[Subtask] Remove MANAGED_BY_GRAVITINO limit #5336
Assignees
Labels
subtask
Subtasks of umbrella issue
Comments
17 tasks
xunliu
added a commit
to xunliu/gravitino
that referenced
this issue
Oct 29, 2024
xunliu
changed the title
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 20, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 20, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 20, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 21, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 21, 2024
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 21, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 21, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 22, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 25, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 25, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 25, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 26, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 26, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 26, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 27, 2024
… compatible for existing ranger policy
theoryxu
pushed a commit
to theoryxu/gravitino
that referenced
this issue
Nov 27, 2024
… compatible for existing ranger policy
xunliu
pushed a commit
that referenced
this issue
Nov 27, 2024
…atible for existing ranger policy (#5629) ### What changes were proposed in this pull request? Many clients and users have used Ranger for a while. Gravitino should be compatible with these cases. There are some principles Gravitino needs to follow when it pushes down policies: 1. Gravitino can't modify existing policy names because users may have their own name rules. 2. Gravitino and users could share the same policy and not disturb each other for the same resource. For the target, this PR includes the following changes: 1. `wildcardSearchPolies` removes the `MANAGED_BY_GRAVITINO` filter. 2. Gravitino managed role name add the prefix `GRAVITINO_`. 3. Using Gravitino Managed role to identify and operate policy items. Despite doing these, users should be cautious about directly managing the ranger policy. There are some restricts: 1. Don't directly rename Gravitino-managed policies. 2. Don't directly modify policy resources in the policy that have Gravitino Managed roles. 3. Don't directly modify policy items that have Gravitino Managed roles. ### Why are the changes needed? Fix: #5336 ### Does this PR introduce _any_ user-facing change? N/A ### How was this patch tested? Added ITs --------- Co-authored-by: theoryxu <theoryxu@tencent.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the subtask
Currently, Gravitino only operation have
MANAGED_BY_GRAVITINOlabel's Ranger Policy.If a user has a Ranger service and this Ranger already has some Ranger Policy.
When Gravitino will push down a Ranger Policy, if this Policy manage resource already exist in the Ranger service and this Policy doesn't have
MANAGED_BY_GRAVITINOlabel, then Gravitino will throw exception.Parent issue
#5115
The text was updated successfully, but these errors were encountered: