security-zone are blank for new and old value, when compression is enabled

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74974/
---

(Updated May 9, 2024, 10:09 p.m.)


Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, 
Monika Kachhadiya, and Siddhesh Phatak.


Bugs: RANGER-4789
https://issues.apache.org/jira/browse/RANGER-4789


Repository: ranger


Description
---

In security-zone when resource name is updated, admin audit is generated for 
same, with details about old and new value.

When the json data compression is enabled in the security-zone with the 
property:

ranger.admin.store.security.zone.compress.json_data

the old and new value in the generated admin audit is blank, when only the 
resource name is changed. The reason for this is, if compression is enabled, 
only the resource count is added in the new and old values. Hence if the 
resource count does not change, change details in the admin audit is blank.

In the code flow to update security-zone, when no change is noticed in the new 
and old values, a dummy admin audit is being added with null for old and new 
values. In this fix, removing the that code block.


Diffs (updated)
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
 a4b7616e1 


Diff: https://reviews.apache.org/r/74974/diff/2/

Changes: https://reviews.apache.org/r/74974/diff/1-2/


Testing
---

Validations done:
1. For the change only in security-zone resource name (resource count of the 
zone is same), admin audit is not generated.
2. For above case x_service_version_info.policy_version is incremented (same as 
existing behavior).
3. If a resource is added or removed from the security-zone, admin audit is 
generated for same.
4. All the existing Junits are passing


File Attachments (updated)


audit.png
  
https://reviews.apache.org/media/uploaded/files/2024/05/09/e0b4debc-b20e-41a2-a635-1bf766d87efd__audit.png


Thanks,

Subhrat Chaudhary

Re: Review Request 74976: RANGER-4782: Implement best coding practices for validating service configs

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74976/#review226422
---




security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
Lines 195 (patched)


service.getConfigs() can throw NPE



security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
Lines 198 (patched)


if condition can be improved:

if ((url != null) && (url.getHost().equalsIgnoreCase("localhost") || 
url.getHost().equals("127.0.0.1")))



security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
Lines 237 (patched)


getValidURL can be private since it is not getting called outside the class.


- Subhrat Chaudhary


On May 8, 2024, 11:15 a.m., Rakesh Gupta wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74976/
> ---
> 
> (Updated May 8, 2024, 11:15 a.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Mehul 
> Parikh, Pradeep Agrawal, and sanket shelar.
> 
> 
> Bugs: RANGER-4782
> https://issues.apache.org/jira/browse/RANGER-4782
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Implement best coding practices for validating service configs
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 
> b9d51602e 
>   
> security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx
>  668de52e7 
> 
> 
> Diff: https://reviews.apache.org/r/74976/diff/1/
> 
> 
> Testing
> ---
> 
> Validated Service Connection failed, when using 'localhost' or '127.0.0.1' as 
> the hostname in the service configuration.
> 
> Tested If a service configuration contains a null value, it won't be added to 
> the service.
> 
> 
> Thanks,
> 
> Rakesh Gupta
> 
>

Review Request 74975: RANGER-4784: default tag-based policy is not created for the tag-service added to security zone

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74975/
---

Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, 
Monika Kachhadiya, and Siddhesh Phatak.


Bugs: RANGER-4784
https://issues.apache.org/jira/browse/RANGER-4784


Repository: ranger


Description
---

When a service is added to a security zone, deafult resource policies are 
created for the service in the zone. For tag service, default policy is not 
getting created in the security zone.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
 a6cb2ae74 


Diff: https://reviews.apache.org/r/74975/diff/1/


Testing
---

Validations done:
1. All the junits are pssing.
2. For the tag service added in the secruity zone, default tag policy 
EXPIRES_ON, is getting created.


Thanks,

Subhrat Chaudhary

Review Request 74974: RANGER-4789: Admin audits for security-zone are blank for new and old value, when compression is enabled

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74974/
---

Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, 
Monika Kachhadiya, and Siddhesh Phatak.


Bugs: RANGER-4789
https://issues.apache.org/jira/browse/RANGER-4789


Repository: ranger


Description
---

In security-zone when resource name is updated, admin audit is generated for 
same, with details about old and new value.

When the json data compression is enabled in the security-zone with the 
property:

ranger.admin.store.security.zone.compress.json_data

the old and new value in the generated admin audit is blank, when only the 
resource name is changed. The reason for this is, if compression is enabled, 
only the resource count is added in the new and old values. Hence if the 
resource count does not change, change details in the admin audit is blank.

In the code flow to update security-zone, when no change is noticed in the new 
and old values, a dummy admin audit is being added with null for old and new 
values. In this fix, removing the that code block.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
5534c8056 
  
security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
 a6cb2ae74 


Diff: https://reviews.apache.org/r/74974/diff/1/


Testing
---

Validations done:
1. For the change only in security-zone resource name (resource count of the 
zone is same), admin audit is not generated.
2. For above case x_service_version_info.policy_version is incremented (same as 
existing behavior).
3. If a resource is added or removed from the security-zone, admin audit is 
generated for same.
4. All the existing Junits are passing


Thanks,

Subhrat Chaudhary

Re: Review Request 74950: RANGER-4764: Update the policyName of associated policies when dataset/project name is modified

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74950/#review226370
---


Ship it!




Ship It!

- Subhrat Chaudhary


On April 3, 2024, 1:24 p.m., Anand Nadar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74950/
> ---
> 
> (Updated April 3, 2024, 1:24 p.m.)
> 
> 
> Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika 
> Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4764
> https://issues.apache.org/jira/browse/RANGER-4764
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a dataset/project name is modified, then the policyName of all it's 
> associated policies should be modified.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> a1a2f9920 
> 
> 
> Diff: https://reviews.apache.org/r/74950/diff/2/
> 
> 
> Testing
> ---
> 
> Validated policy name change of associated policies when dataset/project name 
> is modified.
> 
> 
> Thanks,
> 
> Anand Nadar
> 
>

Re: Review Request 74949: RANGER-4763: Send user-friendly message if Test connection is not implemented for a service definition

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74949/#review226367
---


Ship it!




Ship It!

- Subhrat Chaudhary


On April 3, 2024, 10:10 a.m., Anand Nadar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74949/
> ---
> 
> (Updated April 3, 2024, 10:10 a.m.)
> 
> 
> Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika 
> Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4763
> https://issues.apache.org/jira/browse/RANGER-4763
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Send user-friendly message if Test connection is not implemented for a 
> service definition
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerDefaultService.java
>  c89b55757 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 
> 7e071ba0e 
>   security-admin/src/main/java/org/apache/ranger/common/TimedExecutor.java 
> d6fc01176 
> 
> 
> Diff: https://reviews.apache.org/r/74949/diff/2/
> 
> 
> Testing
> ---
> 
> Validated "Test Connection" when the service definition does not have 
> implClass, it gives the below response in this case.
> {
> "statusCode": 1,
> "msgDesc": "Configuration validation is not implemented for hbase",
> "messageList": [
> {
> "message": "Configuration validation is not implemented for hbase"
> }
> ]
> }
> 
> 
> Thanks,
> 
> Anand Nadar
> 
>

Re: Review Request 74950: RANGER-4764: Update the policyName of associated policies when dataset/project name is modified

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74950/#review226366
---




security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
Lines 183 (patched)


We should update policy when dataset name has changed. Please review.


- Subhrat Chaudhary


On April 2, 2024, 6:21 p.m., Anand Nadar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74950/
> ---
> 
> (Updated April 2, 2024, 6:21 p.m.)
> 
> 
> Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika 
> Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4764
> https://issues.apache.org/jira/browse/RANGER-4764
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a dataset/project name is modified, then the policyName of all it's 
> associated policies should be modified.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> a1a2f9920 
> 
> 
> Diff: https://reviews.apache.org/r/74950/diff/1/
> 
> 
> Testing
> ---
> 
> Validated policy name change of associated policies when dataset/project name 
> is modified.
> 
> 
> Thanks,
> 
> Anand Nadar
> 
>

Review Request 74927: RANGER-4727: When tagDef delete fails, error message is not returned

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74927/
---

Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, 
Monika Kachhadiya, and Siddhesh Phatak.


Bugs: RANGER-4727
https://issues.apache.org/jira/browse/RANGER-4727


Repository: ranger


Description
---

When tagDef and a linked tag is created, and delete of the tagDef is attempted 
with DELETE API - /service/tags/tagdef/{tagDefId}, it fails with 400 and no 
error message is returned.
This is fixed by adding a check and throw excpetion with proper message - if 
the linked tag exists.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java fb912d4f8 
  security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java 
ed3ed5eca 


Diff: https://reviews.apache.org/r/74927/diff/1/


Testing
---

Validated the the API with curl for the tagDef - PII_LOCATION (linked tag is 
exists), the error response contains message:
{"statusCode":0,"msgDesc":"Cannot delete tag: PII_LOCATION, please delete 
linked resources first"}

Validated existing JUnits are passing


Thanks,

Subhrat Chaudhary

Review Request 74850: RANGER-4669: checking users nested in roles and groups to get datasets shared with users

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74850/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: RANGER-4669
https://issues.apache.org/jira/browse/RANGER-4669


Repository: ranger


Description
---

When dataset is shared with a user nested in a role i.e. user < group < role, 
and the user calls get dataset API with sharedWithMe=true, the dataset is not 
returned in response. To fix this, we are getting the roles associated with the 
groups associated with the calling user and updating the list of roles 
associated with a user, before the list of role is checked with roles in the 
policy item.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 69b43f2dc 
  security-admin/src/main/java/org/apache/ranger/biz/GdsPolicyAdminCache.java 
97d4b2579 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java
 30d231797 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java
 2c8721e1e 


Diff: https://reviews.apache.org/r/74850/diff/1/


Testing
---

Validated following cases for get dataset API - /gds/dataset?sharedWithMe=true:
1. Dataset shared with group (associated with calling user) is returned in 
response.
2. Dataset shared with role (associated with calling group in case 1) is 
returned in response.
3. Dataset shared with public group (not directly shared with user/group/role 
of the calling user) is returned in response.

Validated all junits are passing.


Thanks,

Subhrat Chaudhary

Review Request 74846: RANGER-4664: SQL Exception is thrown, if resource is null in POST sharedResource API

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74846/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: RANGER-4664
https://issues.apache.org/jira/browse/RANGER-4664


Repository: ranger


Description
---

If the resource value is null in the POST or PUT /gds/resource APIs request 
body, SQL expcetion is thrown to the client about resource being null. We need 
to add validation check for resource being null and throw HTTP Status 400 in 
these cases.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 dccd8f4f5 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 6efe9f420 


Diff: https://reviews.apache.org/r/74846/diff/1/


Testing
---

Validated POST and PUT /gds/resource APIs with resource as null in the request. 
In these case 400 is being thrown and following message is returned:
{
"statusCode": 1,
"msgDesc": "[ Validation failure: error code[4132], reason[Resource value 
in SharedResource [SHR1] is null], field[resource], subfield[null], type[]]",
"messageList": [
{
"name": "INVALID_INPUT_DATA",
"rbKey": "xa.validation.invalid_input_data",
"message": "Invalid input data"
}
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74839: RANGER-4658: updated GDS policy evaluation to fix handling of _any access

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74839/#review226142
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Jan. 17, 2024, 8:11 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74839/
> ---
> 
> (Updated Jan. 17, 2024, 8:11 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Asit Vadhavkar, Abhay 
> Kulkarni, Monika Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh Mani, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4658
> https://issues.apache.org/jira/browse/RANGER-4658
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated GDS policy evaluation to handle _any access-type, similar to 
> resource/tag-based policy evaluation
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
>  dd1184a0b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsSharedResourceEvaluator.java
>  2e073bb1c 
>   
> agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
>  71ecd225a 
> 
> 
> Diff: https://reviews.apache.org/r/74839/diff/1/
> 
> 
> Testing
> ---
> 
> - updated unit tests to cover _any access-type
> - verified that all existing test cases succesfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74744: RANGER-4535: GET dataset API should return public:LIST in ACL if available

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74744/
---

(Updated Nov. 29, 2023, 3:51 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Changes
---

Addressed review comment.


Bugs: RANGER-4535
https://issues.apache.org/jira/browse/RANGER-4535


Repository: ranger


Description
---

When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed 
in query-param, available ACLs are not returned in the dataset.

It will be helpful to know, if the current dataset is accessible to public 
group, in case gdsPermission=LIST is passed in query-param (which can be 
eventually used by the depending applications). We can add the the ACL, in the 
returned dataset (if available):

"groups": { "public": "LIST" }


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68 


Diff: https://reviews.apache.org/r/74744/diff/3/

Changes: https://reviews.apache.org/r/74744/diff/2-3/


Testing (updated)
---

Following cases are validated (tested with GET /gds/dataset API):
1. All the datasets where public : LIST access is given, are returned in 
response (with gdsPermission=LIST passed in query-param).
2. When the API is called by ranger admin user, all the datasets are returned 
and only permission for public group is returned in the ACL (no other 
permissions are added in the ACL, even if the user has them in the dataset).


Thanks,

Subhrat Chaudhary

Re: Review Request 74744: RANGER-4535: GET dataset API should return public:LIST in ACL if available

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74744/
---

(Updated Nov. 20, 2023, 10:06 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: RANGER-4535
https://issues.apache.org/jira/browse/RANGER-4535


Repository: ranger


Description
---

When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed 
in query-param, available ACLs are not returned in the dataset.

It will be helpful to know, if the current dataset is accessible to public 
group, in case gdsPermission=LIST is passed in query-param (which can be 
eventually used by the depending applications). We can add the the ACL, in the 
returned dataset (if available):

"groups": { "public": "LIST" }


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 6c55fd029 


Diff: https://reviews.apache.org/r/74744/diff/2/


Testing (updated)
---

Following cases are validated (with gdsPermission=LIST passed in query-param) 
(tested with GET /gds/dataset API):
1. Even if the calling user has higher than LIST access, same is not retruned 
in ACL.
2. All the datasets where public : LIST access is given, are returned in 
response.
3. When the API is called by ranger admin user, all the datasets are returned 
and only permission for public group is returned in the ACL (no other 
permissions are added in the ACL, even if the user has them in the dataset).


Thanks,

Subhrat Chaudhary

Re: Review Request 74744: RANGER-4535: GET dataset API should return public:LIST in ACL if available

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74744/
---

(Updated Nov. 20, 2023, 10:05 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Changes
---

Addressed review comments.


Bugs: RANGER-4535
https://issues.apache.org/jira/browse/RANGER-4535


Repository: ranger


Description
---

When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed 
in query-param, available ACLs are not returned in the dataset.

It will be helpful to know, if the current dataset is accessible to public 
group, in case gdsPermission=LIST is passed in query-param (which can be 
eventually used by the depending applications). We can add the the ACL, in the 
returned dataset (if available):

"groups": { "public": "LIST" }


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 6c55fd029 


Diff: https://reviews.apache.org/r/74744/diff/2/

Changes: https://reviews.apache.org/r/74744/diff/1-2/


Testing
---

Following cases are validated (with gdsPermission=LIST passed in query-param) 
(tested with GET /gds/dataset API):
1. Even if the calling user has higher than LIST access, same is not retruned 
in ACL.
2. All the datasets where public : LIST access is given, are returned in 
response.
3. When the API is called by ranger admin user, all the datasets are returned 
and only public : LIST permission is available in the ACL (no other permissions 
are added in the ACL, even if the user has them in the dataset).


Thanks,

Subhrat Chaudhary

Review Request 74744: RANGER-4535: GET dataset API should return public:LIST in ACL if available

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74744/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: RANGER-4535
https://issues.apache.org/jira/browse/RANGER-4535


Repository: ranger


Description
---

When the GET dataset /gds/dataset API is called, gdsPermission=LIST is passed 
in query-param, available ACLs are not returned in the dataset.

It will be helpful to know, if the current dataset is accessible to public 
group, in case gdsPermission=LIST is passed in query-param (which can be 
eventually used by the depending applications). We can add the the ACL, in the 
returned dataset (if available):

"groups": { "public": "LIST" }


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 6c55fd029 


Diff: https://reviews.apache.org/r/74744/diff/1/


Testing
---

Following cases are validated (with gdsPermission=LIST passed in query-param) 
(tested with GET /gds/dataset API):
1. Even if the calling user has higher than LIST access, same is not retruned 
in ACL.
2. All the datasets where public : LIST access is given, are returned in 
response.
3. When the API is called by ranger admin user, all the datasets are returned 
and only public : LIST permission is available in the ACL (no other permissions 
are added in the ACL, even if the user has them in the dataset).


Thanks,

Subhrat Chaudhary

Review Request 74725: RANGER-4517: Sort param sortType is not considered if sortBy is not passed

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74725/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: RANGER-4517
https://issues.apache.org/jira/browse/RANGER-4517


Repository: ranger


Description
---

The sort param sortType is not considered if sortBy is not passed in the 
query-param. Please consider following case:
The GET API /service/gds/dataset has default sortType=asc and sortBy=datasetId. 
If only sortType=desc is passed in query-param, sorting is done in asc order 
and same is updated in response sortType=asc.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
f00ea05ca 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
ecb48e251 


Diff: https://reviews.apache.org/r/74725/diff/1/


Testing
---

Validate sortBy and sortType params are working as expected. Use cases 
validated:
1. sortBy=datasetName, sortType=asc
2. sortBy=datasetName, sortType=not passed (asc considered)
3. sortBy=datasetName, sortType=desc
4. sortBy=datasetId, sortType=asc
5. sortBy=datasetId, sortType=not passed (asc considered)
6. sortBy=datasetId, sortType=desc
7. sortBy=createTime, sortType=asc
8. sortBy=createTime, sortType=desc
9. sortBy=createTime, sortType=not passed (asc considered)


Thanks,

Subhrat Chaudhary

Review Request 74715: RANGER-4432: Add a new new API for service lookup

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74715/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: https://issues.apache.org/jira/browse/RANGER-4432

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4432


Repository: ranger


Description
---

We need a new API for service lookup, with additional support for zoneId and 
zoneName. This will be used in GDS >> DataShare Listing >> Create DataShare >> 
Basic Details (Step 1) >> Select Zone >> Get all services related to the 
security zone. Pagination support is also needed.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
00a3d9c47 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
77ea510a7 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 f21d445c4 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
 fa23b96d7 


Diff: https://reviews.apache.org/r/74715/diff/1/


Testing
---

Validations done:
GET API /service/plugins/services/lookup
1. No query params: Validated all the available services are available in 
response.
2. Validated query params: zoneId, zoneName, pageSize, startIndex.


Thanks,

Subhrat Chaudhary

Re: Review Request 74705: RANGER-4486: zone-v2 PUT API Partial update #2

[Subhrat Chaudhary via Review Board]

> On Oct. 31, 2023, 4:01 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
> > Lines 147 (patched)
> > 
> >
> > Is a HashSet<>() needed here? Why not 
> > zone.getTagServices().containsAll(changeData.getTagServicesToRemove())?

Added to improve performance, but in case of small list should not make 
difference. Updated.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74705/#review225906
---


On Oct. 31, 2023, 9:19 a.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74705/
> ---
> 
> (Updated Oct. 31, 2023, 9:19 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Prashant Satam.
> 
> 
> Bugs: RANGER-4486
> https://issues.apache.org/jira/browse/RANGER-4486
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Following issues are noticed in the zone-v2 PUT API - 
> /service/public/v2/api/zones-v2/{zone-id}/partial:
> 1. If adminsToRemove or auditorsToRemove have some principal that doesn't 
> exist, response is true (updated to throw exception in this case).
> 2. If tagServicesToRemove have some tag service name that doesn't exist, 
> response is true (updated to throw exception in this case).
> 3. If resourcesToRemove have some resource that doesn't exist, response is 
> true (updated to throw exception in this case).
> 4. If the resource, is updated, the audit data i.e. createdBy and createTime 
> is overwritten,
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
>  fbdacd4a6 
>   security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
> f45cdd396 
> 
> 
> Diff: https://reviews.apache.org/r/74705/diff/2/
> 
> 
> Testing
> ---
> 
> Validations done:
> 1.Tried to remove resources (one valid and one invalid) from a zone using 
> partial PUT API - error thrown.
> 2.Tried to remove tag services (one valid and one invalid) from a zone using 
> partial PUT API - error thrown.
> 3.Tried to remove user (one valid and one invalid) from a zone using partial 
> PUT API - error thrown.
> 4.Updated resource using zone-v2 PUT API - createdBy/createTime available in 
> updated resource in the zone.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74705: RANGER-4486: zone-v2 PUT API Partial update #2

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74705/
---

(Updated Oct. 31, 2023, 9:19 a.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Changes
---

Addressed review comments


Bugs: RANGER-4486
https://issues.apache.org/jira/browse/RANGER-4486


Repository: ranger


Description
---

Following issues are noticed in the zone-v2 PUT API - 
/service/public/v2/api/zones-v2/{zone-id}/partial:
1. If adminsToRemove or auditorsToRemove have some principal that doesn't 
exist, response is true (updated to throw exception in this case).
2. If tagServicesToRemove have some tag service name that doesn't exist, 
response is true (updated to throw exception in this case).
3. If resourcesToRemove have some resource that doesn't exist, response is true 
(updated to throw exception in this case).
4. If the resource, is updated, the audit data i.e. createdBy and createTime is 
overwritten,


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 fbdacd4a6 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
f45cdd396 


Diff: https://reviews.apache.org/r/74705/diff/2/

Changes: https://reviews.apache.org/r/74705/diff/1-2/


Testing
---

Validations done:
1.Tried to remove resources (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
2.Tried to remove tag services (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
3.Tried to remove user (one valid and one invalid) from a zone using partial 
PUT API - error thrown.
4.Updated resource using zone-v2 PUT API - createdBy/createTime available in 
updated resource in the zone.


Thanks,

Subhrat Chaudhary

Re: Review Request 74705: RANGER-4486: zone-v2 PUT API Partial update #2

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74705/
---

(Updated Oct. 30, 2023, 10:35 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: RANGER-4486
https://issues.apache.org/jira/browse/RANGER-4486


Repository: ranger


Description
---

Following issues are noticed in the zone-v2 PUT API - 
/service/public/v2/api/zones-v2/{zone-id}/partial:
1. If adminsToRemove or auditorsToRemove have some principal that doesn't 
exist, response is true (updated to throw exception in this case).
2. If tagServicesToRemove have some tag service name that doesn't exist, 
response is true (updated to throw exception in this case).
3. If resourcesToRemove have some resource that doesn't exist, response is true 
(updated to throw exception in this case).
4. If the resource, is updated, the audit data i.e. createdBy and createTime is 
overwritten,


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 fbdacd4a6 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
f45cdd396 


Diff: https://reviews.apache.org/r/74705/diff/1/


Testing
---

Validations done:
1.Tried to remove resources (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
2.Tried to remove tag services (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
3.Tried to remove user (one valid and one invalid) from a zone using partial 
PUT API - error thrown.
4.Updated resource using zone-v2 PUT API - createdBy/createTime available in 
updated resource in the zone.


Thanks,

Subhrat Chaudhary

Review Request 74705: RANGER-4486: zone-v2 PUT API Partial update #2

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74705/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: RANGER-4486
https://issues.apache.org/jira/browse/RANGER-4486


Repository: ranger


Description
---

Following issues are noticed in the zone-v2 PUT API - 
/service/public/v2/api/zones-v2/{zone-id}/partial:
1. If adminsToRemove or auditorsToRemove have some principal that doesn't 
exist, response is true (updated to throw exception in this case).
2. If tagServicesToRemove have some tag service name that doesn't exist, 
response is true (updated to throw exception in this case).
3. If resourcesToRemove have some resource that doesn't exist, response is true 
(updated to throw exception in this case).
4. If the resource, is updated, the audit data i.e. createdBy and createTime is 
overwritten,


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 fbdacd4a6 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
f45cdd396 


Diff: https://reviews.apache.org/r/74705/diff/1/


Testing
---

Validations done:
1.Tried to remove resources (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
2.Tried to remove tag services (one valid and one invalid) from a zone using 
partial PUT API - error thrown.
3.Tried to remove user (one valid and one invalid) from a zone using partial 
PUT API - error thrown.
4.Updated resource using zone-v2 PUT API - createdBy/createTime available in 
updated resource in the zone.


Thanks,

Subhrat Chaudhary

Re: Review Request 74698: RANGER-4035: DB schema update to persist XXAccessTypeDef.category

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74698/#review225901
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 26, 2023, 11:39 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74698/
> ---
> 
> (Updated Oct. 26, 2023, 11:39 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Abhay Kulkarni, Monika 
> Kachhadiya, Prashant Satam, Ramesh Mani, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4035
> https://issues.apache.org/jira/browse/RANGER-4035
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - added column x_access_type_def.category 
> - updated DB save/load modules to persist XXAccessTypeDef.category in the new 
> column
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
>  dc786a457 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 17092d486 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 7371cd6d0 
>   security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 
> 200a51d33 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
>  86928193a 
> 
> 
> Diff: https://reviews.apache.org/r/74698/diff/2/
> 
> 
> Testing
> ---
> 
> - verified that catagory specified in XXAccessTypeDef.category is persisted 
> in the database
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74699: RANGER-4497: updated service-defs to assign category to access-type-defs

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74699/#review225900
---




agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json
Lines 182 (patched)


should the category be UPDATE or MANAGE here? Same for Alter in 
ranger-servicedef-kudu.json and ranger-servicedef-presto.json.



agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json
Lines 126 (patched)


Should the category be CREATE here?



agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json
Line 51 (original), 51 (patched)


We do not have category WRITE, should this be UPDATE here?



agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json
Lines 55 (patched)


Should category be READ here, since this access type will not allow to 
anything?


- Subhrat Chaudhary


On Oct. 26, 2023, 2:19 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74699/
> ---
> 
> (Updated Oct. 26, 2023, 2:19 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Abhay Kulkarni, Mehul 
> Parikh, Monika Kachhadiya, Mugdha Varadkar, Prashant Satam, Ramesh Mani, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4497
> https://issues.apache.org/jira/browse/RANGER-4497
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - updated all service-defs to assign category to access-types
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-abfs.json 
> 879df6b9f 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
> 960f10123 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-elasticsearch.json
>  da621c748 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json 
> f94e73a5e 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json 
> bc021a0dd 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
> ab8ca5c92 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
> a131ed08b 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json 
> abd28f034 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json 
> ee44687b4 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json 
> 51fd9f8a2 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> 70566dfd6 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-nestedstructure.json
>  dc6b1d32d 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-nifi-registry.json
>  3db268bb8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-nifi.json 
> 30680083f 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 
> 13915130c 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-presto.json 
> b16b02a7b 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-schema-registry.json
>  bdebf406d 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json 
> 50545f744 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> 544276e9a 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json 
> 4db4a7431 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json 
> 88a57e1f0 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json 
> fd30c51d8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json 
> b102641ee 
> 
> 
> Diff: https://reviews.apache.org/r/74699/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that assigned categories are persisted in the database
> - verified that implied-grants of markerAccessTypes are populated with 
> access-types having respective category
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74690: RANGER-4266: gds info retrieval by plugins

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74690/#review225894
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 23, 2023, 8:36 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74690/
> ---
> 
> (Updated Oct. 23, 2023, 8:36 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Abhay Kulkarni, Monika Kachhadiya, 
> Prashant Satam, Ramesh Mani, Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4266
> https://issues.apache.org/jira/browse/RANGER-4266
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - REST API for plugins to download GDS info, similar to policies, tags, 
> userstore
> - Ranger updates to increment gdsVersion in services 
> - updated plugins library to implicitly add GDS enricher
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
>  a65c18708 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
>  22a8121ca 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
>  9cd0fd263 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
>  df6307eb2 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminGdsInfoRetriever.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsInfoRetriever.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyDelta.java
>  6eae590c4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  2f4af9763 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
>  1c08e36ec 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java 
> 794c265a3 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/JsonUtilsV2.java 
> 9a8546b79 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
>  b265e8575 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
> 489476b28 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGdsInfo.java 
> PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
>  225f8526b 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 19ecc1fc8 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> ea98736a1 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 10986823d 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 055c31364 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java 
> f0e64d711 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java 
> ee2d4b67b 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java 
> 4f214ff8d 
>   security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java 
> e28b607c9 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java 
> c0f9d5c4e 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
>  04f030b35 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 4c0a106ad 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsBaseModelService.java
>  e7c54385f 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
>  569509d66 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
>  6a93e44dc 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
>  d62040175 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
>  75833ea7b 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
>  4ccb063fe 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  4bdb09f4d 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
>  9bf7868d0 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java
>  cd8fcc696 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 547913488 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
> 807791f28 
>   

Re: Review Request 74690: RANGER-4266: gds info retrieval by plugins

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74690/#review225885
---




agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
Lines 353 (patched)


There is an extra semicolon(;) here.



agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGdsInfo.java
Lines 218 (patched)


Do we need SharedResourceInfo here?


- Subhrat Chaudhary


On Oct. 21, 2023, 2:16 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74690/
> ---
> 
> (Updated Oct. 21, 2023, 2:16 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Abhay Kulkarni, Monika Kachhadiya, 
> Prashant Satam, Ramesh Mani, Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4266
> https://issues.apache.org/jira/browse/RANGER-4266
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - REST API for plugins to download GDS info, similar to policies, tags, 
> userstore
> - Ranger updates to increment gdsVersion in services 
> - updated plugins library to implicitly add GDS enricher
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java
>  a65c18708 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java
>  22a8121ca 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
>  9cd0fd263 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
>  df6307eb2 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminGdsInfoRetriever.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsInfoRetriever.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyDelta.java
>  6eae590c4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  2f4af9763 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/JsonUtilsV2.java 
> 9a8546b79 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java
>  b265e8575 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
> 489476b28 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGdsInfo.java 
> PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java
>  225f8526b 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 19ecc1fc8 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> ea98736a1 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 10986823d 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 055c31364 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java 
> f0e64d711 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java 
> ee2d4b67b 
>   security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java 
> 4f214ff8d 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java 
> c0f9d5c4e 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
>  04f030b35 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 4c0a106ad 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsBaseModelService.java
>  e7c54385f 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
>  569509d66 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
>  6a93e44dc 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
>  d62040175 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
>  75833ea7b 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
>  4ccb063fe 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  4bdb09f4d 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
>  9bf7868d0 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 547913488 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
> 807791f28 
>   

Re: Review Request 74686: RANGER-4486: ZoneV2 partial update allows duplicate principals and tagServices

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74686/
---

(Updated Oct. 20, 2023, noon)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Changes
---

Addressed review comments


Bugs: RANGER-4486
https://issues.apache.org/jira/browse/RANGER-4486


Repository: ranger


Description
---

The PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial allows addition 
of duplicate principals (admin and auditor UGR) and tagServices.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 facc305fe 


Diff: https://reviews.apache.org/r/74686/diff/2/

Changes: https://reviews.apache.org/r/74686/diff/1-2/


Testing
---

Validated the PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial, by 
passing duplicate tagService and adminUser in request repeatedly:

{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1", "tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
]
}

The zone is updated with single adminUser and tagService:

{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697775464068,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}


Thanks,

Subhrat Chaudhary

Review Request 74686: RANGER-4486: ZoneV2 partial update allows duplicate principals and tagServices

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74686/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: RANGER-4486
https://issues.apache.org/jira/browse/RANGER-4486


Repository: ranger


Description
---

The PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial allows addition 
of duplicate principals (admin and auditor UGR) and tagServices.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 facc305fe 


Diff: https://reviews.apache.org/r/74686/diff/1/


Testing
---

Validated the PUT API - /service/public/v2/api/zones-v2/{zoneId}/partial, by 
passing duplicate tagService and adminUser in request repeatedly:

{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697718906796,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServicesToAdd": [
"tag1", "tag1"
],
"adminsToAdd": [
{
"type": "USER",
"name": "mark"
},
{
"type": "USER",
"name": "mark"
}
]
}

The zone is updated with single adminUser and tagService:

{
"id": 5,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1697718906795,
"updateTime": 1697775464068,
"name": "zone10",
"services": {
"hive1": {
"resources": [
{
"id": 1,
"resource": {
"database": [
"db10"
]
}
}
]
}
},
"tagServices": [
"tag1"
],
"admins": [
{
"type": "USER",
"name": "mark"
}
],
"auditors": [
{
"type": "USER",
"name": "mark"
}
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74674: RANGER:4475:Security-Zone summary API ranger Admin should have access for all zones

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74674/#review225864
---




security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
Line 279 (original), 279 (patched)


bizUtil.isAdmin() should be the first check, since if user is ranger-admin, 
no other check is needed


- Subhrat Chaudhary


On Oct. 16, 2023, 4:27 p.m., Prashant Satam wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74674/
> ---
> 
> (Updated Oct. 16, 2023, 4:27 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4475
> https://issues.apache.org/jira/browse/RANGER-4475
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Security-Zone summary API the RANGER-ADMIN should have access for all 
> Security-Zones
> 
> API ===> (service/zones/summary)
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
> 77b89f1fb 
> 
> 
> Diff: https://reviews.apache.org/r/74674/diff/1/
> 
> 
> Testing
> ---
> 
> 1)Create a Security-Zone (don't add public to the Admin/Auditor groups while 
> creating the zone)
> 2)create a user with ADMIN role 
> 3)Get all zones list by API ===> (service/zones/summary) using the created 
> ADMIN user
> 
> RESPONSE==>
> {
> "startIndex": 0,
> "pageSize": 1,
> "totalCount": 3,
> "resultSize": 1,
> "sortType": null,
> "sortBy": null,
> "queryTimeMS": 1697453632943,
> "list": [
> {
> "id": 2,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1697192551000,
> "updateTime": 1697192551000,
> "name": "Test-Zone-1",
> "description": "Test-Zone-1",
> "totalResourceCount": 1,
> "adminCount": {
> "GROUP": 1,
> "ROLE": 0,
> "USER": 2
> },
> "auditorCount": {
> "GROUP": 1,
> "ROLE": 0,
> "USER": 1
> },
> "services": [
> {
> "id": 1,
> "name": "Ranger_hive",
> "type": "hive",
> "resourceCount": 1
> }
> ]
> }
> ],
> "listSize": 1
> }
> 
> 
> Thanks,
> 
> Prashant Satam
> 
>

Re: Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/
---

(Updated Oct. 14, 2023, 8:12 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Changes
---

Resolved conflicts


Bugs: https://issues.apache.org/jira/browse/RANGER-4415

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415


Repository: ranger


Description
---

In Dataset details page - Add datashare - user can select multiple datasets and 
send request to dataset owner. We need a new POST API that can accept request 
for multiple datashares.
Added API /dataset/{id}/datashare to accept List and 
return List.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 4d2a9cc8f 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 18e4cc451 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 f21d445c4 


Diff: https://reviews.apache.org/r/74611/diff/4/

Changes: https://reviews.apache.org/r/74611/diff/3-4/


Testing (updated)
---

Validated:
1. Addition of multiple datashares in POST API.
2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
thrown.
3. Tried to add an existing request, with request for 2 new datashares in a 
dataset. API failed for all the requests.

Following cases validated:
Datasets:
DS1 - 1 - mark - admin
DS2 - 2 - joe - admin

DataShares:
DSH1 - 1 - joe - admin
DSH2 - 2 - mark - admin
DSH2 - 3 - mark, joe - admin

Calling API as mark - http://localhost:6080/service/gds/dataset/1/datashare

FAILED: [ { "dataShareId": 1, "datasetId": 1, "status": "ACTIVE" }, { 
"dataShareId": 2, "datasetId": 1, "status": "GRANTED" } ]
Passed: [ { "dataShareId": 2, "datasetId": 1, "status": "GRANTED" }, { 
"dataShareId": 3, "datasetId": 1, "status": "ACTIVE" } ]


Thanks,

Subhrat Chaudhary

Re: Review Request 74666: RANGER:4428:Need a new API to get list of zones mapped to a service

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74666/#review225855
---




security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
Lines 275 (patched)


We can skip getting RangerSecurityZone, we can get zone id and name from 
xxSecurityZone.



security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
Lines 455 (patched)


@Path("/lookup") should be fine since we have /zones in path at class level.


- Subhrat Chaudhary


On Oct. 12, 2023, 3:07 p.m., Prashant Satam wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74666/
> ---
> 
> (Updated Oct. 12, 2023, 3:07 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
> and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4428
> https://issues.apache.org/jira/browse/RANGER-4428
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need a new API to get list of zones mapped to a service for the Create 
> Datashare >> Step 2 > Select Service >> Select Zone
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
> 77b89f1fb 
>   security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
> f45cdd396 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceBase.java
>  586a6b705 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
>  8acdd9813 
> 
> 
> Diff: https://reviews.apache.org/r/74666/diff/1/
> 
> 
> Testing
> ---
> 
> Create Zones adding service to it you will get List of zones as response on 
> GET API -> (/service/zones/lookup/zones)
> Query params -> serviceId,serivceNamePartial
> Response-->
> {
> "startIndex": 0,
> "pageSize": 200,
> "totalCount": 2,
> "resultSize": 2,
> "sortType": "asc",
> "sortBy": "zoneId",
> "queryTimeMS": 1697102766898,
> "list": [
> {
> "id": 4,
> "isEnabled": true,
> "name": "Test-Zone-3"
> },
> {
> "id": 5,
> "isEnabled": true,
> "name": "Test-Zone4"
> }
> ],
> "listSize": 2
> }
> 
> 
> Thanks,
> 
> Prashant Satam
> 
>

Re: Review Request 74665: RANGER-4440: added column x_security_zone.gz_jsonData to store compressed bytes - #3

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74665/#review225854
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 12, 2023, 11:31 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74665/
> ---
> 
> (Updated Oct. 12, 2023, 11:31 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Asit Vadhavkar, Abhay Kulkarni, 
> Mehul Parikh, Monika Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh 
> Mani, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4440
> https://issues.apache.org/jira/browse/RANGER-4440
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - added new column x_security_zone.gz_jsonData, of type LONGBLOB
> - when Json text compression is enabled, compressed bytes are now stored in 
> the new column. Earlier, compressed bytes were stored in existing column 
> jsonData, which failed for some cases due to character validation at the 
> database level. Storing in blob type column eliminates this issue
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java
>  12a89889a 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> dbeeaf423 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 065bae0df 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXSecurityZoneBase.java 
> ecdaf2485 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
>  8acdd9813 
> 
> 
> Diff: https://reviews.apache.org/r/74665/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that Ranger stores and read the compressed data in the new column 
> x_security_zone.gz_jsonData
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Review Request 74661: RANGER-4459: add filters for sharedResourceName and sharedResourceNamePartial in get sharedResource API #2

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74661/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, and 
Prashant Satam.


Bugs: RANGER-4459
https://issues.apache.org/jira/browse/RANGER-4459


Repository: ranger


Description
---

We need to add support for filtering on sharedResourceName and 
sharedResourceNamePartial in the get sharedResource API. This will be used in 
the dataShare creation, where user can search through the resources.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
ed855446f 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
90e9a6c02 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 0a11d4f1d 


Diff: https://reviews.apache.org/r/74661/diff/1/


Testing
---

Validated filtering is working on the GET API - /gds/resource as expected based 
on the query params - sharedResourceName and sharedResourceNamePartial.


Thanks,

Subhrat Chaudhary

Re: Review Request 74660: RANGER-4471: generate trxLog for dataset, project, dataShare, sharedResource

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74660/#review225851
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 11, 2023, 6:37 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74660/
> ---
> 
> (Updated Oct. 11, 2023, 6:37 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Abhay Kulkarni, Mehul 
> Parikh, Ramesh Mani, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4470 and RANGER-4471
> https://issues.apache.org/jira/browse/RANGER-4470
> https://issues.apache.org/jira/browse/RANGER-4471
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - updated GDS store implementation to generate trxLog entries for CRUD 
> operations on GDS objects 
> dataset/project/data-share/shared-resource/datashare-in-dataset/dataset-in-project
> 
> Note that this review includes the updates for RANGER-4470 as well.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
>  e3c45c1ff 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> 105044f08 
>   intg/src/main/python/apache_ranger/model/ranger_gds.py f93d5eef0 
>   ranger-examples/sample-client/src/main/python/sample_gds_client.py 
> ceca4ac02 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 331c97027 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> a0e6c55cc 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 5a566288a 
>   security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java 
> 1d2f6a189 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
>  882cd4392 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsBaseModelService.java
>  bee32c596 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
>  4a6963fa4 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
>  d4e6ec746 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
>  5954183b7 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
>  d5e2e52bd 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
>  f800c90b0 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  d9eac708c 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  03e04e794 
>   security-admin/src/main/webapp/react-webapp/src/utils/XAEnums.js 3313e538c 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs.jsx
>  6575dae24 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/DataShareInDatasetLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/DataShareLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/DatasetInProjectLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/DatasetLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/ProjectLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/SharedResourceLogs.jsx
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/OperationAdminModal.jsx
>  0d30e3224 
> 
> 
> Diff: https://reviews.apache.org/r/74660/diff/1/
> 
> 
> Testing
> ---
> 
> - created/updated/deleted GDS objects using sample_gds_client.py
> - verified that Admin audits UI page shows the details of the changes to GDS 
> objects
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74658: RANGER-4470: renamed defaultMasks to defaultTagMasks in RangerDataShare, subResourceNames to subResource in RangerSharedResource

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74658/#review225850
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 10, 2023, 10:50 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74658/
> ---
> 
> (Updated Oct. 10, 2023, 10:50 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Abhay Kulkarni, Mehul 
> Parikh, Mugdha Varadkar, Ramesh Mani, Subhrat Chaudhary, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-4470
> https://issues.apache.org/jira/browse/RANGER-4470
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - RangerDataShare: replaced "Map 
> defaultMasks" with "List defaultTagMasks" to enable 
> users to specify order when a column has multiple tags
> - RangerSharedResource: replaced subResourceNames with subResource and 
> subResourceType, to handle service-def having multiple child resource-types
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
>  e3c45c1ff 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> 105044f08 
>   intg/src/main/python/apache_ranger/model/ranger_gds.py f93d5eef0 
>   ranger-examples/sample-client/src/main/python/sample_gds_client.py 
> ceca4ac02 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 331c97027 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> a0e6c55cc 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> eaa335753 
>   security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java 
> 1d2f6a189 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
>  882cd4392 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
>  d4e6ec746 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  d9eac708c 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  ebffd654e 
> 
> 
> Diff: https://reviews.apache.org/r/74658/diff/2/
> 
> 
> Testing
> ---
> 
> - updated sample Python client and validated
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74658: RANGER-4470: renamed defaultMasks to defaultTagMasks in RangerDataShare, subResourceNames to subResource in RangerSharedResource

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74658/#review225849
---




agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
Lines 204 (patched)


Error message should be for List


- Subhrat Chaudhary


On Oct. 10, 2023, 10:50 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74658/
> ---
> 
> (Updated Oct. 10, 2023, 10:50 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Abhay Kulkarni, Mehul 
> Parikh, Mugdha Varadkar, Ramesh Mani, Subhrat Chaudhary, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-4470
> https://issues.apache.org/jira/browse/RANGER-4470
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - RangerDataShare: replaced "Map 
> defaultMasks" with "List defaultTagMasks" to enable 
> users to specify order when a column has multiple tags
> - RangerSharedResource: replaced subResourceNames with subResource and 
> subResourceType, to handle service-def having multiple child resource-types
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
>  e3c45c1ff 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> 105044f08 
>   intg/src/main/python/apache_ranger/model/ranger_gds.py f93d5eef0 
>   ranger-examples/sample-client/src/main/python/sample_gds_client.py 
> ceca4ac02 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 331c97027 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> a0e6c55cc 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> eaa335753 
>   security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShare.java 
> 1d2f6a189 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsSharedResource.java
>  882cd4392 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
>  d4e6ec746 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  d9eac708c 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  ebffd654e 
> 
> 
> Diff: https://reviews.apache.org/r/74658/diff/2/
> 
> 
> Testing
> ---
> 
> - updated sample Python client and validated
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74654: RANGER-4466: Update approver when request status is updated

[Subhrat Chaudhary via Review Board]

> On Oct. 10, 2023, 11:36 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 1046 (patched)
> > 
> >
> > Should the approvar field be updated for any status change? Or only for 
> > following status updates:
> > - any status  => GRANTED/DENIED
> > - NONE, REQUESTED => ACTIVE (when the user is admin for both dataset 
> > and dataShare)

Updating approver only for updates from DataShare admin.


