ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Agrawal (Jira)" <j...@apache.org>
Subject [jira] [Comment Edited] (RANGER-2799) update_policy only works for the same resource name?
Date Fri, 17 Apr 2020 12:54:00 GMT

    [ https://issues.apache.org/jira/browse/RANGER-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17085711#comment-17085711
] 

Pradeep Agrawal edited comment on RANGER-2799 at 4/17/20, 12:53 PM:
--------------------------------------------------------------------

Ranger APIs are REST API which accepts json data. its possible to update a policy with multiple
resources.
 # Which version of ranger are you using.
 # Which REST api are you using.
 # Have you tried that via UI or curl already.

Example :  Request and response json observed from UI.

Create policy json request : (with resource =  /temp1)
{code:java}
{"policyType":"0","name":"temppolicy1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isRecursive":true}},"isDenyAllElse":false,"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"allowExceptions":[],"denyPolicyItems":[],"denyExceptions":[],"service":"hadoopdev"}
{code}
 Create policy json response :
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332633,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}
{code}
 Update policy json request :  (with resource =  /temp1 and /temp2) 
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332636,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isRecursive":true,"isExcludes":false}},"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"1","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}{code}
 Update policy json response :
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097608531,"version":2,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"1839d8f9b559ff020dd165439f2f546c36d2270c35062863431ecab31fbf966c","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}
{code}


was (Author: pradeep.agrawal):
Ranger APIs are REST API which accepts json data. its possible to update a policy with multiple
resources.
 # Which version of ranger are you using.
 # Which REST api are you using.
 # Have you tried that via UI or curl already.

Example :  Request and response json observed from UI.

Create policy json request : (with resource =  /temp1)
{code:java}
{"policyType":"0","name":"temppolicy1","isEnabled":true,"policyPriority":0,"policyLabels":[],"description":"","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isRecursive":true}},"isDenyAllElse":false,"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"allowExceptions":[],"denyPolicyItems":[],"denyExceptions":[],"service":"hadoopdev"}
{code}
 

Create policy json response :

 
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332633,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}
{code}
 

Update policy json request :  (with resource =  /temp1 and /temp2)

 
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097332636,"version":1,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"c8d8e94aab97f89fb3ed54f715edec7a03a5423655c953bdfeeaf16280bba8ed","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isRecursive":true,"isExcludes":false}},"policyItems":[{"users":["testuser2"],"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"1","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}{code}
 

Update policy json response :

 
{code:java}
{"id":8,"guid":"0b2454ad-f105-4d69-86d1-61b0cfd7bbcd","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1587097332631,"updateTime":1587097608531,"version":2,"service":"hadoopdev","name":"temppolicy1","policyType":0,"policyPriority":0,"description":"","resourceSignature":"1839d8f9b559ff020dd165439f2f546c36d2270c35062863431ecab31fbf966c","isAuditEnabled":true,"resources":{"path":{"values":["/temp1","/temp2"],"isExcludes":false,"isRecursive":true}},"policyItems":[{"accesses":[{"type":"read","isAllowed":true},{"type":"write","isAllowed":true},{"type":"execute","isAllowed":true}],"users":["testuser2"],"groups":[],"roles":[],"conditions":[],"delegateAdmin":false}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hdfs","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false}
{code}
 

 

> update_policy only works for the same resource name?
> ----------------------------------------------------
>
>                 Key: RANGER-2799
>                 URL: https://issues.apache.org/jira/browse/RANGER-2799
>             Project: Ranger
>          Issue Type: Task
>          Components: Ranger
>            Reporter: Bhargavi
>            Priority: Major
>
> does update_policy only work for a same resource name?
> cant i have multiple resource names for a policy with update_policy using python script?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message