This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 136ace27c67fded9934803151d94c0bedf44a391
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Mon Oct 19 17:41:47 2020 -0700

    RANGER-3047: updated Hadoop version from 3.1.1 to 3.3.0
---
 agents-audit/pom.xml                               |   5 +
 distro/src/main/assembly/admin-web.xml             |   3 +-
 distro/src/main/assembly/hbase-agent.xml           |   1 +
 embeddedwebserver/pom.xml                          |   5 +
 hbase-agent/pom.xml                                |  50 ++++++-
 .../hbase/RangerAuthorizationCoprocessor.java      |  44 ++++---
 .../hbase/HBaseRangerAuthorizationTest.java        |  16 ++-
 hive-agent/pom.xml                                 |   6 +
 .../services/hive/HIVERangerAuthorizerTest.java    |   1 +
 knox-agent/pom.xml                                 |   3 +-
 .../ranger/services/ozone/client/OzoneClient.java  |   3 +-
 plugin-schema-registry/pom.xml                     |   7 +-
 .../DefaultSchemaRegistryClientTest.java           |   3 +-
 pom.xml                                            |  17 +--
 .../security/access/RangerAccessControlLists.java  | 104 ---------------
 .../hbase/RangerAuthorizationCoprocessor.java      |  18 +++
 .../ozone/authorizer/RangerOzoneAuthorizer.java    |   8 +-
 security-admin/scripts/setup.sh                    | 144 +++++++++++----------
 .../process/TestUnixUserGroupBuilder.java          |   4 +-
 19 files changed, 225 insertions(+), 217 deletions(-)

diff --git a/agents-audit/pom.xml b/agents-audit/pom.xml
index 85effa6..d2e7098 100644
--- a/agents-audit/pom.xml
+++ b/agents-audit/pom.xml
@@ -38,6 +38,11 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>${commons.lang.version}</version>
+        </dependency>
+        <dependency>
             <groupId>commons-logging</groupId>
             <artifactId>commons-logging</artifactId>
             <version>${commons.logging.version}</version>
diff --git a/distro/src/main/assembly/admin-web.xml 
b/distro/src/main/assembly/admin-web.xml
index 19ab3bc..872747a 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -248,6 +248,7 @@
           
<include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include>
           
<include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include>
           
<include>org.apache.commons:commons-configuration2:jar:${commons.configuration.version}</include>
+          
<include>org.apache.commons:commons-lang3:jar:${commons.lang3.version}</include>
           
<include>com.kstruct:gethostname4j:jar:${kstruct.gethostname4j.version}</include>
           <include>net.java.dev.jna:jna:jar:${jna.version}</include>
           
<include>net.java.dev.jna:jna-platform:jar:${jna-platform.version}</include>
@@ -290,10 +291,10 @@
           <include>commons-configuration:commons-configuration</include>
           <include>commons-io:commons-io:jar:${commons.io.version}</include>
           <include>commons-lang:commons-lang</include>
-          <include>commons-lang3:commons-lang3</include>
           <include>commons-logging:commons-logging</include>
           <include>com.google.guava:guava</include>
           <include>org.slf4j:slf4j-api</include>
+          <include>org.apache.commons:commons-lang3</include>
           <include>org.apache.hadoop:hadoop-common</include>
           <include>org.apache.hadoop:hadoop-auth</include>
           
<include>org.apache.htrace:htrace-core4:jar:${htrace-core.version}</include>
diff --git a/distro/src/main/assembly/hbase-agent.xml 
b/distro/src/main/assembly/hbase-agent.xml
index 2a1d0b4..05b4bb0 100644
--- a/distro/src/main/assembly/hbase-agent.xml
+++ b/distro/src/main/assembly/hbase-agent.xml
@@ -55,6 +55,7 @@
         <includes>
           
<include>com.sun.jersey:jersey-client:jar:${jersey-bundle.version}</include>
           
<include>com.sun.jersey:jersey-core:jar:${jersey-bundle.version}</include>
+          
<include>org.codehaus.jackson:jackson-jaxrs:jar:${codehaus.jackson.version}</include>
           <include>org.eclipse.persistence:eclipselink</include>
           <include>org.eclipse.persistence:javax.persistence</include>
           
