[
https://issues.apache.org/jira/browse/RANGER-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916368#comment-17916368
]
Bhavik Patel edited comment on RANGER-4038 at 1/23/25 11:31 AM:
----------------------------------------------------------------
[~avazquez] able to move forward by adding annotation
"@JsonIgnoreProperties(ignoreUnknown = true)" in VXGroupList class.
Observing new error.
{code:java}
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.getGroups()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - RESPONSE[0]
23 Jan 2025 11:14:46 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ret = 0 No. of groups uploaded to ranger admin= 35
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.getGroups()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroups([hive,
mwapp, unbound, sssd, ranger, systemd-journal, video, opera_monitor,
systemd-resolve, kms, systemd-coredump, polkitd, chefadmin, spark, flume,
printadmin, audio, hadoop, nobody, render, hbase, patrol, zookeeper, oozie,
users, input, panogrp, livy, ssh_keys, chrony, hdfs, wazuh, sqoop, yarn,
mapred])
23 Jan 2025 11:14:46 ERROR o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - Failed to addorUpdate groups to ranger admin
23 Jan 2025 11:14:46 ERROR o.a.r.u.p.UnixUserGroupBuilder [UnixUserSyncThread]
- Failed to update ranger admin. Will retry in next sync cycle!!
java.lang.Exception: Failed to addorUpdate groups to ranger admin
at
org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateGroups(PolicyMgrUserGroupBuilder.java:604)
at
org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUsersGroups(PolicyMgrUserGroupBuilder.java:328)
at
org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.updateSink(UnixUserGroupBuilder.java:209)
at
org.apache.ranger.usergroupsync.UserGroupSync.syncUserGroup(UserGroupSync.java:101)
at
org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:56)
at java.base/java.lang.Thread.run(Thread.java:840)
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.addAuditInfo(0, 35, 0, 0,
Unix)
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()
{code}
One major difference I can see is that your request flow passes through the
method {{{}PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred(){}}}, whereas
in my case, it goes through
{{{}PolicyMgrUserGroupBuilder.cookieBasedUploadEntity(){}}}.
*Have you also verified the Users and Groups are present on Ranger Admin Web
UI?*
Also, Received the proper response for this API
:"/service/xusers/ugsync/auditinfo/
Note: Dependencies are missing even after added to
distro/src/main/assembly/usersync.xml, You have to define in pom.xml. Can you
double check this one as well.
was (Author: bpatel):
[~avazquez] able to move forward by adding annotation
"@JsonIgnoreProperties(ignoreUnknown = true)" in VXGroupList class.
Observing new error.
{code:java}
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.getGroups()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.tryUploadEntityWithCookie()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.cookieBasedUploadEntity()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - RESPONSE[0]
23 Jan 2025 11:14:46 INFO o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ret = 0 No. of groups uploaded to ranger admin= 35
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - <== PolicyMgrUserGroupBuilder.getGroups()
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - PolicyMgrUserGroupBuilder.addOrUpdateDeltaGroups([hive,
mwapp, unbound, sssd, ranger, systemd-journal, video, opera_monitor,
systemd-resolve, kms, systemd-coredump, polkitd, chefadmin, spark, flume,
printadmin, audio, hadoop, nobody, render, hbase, patrol, zookeeper, oozie,
users, input, panogrp, livy, ssh_keys, chrony, hdfs, wazuh, sqoop, yarn,
mapred])
23 Jan 2025 11:14:46 ERROR o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - Failed to addorUpdate groups to ranger admin
23 Jan 2025 11:14:46 ERROR o.a.r.u.p.UnixUserGroupBuilder [UnixUserSyncThread]
- Failed to update ranger admin. Will retry in next sync cycle!!
java.lang.Exception: Failed to addorUpdate groups to ranger admin
at
org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateGroups(PolicyMgrUserGroupBuilder.java:604)
at
org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder.addOrUpdateUsersGroups(PolicyMgrUserGroupBuilder.java:328)
at
org.apache.ranger.unixusersync.process.UnixUserGroupBuilder.updateSink(UnixUserGroupBuilder.java:209)
at
org.apache.ranger.usergroupsync.UserGroupSync.syncUserGroup(UserGroupSync.java:101)
at
org.apache.ranger.usergroupsync.UserGroupSync.run(UserGroupSync.java:56)
at java.base/java.lang.Thread.run(Thread.java:840)
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.addAuditInfo(0, 35, 0, 0,
Unix)
23 Jan 2025 11:14:46 DEBUG o.a.r.u.p.PolicyMgrUserGroupBuilder
[UnixUserSyncThread] - ==> PolicyMgrUserGroupBuilder.getUserGroupAuditInfo()
{code}
One major difference I can see is that your request flow passes through the
method {{{}PolicyMgrUserGroupBuilder.tryUploadEntityInfoWithCred(){}}}, whereas
in my case, it goes through
{{{}PolicyMgrUserGroupBuilder.cookieBasedUploadEntity(){}}}.
Also, Received the proper response for this API
:"/service/xusers/ugsync/auditinfo/
Note: Dependencies are missing even after added to
distro/src/main/assembly/usersync.xml, You have to define in pom.xml. Can you
double check this one as well.
> Upgrade spring framework and spring security versions
> -----------------------------------------------------
>
> Key: RANGER-4038
> URL: https://issues.apache.org/jira/browse/RANGER-4038
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Himanshu Maurya
> Priority: Major
>
> Pivotal Spring Framework up to (excluding) 6.0.0 suffers from a potential
> remote code execution (RCE) issue if used for Java deserialization of
> untrusted data. Depending on how the library is implemented within a product,
> this issue may or not occur, and authentication may be required.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