> On Oct. 10, 2023, 11:36 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 1144 (patched)
> > 
> >
> > Should the approvar field be updated for any status change? Or only for 
> > following status updates:
> > - any status  => GRANTED/DENIED
> > - NONE, REQUESTED => ACTIVE (when the user is admin for both project 
> > and dataset)

Updating approver only for updates from Dataset admin.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74654/#review225843
---


On Oct. 11, 2023, 1:54 a.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74654/
> ---
> 
> (Updated Oct. 11, 2023, 1:54 a.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4466
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4466
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a request is updated i.e. dataShareInDataset or datasetInProject, logged 
> in user should be updated as the approver
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 5a566288a 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  03e04e794 
> 
> 
> Diff: https://reviews.apache.org/r/74654/diff/2/
> 
> 
> Testing
> ---
> 
> Validated approver is updated with current logged in user, when request 
> status is updated. Cases validated:
> 1. DataShareInDataset created with STATUS GRANTED approver in request (logged 
> in user as dataShare admin) - logged in user is added as approver.
> 2. DataShareInDataset created with STATUS ACTIVE (logged in user as 
> dataShare/dataset admin) - logged in user is added as approver.
> 3. DataShareInDataset created with STATUS REQUESTED - approver not added.
> 4. DataShareInDataset updated with status from REQUESTED to GRANTED - 
> approver updated.
> 5. DataShareInDataset updated with status from ACTIVE to GRANTED - approver 
> updated.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74654: RANGER-4466: Update approver when request status is updated

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74654/
---

(Updated Oct. 11, 2023, 1:54 a.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Addressed review comments. Added changes for adding approver in 
DataShareInDataset creation.


Bugs: https://issues.apache.org/jira/browse/RANGER-4466

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4466


Repository: ranger


Description
---

When a request is updated i.e. dataShareInDataset or datasetInProject, logged 
in user should be updated as the approver


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 5a566288a 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 03e04e794 


Diff: https://reviews.apache.org/r/74654/diff/2/

Changes: https://reviews.apache.org/r/74654/diff/1-2/


Testing (updated)
---

Validated approver is updated with current logged in user, when request status 
is updated. Cases validated:
1. DataShareInDataset created with STATUS GRANTED approver in request (logged 
in user as dataShare admin) - logged in user is added as approver.
2. DataShareInDataset created with STATUS ACTIVE (logged in user as 
dataShare/dataset admin) - logged in user is added as approver.
3. DataShareInDataset created with STATUS REQUESTED - approver not added.
4. DataShareInDataset updated with status from REQUESTED to GRANTED - approver 
updated.
5. DataShareInDataset updated with status from ACTIVE to GRANTED - approver 
updated.


Thanks,

Subhrat Chaudhary

Review Request 74659: RANGER-4469: Dataset summary API throws 403

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74659/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4469

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4469


Repository: ranger


Description
---

When a dataset is created for a user with VIEW permission, and GET 
datasetSummary API is called, 403 is thrown, since a user is allowed to get 
dataset policies, only if the user has AUDIT or higher permissions.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 9901ed79b 


Diff: https://reviews.apache.org/r/74659/diff/1/


Testing
---

Validated by creating:

Created dataset as below:
{
"id": 7,
"guid": "8469cfcb-dc45-4481-a754-f4abe6c298ef",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696947157966,
"updateTime": 1696947157967,
"version": 1,
"description": "This is GDS description",
"options": {},
"additionalInfo": {},
"name": "DS7",
"acl": { "users": { "joe": "VIEW", "admin": "ADMIN" } },
"termsOfUse": "Gds Terms of Use"
}

Called the dataset summary API for user joe. Data received as expected.


Thanks,

Subhrat Chaudhary

Review Request 74654: RANGER-4466: Update approver when request status is updated

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74654/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4466

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4466


Repository: ranger


Description
---

When a request is updated i.e. dataShareInDataset or datasetInProject, logged 
in user should be updated as the approver


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 9901ed79b 


Diff: https://reviews.apache.org/r/74654/diff/1/


Testing
---

Validated approver is updated with current logged in user, when request status 
is updated.


Thanks,

Subhrat Chaudhary

Review Request 74651: RANGER-4459: Need additional filter on GET sharedResource API

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74651/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4459

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4459


Repository: ranger


Description
---

We need additional filter on GET sharedResource API.
1. Partial search on resource values like dbname, coloumn etc.
2. Filter by serviceId, serviceName, serviceNamePartial


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
f969cffc0 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 58b2d3ca0 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
89174b2e4 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 a96f6e8b3 


Diff: https://reviews.apache.org/r/74651/diff/1/


Testing
---

Validated:
1. Partial search on resource values is working as exptected.
2. Filtering by serviceId, serviceName, serviceNamePartial is working as 
expected.


Thanks,

Subhrat Chaudhary

Review Request 74650: RANGER-4464: New API to get DataShare Summary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74650/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4464

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4464


Repository: ranger


Description
---

We need a new API to get DataShare summary. The fields datasetId, datasetName, 
dataShareId, dataShareName are added to the model 
RangerGds.DataShareInDatasetSummary to be used in DataShareSummary for 
dataShare listing and request listing page also. There response for dataShare 
summary will be:

{
"id": 4,
"guid": "cb134c01-e49b-4ec9-9c3a-c5b8e8928c40",
"isEnabled": true,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1696686411528,
"updateTime": 1696686411530,
"version": 1,
"name": "DSH4",
"permissionForCaller": "ADMIN",
"resourceCount": 0,
"serviceId": 1,
"serviceName": "hive1",
"serviceType": "hive",
"zoneId": 2,
"zoneName": "zone1",
"datasets": [
{
"guid": "e0b0eae3-25e3-4479-bc9f-c3eb0eb430ea",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696439551228,
"updateTime": 1696439551233,
"version": 1,
"datasetId": 1,
"datasetName": "DS1",
"shareStatus": "REQUESTED",
"approver": "mark"
}
]
}


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
cf67d74fd 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java dce45729f 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java cc09506f3 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 1c42e93c0 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
 773fcb873 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
 344b4ec33 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java
 1da1456a6 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 35ea2da8c 


Diff: https://reviews.apache.org/r/74650/diff/1/


Testing
---

Validated:
1. All the counts in dataShare summary API are coming as expected.
2. All the counts in dataset summary API are coming as expected, with updated 
response.
3. ACL evalaution is working as expected for DataShare search API.


Thanks,

Subhrat Chaudhary

Re: Review Request 74648: RANGER-4463: PrincipalCount not getting updated in DatasetSummary

[Subhrat Chaudhary via Review Board]

> On Oct. 8, 2023, 6:56 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Line 1276 (original), 1275 (patched)
> > 
> >
> > Given getDatasetPolicies(datasetId) at #1270 already returns only 
> > policies for datasetId, #1275 - #1281 is not necessary. Please review and 
> > remove.

Addressed review comment.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74648/#review225837
---


On Oct. 8, 2023, 8:51 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74648/
> ---
> 
> (Updated Oct. 8, 2023, 8:51 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4463
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4463
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> With the changes in https://issues.apache.org/jira/browse/RANGER-4445, 
> dataset name is not getting added in the resources for the dataset policy. 
> The computation of DatasetSummary.principalsCount is based on getting 
> policies based on dataset name. The principalsCount is not getting updated in 
> DatasetSummary.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> dce45729f 
> 
> 
> Diff: https://reviews.apache.org/r/74648/diff/3/
> 
> 
> Testing
> ---
> 
> Validated proper prinicpal count from policies - 
> DatasetSummary.principalsCount, is coming for datasets.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74648: RANGER-4463: PrincipalCount not getting updated in DatasetSummary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74648/
---

(Updated Oct. 8, 2023, 8:51 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Removed unnecessary iteration.


Bugs: https://issues.apache.org/jira/browse/RANGER-4463

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4463


Repository: ranger


Description
---

With the changes in https://issues.apache.org/jira/browse/RANGER-4445, dataset 
name is not getting added in the resources for the dataset policy. The 
computation of DatasetSummary.principalsCount is based on getting policies 
based on dataset name. The principalsCount is not getting updated in 
DatasetSummary.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java dce45729f 


Diff: https://reviews.apache.org/r/74648/diff/3/

Changes: https://reviews.apache.org/r/74648/diff/2-3/


Testing
---

Validated proper prinicpal count from policies - 
DatasetSummary.principalsCount, is coming for datasets.


Thanks,

Subhrat Chaudhary

Re: Review Request 74648: RANGER-4463: PrincipalCount not getting updated in DatasetSummary

[Subhrat Chaudhary via Review Board]

> On Oct. 7, 2023, 11:46 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Line 1263 (original), 1263 (patched)
> > 
> >
> > It will be efficient to use x_dataset_policy table to find policies 
> > associated with a dataset. Consider using 
> > GdsDBStore.getDatasetPolicies(datasetId).

Addressed review comment.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74648/#review225835
---


On Oct. 8, 2023, 5:37 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74648/
> ---
> 
> (Updated Oct. 8, 2023, 5:37 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4463
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4463
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> With the changes in https://issues.apache.org/jira/browse/RANGER-4445, 
> dataset name is not getting added in the resources for the dataset policy. 
> The computation of DatasetSummary.principalsCount is based on getting 
> policies based on dataset name. The principalsCount is not getting updated in 
> DatasetSummary.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> dce45729f 
> 
> 
> Diff: https://reviews.apache.org/r/74648/diff/2/
> 
> 
> Testing
> ---
> 
> Validated proper prinicpal count from policies - 
> DatasetSummary.principalsCount, is coming for datasets.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74648: RANGER-4463: PrincipalCount not getting updated in DatasetSummary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74648/
---

(Updated Oct. 8, 2023, 5:37 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Calling GdsDBStore.getDatasetPolicies to get dataset policies.


Bugs: https://issues.apache.org/jira/browse/RANGER-4463

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4463


Repository: ranger


Description
---

With the changes in https://issues.apache.org/jira/browse/RANGER-4445, dataset 
name is not getting added in the resources for the dataset policy. The 
computation of DatasetSummary.principalsCount is based on getting policies 
based on dataset name. The principalsCount is not getting updated in 
DatasetSummary.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java dce45729f 


Diff: https://reviews.apache.org/r/74648/diff/2/

Changes: https://reviews.apache.org/r/74648/diff/1-2/


Testing
---

Validated proper prinicpal count from policies - 
DatasetSummary.principalsCount, is coming for datasets.


Thanks,

Subhrat Chaudhary

Review Request 74649: RANGER-4446: Add description in dataset summary API response

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74649/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4446

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446


Repository: ranger


Description
---

We need to add description in the dataset summary API response.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
8b27b9769 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java eeebb6394 


Diff: https://reviews.apache.org/r/74649/diff/1/


Testing
---

Validated description is coming up in the API response:
{
"id": 1,
"guid": "e0b0eae3-25e3-4479-bc9f-c3eb0eb430ea",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696439551228,
"updateTime": 1696439551233,
"version": 1,
"name": "DS1",
"description": "This is GDS description",
"permissionForCaller": "ADMIN",
"principalsCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 0
},
"projectsCount": 0,
"totalResourceCount": 0
}


Thanks,

Subhrat Chaudhary

Review Request 74648: RANGER-4463: PrincipalCount not getting updated in DatasetSummary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74648/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4463

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4463


Repository: ranger


Description
---

With the changes in https://issues.apache.org/jira/browse/RANGER-4445, dataset 
name is not getting added in the resources for the dataset policy. The 
computation of DatasetSummary.principalsCount is based on getting policies 
based on dataset name. The principalsCount is not getting updated in 
DatasetSummary.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java eeebb6394 


Diff: https://reviews.apache.org/r/74648/diff/1/


Testing
---

Validated proper prinicpal count from policies - 
DatasetSummary.principalsCount, is coming for datasets.


Thanks,

Subhrat Chaudhary

Re: Review Request 74646: RANGER-4462: dataShare update/delete should be allowed for users with service-admin/zone-admin privilege as well

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74646/#review225830
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 6, 2023, 2:17 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74646/
> ---
> 
> (Updated Oct. 6, 2023, 2:17 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-4462
> https://issues.apache.org/jira/browse/RANGER-4462
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated validation to allow service-admin/zone-admin users to update/delete 
> data-shares
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 8a2b7f6c5 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  d9f204eef 
> 
> 
> Diff: https://reviews.apache.org/r/74646/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that zone-admin and service-admin users can update/delete 
> data-shares
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74643: RANGER-4440: when compression is enabled for x_security_zone.jsonData, store summary (not complete resource details) in trx log

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74643/#review225826
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Oct. 6, 2023, 12:25 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74643/
> ---
> 
> (Updated Oct. 6, 2023, 12:25 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Abhay Kulkarni, 
> Prashant Satam, Ramesh Mani, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4440
> https://issues.apache.org/jira/browse/RANGER-4440
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - for environments having large number of resources in security zones, JSON 
> text saved in x_security_zone.jsonData can be compressed. Given the sane JSON 
> text is stored in x_trx_log.prev_val and x_trx_log.new_val, it will be 
> necessary to store a shorter text - like count of resource in each service
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
>  439d9a6de 
> 
> 
> Diff: https://reviews.apache.org/r/74643/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that trx_log is created with resource-count for each service, 
> instead of resource details, as shown below:
> -- 
> {"dev_hive":{"resources":[{"resourceCount":["1"]}]},"dev_hdfs":{"resources":[{"resourceCount":["1"]}]},"dev_hbase":{"resources":[{"resourceCount":["3"]}]}}
> -- 
> {"dev_hive":{"resources":[{"resourceCount":["1"]}]},"dev_hdfs":{"resources":[{"resourceCount":["1"]}]},"dev_hbase":{"resources":[{"resourceCount":["2"]}]}}
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74631: RANGER-4445: new REST endpoints for dataset policies

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74631/#review225824
---




security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Line 4370 (original), 4407 (patched)


This may throw NPE, if linkedService is null.


- Subhrat Chaudhary


On Oct. 4, 2023, 1:29 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74631/
> ---
> 
> (Updated Oct. 4, 2023, 1:29 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Prashant Satam, and Subhrat Chaudhary.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - GDS policies are considered internal to datasets and projects, hence these 
> policies need to be managed via following REST endpoints only:
> -- POST   service/gds/dataset/{id}/policy
> -- PUTservice/gds/dataset/{id}/policy/{policyId}
> -- DELETE service/gds/dataset/{id}/policy/{policyId}
> -- GETservice/gds/dataset/{id}/policy/{policyId}
> -- GETservice/gds/dataset/{id}/policies
> - GDS service-type is excluded from service-def listing, so that UI will not 
> render services
> -- removed resource-service to gds-service linking, as all GDS policies will 
> be created in an internal service named _gds 
> - GDS service-def updated to replace "dataset" with "dataset-id", and 
> "project" with "project-id", to make it easier to deal with renaming of 
> datasets and projects
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java 
> e79c5d8e3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
>  a9ad08a48 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
>  91f598bd4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  0c47515ef 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
>  8632dd6bc 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java 
> 8c56ec1ff 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
>  26c5dd7e3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
>  3c985c62c 
>   
> agents-common/src/main/java/org/apache/ranger/services/gds/RangerServiceGds.java
>  0f03c5a31 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json 
> 06049183c 
>   intg/src/main/python/apache_ranger/client/ranger_gds_client.py ea42b3e2a 
>   intg/src/main/python/apache_ranger/model/ranger_base.py 2cb06b8bd 
>   ranger-examples/sample-client/src/main/python/sample_gds_client.py 
> 1b0d7a93f 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> e71facf8e 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 8536f651e 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 05705cd92 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 136a1309b 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> f2de83e20 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java 
> 15fc1cb44 
>   security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
> db0a80aef 
>   security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
> 4ffde84bd 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetPolicyMapDao.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectPolicyMapDao.java
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 
> 9ff7f0a68 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java 
> efe7d4bcc 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetPolicyMap.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsProjectPolicyMap.java
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java 
> 682e66dd8 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
>  54fe0f5b7 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java f827c754d 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 28ab36bad 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  b22208773 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
>  2a28eeb63 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
>  8ec558881 
>   
> 

Re: Review Request 74639: RANGER-4447: Add GET API to get security-zone summary for current user

[Subhrat Chaudhary via Review Board]

> On Oct. 4, 2023, 11:01 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
> > Lines 261 (patched)
> > 
> >
> > Since zones could be filtered in-memory (lines #265 - #267), shouldn't 
> > filter.startIndex and filter.maxRows be updated here before calling 
> > getSecurityZones(filter)? Please review.

Resetting filter.startIndex and filter.maxRows before calling 
getSecurityZones(filter).


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74639/#review225819
---


On Oct. 4, 2023, 11:58 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74639/
> ---
> 
> (Updated Oct. 4, 2023, 11:58 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4447
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4447
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We need a new API to get security-zone summary, to show zone details on 
> dashboard.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
>  47f8041b7 
>   security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
> a2c4e30ca 
>   security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
> 7c1e01053 
> 
> 
> Diff: https://reviews.apache.org/r/74639/diff/2/
> 
> 
> Testing
> ---
> 
> Validated on lcoal with zones. API response for one SZ:
> {
> "id": 3,
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696354856720,
> "updateTime": 1696354856725,
> "name": "zone2",
> "totalResourceCount": 3,
> "adminCount": {
> "ROLE": 0,
> "GROUP": 0,
> "USER": 4
> },
> "auditorCount": {
> "ROLE": 0,
> "GROUP": 0,
> "USER": 4
> },
> "tagServices": [
> "tag1"
> ],
> "services": [
> {
> "id": 1,
> "name": "hive1",
> "type": "hive",
> "resourceCount": 2
> },
> {
> "id": 15740,
> "name": "hive2",
> "type": "hive",
> "resourceCount": 1
> }
> ]
> }
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74639: RANGER-4447: Add GET API to get security-zone summary for current user

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74639/
---

(Updated Oct. 4, 2023, 11:58 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Addressed review comments


Bugs: https://issues.apache.org/jira/browse/RANGER-4447

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4447


Repository: ranger


Description
---

We need a new API to get security-zone summary, to show zone details on 
dashboard.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
 47f8041b7 
  security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
a2c4e30ca 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
7c1e01053 


Diff: https://reviews.apache.org/r/74639/diff/2/

Changes: https://reviews.apache.org/r/74639/diff/1-2/


Testing
---

Validated on lcoal with zones. API response for one SZ:
{
"id": 3,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696354856720,
"updateTime": 1696354856725,
"name": "zone2",
"totalResourceCount": 3,
"adminCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"auditorCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"tagServices": [
"tag1"
],
"services": [
{
"id": 1,
"name": "hive1",
"type": "hive",
"resourceCount": 2
},
{
"id": 15740,
"name": "hive2",
"type": "hive",
"resourceCount": 1
}
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74634: RANGER-4446: Need an API to return dataset summary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/
---

(Updated Oct. 4, 2023, 7:16 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Resolved conflicts


Bugs: https://issues.apache.org/jira/browse/RANGER-4446

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446


Repository: ranger


Description
---

We need additional details in the response for DatasetHeaderInfo like summary 
for DataShare included int he dataset.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
fd27f54a9 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 42a2fa16c 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java b7ef9b86a 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 dede14dfd 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 eadbb9228 


Diff: https://reviews.apache.org/r/74634/diff/3/

Changes: https://reviews.apache.org/r/74634/diff/2-3/


Testing
---

Updated dataset summary details:
{
"id": 1,
"guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696075254523,
"updateTime": 1696075254534,
"version": 1,
"name": "DS1",
"principalsCountByType": {
"USER": 2,
"GROUP": 0,
"ROLE": 0
},
"projectsCount": 0,
"permissionForCaller": "ADMIN",
"totalResourceCount": 2,
"dataShares": [
{
"id": 3,
"guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696073077134,
"updateTime": 1696073077136,
"version": 1,
"name": "datashare3",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
},
{
"id": 4,
"guid": "bf92da3b-3a4b-445f-8fa0-11f5a02306f3",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696146862432,
"updateTime": 1696146862447,
"version": 1,
"name": "datashare4",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
}
]
}


Thanks,

Subhrat Chaudhary

Review Request 74639: RANGER-4447: Add GET API to get security-zone summary for current user

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74639/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4447

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4447


Repository: ranger


Description
---

We need a new API to get security-zone summary, to show zone details on 
dashboard.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
 47f8041b7 
  security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
a2c4e30ca 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
7c1e01053 


Diff: https://reviews.apache.org/r/74639/diff/1/


Testing
---

Validated on lcoal with zones. API response for one SZ:
{
"id": 3,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696354856720,
"updateTime": 1696354856725,
"name": "zone2",
"totalResourceCount": 3,
"adminCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"auditorCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"tagServices": [
"tag1"
],
"services": [
{
"id": 1,
"name": "hive1",
"type": "hive",
"resourceCount": 2
},
{
"id": 15740,
"name": "hive2",
"type": "hive",
"resourceCount": 1
}
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74634: RANGER-4446: Need an API to return dataset summary

[Subhrat Chaudhary via Review Board]

> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 480 (patched)
> > 
> >
> > Consider using GdsPermission for permissionForCaller, instead of String.

Using GdsPermission for permissionForCaller


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 540 (patched)
> > 
> >
> > Field id is present in base class RangerBaseModelObject. Please review 
> > and remove from DataShareInDatasetSummary.

Removed id from DataShareInDatasetSummary.


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 547 (patched)
> > 
> >
> > Consider using GdsShareStatus for shareStatus, instead of String.

Using GdsShareStatus for shareStatus


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Line 135 (original), 143 (patched)
> > 
> >
> > getDatasetHeaders() => getDatasetSummary()

Updated logs for the method getDatasetSummary


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
> > Line 251 (original), 251 (patched)
> > 
> >
> > resource-count in a dataShare shouldn't vary across datasets it is 
> > associated to. If yes, does this method need datasetId parameter?

removed datasetId from signature and renamed method to 
getResourceCountForDataShare


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/#review225806
---


On Oct. 3, 2023, 2:40 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74634/
> ---
> 
> (Updated Oct. 3, 2023, 2:40 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4446
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We need additional details in the response for DatasetHeaderInfo like summary 
> for DataShare included int he dataset.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> fd27f54a9 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 05705cd92 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java f827c754d 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  b22208773 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  eadbb9228 
> 
> 
> Diff: https://reviews.apache.org/r/74634/diff/2/
> 
> 
> Testing
> ---
> 
> Updated dataset summary details:
> {
> "id": 1,
> "guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696075254523,
> "updateTime": 1696075254534,
> "version": 1,
> "name": "DS1",
> "principalsCountByType": {
> "USER": 2,
> "GROUP": 0,
> "ROLE": 0
> },
> "projectsCount": 0,
> "permissionForCaller": "ADMIN",
> "totalResourceCount": 2,
> "dataShares": [
> {
> "id": 3,
> "guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696073077134,
> "updateTime": 1696073077136,
> "version": 1,
> "name": "datashare3",
> "serviceId": 1,
> "serviceName": "hive1",
> "zoneId": 2,
> "zoneName": "zone1",
> "resourceCount": 1,
> "shareStatus": "REQUESTED"
> },
> {
> "id": 4,
> "guid": 

Re: Review Request 74634: RANGER-4446: Need an API to return dataset summary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/
---

(Updated Oct. 3, 2023, 2:40 p.m.)


Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4446

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446


Repository: ranger


Description
---

We need additional details in the response for DatasetHeaderInfo like summary 
for DataShare included int he dataset.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
fd27f54a9 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 05705cd92 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java f827c754d 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 b22208773 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 eadbb9228 


Diff: https://reviews.apache.org/r/74634/diff/2/

Changes: https://reviews.apache.org/r/74634/diff/1-2/


Testing
---

Updated dataset summary details:
{
"id": 1,
"guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696075254523,
"updateTime": 1696075254534,
"version": 1,
"name": "DS1",
"principalsCountByType": {
"USER": 2,
"GROUP": 0,
"ROLE": 0
},
"projectsCount": 0,
"permissionForCaller": "ADMIN",
"totalResourceCount": 2,
"dataShares": [
{
"id": 3,
"guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696073077134,
"updateTime": 1696073077136,
"version": 1,
"name": "datashare3",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
},
{
"id": 4,
"guid": "bf92da3b-3a4b-445f-8fa0-11f5a02306f3",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696146862432,
"updateTime": 1696146862447,
"version": 1,
"name": "datashare4",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
}
]
}


Thanks,

Subhrat Chaudhary

Review Request 74634: RANGER-4446: Need an API to return dataset summary

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4446

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446


Repository: ranger


Description
---

We need additional details in the response for DatasetHeaderInfo like summary 
for DataShare included int he dataset.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ce4769569 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 56b908625 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 b22208773 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 eadbb9228 


Diff: https://reviews.apache.org/r/74634/diff/1/


Testing
---

Updated dataset summary details:
{
"id": 1,
"guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696075254523,
"updateTime": 1696075254534,
"version": 1,
"name": "DS1",
"principalsCountByType": {
"USER": 2,
"GROUP": 0,
"ROLE": 0
},
"projectsCount": 0,
"permissionForCaller": "ADMIN",
"totalResourceCount": 2,
"dataShares": [
{
"id": 3,
"guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696073077134,
"updateTime": 1696073077136,
"version": 1,
"name": "datashare3",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
},
{
"id": 4,
"guid": "bf92da3b-3a4b-445f-8fa0-11f5a02306f3",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696146862432,
"updateTime": 1696146862447,
"version": 1,
"name": "datashare4",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
}
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74630: RANGER-4435: Support cascade delete of datashare

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74630/
---

(Updated Oct. 2, 2023, 3:41 p.m.)


Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4435

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4435


Repository: ranger


Description
---

We need to support cascading delete for datashare and delete following also:

1. delete related requests
2. delete related sharedResources


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
 0c9114aee 
  agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java 
53fe55336 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ce4769569 
  security-admin/src/main/java/org/apache/ranger/common/MessageEnums.java 
7be604261 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 56b908625 


Diff: https://reviews.apache.org/r/74630/diff/2/

Changes: https://reviews.apache.org/r/74630/diff/1-2/


Testing
---

Tested on local with the fix - when the daatashare is delete with API DELETE - 
/datashare/dataset/{id}, all the related sharedResources and dataShareInDataset 
are also deleted.


Thanks,

Subhrat Chaudhary

Review Request 74630: RANGER-4435: Support cascade delete of datashare

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74630/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4435

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4435


Repository: ranger


Description
---

We need to support cascading delete for datashare and delete following also:

1. delete related requests
2. delete related sharedResources


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ce4769569 
  security-admin/src/main/java/org/apache/ranger/common/MessageEnums.java 
7be604261 


Diff: https://reviews.apache.org/r/74630/diff/1/


Testing
---

Tested on local with the fix - when the daatashare is delete with API DELETE - 
/datashare/dataset/{id}, all the related sharedResources and dataShareInDataset 
are also deleted.


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

(Updated Oct. 1, 2023, 2:04 p.m.)


Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0d839346b 


Diff: https://reviews.apache.org/r/74621/diff/5/


Testing
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.

Updated response:
{
"id": 1,
"guid": "b8241252-6331-4efd-9b0c-160b3defde71",
"isEnabled": true,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1695891098216,
"updateTime": 1695891098216,
"version": 1,
"dataShareId": 1,
"datasetId": 1,
"status": "ACTIVE",
"approverId": 1
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

(Updated Oct. 1, 2023, 2:01 p.m.)


Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0d839346b 


Diff: https://reviews.apache.org/r/74621/diff/5/

Changes: https://reviews.apache.org/r/74621/diff/4-5/


Testing
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.

Updated response:
{
"id": 1,
"guid": "b8241252-6331-4efd-9b0c-160b3defde71",
"isEnabled": true,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1695891098216,
"updateTime": 1695891098216,
"version": 1,
"dataShareId": 1,
"datasetId": 1,
"status": "ACTIVE",
"approverId": 1
}


File Attachments


RANGER-4426.patch
  
https://reviews.apache.org/media/uploaded/files/2023/09/28/d2094906-51a7-4dbb-a010-c5f3acefdcc6__RANGER-4426.patch


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

> On Sept. 30, 2023, 3:14 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
> > Lines 228 (patched)
> > 
> >
> > findByLoginId() can return null. Please review and handle this 
> > condition - similar to RangerBaseModelService handling of createdBy and 
> > updatedBy fields.