<include>org.apache.httpcomponents:httpmime:jar:${httpcomponents.httpmime.version}</include>
diff --git a/embeddedwebserver/pom.xml b/embeddedwebserver/pom.xml
index 1d1128c..e00f5a1 100644
--- a/embeddedwebserver/pom.xml
+++ b/embeddedwebserver/pom.xml
@@ -88,5 +88,10 @@
             <artifactId>credentialbuilder</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>${commons.lang3.version}</version>
+        </dependency>
     </dependencies>
 </project>
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index dd7c78d..03396ea 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -23,7 +23,8 @@
     <packaging>jar</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <hadoop.hbase.version>2.5.1</hadoop.hbase.version>
+        <hbase.jetty.version>9.3.27.v20190418</hbase.jetty.version>
+        <hadoop.version>3.1.1</hadoop.version>
     </properties>
     <parent>
         <groupId>org.apache.ranger</groupId>
@@ -48,6 +49,17 @@
             </exclusions>
         </dependency>
         <dependency>
+            <groupId>org.apache.hbase</groupId>
+            <artifactId>hbase-common</artifactId>
+            <version>${hbase.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.apache.ranger</groupId>
             <artifactId>ranger-plugins-common</artifactId>
             <version>${project.version}</version>
@@ -146,6 +158,19 @@
             </exclusions>
         </dependency>
         <dependency>
+            <groupId>org.apache.hbase</groupId>
+            <artifactId>hbase-common</artifactId>
+            <version>${hbase.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-minicluster</artifactId>
             <version>${hadoop.version}</version>
@@ -168,6 +193,29 @@
             <version>${hadoop.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-server</artifactId>
+            <version>${hbase.jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-http</artifactId>
+            <version>${hbase.jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-util</artifactId>
+            <version>${hbase.jetty.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testResources>
diff --git 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index ec6dfdd..b9dd52e 100644
--- 
a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ 
b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -49,6 +49,7 @@ import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.security.UserProvider;
 import org.apache.hadoop.hbase.security.access.*;
 import org.apache.hadoop.hbase.security.access.Permission.Action;
+import org.apache.hadoop.hbase.security.access.Permission.Builder;
 import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
 import org.apache.hadoop.hbase.shaded.protobuf.ResponseConverter;
 import 
org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.CleanupBulkLoadRequest;
@@ -1335,6 +1336,11 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
        }
 
        @Override
+       public void hasPermission(RpcController controller, 
AccessControlProtos.HasPermissionRequest request, 
RpcCallback<AccessControlProtos.HasPermissionResponse> done) {
+               LOG.debug("hasPermission(): ");
+       }
+
+       @Override
        public void checkPermissions(RpcController controller, 
AccessControlProtos.CheckPermissionsRequest request, 
RpcCallback<AccessControlProtos.CheckPermissionsResponse> done) {
                LOG.debug("checkPermissions(): ");
        }
@@ -1396,8 +1402,8 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                                        }
                                });
                                if (_userUtils.isSuperUser(user)) {
-                                       perms.add(new 
UserPermission(Bytes.toBytes(_userUtils.getUserAsString(user)),
-                                                       
AccessControlLists.ACL_TABLE_NAME, null, Action.values()));
+                                       perms.add(new 
UserPermission(_userUtils.getUserAsString(user),
+                                                                    
Permission.newBuilder(AccessControlLists.ACL_TABLE_NAME).withActions(Action.values()).build()));
                                }
                        }
                        response = 
AccessControlUtil.buildGetUserPermissionsResponse(perms);
@@ -1439,11 +1445,11 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                        if (!allowedPermissions.isEmpty()) {
                                UserPermission up = null;
                                if (isNamespace) {
-                                       up = new 
UserPermission(Bytes.toBytes(user), resource,
-                                                       
allowedPermissions.toArray(new Action[allowedPermissions.size()]));
+                                       up = new UserPermission(user,
+                                                                
Permission.newBuilder(resource).withActions(allowedPermissions.toArray(new 
Action[allowedPermissions.size()])).build());
                                } else {
-                                       up = new 
UserPermission(Bytes.toBytes(user), TableName.valueOf(resource), null, null,
-                                                       
allowedPermissions.toArray(new Action[allowedPermissions.size()]));
+                                       up = new UserPermission(user,
+                                                                
Permission.newBuilder(TableName.valueOf(resource)).withActions(allowedPermissions.toArray(new
 Action[allowedPermissions.size()])).build());
                                }
                                userPermissions.add(up);
                        }
@@ -1455,8 +1461,8 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                AccessControlProtos.Permission     perm = up == null ? null : 
up.getPermission();
 
                UserPermission      userPerm  = up == null ? null : 
AccessControlUtil.toUserPermission(up);
-               Permission.Action[] actions   = userPerm == null ? null : 
userPerm.getActions();
-               String              userName  = userPerm == null ? null : 
Bytes.toString(userPerm.getUser());
+               Permission.Action[] actions   = userPerm == null ? null : 
userPerm.getPermission().getActions();
+               String              userName  = userPerm == null ? null : 
userPerm.getUser();
                String              nameSpace = null;
                String              tableName = null;
                String              colFamily = null;
@@ -1480,13 +1486,15 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                        break;
 
