ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Re: Review Request 48064: Handle upgrade scenario in Kerberized Cluster
Date Tue, 31 May 2016 22:21:24 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48064/#review135692
-----------------------------------------------------------




security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3651)
<https://reviews.apache.org/r/48064/#comment200718>

    update serviceConfig only if the key is already not present
    
    if(!rangerService.getConfigs().containsKey(ServiceREST.Allowed_User_List_For_Grant_Revoke)
{
       rangerService.getConfigs().put(ServiceREST.Allowed_User_List_For_Grant_Revoke, serviceUser);
    }



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3653)
<https://reviews.apache.org/r/48064/#comment200719>

    update serviceConfig only if the key is already not present
    
    if(!rangerService.getConfigs().containsKey(TagREST.Allowed_User_List_For_Tag_Download)
{
       rangerService.getConfigs().put(TagREST.Allowed_User_List_For_Tag_Download, serviceUser);
    }



security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java (line 3667)
<https://reviews.apache.org/r/48064/#comment200723>

    adding a policy item to each policy during each startup does not look right. Instead,
I think we should document the necessary permission for lookup user and have a policy in each
service manually updated/created.


- Madhan Neethiraj


On May 31, 2016, 9:03 a.m., Ankita Sinha wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48064/
> -----------------------------------------------------------
> 
> (Updated May 31, 2016, 9:03 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1003
>     https://issues.apache.org/jira/browse/RANGER-1003
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> **Problem Statement**
> In secure environment after upgrade the service and policies is not updated with custom
properties for Policy/Tag download and with lookup user to have permission for Test Connection
and Resource Lookup.
> 
> **Need to implement following**
> 1. After upgrade add lookup user to have permissions in all policies.
> 2. After upgrade add custom property "policy.download.auth.users" and "tag.download.auth.users"
in Service config of each repo and "policy.grantrevoke.auth.users" for HBase/Hive.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 63c630e 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java d2178f4 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1028c8d 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java be70cfe 
> 
> Diff: https://reviews.apache.org/r/48064/diff/
> 
> 
> Testing
> -------
> 
> 1. Tested Ranger Admin with admin and keyadmin role user.
> 2. Checked when Ranger Admin starts the service/policy created in previous version is
updated in secure cluster.
> 
> 
> Thanks,
> 
> Ankita Sinha
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message