Added null check for xxPortalUserDao.findByLoginId


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/#review225802
---


On Oct. 1, 2023, 2:01 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74621/
> ---
> 
> (Updated Oct. 1, 2023, 2:01 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
> and Prashant Satam.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4426
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> To be able to record details of the approver of the requests i.e. request to 
> add datashare in dataset and request to add dataset in project. we need an 
> approver field in RangerDatashareInDataset and RangerDatasetInProject.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> a1c883356 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 424f38d9e 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 5ffa23f33 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
>  8c59e0898 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
>  6babde527 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
>  d32282c27 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
>  0d839346b 
> 
> 
> Diff: https://reviews.apache.org/r/74621/diff/5/
> 
> 
> Testing
> ---
> 
> Validations done:
> 1. Added approver in POST API /gds/datashare/dataset, on GET API response 
> approver is updated. The approver value is updated in the table 
> x_gds_data_share_in_dataset, for the record inserted.
> 2. Added approver in POST API /gds/dataset/project, on GET API response 
> approver is updated. The approver value is updated in the table 
> x_gds_data_share_in_dataset, for the record inserted.
> 
> Updated response:
> {
> "id": 1,
> "guid": "b8241252-6331-4efd-9b0c-160b3defde71",
> "isEnabled": true,
> "createdBy": "mark",
> "updatedBy": "mark",
> "createTime": 1695891098216,
> "updateTime": 1695891098216,
> "version": 1,
> "dataShareId": 1,
> "datasetId": 1,
> "status": "ACTIVE",
> "approverId": 1
> }
> 
> 
> File Attachments
> 
> 
> RANGER-4426.patch
>   
> https://reviews.apache.org/media/uploaded/files/2023/09/28/d2094906-51a7-4dbb-a010-c5f3acefdcc6__RANGER-4426.patch
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

> On Sept. 30, 2023, 1:51 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 674 (patched)
> > 
> >
> > Is parameter datasetId necessary, given each object dataSharesInDataset 
> > also has datasetId?

We have existing POST API /dataset/datashare (fr single DataSharedInDataset), 
this is to support multiple requests.


> On Sept. 30, 2023, 1:51 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 681 (patched)
> > 
> >
> > The call should either succeed in saving all objects or fail without 
> > saving any. Use of one transaction for each object here violates this. 
> > Please review and update.

Transaction is removed.


> On Sept. 30, 2023, 1:51 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 731 (patched)
> > 
> >
> > - ensureRequestsDoNotExist() => validate()
> > - This will be a good place to enfoce ACL specified in Dataset and 
> > DataShare
> > - consider adding validation that dataSharesInDataset doesn't contain 
> > duplicate entries (datasetId + dataShareId combination)

1. Updated ensureRequestsDoNotExist() => validate()
2. Implementation of ACL enforcement for requests is tracked in 
https://issues.apache.org/jira/browse/RANGER-4443
3. Validation to avoid duplicate entries for datasetId + dataShareId 
combination, is covered in GdsDBStore.validate


> On Sept. 30, 2023, 1:51 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
> > Lines 834 (patched)
> > 
> >
> > Consider adding validation that each entry in dataSharesInDataset has 
> > datasetId specified in the parameter datasetId.

Added validation.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/#review225801
---


On Oct. 1, 2023, 1:37 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74611/
> ---
> 
> (Updated Oct. 1, 2023, 1:37 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Prashant Satam.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4415
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Dataset details page - Add datashare - user can select multiple datasets 
> and send request to dataset owner. We need a new POST API that can accept 
> request for multiple datashares.
> Added API /dataset/{id}/datashare to accept List 
> and return List.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> ce4769569 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 56b908625 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  b22208773 
> 
> 
> Diff: https://reviews.apache.org/r/74611/diff/3/
> 
> 
> Testing
> ---
> 
> Validated:
> 1. Addition of multiple datashares in POST API.
> 2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
> thrown.
> 3. Tried to add an existing request, with request for 2 new datashares in a 
> dataset. API failed for all the requests.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/
---

(Updated Oct. 1, 2023, 1:37 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4415

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415


Repository: ranger


Description
---

In Dataset details page - Add datashare - user can select multiple datasets and 
send request to dataset owner. We need a new POST API that can accept request 
for multiple datashares.
Added API /dataset/{id}/datashare to accept List and 
return List.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ce4769569 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 56b908625 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 b22208773 


Diff: https://reviews.apache.org/r/74611/diff/3/

Changes: https://reviews.apache.org/r/74611/diff/2-3/


Testing
---

Validated:
1. Addition of multiple datashares in POST API.
2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
thrown.
3. Tried to add an existing request, with request for 2 new datashares in a 
dataset. API failed for all the requests.


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

(Updated Sept. 30, 2023, 1:48 p.m.)


Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 


Diff: https://reviews.apache.org/r/74621/diff/4/

Changes: https://reviews.apache.org/r/74621/diff/3-4/


Testing
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.

Updated response:
{
"id": 1,
"guid": "b8241252-6331-4efd-9b0c-160b3defde71",
"isEnabled": true,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1695891098216,
"updateTime": 1695891098216,
"version": 1,
"dataShareId": 1,
"datasetId": 1,
"status": "ACTIVE",
"approverId": 1
}


File Attachments


RANGER-4426.patch
  
https://reviews.apache.org/media/uploaded/files/2023/09/28/d2094906-51a7-4dbb-a010-c5f3acefdcc6__RANGER-4426.patch


Thanks,

Subhrat Chaudhary

Re: Review Request 74610: RANGER-4323: New API to get Dataset header info for Dataset listing page

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74610/
---

(Updated Sept. 29, 2023, 1:38 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Changes
---

Addressed review comments


Bugs: https://reviews.apache.org/r/74532/bugs/RANGER-4323

https://issues.apache.org/jira/browse/https://reviews.apache.org/r/74532/bugs/RANGER-4323


Repository: ranger


Description
---

We need a new API to get dataset header info, for dataset listing page, based 
on ACL evaluation for the logged in user. It supports:
1. Pagination
2. GDSPermission as query param, based on which ACL evaluation is done
3. Following counts (in case the logged in user has VIEW or higher permission): 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount.
4. Permission for current user (in case GDSPermission in query-param is LIST)
5. Sort by creatTime
6. Search by startDate/endDate
7. Partial search by dataset and datashare name


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerDatasetHeader.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
1a1a78064 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ff6b2b23e 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
51da7d15d 
  
security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java
 52c441104 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java f020acb21 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 de9014072 
  
security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
 4128d70df 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
 747cc9f17 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 6a963da60 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 374ac046d 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml f02101f09 


Diff: https://reviews.apache.org/r/74610/diff/2/

Changes: https://reviews.apache.org/r/74610/diff/1-2/


Testing (updated)
---

Validated:
1. ACL evaluation based on GDSPermission in query-param
2. Pagination for the records returned
3. Confirmed the counts are returned based on the data available: 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount
4. Search functionality by startDate/endDate
5. Partial search by dataset and datashare name

Updated response:
{
"startIndex": 0,
"pageSize": 200,
"totalCount": 1,
"resultSize": 1,
"sortType": "createTime",
"sortBy": "desc",
"queryTimeMS": 1695969636652,
"list": [
{
"id": 1,
"guid": "30b50d94-dfde-4e16-8ef5-722cb8e7442b",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695969001000,
"updateTime": 1695969001000,
"version": 1,
"name": "Test_GDS_Dataset",
"dataSharesCountByStatus": {
"REQUESTED": 1,
"ACTIVE": 1
},
"principalsCountByType": {
"ROLE": 0,
"USER": 1,
"GROUP": 1
},
"projectsCount": 1,
"resourceCount": 4
}
],
"listSize": 1
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

> On Sept. 28, 2023, 10:13 a.m., Madhan Neethiraj wrote:
> > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
> > Lines 1831 (patched)
> > 
> >
> > To be consistent with added_by_id and upd_by_id, please replace 
> > approver with approver_id and have a foreign-key that points to 
> > x_portal_user(`id`).

Addressed review comment.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/#review225789
---


On Sept. 28, 2023, 2:56 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74621/
> ---
> 
> (Updated Sept. 28, 2023, 2:56 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
> and Prashant Satam.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4426
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> To be able to record details of the approver of the requests i.e. request to 
> add datashare in dataset and request to add dataset in project. we need an 
> approver field in RangerDatashareInDataset and RangerDatasetInProject.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> a1c883356 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 424f38d9e 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 5ffa23f33 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
>  8c59e0898 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
>  6babde527 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
>  d32282c27 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
>  0ed51c249 
> 
> 
> Diff: https://reviews.apache.org/r/74621/diff/3/
> 
> 
> Testing
> ---
> 
> Validations done:
> 1. Added approver in POST API /gds/datashare/dataset, on GET API response 
> approver is updated. The approver value is updated in the table 
> x_gds_data_share_in_dataset, for the record inserted.
> 2. Added approver in POST API /gds/dataset/project, on GET API response 
> approver is updated. The approver value is updated in the table 
> x_gds_data_share_in_dataset, for the record inserted.
> 
> Updated response:
> {
> "id": 1,
> "guid": "b8241252-6331-4efd-9b0c-160b3defde71",
> "isEnabled": true,
> "createdBy": "mark",
> "updatedBy": "mark",
> "createTime": 1695891098216,
> "updateTime": 1695891098216,
> "version": 1,
> "dataShareId": 1,
> "datasetId": 1,
> "status": "ACTIVE",
> "approverId": 1
> }
> 
> 
> File Attachments
> 
> 
> RANGER-4426.patch
>   
> https://reviews.apache.org/media/uploaded/files/2023/09/28/d2094906-51a7-4dbb-a010-c5f3acefdcc6__RANGER-4426.patch
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

(Updated Sept. 28, 2023, 2:56 p.m.)


Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 


Diff: https://reviews.apache.org/r/74621/diff/3/

Changes: https://reviews.apache.org/r/74621/diff/2-3/


Testing (updated)
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.

Updated response:
{
"id": 1,
"guid": "b8241252-6331-4efd-9b0c-160b3defde71",
"isEnabled": true,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1695891098216,
"updateTime": 1695891098216,
"version": 1,
"dataShareId": 1,
"datasetId": 1,
"status": "ACTIVE",
"approverId": 1
}


File Attachments (updated)


RANGER-4426.patch
  
https://reviews.apache.org/media/uploaded/files/2023/09/28/d2094906-51a7-4dbb-a010-c5f3acefdcc6__RANGER-4426.patch


Thanks,

Subhrat Chaudhary

Review Request 74626: RANGER-4439: Duplicate resource IDs are create while updating security zone

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74626/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, and 
Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4439

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4439


Repository: ranger


Description
---

When resource are added to a security-zone, id started from 1, instead of using 
id of the last resourceBaseInfo from SecurityZone request. With this we are 
moving the logic to increment the id, before creating the 
RangerSecurityZoneResourceBase.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerSecurityZoneHelper.java
 ffd1693a1 


Diff: https://reviews.apache.org/r/74626/diff/1/


Testing
---

Validated by created and updating security-zones with muplitple services. The 
resourceBaseInfo created for them for a service is unique. Please find the 
updated response object:
{
"id": 7,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1695798279389,
"updateTime": 1695798279390,
"name": "zone12",
"services": {
"hive3": {
"resources": [
{
"database": [
"hive_1"
],
"table": [
"hive_1"
]
},
{
"database": [
"hive_2"
],
"table": [
"hive_2"
]
},
{
"database": [
"hive_3"
],
"table": [
"hive_3"
]
},
{
"database": [
"hive_4"
],
"table": [
"hive_4"
]
}
],
"resourcesBaseInfo": [
{
"id": 1,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 169582915,
"updateTime": 169582915
},
{
"id": 2,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 169582915,
"updateTime": 169582915
},
{
"id": 3,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 169582915,
"updateTime": 169582915
},
{
"id": 4,
"createdBy": "mark",
"updatedBy": "mark",
"createTime": 1695822744692,
"updateTime": 1695822744692
}
]
}
},
"adminUsers": [
"joe"
],
"auditUsers": [
"joe"
]
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74610: RANGER-4323: New API to get Dataset header info for Dataset listing page

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74610/
---

(Updated Sept. 26, 2023, 10:50 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://reviews.apache.org/r/74532/bugs/RANGER-4323

https://issues.apache.org/jira/browse/https://reviews.apache.org/r/74532/bugs/RANGER-4323


Repository: ranger


Description
---

We need a new API to get dataset header info, for dataset listing page, based 
on ACL evaluation for the logged in user. It supports:
1. Pagination
2. GDSPermission as query param, based on which ACL evaluation is done
3. Following counts (in case the logged in user has VIEW or higher permission): 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount.
4. Permission for current user (in case GDSPermission in query-param is LIST)
5. Sort by creatTime
6. Search by startDate/endDate
7. Partial search by dataset and datashare name


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
1a1a78064 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ff6b2b23e 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
51da7d15d 
  
security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java
 52c441104 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java f020acb21 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 de9014072 
  
security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
 4128d70df 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
 747cc9f17 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 6a963da60 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 374ac046d 
  security-admin/src/main/java/org/apache/ranger/view/RangerDatasetHeader.java 
PRE-CREATION 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml f02101f09 


Diff: https://reviews.apache.org/r/74610/diff/1/


Testing
---

Validated:
1. ACL evaluation based on GDSPermission in query-param
2. Pagination for the records returned
3. Confirmed the counts are returned based on the data available: 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount
4. Search functionality by startDate/endDate
5. Partial search by dataset and datashare name


Thanks,

Subhrat Chaudhary

Re: Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

(Updated Sept. 26, 2023, 9:53 a.m.)


Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 


Diff: https://reviews.apache.org/r/74621/diff/2/

Changes: https://reviews.apache.org/r/74621/diff/1-2/


Testing
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.


Thanks,

Subhrat Chaudhary

Review Request 74621: RANGER-4426: Add approver in GDS request entities

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74621/
---

Review request for ranger, Anand Nadar, Madhan Neethiraj, Monika Kachhadiya, 
and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4426

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4426


Repository: ranger


Description
---

To be able to record details of the approver of the requests i.e. request to 
add datashare in dataset and request to add dataset in project. we need an 
approver field in RangerDatashareInDataset and RangerDatasetInProject.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
a1c883356 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9e 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
5ffa23f33 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDataShareInDataset.java
 8c59e0898 
  
security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetInProject.java
 6babde527 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 


Diff: https://reviews.apache.org/r/74621/diff/1/


Testing
---

Validations done:
1. Added approver in POST API /gds/datashare/dataset, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.
2. Added approver in POST API /gds/dataset/project, on GET API response 
approver is updated. The approver value is updated in the table 
x_gds_data_share_in_dataset, for the record inserted.