                        case Table:
-                               tableName = 
Bytes.toString(userPerm.getTableName().getName());
-                               colFamily = 
Bytes.toString(userPerm.getFamily());
-                               qualifier = 
Bytes.toString(userPerm.getQualifier());
+                               TablePermission tablePerm = 
(TablePermission)userPerm.getPermission();
+                               tableName = 
Bytes.toString(tablePerm.getTableName().getName());
+                               colFamily = 
Bytes.toString(tablePerm.getFamily());
+                               qualifier = 
Bytes.toString(tablePerm.getQualifier());
                        break;
 
                        case Namespace:
-                               nameSpace = userPerm.getNamespace();
+                               NamespacePermission namepsacePermission = 
(NamespacePermission)userPerm.getPermission();
+                               nameSpace = namepsacePermission.getNamespace();
                        break;
                }
                
@@ -1570,7 +1578,7 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                AccessControlProtos.Permission     perm = up == null ? null : 
up.getPermission();
 
                UserPermission      userPerm  = up == null ? null : 
AccessControlUtil.toUserPermission(up);
-               String              userName  = userPerm == null ? null : 
Bytes.toString(userPerm.getUser());
+               String              userName  = userPerm == null ? null : 
userPerm.getUser();
                String              nameSpace = null;
                String              tableName = null;
                String              colFamily = null;
@@ -1590,13 +1598,15 @@ public class RangerAuthorizationCoprocessor implements 
AccessControlService.Inte
                        break;
 
                        case Table :
-                               tableName = 
Bytes.toString(userPerm.getTableName().getName());
-                               colFamily = 
Bytes.toString(userPerm.getFamily());
-                               qualifier = 
Bytes.toString(userPerm.getQualifier());
+                               TablePermission tablePerm = 
(TablePermission)userPerm.getPermission();
+                               tableName = 
Bytes.toString(tablePerm.getTableName().getName());
+                               colFamily = 
Bytes.toString(tablePerm.getFamily());
+                               qualifier = 
Bytes.toString(tablePerm.getQualifier());
                        break;
 
                        case Namespace:
-                               nameSpace = userPerm.getNamespace();
+                               NamespacePermission namespacePermission = 
(NamespacePermission)userPerm.getPermission();
+                               nameSpace = namespacePermission.getNamespace();
                        break;
                }
 
diff --git 
a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
 
b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
index 537c0b6..5241242 100644
--- 
a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
+++ 
b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
@@ -24,6 +24,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
@@ -43,6 +44,7 @@ import org.apache.hadoop.hbase.client.Result;
 import org.apache.hadoop.hbase.client.SnapshotDescription;
 import org.apache.hadoop.hbase.client.Table;
 import org.apache.hadoop.hbase.security.access.AccessControlClient;
+import org.apache.hadoop.hbase.security.access.NamespacePermission;
 import org.apache.hadoop.hbase.security.access.Permission;
 import org.apache.hadoop.hbase.security.access.UserPermission;
 import org.apache.hadoop.hbase.util.Bytes;
@@ -76,8 +78,7 @@ public class HBaseRangerAuthorizationTest {
 
     private static int port;
     private static HBaseTestingUtility utility;
-    
-    
+
     @org.junit.BeforeClass
     public static void setup() throws Exception {
         port = getFreePort();
@@ -1007,8 +1008,8 @@ public class HBaseRangerAuthorizationTest {
                                }
                                boolean found = false;
                                for (UserPermission namespacePermission : 
userPermissions) {
-                                       if (namespacePermission.hasNamespace()) 
{
-                                               found = 
Bytes.equals(namespacePermission.getUser(), Bytes.toBytes("@QA"));
+                                       if (namespacePermission.getPermission() 
instanceof NamespacePermission) {
+                                               found = 
StringUtils.equals(namespacePermission.getUser(), "@QA");
                                                if (found) {
                                                        break;
                                                }
@@ -1025,8 +1026,10 @@ public class HBaseRangerAuthorizationTest {
                } catch (Throwable e) {
                        throw new Exception(e);
                }
-               UserPermission userPermission = new 
UserPermission(Bytes.toBytes("@IT"), TableName.valueOf("temp5"), null,
-                               Permission.Action.READ, 
Permission.Action.WRITE, Permission.Action.EXEC);
+
+               UserPermission userPermission = new UserPermission("@IT",
+                               
Permission.newBuilder(TableName.valueOf("temp5")).withActions(Permission.Action.READ,
 Permission.Action.WRITE, Permission.Action.EXEC).build());
+
                Assert.assertTrue("@IT permission should be there", 
userPermissions.contains(userPermission));
 
        }
@@ -1037,5 +1040,4 @@ public class HBaseRangerAuthorizationTest {
         serverSocket.close();
         return port;
     }
-
 }
diff --git a/hive-agent/pom.xml b/hive-agent/pom.xml
index e29a433..bfe8d47 100644
--- a/hive-agent/pom.xml
+++ b/hive-agent/pom.xml
@@ -23,6 +23,7 @@
     <packaging>jar</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <hadoop.version>3.1.1</hadoop.version>
     </properties>
     <parent>
         <groupId>org.apache.ranger</groupId>
@@ -112,6 +113,11 @@
             <version>${hadoop.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testResources>
diff --git 
a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
 
b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
index f901f71..2f6f1d8 100644
--- 
a/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
+++ 
b/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
@@ -57,6 +57,7 @@ import org.junit.Test;
  * b) The tag "HiveDatabaseTag" is associated with "create" permission to the 
"dev" group to the "hivetable" database.
  * c) The tag "HiveColumnTag" is associated with "select" permission to the 
"frank" user to the "word" column of the "words" table.
  */
[email protected]
 public class HIVERangerAuthorizerTest {
 
     private static final File hdfsBaseDir = new 
File("./target/hdfs/").getAbsoluteFile();
diff --git a/knox-agent/pom.xml b/knox-agent/pom.xml
index 87eb836..49623c3 100644
--- a/knox-agent/pom.xml
+++ b/knox-agent/pom.xml
@@ -23,6 +23,7 @@
     <packaging>jar</packaging>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <knox.jetty.version>9.4.31.v20200723</knox.jetty.version>
     </properties>
     <parent>
         <groupId>org.apache.ranger</groupId>
@@ -167,7 +168,7 @@
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-server</artifactId>
-            <version>9.4.12.v20180830</version>
+            <version>${knox.jetty.version}</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
diff --git 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
index 0f6be18..695510f 100644
--- 
a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
+++ 
b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/client/OzoneClient.java
@@ -22,6 +22,7 @@ package org.apache.ranger.services.ozone.client;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdds.conf.OzoneConfiguration;
 import org.apache.hadoop.ozone.client.OzoneBucket;
 import org.apache.hadoop.ozone.client.OzoneClientFactory;
 import org.apache.hadoop.ozone.client.OzoneKey;
@@ -53,7 +54,7 @@ public class OzoneClient extends BaseClient {
                 conf.set(key, value);
             }
         }
-        ozoneClient = 
OzoneClientFactory.getRpcClient(conf.get("ozone.om.http-address"));
+        ozoneClient = OzoneClientFactory.getRpcClient(new 
OzoneConfiguration(conf));
     }
 
     public void close() {
diff --git a/plugin-schema-registry/pom.xml b/plugin-schema-registry/pom.xml
index 8ff8159..28e8b7e 100644
--- a/plugin-schema-registry/pom.xml
+++ b/plugin-schema-registry/pom.xml
@@ -37,7 +37,7 @@
         <kafkaArtifact>kafka_2.11</kafkaArtifact>
         <jersey.version>2.22.1</jersey.version>
         <junit.version>4.5</junit.version>
-        <schema.registry.version>0.8.1</schema.registry.version>
+        <schema.registry.version>0.9.1</schema.registry.version>
         <jettison.version>1.1</jettison.version>
         <servlet-api.version>3.0.1</servlet-api.version>
     </properties>
@@ -225,6 +225,11 @@
             <version>${servlet-api.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.glassfish.jersey.core</groupId>
+            <artifactId>jersey-client</artifactId>
+            <version>${jersey.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git 
a/plugin-schema-registry/src/test/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClientTest.java
 
b/plugin-schema-registry/src/test/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClientTest.java
index 7eaaab9..4f2c12e 100644
--- 
a/plugin-schema-registry/src/test/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClientTest.java
+++ 
b/plugin-schema-registry/src/test/java/org/apache/ranger/services/schema/registry/client/connection/DefaultSchemaRegistryClientTest.java
@@ -41,6 +41,7 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 
[email protected]
 public class DefaultSchemaRegistryClientTest {
 
     private static final String V1_API_PATH = "api/v1";
@@ -187,4 +188,4 @@ public class DefaultSchemaRegistryClientTest {
     public void checkConnection2() throws Exception {
         new DefaultSchemaRegistryClient(new HashMap<>()).checkConnection();
     }
-}
\ No newline at end of file
+}
diff --git a/pom.xml b/pom.xml
index 55b3acb..cd60038 100644
--- a/pom.xml
+++ b/pom.xml
@@ -103,6 +103,7 @@
         <commons.digester.version>2.1</commons.digester.version>
         <commons.io.version>2.5</commons.io.version>
         <commons.lang.version>2.6</commons.lang.version>
+        <commons.lang3.version>3.3.2</commons.lang3.version>
         <commons.logging.version>1.2</commons.logging.version>
         <commons.math.version>2.2</commons.math.version>
         <commons.net.version>3.6</commons.net.version>
@@ -113,18 +114,18 @@
         <elasticsearch.version>7.6.0</elasticsearch.version>
         <enunciate.version>2.11.1</enunciate.version>
         <findbugs.plugin.version>3.0.3</findbugs.plugin.version>
-        <google.guava.version>25.1-jre</google.guava.version>
+        <google.guava.version>27.0-jre</google.guava.version>
         <googlecode.log4jdbc.version>1.2</googlecode.log4jdbc.version>
         <gson.version>2.2.4</gson.version>
         <guice.version>4.0</guice.version>
-        <hadoop.version>3.1.1</hadoop.version>
-        <ozone.version>0.4.0-alpha</ozone.version>
+        <hadoop.version>3.3.0</hadoop.version>
+        <ozone.version>1.0.0</ozone.version>
         <hamcrest.all.version>1.3</hamcrest.all.version>
-        <hbase.version>2.0.2</hbase.version>
+        <hbase.version>2.2.6</hbase.version>
         <hive.version>3.1.2</hive.version>
-        <hbase-shaded-protobuf>2.0.0</hbase-shaded-protobuf>
-        <hbase-shaded-netty>2.0.0</hbase-shaded-netty>
-        <hbase-shaded-miscellaneous>2.0.0</hbase-shaded-miscellaneous>
+        <hbase-shaded-protobuf>3.3.0</hbase-shaded-protobuf>
+        <hbase-shaded-netty>3.3.0</hbase-shaded-netty>
+        <hbase-shaded-miscellaneous>3.3.0</hbase-shaded-miscellaneous>
         <libfb303.version>0.9.3</libfb303.version>
         <libthrift.version>0.13.0</libthrift.version>
         <htrace-core.version>4.1.0-incubating</htrace-core.version>
@@ -153,7 +154,7 @@
         <junit.version>4.12</junit.version>
         <kafka.version>2.4.0</kafka.version>
         <kerby.version>1.0.0</kerby.version>
-        <knox.gateway.version>1.2.0</knox.gateway.version>
+        <knox.gateway.version>1.4.0</knox.gateway.version>
         <kylin.version>2.6.4</kylin.version>
         <libpam4j.version>1.10</libpam4j.version>
         <local.lib.dir>${project.basedir}/../lib/local</local.lib.dir>
diff --git 
a/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
 
b/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
deleted file mode 100644
index 8da972a..0000000
--- 
a/ranger-hbase-plugin-shim/src/main/java/org/apache/hadoop/hbase/security/access/RangerAccessControlLists.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/**
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hbase.security.access;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-
-import org.apache.hadoop.hbase.TableExistsException;
-import org.apache.hadoop.hbase.master.MasterServices;
-import org.apache.log4j.Logger;
-
-
-public class RangerAccessControlLists {
-       
-       private static final Logger LOG = 
Logger.getLogger(RangerAccessControlLists.class);
-       
-       public static void init(MasterServices master) throws IOException {
-
-               Class<AccessControlLists> accessControlListsClass = 
AccessControlLists.class;
-               String cName = accessControlListsClass.getName();
-
-               Class<?>[] params = new Class[1];
-               params[0] = MasterServices.class;
-               
-               for (String mname : new String[] { "init", "createACLTable" } ) 
{
-                       try {
-                               try {
-                                       Method m = 
accessControlListsClass.getDeclaredMethod(mname, params);
-                                       if (m != null) {
-                                               try {
-                                                       
-                                                       try {
-                                                               m.invoke(null, 
master);
-                                                               
logInfo("Execute method name [" + mname + "] in Class [" +  cName + "] is 
successful.");
-                                                       } catch 
(InvocationTargetException e) {
-                                                               Throwable cause 
= e;
-                                                               boolean 
tableExistsExceptionFound = false;
-                                                               if  (e != null) 
{       
-                                                                       
Throwable ecause = e.getTargetException();
-                                                                       if 
(ecause != null) {
-                                                                               
cause = ecause;
-                                                                               
if (ecause instanceof TableExistsException) {
-                                                                               
        tableExistsExceptionFound = true;
-                                                                               
}
-                                                                       }
-                                                               }
-                                                               if (! 
tableExistsExceptionFound) {
-                                                                       
logError("Unable to execute the method [" + mname + "] on [" + cName + "] due 
to exception", cause);
-                                                                       throw 
new IOException(cause);
-                                                               }
-                                                       }
-                                                       return;
-                                               } catch 
(IllegalArgumentException e) {
-                                                       logError("Unable to 
execute method name [" + mname + "] in Class [" +  cName + "].", e);
-                                                       throw new 
IOException(e);
-                                               } catch (IllegalAccessException 
e) {
-                                                       logError("Unable to 
execute method name [" + mname + "] in Class [" +  cName + "].", e);
-                                                       throw new 
IOException(e);
-                                               }
-                                       }
-                               }
-                               catch(NoSuchMethodException nsme) {
-                                       logInfo("Unable to get method name [" + 
mname + "] in Class [" +  cName + "]. Ignoring the exception");
-                               }
-                       } catch (SecurityException e) {
-                               logError("Unable to get method name [" + mname 
+ "] in Class [" +  cName + "].", e);
-                               throw new IOException(e);
-                       }
-               }
-               throw new IOException("Unable to initialize() [" + cName + "]");
-       }
-       
-       
-       private static void logInfo(String msg) {
-               // System.out.println(msg);
-               LOG.info(msg);
-       }
-
-       private static void logError(String msg, Throwable t) {
-//             System.err.println(msg);
-//             if (t != null) {
-//                     t.printStackTrace(System.err);
-//             }
-               LOG.error(msg, t);
-       }
-
-}
diff --git 
a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 
b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index 50bec07..a2089f7 100644
--- 
a/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ 
b/ranger-hbase-plugin-shim/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -1116,6 +1116,24 @@ public class RangerAuthorizationCoprocessor implements 
RegionCoprocessor, Master
        }
 
        @Override
+       public void hasPermission(RpcController controller, 
AccessControlProtos.HasPermissionRequest request, 
RpcCallback<AccessControlProtos.HasPermissionResponse> done) {
+               if(LOG.isDebugEnabled()) {
+                       LOG.debug("==> 
RangerAuthorizationCoprocessor.hasPermission()");
+               }
+
+               try {
+                       activatePluginClassLoader();
+                       implAccessControlService.hasPermission(controller, 
request, done);
+               } finally {
+                       deactivatePluginClassLoader();
+               }
+
+               if(LOG.isDebugEnabled()) {
+                       LOG.debug("<== 
RangerAuthorizationCoprocessor.hasPermission()");
+               }
+       }
+
+       @Override
        public void getUserPermissions(RpcController controller, 
GetUserPermissionsRequest request,     RpcCallback<GetUserPermissionsResponse> 
done) {
                if(LOG.isDebugEnabled()) {
                        LOG.debug("==> 
RangerAuthorizationCoprocessor.getUserPermissions()");
diff --git 
a/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
 
b/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
index 5d7c291..d7f8f52 100644
--- 
a/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
+++ 
b/ranger-ozone-plugin-shim/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
@@ -21,9 +21,9 @@ package org.apache.ranger.authorization.ozone.authorizer;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.ozone.om.exceptions.OMException;
 import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
 import org.apache.hadoop.ozone.security.acl.IOzoneObj;
-import org.apache.hadoop.ozone.security.acl.OzoneAclException;
 import org.apache.hadoop.ozone.security.acl.RequestContext;
 import org.apache.ranger.plugin.classloader.RangerPluginClassLoader;
 
@@ -76,11 +76,11 @@ public class RangerOzoneAuthorizer implements 
IAccessAuthorizer {
     }
 
     @Override
-    public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context) 
throws OzoneAclException {
+    public boolean checkAccess(IOzoneObj ozoneObject, RequestContext context) 
throws OMException {
 
         boolean ret = false;
 
-        if(LOG.isDebugEnabled()) {
+        if (LOG.isDebugEnabled()) {
             LOG.debug("==> RangerOzoneAuthorizer.checkAccess()");
         }
 
@@ -92,7 +92,7 @@ public class RangerOzoneAuthorizer implements 
IAccessAuthorizer {
             deactivatePluginClassLoader();
         }
 
-        if(LOG.isDebugEnabled()) {
+        if (LOG.isDebugEnabled()) {
             LOG.debug("<== RangerOzoneAuthorizer.checkAccess()");
         }
 
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 949c242..696d0c9 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -798,16 +798,16 @@ update_properties() {
                propertyName=ranger.jpa.jdbc.password
                newPropertyValue="_"
                updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_ranger
-       else
-               propertyName=ranger.jpa.jdbc.password
-               newPropertyValue="${db_password}"
-               updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_ranger
-       fi
 
-       if test -f $keystore; then
-               #echo "$keystore found."
-               chown -R ${unix_user}:${unix_group} ${keystore}
-               chmod 640 ${keystore}
+               if test -f "${keystore}"; then
+                       #echo "$keystore found."
+                       chown -R ${unix_user}:${unix_group} ${keystore}
+                       chmod 640 ${keystore}
+               else
+                       propertyName=ranger.jpa.jdbc.password
+                       newPropertyValue="${db_password}"
+                       updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_ranger
+               fi
        else
                propertyName=ranger.jpa.jdbc.password
                newPropertyValue="${db_password}"
@@ -844,14 +844,14 @@ update_properties() {
                                propertyName=ranger.solr.audit.user.password
                                newPropertyValue="_"
                                updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
-                       else
-                               propertyName=ranger.solr.audit.user.password
-                               newPropertyValue="${audit_solr_password}"
-                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
-                       fi
 
