date:20231128

Re: Review Request 74751: RANGER-4010 : [addendum] Update policy UI to support multiple resource-sets for react ranger.

2023-11-28 Thread Dhaval Rajpara


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74751/
---

(Updated Nov. 29, 2023, 5:05 a.m.)


Review request for ranger, Brijesh Bhalala, Dhaval Shah, Dineshkumar Yadav, 
Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-4010
https://issues.apache.org/jira/browse/RANGER-4010


Repository: ranger


Description
---

Policy model enhancements in RANGER_3796 enable a Ranger policy to be created 
with multiple resource sets – like:
 * database: [ db1 ], table: [ tbl1 ], column: [ * ]
 * database: [ db1 ], udf: [ * ]
 * database: [ db2 ], table: [ tbl2 ], column: [ * ]


Policy UI needs to be updated to support multiple resource sets, some what 
similar to security-zone UI that allows multiple resource sets to be added in a 
zone. For policy UI, I suggest retaining the existing UI for 
RangerPolicy.resources and having a separate optional UI (triggered via More 
Resources button?) to capture additional resources.


Diffs (updated)
-

  security-admin/src/main/webapp/react-webapp/src/components/Editable.jsx 
98495f6cc 
  
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyPermissionItem.jsx
 ab9b3ce88 


Diff: https://reviews.apache.org/r/74751/diff/2/

Changes: https://reviews.apache.org/r/74751/diff/1-2/


Testing
---


Thanks,

Dhaval Rajpara

Re: Review Request 74766: RANGER-4565: Enhance Ranger's performance tracing module to optionally collect statistical information

2023-11-28 Thread Abhay Kulkarni



> On Nov. 28, 2023, 7:13 p.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
> > Line 40 (original), 40 (patched)
> > 
> >
> > when ranger.perf.aggregate.data=false, perf log should be written to 
> > log file. PerfDataRecorder.recordStatistic() doesn't seem to do this. 
> > Please review.

When ranger.perf.aggregate.data=false, RangerPerfCollectorTracer instance is 
not created when perf logging for a module is enabled. Perf logging is done by 
RangerPerfTracer instance.


- Abhay


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74766/#review226015
---


On Nov. 28, 2023, 5:55 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74766/
> ---
> 
> (Updated Nov. 28, 2023, 5:55 p.m.)
> 
> 
> Review request for ranger, Fateh Singh, madhan, Madhan Neethiraj, Mahesh 
> Bandal, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger's performance tracing module supports tracking the time spent in 
> specified API(s), as specified in the log4j configuration file. Sometimes it 
> is useful to collect the performance data when an API is called frequently, 
> and instead of tracking performance of a single invocation of the API it is 
> more interesting to see how API performed over a large number of invocations. 
> This Jira addresses this requirement.
> 
> The following configuration parameters are introduced to control the behavior 
> of Ranger's performance tracking to enable collecting statistical data.
> 
> ranger.perf.aggregate.data - If set to true, the performance data is recorded 
> for specified APIs in aggregate, else data for each API call is printed 
> (default:false)
> 
> ranger.perf.aggregate.data.dump.interval - If set to value more than 0, 
> aggregate performance data is printed with specified periodicity in seconds 
> (default:0)
> 
> ranger.perf.aggregate.data.lock.enabled - If set to true, aggregate 
> performance data is updated using R-W lock, otherwise locking is not used 
> (default:false).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  2f4af9763 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  dce60b0ba 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
>  ebfebdae8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
>  c8804739f 
> 
> 
> Diff: https://reviews.apache.org/r/74766/diff/1/
> 
> 
> Testing
> ---
> 
> Passes all unit tests. Verified that the aggregate performance is collected 
> at specified intervals when properly configured.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 74766: RANGER-4565: Enhance Ranger's performance tracing module to optionally collect statistical information

2023-11-28 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74766/#review226018
---


Ship it!




Ship It!

- Madhan Neethiraj


On Nov. 28, 2023, 5:55 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74766/
> ---
> 
> (Updated Nov. 28, 2023, 5:55 p.m.)
> 
> 
> Review request for ranger, Fateh Singh, madhan, Madhan Neethiraj, Mahesh 
> Bandal, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger's performance tracing module supports tracking the time spent in 
> specified API(s), as specified in the log4j configuration file. Sometimes it 
> is useful to collect the performance data when an API is called frequently, 
> and instead of tracking performance of a single invocation of the API it is 
> more interesting to see how API performed over a large number of invocations. 
> This Jira addresses this requirement.
> 
> The following configuration parameters are introduced to control the behavior 
> of Ranger's performance tracking to enable collecting statistical data.
> 
> ranger.perf.aggregate.data - If set to true, the performance data is recorded 
> for specified APIs in aggregate, else data for each API call is printed 
> (default:false)
> 
> ranger.perf.aggregate.data.dump.interval - If set to value more than 0, 
> aggregate performance data is printed with specified periodicity in seconds 
> (default:0)
> 
> ranger.perf.aggregate.data.lock.enabled - If set to true, aggregate 
> performance data is updated using R-W lock, otherwise locking is not used 
> (default:false).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  2f4af9763 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  dce60b0ba 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
>  ebfebdae8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
>  c8804739f 
> 
> 
> Diff: https://reviews.apache.org/r/74766/diff/1/
> 
> 
> Testing
> ---
> 
> Passes all unit tests. Verified that the aggregate performance is collected 
> at specified intervals when properly configured.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 74749: RANGER-4534 : Use of Query param GdsPermission with value NONE gives incorrect response for GDS GET APIs

2023-11-28 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74749/#review226017
---




security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
Line 851 (original), 851 (patched)