Thanks,

Subhrat Chaudhary

Re: Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/
---

(Updated Sept. 25, 2023, 9:51 a.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4415

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415


Repository: ranger


Description (updated)
---

In Dataset details page - Add datashare - user can select multiple datasets and 
send request to dataset owner. We need a new POST API that can accept request 
for multiple datashares.
Added API /dataset/{id}/datashare to accept List and 
return List.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ff6b2b23e 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 de9014072 


Diff: https://reviews.apache.org/r/74611/diff/2/

Changes: https://reviews.apache.org/r/74611/diff/1-2/


Testing (updated)
---

Validated:
1. Addition of multiple datashares in POST API.
2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
thrown.
3. Tried to add an existing request, with request for 2 new datashares in a 
dataset. API failed for all the requests.


Thanks,

Subhrat Chaudhary

Re: Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

> On Sept. 21, 2023, 9:17 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
> > Lines 835 (patched)
> > 
> >
> > In case of failure in adding any datashare (like due to permission 
> > issue), this method will result in an exception but few input entries will 
> > be processed. To ensure all-or-none, add a method in gdsStore and call this 
> > new method from here.
> > 
> > Given this method is to add multiple datashares into a specific 
> > dataset, consider using REST API path of a dataset i.e. replace "POST 
> > /datashare/dataset/multiple" with "POST /dataset/{id}/datashares"

Addressed the review comments:
1. Updated the API as POST /dataset/{id}/datashares
2. Created a new method on GdsDbStore, where all the requests are processed in 
a transaction.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/#review225775
---


On Sept. 19, 2023, 10:43 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74611/
> ---
> 
> (Updated Sept. 19, 2023, 10:43 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Prashant Satam.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4415
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Dataset details page - Add datashare - user can select multiple datasets 
> and send request to dataset owner. We need a new POST API that can accept 
> request for multiple datashares.
> Added API /dataset/{id}/datashare to accept List 
> and return List.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> ff6b2b23e 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  de9014072 
> 
> 
> Diff: https://reviews.apache.org/r/74611/diff/2/
> 
> 
> Testing
> ---
> 
> Validated:
> 1. Addition of multiple datashares in POST API.
> 2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
> thrown.
> 3. Tried to add an existing request, with request for 2 new datashares in a 
> dataset. API failed for all the requests.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Review Request 74617: RANGER-4423: Add support for filter by service and zone name in get datashare API

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74617/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, and 
Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4423

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4423


Repository: ranger


Description
---

In the GET Datashare API, we need to add support for additional search filters 
for zoneName and serviceName, for datashare listing. Thi can be supported by 
adding filters in the RangerGdsDataShareService


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java
 a07fb9ea7 


Diff: https://reviews.apache.org/r/74617/diff/1/


Testing
---

Validated by passing zoneName and/or serviceName in the params of the 
/gds/datashare API. Records are gtting filtered as expected.


Thanks,

Subhrat Chaudhary

Review Request 74611: RANGER-4415: New API to add multiple datashares in a dataset

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74611/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4415

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4415


Repository: ranger


Description
---

In Dataset details page - Add datashare - user can select multiple datasets and 
send request to dataset owner. We need a new POST API that can accept request 
for multiple datashares.
Added API /datashare/dataset/multiple to accept List 
and return List.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 de9014072 


Diff: https://reviews.apache.org/r/74611/diff/1/


Testing
---

Validated:
1. Addition of multiple datashares in POST API.
2. Tried to add duplicate request (same datashare and dataset ID), 400 is 
thrown.


Thanks,

Subhrat Chaudhary

Review Request 74610: RANGER-4323: New API to get Dataset header info for Dataset listing page

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74610/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://reviews.apache.org/r/74532/bugs/RANGER-4323/

https://issues.apache.org/jira/browse/https://reviews.apache.org/r/74532/bugs/RANGER-4323/


Repository: ranger


Description
---

We need a new API to get dataset header info, for dataset listing page, based 
on ACL evaluation for the logged in user. It supports:
1. Pagination
2. GDSPermission as query param, based on which ACL evaluation is done
3. Following counts (in case the logged in user has VIEW or higher permission): 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount.
4. Permission for current user (in case GDSPermission in query-param is LIST)
5. Sort by creatTime
6. Search by startDate/endDate
7. Partial search by dataset and datashare name


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
1a1a78064 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java ff6b2b23e 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
51da7d15d 
  
security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java
 52c441104 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java f020acb21 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 de9014072 
  
security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java
 4128d70df 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java
 d32282c27 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java
 0ed51c249 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java
 747cc9f17 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 6a963da60 
  
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
 374ac046d 
  security-admin/src/main/java/org/apache/ranger/view/RangerDatasetHeader.java 
PRE-CREATION 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml f02101f09 


Diff: https://reviews.apache.org/r/74610/diff/1/


Testing
---

Validated:
1. ACL evaluation based on GDSPermission in query-param
2. Pagination for the records returned
3. Confirmed the counts are returned based on the data available: 
dataSharesActiveCount, dataSharesPendingCount, usersCount, groupsCount, 
rolesCount, projectsCount, resourceCount
4. Search functionality by startDate/endDate
5. Partial search by dataset and datashare name


Thanks,

Subhrat Chaudhary

Re: Review Request 74604: RANGER-4413: Fix pagination for GDS APIs

[Subhrat Chaudhary via Review Board]

> On Sept. 15, 2023, 9:24 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Lines 227 (patched)
> > 
> >
> > Consider avoiding duplicate code in getDatasetNames() and 
> > searchDatasets(), by having getDatasetNames() call searchDatasets():
> > 
> >   PList datasets = searchDatasets(searchFilter);
> >   PListret = new PList<>(new ArrayList<>(), 
> > datasets.getStartIndex(), datasets.getPageSize(), datasets.getTotalCount(), 
> > datasets.getResultSize(), datasets.getSortType(), datasets.getSortBy());
> > 
> >   ret.setQueryTimeMS(datasets.getQueryTimeMS());
> >   
> >   if (datasets.getList() != null) {
> > for (RangerDataset dataset : datasets.getList()) {
> >   ret.getList().add(dataset.getName());
> > }
> >   }
> > 
> > Similar update for getProjectNames() as well.

Addressed review comment.


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74604/#review225760
---


On Sept. 15, 2023, 10:35 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74604/
> ---
> 
> (Updated Sept. 15, 2023, 10:35 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, and Prashant Satam.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4413
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4413
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Ranger, we have pagination parameters (pageSize and startIndex) to get 
> paginated records, which build queries and get records from DB accordingly. 
> For GDS APIs, this will not work in we have to do ACL evaluation on the 
> records from DB. Pagination for GDS APIs needs to be done in Java.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/store/PList.java 
> 2402fea9b 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 55c8495e4 
> 
> 
> Diff: https://reviews.apache.org/r/74604/diff/2/
> 
> 
> Testing
> ---
> 
> Validated pagination for GET Dataset API for which ACL evaluation is in place 
> - /service/gds/dataset:
> API: 
> http://localhost:6080/service/gds/dataset?gdsPermission=LIST=5=10
> Response:
> {
> "startIndex": 10,
> "pageSize": 5,
> "totalCount": 12,
> "resultSize": 2,
> "sortType": "datasetId",
> "sortBy": "asc",
> "list": [
> {
> "id": 11,
> "guid": "c902ce32-9bed-4422-a43b-4a4c478f5515",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1694710751099,
> "updateTime": 1694710751100,
> "version": 1,
> "description": "This is GDS description",
> "name": "Dataset95",
> "termsOfUse": "Gds Terms of Use"
> },
> {
> "id": 12,
> "guid": "8fa813d0-9dd4-44cf-b283-4c50fcb28839",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1694710756341,
> "updateTime": 1694710756342,
> "version": 1,
> "description": "This is GDS description",
> "name": "Dataset96",
> "termsOfUse": "Gds Terms of Use"
> }
> ],
> "listSize": 2
> }
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74604: RANGER-4413: Fix pagination for GDS APIs

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74604/
---

(Updated Sept. 15, 2023, 10:35 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4413

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4413


Repository: ranger


Description
---

In Ranger, we have pagination parameters (pageSize and startIndex) to get 
paginated records, which build queries and get records from DB accordingly. For 
GDS APIs, this will not work in we have to do ACL evaluation on the records 
from DB. Pagination for GDS APIs needs to be done in Java.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/store/PList.java 
2402fea9b 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 55c8495e4 


Diff: https://reviews.apache.org/r/74604/diff/2/

Changes: https://reviews.apache.org/r/74604/diff/1-2/


Testing
---

Validated pagination for GET Dataset API for which ACL evaluation is in place - 
/service/gds/dataset:
API: 
http://localhost:6080/service/gds/dataset?gdsPermission=LIST=5=10
Response:
{
"startIndex": 10,
"pageSize": 5,
"totalCount": 12,
"resultSize": 2,
"sortType": "datasetId",
"sortBy": "asc",
"list": [
{
"id": 11,
"guid": "c902ce32-9bed-4422-a43b-4a4c478f5515",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1694710751099,
"updateTime": 1694710751100,
"version": 1,
"description": "This is GDS description",
"name": "Dataset95",
"termsOfUse": "Gds Terms of Use"
},
{
"id": 12,
"guid": "8fa813d0-9dd4-44cf-b283-4c50fcb28839",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1694710756341,
"updateTime": 1694710756342,
"version": 1,
"description": "This is GDS description",
"name": "Dataset96",
"termsOfUse": "Gds Terms of Use"
}
],
"listSize": 2
}


Thanks,

Subhrat Chaudhary

Review Request 74604: RANGER-4413: Fix pagination for GDS APIs

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74604/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, and Prashant Satam.


Bugs: https://issues.apache.org/jira/browse/RANGER-4413

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4413


Repository: ranger


Description
---

In Ranger, we have pagination parameters (pageSize and startIndex) to get 
paginated records, which build queries and get records from DB accordingly. For 
GDS APIs, this will not work in we have to do ACL evaluation on the records 
from DB. Pagination for GDS APIs needs to be done in Java.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 55c8495e4 


Diff: https://reviews.apache.org/r/74604/diff/1/


Testing
---

Validated pagination for GET Dataset API for which ACL evaluation is in place - 
/service/gds/dataset:
API: 
http://localhost:6080/service/gds/dataset?gdsPermission=LIST=5=10
Response:
{
"startIndex": 10,
"pageSize": 5,
"totalCount": 12,
"resultSize": 2,
"sortType": "datasetId",
"sortBy": "asc",
"list": [
{
"id": 11,
"guid": "c902ce32-9bed-4422-a43b-4a4c478f5515",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1694710751099,
"updateTime": 1694710751100,
"version": 1,
"description": "This is GDS description",
"name": "Dataset95",
"termsOfUse": "Gds Terms of Use"
},
{
"id": 12,
"guid": "8fa813d0-9dd4-44cf-b283-4c50fcb28839",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1694710756341,
"updateTime": 1694710756342,
"version": 1,
"description": "This is GDS description",
"name": "Dataset96",
"termsOfUse": "Gds Terms of Use"
}
],
"listSize": 2
}


Thanks,

Subhrat Chaudhary

Re: Review Request 74598: RANGER-4324: Implementing Acl for RangerDataSet

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74598/
---

(Updated Sept. 13, 2023, 11:33 a.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: https://issues.apache.org/jira/browse/RANGER-4324

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324


Repository: ranger


Description
---

First patch added in RANGER-4324, support only view permission. Adding this 
patch to receive permission as query param, and return datasets based on the 
ACLs for the dataset and the permission that the logged in user has.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
440bb4c24 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java d2bd0789d 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
059954b46 


Diff: https://reviews.apache.org/r/74598/diff/3/

Changes: https://reviews.apache.org/r/74598/diff/2-3/


Testing (updated)
---

Updated API validated locally:
1. 3 datasets created with the user mark having ADMIN, VIEW and LIST 
permissions respcetively.
2. Tested /service/gds/dataset with query param gdsPermission={permission}.
3. For gdsPermission=LIST, all 3 datasets are returned. Following is the 
details received if LIST permission is passed in query-param:
   {
"isEnabled": true,
"description": "This is GDS description",
"name": "Dataset1",
"termsOfUse": "Gds Terms of Use"
}
4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark has 
ADMIN or VIEW permissions.
5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark has 
ADMIN permissions.
6. If gdsPermission is not passed in query-param or if value of gdsPermission 
is invalid, default permission VIEW is considered.


Thanks,

Subhrat Chaudhary

Re: Review Request 74598: RANGER-4324: Implementing Acl for RangerDataSet

[Subhrat Chaudhary via Review Board]

> On Sept. 12, 2023, 9:47 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Line 251 (original), 251 (patched)
> > 
> >
> > User having only LIST permission should not be returned the entire 
> > dataset details. They should only be able to view following fields:
> > - name
> > - description
> > - termsOfUse

Updated to return only above fields if gdsPermission in query-param is LIST


> On Sept. 12, 2023, 9:47 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
> > Lines 220 (patched)
> > 
> >
> > with this update, gdsPermission becomes a mandatory search filter 
> > (query-param). This shouldn't be the case. Filtering should be performed 
> > only when gdsPermission is specified.

Made gdsPermission in query-param optional


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74598/#review225739
---


On Sept. 13, 2023, 12:33 a.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74598/
> ---
> 
> (Updated Sept. 13, 2023, 12:33 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Siddhesh Phatak.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4324
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> First patch added in RANGER-4324, support only view permission. Adding this 
> patch to receive permission as query param, and return datasets based on the 
> ACLs for the dataset and the permission that the logged in user has.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> 440bb4c24 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> d2bd0789d 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 059954b46 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 
> 
> 
> Diff: https://reviews.apache.org/r/74598/diff/2/
> 
> 
> Testing
> ---
> 
> Updated API validated locally:
> 1. 3 datasets created with the user mark having ADMIN, VIEW and LIST 
> permissions respcetively.
> 2. Tested /service/gds/dataset with query param gdsPermission={permission}.
> 3. For gdsPermission=LIST, all 3 datasets are returned. Following is the 
> details received if LIST permission is passed in query-param:
>{
> "isEnabled": true,
> "description": "This is GDS description",
> "name": "Dataset1",
> "termsOfUse": "Gds Terms of Use"
> }
> 4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark 
> has ADMIN or VIEW permissions.
> 5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark 
> has ADMIN permissions.
> 6. If gdsPermission is not passed in query-param or if value of gdsPermission 
> is invalid, all the datasets are returned even to which the current logged in 
> user does not have ACL permission.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Re: Review Request 74598: RANGER-4324: Implementing Acl for RangerDataSet

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74598/
---

(Updated Sept. 13, 2023, 12:33 a.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Changes
---

1. Made the query-param gdsPermission optional, if not passed filtering is 
disabled and all datasets are returned.
2. If LIST is passed as gdsPermission in query-param, only description, 
termsOfUse and name are returned in dataset.