-                       if test -f $keystore; then
-                               chown -R ${unix_user}:${unix_group} ${keystore}
+                               if test -f "${keystore}"; then
+                                       chown -R ${unix_user}:${unix_group} 
${keystore}
+                               else
+                                       
propertyName=ranger.solr.audit.user.password
+                                       
newPropertyValue="${audit_solr_password}"
+                                       updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
+                               fi
                        else
                                propertyName=ranger.solr.audit.user.password
                                newPropertyValue="${audit_solr_password}"
@@ -911,14 +911,14 @@ update_properties() {
                        updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
 
                        $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l 
"cred/lib/*" -f "$keystore" -k "$javax_net_ssl_keyStoreAlias" -v 
"$javax_net_ssl_keyStorePassword" -c 1
-               else
-                       propertyName=ranger.keystore.password
-                       newPropertyValue="${javax_net_ssl_keyStorePassword}"
-                       updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
-               fi
 
-               if test -f $keystore; then
-                       chown -R ${unix_user}:${unix_group} ${keystore}
+                       if test -f "${keystore}"; then
+                               chown -R ${unix_user}:${unix_group} ${keystore}
+                       else
+                               propertyName=ranger.keystore.password
+                               
newPropertyValue="${javax_net_ssl_keyStorePassword}"
+                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_default
+                       fi
                else
                        propertyName=ranger.keystore.password
                        newPropertyValue="${javax_net_ssl_keyStorePassword}"
@@ -944,13 +944,14 @@ update_properties() {
                        updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
 
                        $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l 
"cred/lib/*" -f "$keystore" -k "$javax_net_ssl_trustStoreAlias" -v 
"$javax_net_ssl_trustStorePassword" -c 1
-               else
-                       propertyName=ranger.truststore.password
-                       newPropertyValue="${javax_net_ssl_trustStorePassword}"
-                       updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
-               fi
-               if test -f $keystore; then
-                       chown -R ${unix_user}:${unix_group} ${keystore}
+
+                       if test -f "${keystore}"; then
+                               chown -R ${unix_user}:${unix_group} ${keystore}
+                       else
+                               propertyName=ranger.truststore.password
+                               
newPropertyValue="${javax_net_ssl_trustStorePassword}"
+                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_default
+                       fi
                else
                        propertyName=ranger.truststore.password
                        newPropertyValue="${javax_net_ssl_trustStorePassword}"
@@ -993,13 +994,14 @@ update_properties() {
                                newPropertyValue="_"
                                updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
                                $PYTHON_COMMAND_INVOKER 
ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k 
"$policymgr_https_keystore_credential_alias" -v 
"$policymgr_https_keystore_password" -c 1
-                       else
-                               
propertyName=ranger.service.https.attrib.keystore.pass
-                               
newPropertyValue="${policymgr_https_keystore_password}"
-                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
-                       fi
-                       if test -f $keystore; then
-                               chown -R ${unix_user}:${unix_group} ${keystore}
+
+                               if test -f "${keystore}"; then
+                                       chown -R ${unix_user}:${unix_group} 
${keystore}
+                               else
+                                       
propertyName=ranger.service.https.attrib.keystore.pass
+                                       
newPropertyValue="${policymgr_https_keystore_password}"
+                                       updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_ranger
+                               fi
                        else
                                