This would result in an user being able to access GDS objects in which they 
have no permission i.e. GdsPermission.NONE. This doesn't seem correct. Users 
having no permission should not be allowed to retrieve the object. I suggest 
replacing #851 with:

  ret = false;


- Madhan Neethiraj


On Nov. 21, 2023, 12:03 p.m., Prashant Satam wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74749/
> ---
> 
> (Updated Nov. 21, 2023, 12:03 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale.
> 
> 
> Bugs: RANGER-4534
> https://issues.apache.org/jira/browse/RANGER-4534
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When we use GDS GET APIs for (dataset/datashare/project) and pass query param 
> gdsPermission=NONE we get all the objects in response which is not expected
> 
> Example : 
> 
> When the param gdsPermission=NONE is passed in request, in the GET APIs e.g. 
> GET /gds/dataset, whole dataset list is returned in response, even if the 
> calling user is not added in the ACLs in any of the datasets.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  6c55fd029 
> 
> 
> Diff: https://reviews.apache.org/r/74749/diff/1/
> 
> 
> Testing
> ---
> 
> Steps to Test
> 1)Create Test-User-1
> 2)Create 2 datasets each with ACL permission for Test-User-1 as NONE,VIEW
> 3)Use GET API service/gds/dataset with query param as gdsPermission=NONE
> 4)In response you will get 2 datasets only where Test-User-1 has NONE 
> permission in ACL
> 
> 
> Thanks,
> 
> Prashant Satam
> 
>

Re: Review Request 74755: RANGER-4558 : User is allowed to create/update sharedResource, even if the user is not zoneAdmin in the linked dataShared

2023-11-28 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74755/#review226016
---


Ship it!




Ship It!

- Madhan Neethiraj


On Nov. 28, 2023, 7:09 a.m., Prashant Satam wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74755/
> ---
> 
> (Updated Nov. 28, 2023, 7:09 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale.
> 
> 
> Bugs: RANGER-4558
> https://issues.apache.org/jira/browse/RANGER-4558
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> User should be zoneAdmin along with datashare admin of linked sharedResource 
> to create/update
> 
>  Steps to check
>1)Create SecurityZone 
>2)Create dataShare link SecurityZone to it
>3)Current user is only zoneAdmin not datashare admin
>4)Current User is able to create/upadate shared Resource
>5)Expected : The current user should be zoneAdmin as well as dataShare 
> Admin to create/upadate shared Resource
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java
>  178c8f0e2 
> 
> 
> Diff: https://reviews.apache.org/r/74755/diff/2/
> 
> 
> Testing
> ---
> 
> Steps to Check
>   1)Create SecurityZone 
>   2)Create dataShare link SecurityZone to it
>   3)Current user is zoneAdmin and datashare admin
>   4)Current User is able to create/upadate shared Resource
> 
> 
> Thanks,
> 
> Prashant Satam
> 
>

Re: Review Request 74766: RANGER-4565: Enhance Ranger's performance tracing module to optionally collect statistical information

2023-11-28 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74766/#review226015
---




agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
Line 40 (original), 40 (patched)


when ranger.perf.aggregate.data=false, perf log should be written to log 
file. PerfDataRecorder.recordStatistic() doesn't seem to do this. Please review.


- Madhan Neethiraj


On Nov. 28, 2023, 5:55 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74766/
> ---
> 
> (Updated Nov. 28, 2023, 5:55 p.m.)
> 
> 
> Review request for ranger, Fateh Singh, madhan, Madhan Neethiraj, Mahesh 
> Bandal, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger's performance tracing module supports tracking the time spent in 
> specified API(s), as specified in the log4j configuration file. Sometimes it 
> is useful to collect the performance data when an API is called frequently, 
> and instead of tracking performance of a single invocation of the API it is 
> more interesting to see how API performed over a large number of invocations. 
> This Jira addresses this requirement.
> 
> The following configuration parameters are introduced to control the behavior 
> of Ranger's performance tracking to enable collecting statistical data.
> 
> ranger.perf.aggregate.data - If set to true, the performance data is recorded 
> for specified APIs in aggregate, else data for each API call is printed 
> (default:false)
> 
> ranger.perf.aggregate.data.dump.interval - If set to value more than 0, 
> aggregate performance data is printed with specified periodicity in seconds 
> (default:0)
> 
> ranger.perf.aggregate.data.lock.enabled - If set to true, aggregate 
> performance data is updated using R-W lock, otherwise locking is not used 
> (default:false).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  2f4af9763 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  dce60b0ba 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
>  ebfebdae8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
>  c8804739f 
> 
> 
> Diff: https://reviews.apache.org/r/74766/diff/1/
> 
> 
> Testing
> ---
> 
> Passes all unit tests. Verified that the aggregate performance is collected 
> at specified intervals when properly configured.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Review Request 74766: RANGER-4565: Enhance Ranger's performance tracing module to optionally collect statistical information

2023-11-28 Thread Abhay Kulkarni


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74766/
---

Review request for ranger, Fateh Singh, madhan, Madhan Neethiraj, Mahesh 
Bandal, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.


Repository: ranger


Description
---

Ranger's performance tracing module supports tracking the time spent in 
specified API(s), as specified in the log4j configuration file. Sometimes it is 
useful to collect the performance data when an API is called frequently, and 
instead of tracking performance of a single invocation of the API it is more 
interesting to see how API performed over a large number of invocations. This 
Jira addresses this requirement.

The following configuration parameters are introduced to control the behavior 
of Ranger's performance tracking to enable collecting statistical data.

ranger.perf.aggregate.data - If set to true, the performance data is recorded 
for specified APIs in aggregate, else data for each API call is printed 
(default:false)

ranger.perf.aggregate.data.dump.interval - If set to value more than 0, 
aggregate performance data is printed with specified periodicity in seconds 
(default:0)

ranger.perf.aggregate.data.lock.enabled - If set to true, aggregate performance 
data is updated using R-W lock, otherwise locking is not used (default:false).


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 2f4af9763 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java 
dce60b0ba 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfCollectorTracer.java
 ebfebdae8 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java 
c8804739f 


Diff: https://reviews.apache.org/r/74766/diff/1/


Testing
---

Passes all unit tests. Verified that the aggregate performance is collected at 
specified intervals when properly configured.


Thanks,

Abhay Kulkarni

[jira] [Created] (RANGER-4565) Enhance Ranger's performance tracing module to optionally collect statistical information

2023-11-28 Thread Abhay Kulkarni (Jira)

Abhay Kulkarni created RANGER-4565:
--

 Summary: Enhance Ranger's performance tracing module to optionally 
collect statistical information
 Key: RANGER-4565
 URL: https://issues.apache.org/jira/browse/RANGER-4565
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni


Ranger's performance tracing module supports tracking the time spent in 
specified API(s), as specified in the log4j configuration file. Sometimes it is 
useful to collect the performance data when an API is called frequently, and 
instead of tracking performance of a single invocation of the API it is more 
interesting to see how API performed over a large number of invocations. This 
Jira addresses this requirement.

The following configuration parameters are introduced to control the behavior 
of Ranger's performance tracking to enable collecting statistical data.

ranger.perf.aggregate.data - If set to true, the performance data is recorded 
for specified APIs in aggregate, else data for each API call is printed 
(default:false)

ranger.perf.aggregate.data.dump.interval - If set to value more than 0, 
aggregate performance data is printed with specified periodicity in seconds 
(default:0)

ranger.perf.aggregate.data.lock.enabled - If set to true, aggregate performance 
data is updated using R-W lock, otherwise locking is not used (default:false).

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4564) DELETE /groupsgroups/{id} API doesn't work as forceDelete is hardcoded to false

2023-11-28 Thread Abhishek (Jira)

Abhishek created RANGER-4564:


 Summary: DELETE /groupsgroups/{id} API doesn't work as forceDelete 
is hardcoded to false
 Key: RANGER-4564
 URL: https://issues.apache.org/jira/browse/RANGER-4564
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Abhishek
Assignee: Abhishek


DELETE /groupsgroups/\{id} API doesn't work as forceDelete is hardcoded to 
false.
It should be fetched from the request parameters.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4550) API request to /assets/resource/{id} returns no response

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790528#comment-17790528
 ] 

Pradeep Agrawal commented on RANGER-4550:
-

Review request link : https://reviews.apache.org/r/74763/

> API request to /assets/resource/{id} returns no response
> 
>
> Key: RANGER-4550
> URL: https://issues.apache.org/jira/browse/RANGER-4550
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0011-RANGER-4550-API-request-to-assets-resource-id-return.patch
>
>
> When a request is made to the API endpoint /assets/resource/\{id}, no 
> response is returned and the status code is 204 No response.
> Ideally, the response should contain the details for the resource with the 
> given id
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4548) Return proper error message in the response for /tags/tags, /tags/resources and /tags/types API for non admin users

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790526#comment-17790526
 ] 

Pradeep Agrawal commented on RANGER-4548:
-

Review request link : https://reviews.apache.org/r/74763/

> Return proper error message in the response for /tags/tags, /tags/resources 
> and /tags/types API for non admin users
> ---
>
> Key: RANGER-4548
> URL: https://issues.apache.org/jira/browse/RANGER-4548
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0003-RANGER-4548-Return-proper-error-message-in-the-respo.patch
>
>
> /tags/tags and /tags/types, /tags/resources APIs are not accessible by non 
> admin users,
> but when the users make a request, a proper error message should be returned 
> stating that the users do not have privilege.
> Currently, the error message returned is not explanatory.
> Response returned for non admin users :-
> {code:java}
> 
>  content="IE=edge,chrome=1"> Ranger - Sign In name="description" content=""> content="width=device-width"> href="images/favicon.ico"> media="all" rel="stylesheet" type="text/css" id="bootstrap-css"> rel="stylesheet" href="styles/font-awesome.min.css"> href="styles/xa.css" media="all" rel="stylesheet" type="text/css"> src="libs/bower/jquery/js/jquery-3.5.1.js"> src="scripts/prelogin/XAPrelogin.js"> type="text/javascript">$(document).ready(function() {
> var updateBoxPosition = function() {
> $('#signin-container').css({'margin-top' : 
> ($(window).height() - $('#signin-container').height()) / 2
> });};$(window).resize(updateBoxPosition); 
>var queryParams = JSON.parse('{"' + 
> decodeURI((location.href.split('?')[1] || 'g=0').replace(/=/g, "\":\"")) + 
> '"}');if(queryParams.sessionTimeout){
> window.alert('Session Timeout');
> location.replace("login.jsp");}
> setTimeout(updateBoxPosition, 50);});
> 
>  id="signin-container" style="margin-top: 4.5px;"> 
>
>
> 
>   Username:  
>   
>  Password:   
>   tabindex="2" autocomplete="off">
>  style="color:white;display:none;">  
>  
>   id="errorBoxUnsynced" class="help-inline" 
> style="color:white;display:none;">User is not available in HDP Admin Tool. 
> Please contact your Administrator.
> Sign In  
>style="display: none;">
> 
>  
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4553) Response metrics for /xaudit/trx_log not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790531#comment-17790531
 ] 

Pradeep Agrawal commented on RANGER-4553:
-

Review request link : https://reviews.apache.org/r/74763/

> Response metrics for /xaudit/trx_log not proper
> ---
>
> Key: RANGER-4553
> URL: https://issues.apache.org/jira/browse/RANGER-4553
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0008-RANGER-4553-Response-metrics-for-xaudit-trx_log-not-.patch
>
>
> When a request is made to /xaudit/trx_log API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 200,"totalCount": 0,
> "resultSize": 0,"queryTimeMS": 1700214070565, ...} {code}
> Ideally, the total count value should reflect the total number of logs
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4549) Non admin users cannot access /public/v2/api/roles/names and /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790527#comment-17790527
 ] 

Pradeep Agrawal commented on RANGER-4549:
-

Review request link : https://reviews.apache.org/r/74763/

> Non admin users cannot access /public/v2/api/roles/names and  
> /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
> ---
>
> Key: RANGER-4549
> URL: https://issues.apache.org/jira/browse/RANGER-4549
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0005-RANGER-4549-Non-admin-users-cannot-access-public-v2-.patch
>
>
> Non admin users cannot access /public/v2/api/roles/names API, but can access 
> the /public/v2/api/roles API and fetch the details of all the roles.
> Since the users can fetch the details from the roles API itself, the 
> restriction for non admin users to access /roles/names and 
> /roles/name/\{name} API.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4552) Response metrics for /assets/report is not proper, and pagination does not work

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790530#comment-17790530
 ] 

Pradeep Agrawal commented on RANGER-4552:
-

Review request link : https://reviews.apache.org/r/74763/

> Response metrics for /assets/report is not proper, and pagination does not 
> work
> ---
>
> Key: RANGER-4552
> URL: https://issues.apache.org/jira/browse/RANGER-4552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0007-RANGER-4552-Response-metrics-for-assets-report-is-no.patch
>
>
> When a request is made to the /assets/report API endpoint, the response 
> metrics like
> result size is incorrect. Ideally, it should reflect the total number of 
> objects returned
> {code:java}
> {"startIndex": 2,"pageSize": 100,"totalCount": 178,
> "resultSize": 0,"queryTimeMS": 1700217495822 {code}
> Even the pagination for the API does not work properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4554) Response metrics for /assets/resources not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790532#comment-17790532
 ] 

Pradeep Agrawal commented on RANGER-4554:
-

Review request link : https://reviews.apache.org/r/74763/

> Response metrics for /assets/resources not proper
> -
>
> Key: RANGER-4554
> URL: https://issues.apache.org/jira/browse/RANGER-4554
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0009-RANGER-4554-Response-metrics-for-assets-resources-no.patch
>
>
> When a request is made to /assets/resources API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215066880,{code}
> Ideally, the total count value should reflect the total number of resources
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4555) Response metrics for /assets/assets API not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790534#comment-17790534
 ] 

Pradeep Agrawal commented on RANGER-4555:
-

Review request link : https://reviews.apache.org/r/74763/

> Response metrics for /assets/assets API not proper
> --
>
> Key: RANGER-4555
> URL: https://issues.apache.org/jira/browse/RANGER-4555
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0010-RANGER-4555-Response-metrics-for-assets-assets-API-n.patch
>
>
> When a request is made to /assets/assets API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215066880,{code}
> Ideally, the total count value should reflect the total number of assets (the 
> value returned by /assets/assets/count API is proper).
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4551) No response returned for /assets/policyList/{service_name} API

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790529#comment-17790529
 ] 

Pradeep Agrawal commented on RANGER-4551:
-

Review request link : https://reviews.apache.org/r/74763/

> No response returned for /assets/policyList/{service_name} API
> --
>
> Key: RANGER-4551
> URL: https://issues.apache.org/jira/browse/RANGER-4551
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0006-RANGER-4551-No-response-returned-for-assets-policyLi.patch
>
>
> When a request is made to the /assets/policyList/\{service_name} API,
> the response is empty and the status code is 304 Not Modified.
> If there is no expected response, then the API has to be deprecated,
> otherwise the API has to be fixed to return the proper response
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4545) DELETE /assets/resources/{resource_id} API should return proper status code for non admin users

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790523#comment-17790523
 ] 

Pradeep Agrawal commented on RANGER-4545:
-

Review request link : https://reviews.apache.org/r/74763/

> DELETE /assets/resources/{resource_id} API should return proper status code 
> for non admin users
> ---
>
> Key: RANGER-4545
> URL: https://issues.apache.org/jira/browse/RANGER-4545
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0001-RANGER-4545-DELETE-assets-resources-resource_id-API-.patch
>
>
> When a non admin user makes a DELETE request to 
> /assets/resources/\{resource_id} endpoint, 405 method not allowed response is 
> returned.
> The error message also contains HTML response.
> {code:java}
> 
> HTTP Status 405 ? Method Not Allowed type="text/css">body {font-family: Tahoma, Arial, 
> sans-serif;}
> h1,h2,h3,b {color: white; 
>background-color: #525D76;}
> h1 {font-size: 22px;}
> h2 {font-size: 16px;}
> h3 {font-size: 14px;}
> p {font-size: 12px;}
> a {color: black;}
> .line {height: 1px;background-color: #525D76; 
>border: none;}
> HTTP Status 405 ? Method Not Allowed
>  {code}
> The status code / error message is not explanatory as ideally, a 403 
> Forbidden or a 400 Bad Request status code with appropriate error message 
> should be returned as the error should be related to the user permission.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4546) /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790524#comment-17790524
 ] 

Pradeep Agrawal commented on RANGER-4546:
-

Review request link : https://reviews.apache.org/r/74763/

> /assets/ugsyncAudits/{sync_source} API is accessible by user without 
> permission on audit module
> ---
>
> Key: RANGER-4546
> URL: https://issues.apache.org/jira/browse/RANGER-4546
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0002-RANGER-4546-assets-ugsyncAudits-sync_source-API-is-a.patch
>
>
> A user without permission on the audits module is able to access the 
> /assets/ugsyncAudits/\{sync_source} API.
> Ideally, the user should not be allowed to access the API, and it should 
> result in a 403 error.
> If the same user tries to access the /assets/ugsyncAudits API, it results in 
> a 403 error (as expected).
> Similarly, the behaviour has to be changed for the 
> /assets/ugsyncAudits/\{sync_source} API



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4547) The reponse metrics (pagination values) for the /assets/ugsyncAudits/{sync_source} API is not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-4547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790525#comment-17790525
 ] 

Pradeep Agrawal commented on RANGER-4547:
-

Review request link : https://reviews.apache.org/r/74763/

> The reponse metrics (pagination values) for the 
> /assets/ugsyncAudits/{sync_source} API is not proper
> 
>
> Key: RANGER-4547
> URL: https://issues.apache.org/jira/browse/RANGER-4547
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0004-RANGER-4547-The-reponse-metrics-pagination-values-fo.patch
>
>
> When a request is made to the /assets/ugsyncAudits/\{sync_source} API,
> the metrics like total count, result size is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215450040,"vxUgsyncAuditInfoList": [{ 
> {code}
> Ideally, it should reflect the total number of audits.
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74763: RANGER-4545 To RANGER-4555 : Improve Ranger REST API response code, messages and response summary

2023-11-28 Thread Pradeep Agrawal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74763/
---

Review request for ranger, Abhishek  Kumar, bhavik patel, Dhaval Shah, 
Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-4545, RANGER-4546, RANGER-4547, RANGER-4548, RANGER-4549, 
RANGER-4550, RANGER-4551, RANGER-4552, RANGER-4553, RANGER-4554, and RANGER-4555
https://issues.apache.org/jira/browse/RANGER-4545
https://issues.apache.org/jira/browse/RANGER-4546
https://issues.apache.org/jira/browse/RANGER-4547
https://issues.apache.org/jira/browse/RANGER-4548
https://issues.apache.org/jira/browse/RANGER-4549
https://issues.apache.org/jira/browse/RANGER-4550
https://issues.apache.org/jira/browse/RANGER-4551
https://issues.apache.org/jira/browse/RANGER-4552
https://issues.apache.org/jira/browse/RANGER-4553
https://issues.apache.org/jira/browse/RANGER-4554
https://issues.apache.org/jira/browse/RANGER-4555


Repository: ranger


Description
---

**Problem Statement:** Ranger REST API responses are not proper. Most of the 
legacy REST API's response format are not correct and gives false information.

**Proposed Solution:** This review request shall address multiple issues 
related to old APIs.
The list of issues which shall be addressed with review request are :

RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4552: Response metrics for /assets/report is not proper, and pagination 
does not work
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and 
/public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4548: Return proper error message in the response for /tags/tags, 
/tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the 
/assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user 
without permission on audit module
RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper 
status code for non admin users

Note: For individual issue fix please refer patch file attached in the 
respective jira tickets.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 8bbeba783 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java 
c90296cf6 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java abc324dd1 
  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4bfaa862c 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 6d0019f70 
  security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
9d9e0bbc0 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 7fa96fbd0 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
cc0d75872 
  security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java 
2da72a1ea 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
570ce874b 


Diff: https://reviews.apache.org/r/74763/diff/1/


Testing
---

Tested affected REST APIs using curl command and found the response as per the 
expectation.


Thanks,

Pradeep Agrawal

[jira] [Commented] (RANGER-3993) Upgrade okhttp dependency

2023-11-28 Thread Vikas Kumar (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790520#comment-17790520
 ] 

Vikas Kumar commented on RANGER-3993:
-

Hi [~bpatel] , Ranger KMS module has Azure keyvault dependency that internally 
uses okhttp. And that's the reason it is being included in the distro/kms.xml.

But I can not see "okhttp" inclusion for any other module, like if you check 
module xml files inside distro.

My point is, runtime dependencies should be included in distro xml files. Like 
we can simply include the compatible higher versions in distro/kms.xml and if 
required distro files for other modules can also be changed.

Example: 

for distro/kms.xml

com.squareup.okhttp3:okhttp:4.11.0

OkHttp4 is strictly backward compatible with okhtttp3.

Let's get it reviewed by other people as well. Thanks.

CC: [~mad...@apache.org] 

> Upgrade okhttp dependency 
> --
>
> Key: RANGER-3993
> URL: https://issues.apache.org/jira/browse/RANGER-3993
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Bhavik Patel
>Assignee: Bhavik Patel
>Priority: Major
> Attachments: 0001-RANGER-3993-Upgrade-okhttp-dependency.patch
>
>
> Upgrade okhttp dependency 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-3993) Upgrade okhttp dependency

2023-11-28 Thread Bhavik Patel (Jira)



[ 
https://issues.apache.org/jira/browse/RANGER-3993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17790469#comment-17790469
 ] 

Bhavik Patel commented on RANGER-3993:
--

As this is the transitive dependency so we can fix this in two way:

1. upgrade hadoop version so with latest version will get the updated "okhttp" 
dependency 
2. exclude from the hadoop dependency and include them externally.

As you mentioned "can't we simply update in distro that defines the runtime 
required libs" ==>This will only help if we are downloading the 
dependency(whaterver the version specified in the distro), either direct or 
transitive dependency otherwise that jar will not be partof the packaging.

> Upgrade okhttp dependency 
> --
>
> Key: RANGER-3993
> URL: https://issues.apache.org/jira/browse/RANGER-3993
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Bhavik Patel
>Assignee: Bhavik Patel
>Priority: Major
> Attachments: 0001-RANGER-3993-Upgrade-okhttp-dependency.patch
>
>
> Upgrade okhttp dependency 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74762: RANGER-4302: caching of ServiceGdsInfo in Ranger admin

2023-11-28 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74762/
---

Review request for ranger, Ankita Sinha, Abhay Kulkarni, Mehul Parikh, Monika 
Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh Mani, and Subhrat Chaudhary.


Bugs: RANGER-4302
https://issues.apache.org/jira/browse/RANGER-4302


Repository: ranger


Description
---

- ServiceGdsInfoCache implemented using RangerCache as a refresh-on-access cache
- updated GdsDBStore.getGdsInfoIfUpdated() to get the latest gdsInfo from 
ServiceGdsInfoCache


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/util/AutoClosableLock.java 
270096a32 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerCache.java 
PRE-CREATION 
  
agents-common/src/test/java/org/apache/ranger/plugin/util/RangerCacheTest.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 589fcdd68 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceGdsInfoCache.java 
PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/util/RangerCacheDBValueLoader.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/74762/diff/1/


Testing
---

- verifed that cache loads from the database only if the database has later 
version than cached
2023-11-28 08:25:07,363 [http-nio-6080-exec-1] INFO 
[ServiceGdsInfoCache.java:121] Refreshed gdsVersionInfo: serviceName=dev_yarn, 
lastKnownVersion=null, latestVersion=1
2023-11-28 08:25:08,532 [http-nio-6080-exec-7] INFO 
[ServiceGdsInfoCache.java:121] Refreshed gdsVersionInfo: serviceName=dev_hdfs, 
lastKnownVersion=null, latestVersion=119
2023-11-28 08:25:13,561 [http-nio-6080-exec-3] INFO 
[ServiceGdsInfoCache.java:121] Refreshed gdsVersionInfo: serviceName=dev_hive, 
lastKnownVersion=null, latestVersion=118
2023-11-28 08:26:07,606 [ranger-cache-1-ServiceGdsInfoCache1] INFO 
[ServiceGdsInfoCache.java:125] No change in gdsVersionInfo: 
serviceName=dev_yarn, lastKnownVersion=1, latestVersion=1
2023-11-28 08:26:08,614 [ranger-cache-1-ServiceGdsInfoCache2] INFO 
[ServiceGdsInfoCache.java:125] No change in gdsVersionInfo: 
serviceName=dev_hdfs, lastKnownVersion=119, latestVersion=119
2023-11-28 08:26:13,817 [ranger-cache-1-ServiceGdsInfoCache1] INFO 
[ServiceGdsInfoCache.java:125] No change in gdsVersionInfo: 
serviceName=dev_hive, lastKnownVersion=118, latestVersion=118
...
2023-11-28 09:24:24,514 [ranger-cache-1-ServiceGdsInfoCache1] INFO 
[ServiceGdsInfoCache.java:125] No change in gdsVersionInfo: 
serviceName=dev_yarn, lastKnownVersion=1, latestVersion=1
2023-11-28 09:24:25,761 [ranger-cache-1-ServiceGdsInfoCache2] INFO 
[ServiceGdsInfoCache.java:121] Refreshed gdsVersionInfo: serviceName=dev_hdfs, 
lastKnownVersion=119, latestVersion=120
2023-11-28 09:24:30,960 [ranger-cache-1-ServiceGdsInfoCache1] INFO 
[ServiceGdsInfoCache.java:121] Refreshed gdsVersionInfo: serviceName=dev_hive, 
lastKnownVersion=118, latestVersion=120
- verified that plugin calls to download GDS info receive the latest version


Thanks,

Madhan Neethiraj

Review Request 74764: RANGER-4540: URL Query Params for securityZone should do the Zone Dropdown Selection and Filtering in service manager page

2023-11-28 Thread Brijesh Bhalala


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74764/
---

Review request for ranger, Dhaval Rajpara and Mugdha Varadkar.


Bugs: RANGER-4540
https://issues.apache.org/jira/browse/RANGER-4540


Repository: ranger


Description
---

URL Query Params for "securityZone" should do the  Zone Dropdown Selection and 
Filtering in service manager page.

In the current implementation on the Service Manager  after setting 
'securityZone' query param in the URL does not  select the corresponding value 
in the Zone dropdown and filter the results accordingly. 

Improvising  the  securityZone URL  Query Params logic in service manager page.


Diffs
-

  
security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx
 49d93ee4a 


Diff: https://reviews.apache.org/r/74764/diff/1/


Testing
---

testing is under progress


Thanks,

Brijesh Bhalala

[jira] [Updated] (RANGER-4540) URL Query Params for securityZone should do the Zone Dropdown Selection and Filtering in service manager page

2023-11-28 Thread Brijesh Bhalala (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brijesh Bhalala updated RANGER-4540:

Attachment: 0001-RANGER-4540.patch

> URL Query Params for securityZone should do the  Zone Dropdown Selection and 
> Filtering in service manager page
> --
>
> Key: RANGER-4540
> URL: https://issues.apache.org/jira/browse/RANGER-4540
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Brijesh Bhalala
>Assignee: Brijesh Bhalala
>Priority: Major
>  Labels: ranger-react
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4540.patch
>
>
> URL Query Params for "securityZone" should do the  Zone Dropdown Selection 
> and Filtering in service manager page.
> In the current implementation on the Service Manager  after setting 
> 'securityZone' query param in the URL does not  select the corresponding 
> value in the Zone dropdown and filter the results accordingly. 
> Improvising  the  securityZone URL  Query Params logic in service manager 
> page.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74538: RANGER-4345 plugin side metrics on polling from the policy server

2023-11-28 Thread Ramachandran Krishnan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74538/#review226013
---




agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
Lines 55 (patched)


Are we adding metrics only for Policy download ?.It would be great if you 
add the same for roles as well.The policy refresher thread will download 
policies as well as roles also.


- Ramachandran Krishnan


On Aug. 11, 2023, 9:05 a.m., Sai Sandeep Rangisetti wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74538/
> ---
> 
> (Updated Aug. 11, 2023, 9:05 a.m.)
> 
> 
> Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, and Ramachandran Krishnan.
> 
> 
> Bugs: RANGER-4345
> https://issues.apache.org/jira/browse/RANGER-4345
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add metrics in the plugins for increased visibility on what is happening in 
> the systems
> 
> 
> Diffs
> -
> 
>   agents-common/pom.xml b753c1368 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
>  c130309ea 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerMetricRegistry.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
>  e54313403 
> 
> 
> Diff: https://reviews.apache.org/r/74538/diff/4/
> 
> 
> Testing
> ---
> 
> Compiled and installed the hbase plugin and verified that metrics are being 
> published to jmx. Simulated failures by blocking port and verified timeout 
> and retry metrics are also being published
> 
> 
> Thanks,
> 
> Sai Sandeep Rangisetti
> 
>

[jira] [Updated] (RANGER-4553) Response metrics for /xaudit/trx_log not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4553:

Attachment: 0008-RANGER-4553-Response-metrics-for-xaudit-trx_log-not-.patch

> Response metrics for /xaudit/trx_log not proper
> ---
>
> Key: RANGER-4553
> URL: https://issues.apache.org/jira/browse/RANGER-4553
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0008-RANGER-4553-Response-metrics-for-xaudit-trx_log-not-.patch
>
>
> When a request is made to /xaudit/trx_log API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 200,"totalCount": 0,
> "resultSize": 0,"queryTimeMS": 1700214070565, ...} {code}
> Ideally, the total count value should reflect the total number of logs
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4552) Response metrics for /assets/report is not proper, and pagination does not work

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4552:

Attachment: 0007-RANGER-4552-Response-metrics-for-assets-report-is-no.patch

> Response metrics for /assets/report is not proper, and pagination does not 
> work
> ---
>
> Key: RANGER-4552
> URL: https://issues.apache.org/jira/browse/RANGER-4552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0007-RANGER-4552-Response-metrics-for-assets-report-is-no.patch
>
>
> When a request is made to the /assets/report API endpoint, the response 
> metrics like
> result size is incorrect. Ideally, it should reflect the total number of 
> objects returned
> {code:java}
> {"startIndex": 2,"pageSize": 100,"totalCount": 178,
> "resultSize": 0,"queryTimeMS": 1700217495822 {code}
> Even the pagination for the API does not work properly



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4554) Response metrics for /assets/resources not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4554:

Attachment: 0009-RANGER-4554-Response-metrics-for-assets-resources-no.patch

> Response metrics for /assets/resources not proper
> -
>
> Key: RANGER-4554
> URL: https://issues.apache.org/jira/browse/RANGER-4554
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0009-RANGER-4554-Response-metrics-for-assets-resources-no.patch
>
>
> When a request is made to /assets/resources API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215066880,{code}
> Ideally, the total count value should reflect the total number of resources
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4555) Response metrics for /assets/assets API not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4555:

Attachment: 0010-RANGER-4555-Response-metrics-for-assets-assets-API-n.patch

> Response metrics for /assets/assets API not proper
> --
>
> Key: RANGER-4555
> URL: https://issues.apache.org/jira/browse/RANGER-4555
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0010-RANGER-4555-Response-metrics-for-assets-assets-API-n.patch
>
>
> When a request is made to /assets/assets API, the values like total count, 
> result size in the API response is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215066880,{code}
> Ideally, the total count value should reflect the total number of assets (the 
> value returned by /assets/assets/count API is proper).
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4551) No response returned for /assets/policyList/{service_name} API

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4551:

Attachment: 0006-RANGER-4551-No-response-returned-for-assets-policyLi.patch

> No response returned for /assets/policyList/{service_name} API
> --
>
> Key: RANGER-4551
> URL: https://issues.apache.org/jira/browse/RANGER-4551
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0006-RANGER-4551-No-response-returned-for-assets-policyLi.patch
>
>
> When a request is made to the /assets/policyList/\{service_name} API,
> the response is empty and the status code is 304 Not Modified.
> If there is no expected response, then the API has to be deprecated,
> otherwise the API has to be fixed to return the proper response
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4550) API request to /assets/resource/{id} returns no response

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4550:

Attachment: 0011-RANGER-4550-API-request-to-assets-resource-id-return.patch

> API request to /assets/resource/{id} returns no response
> 
>
> Key: RANGER-4550
> URL: https://issues.apache.org/jira/browse/RANGER-4550
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0011-RANGER-4550-API-request-to-assets-resource-id-return.patch
>
>
> When a request is made to the API endpoint /assets/resource/\{id}, no 
> response is returned and the status code is 204 No response.
> Ideally, the response should contain the details for the resource with the 
> given id
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4548) Return proper error message in the response for /tags/tags, /tags/resources and /tags/types API for non admin users

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4548:

Attachment: 0003-RANGER-4548-Return-proper-error-message-in-the-respo.patch

> Return proper error message in the response for /tags/tags, /tags/resources 
> and /tags/types API for non admin users
> ---
>
> Key: RANGER-4548
> URL: https://issues.apache.org/jira/browse/RANGER-4548
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0003-RANGER-4548-Return-proper-error-message-in-the-respo.patch
>
>
> /tags/tags and /tags/types, /tags/resources APIs are not accessible by non 
> admin users,
> but when the users make a request, a proper error message should be returned 
> stating that the users do not have privilege.
> Currently, the error message returned is not explanatory.
> Response returned for non admin users :-
> {code:java}
> 
>  content="IE=edge,chrome=1"> Ranger - Sign In name="description" content=""> content="width=device-width"> href="images/favicon.ico"> media="all" rel="stylesheet" type="text/css" id="bootstrap-css"> rel="stylesheet" href="styles/font-awesome.min.css"> href="styles/xa.css" media="all" rel="stylesheet" type="text/css"> src="libs/bower/jquery/js/jquery-3.5.1.js"> src="scripts/prelogin/XAPrelogin.js"> type="text/javascript">$(document).ready(function() {
> var updateBoxPosition = function() {
> $('#signin-container').css({'margin-top' : 
> ($(window).height() - $('#signin-container').height()) / 2
> });};$(window).resize(updateBoxPosition); 
>var queryParams = JSON.parse('{"' + 
> decodeURI((location.href.split('?')[1] || 'g=0').replace(/=/g, "\":\"")) + 
> '"}');if(queryParams.sessionTimeout){
> window.alert('Session Timeout');
> location.replace("login.jsp");}
> setTimeout(updateBoxPosition, 50);});
> 
>  id="signin-container" style="margin-top: 4.5px;"> 
>
>
> 
>   Username:  
>   
>  Password:   
>   tabindex="2" autocomplete="off">
>  style="color:white;display:none;">  
>  
>   id="errorBoxUnsynced" class="help-inline" 
> style="color:white;display:none;">User is not available in HDP Admin Tool. 
> Please contact your Administrator.
> Sign In  
>style="display: none;">
> 
>  
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4546) /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4546:

Attachment: 0002-RANGER-4546-assets-ugsyncAudits-sync_source-API-is-a.patch

> /assets/ugsyncAudits/{sync_source} API is accessible by user without 
> permission on audit module
> ---
>
> Key: RANGER-4546
> URL: https://issues.apache.org/jira/browse/RANGER-4546
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0002-RANGER-4546-assets-ugsyncAudits-sync_source-API-is-a.patch
>
>
> A user without permission on the audits module is able to access the 
> /assets/ugsyncAudits/\{sync_source} API.
> Ideally, the user should not be allowed to access the API, and it should 
> result in a 403 error.
> If the same user tries to access the /assets/ugsyncAudits API, it results in 
> a 403 error (as expected).
> Similarly, the behaviour has to be changed for the 
> /assets/ugsyncAudits/\{sync_source} API



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4549) Non admin users cannot access /public/v2/api/roles/names and /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4549:

Attachment: 0005-RANGER-4549-Non-admin-users-cannot-access-public-v2-.patch

> Non admin users cannot access /public/v2/api/roles/names and  
> /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
> ---
>
> Key: RANGER-4549
> URL: https://issues.apache.org/jira/browse/RANGER-4549
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0005-RANGER-4549-Non-admin-users-cannot-access-public-v2-.patch
>
>
> Non admin users cannot access /public/v2/api/roles/names API, but can access 
> the /public/v2/api/roles API and fetch the details of all the roles.
> Since the users can fetch the details from the roles API itself, the 
> restriction for non admin users to access /roles/names and 
> /roles/name/\{name} API.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4547) The reponse metrics (pagination values) for the /assets/ugsyncAudits/{sync_source} API is not proper

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4547:

Attachment: 0004-RANGER-4547-The-reponse-metrics-pagination-values-fo.patch

> The reponse metrics (pagination values) for the 
> /assets/ugsyncAudits/{sync_source} API is not proper
> 
>
> Key: RANGER-4547
> URL: https://issues.apache.org/jira/browse/RANGER-4547
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0004-RANGER-4547-The-reponse-metrics-pagination-values-fo.patch
>
>
> When a request is made to the /assets/ugsyncAudits/\{sync_source} API,
> the metrics like total count, result size is always 0.
> {code:java}
> {"startIndex": 0,"pageSize": 0,"totalCount": 0,"resultSize": 
> 0,"queryTimeMS": 1700215450040,"vxUgsyncAuditInfoList": [{ 
> {code}
> Ideally, it should reflect the total number of audits.
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4545) DELETE /assets/resources/{resource_id} API should return proper status code for non admin users

2023-11-28 Thread Pradeep Agrawal (Jira)



 [ 
https://issues.apache.org/jira/browse/RANGER-4545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4545:

Attachment: 0001-RANGER-4545-DELETE-assets-resources-resource_id-API-.patch

> DELETE /assets/resources/{resource_id} API should return proper status code 
> for non admin users
> ---
>
> Key: RANGER-4545
> URL: https://issues.apache.org/jira/browse/RANGER-4545
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-4545-DELETE-assets-resources-resource_id-API-.patch
>
>
> When a non admin user makes a DELETE request to 
> /assets/resources/\{resource_id} endpoint, 405 method not allowed response is 
> returned.
> The error message also contains HTML response.
> {code:java}
> 
> HTTP Status 405 ? Method Not Allowed type="text/css">body {font-family: Tahoma, Arial, 
> sans-serif;}
> h1,h2,h3,b {color: white; 
>background-color: #525D76;}
> h1 {font-size: 22px;}
> h2 {font-size: 16px;}
> h3 {font-size: 14px;}
> p {font-size: 12px;}
> a {color: black;}
> .line {height: 1px;background-color: #525D76; 
>border: none;}
> HTTP Status 405 ? Method Not Allowed
>  {code}
> The status code / error message is not explanatory as ideally, a 403 
> Forbidden or a 400 Bad Request status code with appropriate error message 
> should be returned as the error should be related to the user permission.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

38 matches

Mail list logo