Bugs: https://issues.apache.org/jira/browse/RANGER-4324

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324


Repository: ranger


Description
---

First patch added in RANGER-4324, support only view permission. Adding this 
patch to receive permission as query param, and return datasets based on the 
ACLs for the dataset and the permission that the logged in user has.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
440bb4c24 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java d2bd0789d 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
059954b46 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 


Diff: https://reviews.apache.org/r/74598/diff/2/

Changes: https://reviews.apache.org/r/74598/diff/1-2/


Testing (updated)
---

Updated API validated locally:
1. 3 datasets created with the user mark having ADMIN, VIEW and LIST 
permissions respcetively.
2. Tested /service/gds/dataset with query param gdsPermission={permission}.
3. For gdsPermission=LIST, all 3 datasets are returned. Following is the 
details received if LIST permission is passed in query-param:
   {
"isEnabled": true,
"description": "This is GDS description",
"name": "Dataset1",
"termsOfUse": "Gds Terms of Use"
}
4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark has 
ADMIN or VIEW permissions.
5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark has 
ADMIN permissions.
6. If gdsPermission is not passed in query-param or if value of gdsPermission 
is invalid, all the datasets are returned even to which the current logged in 
user does not have ACL permission.


Thanks,

Subhrat Chaudhary

Review Request 74598: RANGER-4324: Implementing Acl for RangerDataSet

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74598/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Siddhesh Phatak.


Bugs: https://issues.apache.org/jira/browse/RANGER-4324

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324


Repository: ranger


Description
---

First patch added in RANGER-4324, support only view permission. Adding this 
patch to receive permission as query param, and return datasets based on the 
ACLs for the dataset and the permission that the logged in user has.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
440bb4c24 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java d2bd0789d 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
059954b46 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 


Diff: https://reviews.apache.org/r/74598/diff/1/


Testing
---

Updated API validated locally:
1. 3 datasets created with the user mark having ADMIN, VIEW and LIST 
permissions respcetively.
2. Tested /service/gds/dataset with query param gdsPermission={permission}.
3. For gdsPermission=LIST, all 3 datasets are returned.
4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark has 
ADMIN or VIEW permissions.
5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark has 
ADMIN permissions.


Thanks,

Subhrat Chaudhary

Review Request 74535: RANGER-4312: Add API to reset cache of role, user. And reset policy and tag cache by service id

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74535/
---

Review request for ranger, Anand Nadar, Ankita Sinha, and madhan.


Bugs: https://issues.apache.org/jira/browse/RANGER-4312

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4312


Repository: ranger


Description
---

There are cache reset apis in place for policy and tag cache.
We need similar apis for reset  cache of user and role cache which are 
maintained in ranger admin.
We also need apis which can reset the policy and tag cache by service id.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 1b156a283 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 09154491d 
  security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java 
933104a16 
  
security-admin/src/main/java/org/apache/ranger/common/RangerUserStoreCache.java 
d4fa30419 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4bfaa862c 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
d2d76733e 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 6d0019f70 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 9a2253a3d 
  security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java 
2da72a1ea 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
03ceb6280 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
570ce874b 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
74744e6cf 


Diff: https://reviews.apache.org/r/74535/diff/1/


Testing
---

JUnits added for the new APIs.
Validated that new Junits are passing. Manually validated the new APIs for 
expected response.


Thanks,

Subhrat Chaudhary

Review Request 74505: RANGER-4302: Draft patch to add support for the GDS download API.

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74505/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4302

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4302


Repository: ranger


Description
---

Draft patch to add support for the GDS download API.
Added agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGds.java 
in line with ServiceTags.
Added 
security-admin/src/main/java/org/apache/ranger/common/RangerServiceGdsCache.java
 in line with RangerServiceTagsCache

TODO
Add support for GDS cache in security-admin


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java
 8a5734ba35e420d768cec122a5bb534e1a28b1e0 
  agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java 
53fe55336c8f177dfa1b0d9a0f3f95e0b4ece052 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 
b265e85756402aa15e065b81b1e037a890c00a7d 
  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGds.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
817bc3d38350870e04de45099b50c0e25f1d36dd 
  
security-admin/src/main/java/org/apache/ranger/common/RangerServiceGdsCache.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 
653e397d4baad148fa6b83687f9bc0d741805462 


Diff: https://reviews.apache.org/r/74505/diff/1/


Testing
---

Local build passed with the changes


Thanks,

Subhrat Chaudhary

Re: Review Request 74481: RANGER-4267: link resource-based services with gds-service

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74481/#review225554
---




security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
Lines 578 (patched)


column data type should be BIGINT - gds_service BIGINT DEFAULT NULL NULL


- Subhrat Chaudhary


On June 18, 2023, 3:59 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74481/
> ---
> 
> (Updated June 18, 2023, 3:59 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Abhay Kulkarni, 
> Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, Subhrat Chaudhary, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4267
> https://issues.apache.org/jira/browse/RANGER-4267
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> - option to automatically link resource-based services to GDS service, 
> similar to link to tag service
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java 
> 326c91cfb 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
>  9891c06c2 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
>  6ae6b6610 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  07c561506 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
>  757dc6719 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> ea8dec8c2 
>   intg/src/main/python/apache_ranger/model/ranger_service.py a1346d5b5 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> de9512624 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 91ec963ed 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> c12832d38 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  cbae01f82 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> 583464890 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 6265b8d37 
>   security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java 
> 85ce53cae 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
>  cfb0137b9 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 6348d0287 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
>  e72bd4c10 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
>  fbe5e42d4 
> 
> 
> Diff: https://reviews.apache.org/r/74481/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that created services are automatically linked with GDS service
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74405: RANGER-4195:Exposing the Ranger REST API is used to fetch the health check status of Ranger Admin

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74405/#review225492
---




security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java
Line 369 (original), 369 (patched)


If some exception is thrown here at line 369, dbVersion will be retruned as 
null, which may cause regression since currently getDBVersion is returning 
default string "Not Available". We can either initialize with a deafult string 
value at start of method or in catch method


- Subhrat Chaudhary


On May 29, 2023, 12:44 p.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74405/
> ---
> 
> (Updated May 29, 2023, 12:44 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
> Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4195
> https://issues.apache.org/jira/browse/RANGER-4195
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Exposing the Ranger REST API is used to fetch the health check status of 
> Ranger Admin
> 
> RangerAdmin Health Check JSON Response look like (In the current 
> implementation)
> {
> "status": "UP",
> "components": {
> "db": {
> "status": "UP",
> "details":
> 
> { "database": "Oracle 21.3c", "validationQuery": "SELECT banner from 
> v$version where rownum<2" }
> }
> }
> }
> In the future we can extend this health check API for other components like 
> AuditHandler (Elastic search, Kafka,HDFS, Solr),KMS ,etc
> Another Example :
> {
> "status": "UP",
> "components": {
> "db": {
> "status": "UP",
> "details":
> 
> { "database": "Oracle 21.3c", "validationQuery": "SELECT banner from 
> v$version where rownum<2" }
> },
> "auditProvider": {
> "status": "UP",
> "details":
> 
> { "provider": "Elastic Search", "providerHealthCheckEndpoint": 
> "http://localhost:9200/_cluster/health?pretty; }
> }
> }
> }
> 
> 
> As part of this PR ,we have added some refactoring stuffs as well.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
>  598659bf4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServerHealth.java
>  PRE-CREATION 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerHealth.java
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 7a7cc8137 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 04aee289e 
>   security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java 
> 0d0697990 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java 
> 7d4828ed0 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> 7f00e9dcb 
>   
> security-admin/src/main/java/org/apache/ranger/util/RangerServerHealthUtil.java
>  PRE-CREATION 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
> 807791f28 
>   security-admin/src/test/java/org/apache/ranger/biz/TestRangerBizUtil.java 
> 22e290a66 
>   security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
> 73a593e9f 
>   
> security-admin/src/test/java/org/apache/ranger/util/TestRangerServerHealthUtil.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/74405/diff/4/
> 
> 
> Testing
> ---
> 
> Tested this API and the response below 
> {"status":"UP","details":{"components":{"db":{"details":{"database":"ORACLE 
> Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - 
> Production","validationQuery":"SELECT banner from v$version where 
> rownum<2"},"status":"UP"
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Re: Review Request 74399: RANGER-4191:Expose the Ranger REST API to fetch all the roles that groups belong to

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74399/#review225476
---




security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
Lines 409 (patched)


getRolesByGroupName would be more appropriate name, since method is 
returning roles


- Subhrat Chaudhary


On April 15, 2023, 9:22 p.m., Ramachandran Krishnan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74399/
> ---
> 
> (Updated April 15, 2023, 9:22 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
> Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4191
> https://issues.apache.org/jira/browse/RANGER-4191
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Expose the below Ranger REST API to fetch all the roles that groups belong to
> /public/v2/api/roles/group/{groupName}
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 
> c19e3e1a1 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> 85cd7dd67 
>   security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4f0edd2b0 
>   security-admin/src/test/java/org/apache/ranger/biz/TestRoleDBStore.java 
> 75bdb5451 
>   security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
> 73a593e9f 
>   security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java 
> 217c1bba3 
> 
> 
> Diff: https://reviews.apache.org/r/74399/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Ramachandran Krishnan
> 
>

Review Request 74438: RANGER-4240: Optimize deletion of XXAuthSession while deleting user

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74438/
---

Review request for ranger, Ankita Sinha and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4240

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4240


Repository: ranger


Description
---

The table x_auth_session may contain records for a user in thousands. For users 
which are frequently used, this count is usually 10k to 15k, in some cases it 
can be higher.

For such a user, when delete API 

/xusers/secure/users/id/{user_id}

 is called, deletion of records from x_auth_sess can take minutes, since rows 
will be locked for deletion and following exception is noticed in logs:

java.sql.SQLException: Lock wait timeout exceeded; try restarting transaction

During testing for deletion of a user with about 30k records in x_auth_session, 
it took about 6.4 minutes.

To optimize this, we can implement RANGER-3681 for deletion of records from 
x_auth_sess.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java e3790c0f5 
  security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java 
934d25865 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 412d0b10a 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 
528f4e511 


Diff: https://reviews.apache.org/r/74438/diff/1/


Testing
---

1. Validated that existing JUnits are passing.
2. Tested the use case with the fix. Deletion of a user with 60k records in the 
table x_auth_session, completed in 2.3 sec.


Thanks,

Subhrat Chaudhary

Review Request 74298: RANGER-4023: UserStoreEnricher is not enabled if only mask conditon has attribute based expression

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74298/
---

Review request for ranger, Ankita Sinha and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4023

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4023


Repository: ranger


Description
---

When only the masking condition has an user/group attribute based expression, 
RangerUserStoreEnricher is not enabled in plugin end. As part of the fix, we 
are checking for expression in custom masking conditon.


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java 
fe1cf9244 
  
agents-common/src/test/java/org/apache/ranger/plugin/util/ServiceDefUtilTest.java
 3cd42f44f 


Diff: https://reviews.apache.org/r/74298/diff/1/


Testing
---

Valiidated userstore.json is getting created in plugin, when only the masking 
condition has user/group attribute based expression.
Validated existing test cases are passing.


Thanks,

Subhrat Chaudhary

Re: Review Request 74200: RANGER-3966: fix to use user-roles from request context consitently

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74200/#review224865
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Nov. 13, 2022, 1:09 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74200/
> ---
> 
> (Updated Nov. 13, 2022, 1:09 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
> Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3966
> https://issues.apache.org/jira/browse/RANGER-3966
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Replaced use of request.getUserRoles() with 
> RangerAccessRequestUtil.getUserRoles(request)
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
>  2430c7a74 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  006aeeecb 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  71811767b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
>  c4beabf87 
> 
> 
> Diff: https://reviews.apache.org/r/74200/diff/1/
> 
> 
> Testing
> ---
> 
> verified that all existing tests pass successfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74200: RANGER-3966: fix to use user-roles from request context consitently

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74200/#review224863
---



request.getUserRoles() is getting called in 
org.apache.ranger.plugin.service.RangerDefaultRequestProcessor --- preProcess. 
Do we need to update this instance too?

- Subhrat Chaudhary


On Nov. 13, 2022, 1:09 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74200/
> ---
> 
> (Updated Nov. 13, 2022, 1:09 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
> Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3966
> https://issues.apache.org/jira/browse/RANGER-3966
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Replaced use of request.getUserRoles() with 
> RangerAccessRequestUtil.getUserRoles(request)
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java
>  2430c7a74 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  006aeeecb 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  71811767b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
>  c4beabf87 
> 
> 
> Diff: https://reviews.apache.org/r/74200/diff/1/
> 
> 
> Testing
> ---
> 
> verified that all existing tests pass successfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74187: RANGER-3956: updated commons-text library version to 1.10.0

[Subhrat Chaudhary via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74187/#review224850
---



In know-agent/pom.xml, following dependency is duplicated

org.apache.commons
commons-text
${commons.text.version}
test


- Subhrat Chaudhary


On Nov. 1, 2022, 2:53 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74187/
> ---
> 
> (Updated Nov. 1, 2022, 2:53 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat 
> Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3956
> https://issues.apache.org/jira/browse/RANGER-3956
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated pom files to replace commons-text library version to 1.10.0
> 
> 
> Diffs
> -
> 
>   agents-audit/pom.xml 3f261b3e9 
>   agents-common/pom.xml b4ab454b3 
>   agents-cred/pom.xml ce73982a2 
>   credentialbuilder/pom.xml b8b3440e8 
>   hbase-agent/pom.xml 51e59ff03 
>   hdfs-agent/pom.xml b16fd150d 
>   kms/pom.xml 647c130fd 
>   knox-agent/pom.xml 441a1ae04 
>   plugin-schema-registry/pom.xml c85aa4dff 
>   plugin-solr/pom.xml 2445f59fa 
>   pom.xml 7c794c833 
>   ranger-authn/pom.xml 827fd0746 
>   ranger-examples/plugin-sampleapp/pom.xml 51407d028 
>   ranger-hdfs-plugin-shim/pom.xml 741182112 
>   ranger-solr-plugin-shim/pom.xml 37454b93d 
>   ranger-storm-plugin-shim/pom.xml acbd9bde4 
>   security-admin/pom.xml 33ffc95e2 
>   storm-agent/pom.xml 9d25c1a65 
> 
> 
> Diff: https://reviews.apache.org/r/74187/diff/1/
> 
> 
> Testing
> ---
> 
> - vefified that there is no dependcy on common-text library versions earlier 
> than 1.10.0 
> - verified that all tests pass successfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>