propertyName=ranger.service.https.attrib.keystore.pass
                                
newPropertyValue="${policymgr_https_keystore_password}"
@@ -1024,13 +1026,14 @@ update_properties() {
                        newPropertyValue="_"
                        updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
                        $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l 
"cred/lib/*" -f "$keystore" -k "$ranger_unixauth_keystore_alias" -v 
"$ranger_unixauth_keystore_password" -c 1
-               else
-                       propertyName=ranger.unixauth.keystore.password
-                       newPropertyValue="${ranger_unixauth_keystore_password}"
-                       updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
-               fi
-               if test -f $keystore; then
-                       chown -R ${unix_user}:${unix_group} ${keystore}
+
+                       if test -f "${keystore}"; then
+                               chown -R ${unix_user}:${unix_group} ${keystore}
+                       else
+                               propertyName=ranger.unixauth.keystore.password
+                               
newPropertyValue="${ranger_unixauth_keystore_password}"
+                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_default
+                       fi
                else
                        propertyName=ranger.unixauth.keystore.password
                        newPropertyValue="${ranger_unixauth_keystore_password}"
@@ -1055,13 +1058,14 @@ update_properties() {
                        newPropertyValue="_"
                        updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
                        $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l 
"cred/lib/*" -f "$keystore" -k "$ranger_unixauth_truststore_alias" -v 
"$ranger_unixauth_truststore_password" -c 1
-               else
-                       propertyName=ranger.unixauth.truststore.password
-                       
newPropertyValue="${ranger_unixauth_truststore_password}"
-                       updatePropertyToFilePy $propertyName $newPropertyValue 
$to_file_default
-               fi
-               if test -f $keystore; then
-                       chown -R ${unix_user}:${unix_group} ${keystore}
+
+                       if test -f $keystore; then
+                               chown -R ${unix_user}:${unix_group} ${keystore}
+                       else
+                               propertyName=ranger.unixauth.truststore.password
+                               
newPropertyValue="${ranger_unixauth_truststore_password}"
+                               updatePropertyToFilePy $propertyName 
$newPropertyValue $to_file_default
+                       fi
                else
                        propertyName=ranger.unixauth.truststore.password
                        
newPropertyValue="${ranger_unixauth_truststore_password}"
@@ -1181,15 +1185,16 @@ do_authentication_setup(){
                                        else
                                                log "[E] $to_file_default does 
not exists" ; exit 1;
                                        fi
-                               else
-                                       propertyName=ranger.ldap.bind.password
-                                       
newPropertyValue="${xa_ldap_bind_password}"
-                                       updatePropertyToFilePy $propertyName 
$newPropertyValue $ldap_file
-                               fi
-                               if test -f $keystore; then
-                                       #echo "$keystore found."
-                                       chown -R ${unix_user}:${unix_group} 
${keystore}
-                                       chmod 640 ${keystore}
+
+                                       if test -f $keystore; then
+                                               #echo "$keystore found."
+                                               chown -R 
${unix_user}:${unix_group} ${keystore}
+                                               chmod 640 ${keystore}
+                                       else
+                                               
propertyName=ranger.ldap.bind.password
+                                               
newPropertyValue="${xa_ldap_bind_password}"
+                                               updatePropertyToFilePy 
$propertyName $newPropertyValue $ldap_file
+                                       fi
                                else
                                        propertyName=ranger.ldap.bind.password
                                        
newPropertyValue="${xa_ldap_bind_password}"
@@ -1267,15 +1272,16 @@ do_authentication_setup(){
                                        else
                                                log "[E] $to_file_default does 
not exists" ; exit 1;
                                        fi
-                               else
-                                       
propertyName=ranger.ldap.ad.bind.password
-                                       
newPropertyValue="${xa_ldap_ad_bind_password}"
-                                       updatePropertyToFilePy $propertyName 
$newPropertyValue $ldap_file
-                               fi
-                               if test -f $keystore; then
-                                       #echo "$keystore found."
-                                       chown -R ${unix_user}:${unix_group} 
${keystore}
-                                       chmod 640 ${keystore}
+
+                                       if test -f $keystore; then
+                                               #echo "$keystore found."
+                                               chown -R 
${unix_user}:${unix_group} ${keystore}
+                                               chmod 640 ${keystore}
+                                       else
+                                               
propertyName=ranger.ldap.ad.bind.password
+                                               
newPropertyValue="${xa_ldap_ad_bind_password}"
+                                               updatePropertyToFilePy 
$propertyName $newPropertyValue $ldap_file
+                                       fi
                                else
                                        
propertyName=ranger.ldap.ad.bind.password
                                        
newPropertyValue="${xa_ldap_ad_bind_password}"
diff --git 
a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
 
b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
index 21184d0..0de95ad 100644
--- 
a/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
+++ 
b/ugsync/src/test/java/org/apache/ranger/unixusersync/process/TestUnixUserGroupBuilder.java
@@ -61,7 +61,7 @@ public class TestUnixUserGroupBuilder {
         assertThat(name, anyOf(equalTo("wheel"), equalTo("root")));
 
         Map<String, Set<String>> groupUsers = builder.getGroupUserListMap();
-        Set<String> users = groupUsers.get("wheel");
+        Set<String> users = groupUsers.get("root");
         assertNotNull(users);
         assertThat(users, anyOf(hasItem("wheel"), hasItem("root")));
 
@@ -79,7 +79,7 @@ public class TestUnixUserGroupBuilder {
         assertThat(name, anyOf(equalTo("wheel"), equalTo("root")));
 
         Map<String, Set<String>> groupUsers = builder.getGroupUserListMap();
-        Set<String> users = groupUsers.get("wheel");
+        Set<String> users = groupUsers.get("root");
         assertNotNull(users);
         assertThat(users, anyOf(hasItem("wheel"), hasItem("root")));
     }

Reply via email to