Review Request 58728: The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code to keep co
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58728/ --- Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1545 https://issues.apache.org/jira/browse/RANGER-1545 Repository: ranger Description --- The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code to keep consistency. Diffs - agents-common/scripts/enable-agent.sh 14e9577 Diff: https://reviews.apache.org/r/58728/diff/1/ Testing --- Thanks, Qiang Zhang
[jira] [Updated] (RANGER-1545) The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code t
[ https://issues.apache.org/jira/browse/RANGER-1545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-1545: Attachment: 0001-RANGER-1545-The-associated-AUDIT-database-configurat.patch > The associated AUDIT database configuration has been removed in > enable_hive_plugin.sh. But the corresponding code has not been deleted. We > should remove redundant code to keep consistency. > > > Key: RANGER-1545 > URL: https://issues.apache.org/jira/browse/RANGER-1545 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 1.0.0 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Attachments: > 0001-RANGER-1545-The-associated-AUDIT-database-configurat.patch > > > The associated AUDIT database configuration has been removed in > enable_hive_plugin.sh. But the corresponding code has not been deleted. We > should remove redundant code to keep consistency. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (RANGER-1545) The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code t
Qiang Zhang created RANGER-1545: --- Summary: The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code to keep consistency. Key: RANGER-1545 URL: https://issues.apache.org/jira/browse/RANGER-1545 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 1.0.0 Reporter: Qiang Zhang Assignee: Qiang Zhang Priority: Minor The associated AUDIT database configuration has been removed in enable_hive_plugin.sh. But the corresponding code has not been deleted. We should remove redundant code to keep consistency. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 57837: Remember filters on all tabs of Ranger Audits page
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57837/ --- (Updated April 26, 2017, 4:41 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1471 https://issues.apache.org/jira/browse/RANGER-1471 Repository: ranger Description --- Currently, when we apply filter for anything in Ranger Audit page for any of the tabs. It resets the filter on change of tab or if we move to any other page in Ranger. Planning to add feature of remembering latest filters on all Tabs of Audits page. That will help users to stay focused on what they are looking for in audits tab and users will not have to apply for filters again and again to check audit events of a particular service. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java fe253ef security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ed34525 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 0776021 security-admin/src/main/java/org/apache/ranger/solr/SolrUtil.java 0a30cf6 security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 4a153bf security-admin/src/main/webapp/scripts/utils/XAUtils.js 480c515 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 1277334 security-admin/src/main/webapp/scripts/views/reports/LoginSessionDetail.js 6f1069d security-admin/src/main/webapp/styles/xa.css 7a5ec2e security-admin/src/main/webapp/templates/common/ServiceManagerLayout_tmpl.html ea2f198 security-admin/src/main/webapp/templates/reports/AuditLayout_tmpl.html 028fdbf security-admin/src/main/webapp/templates/reports/LoginSessionDetail_tmpl.html ddd6e3d security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java c544832 Diff: https://reviews.apache.org/r/57837/diff/4/ Changes: https://reviews.apache.org/r/57837/diff/3-4/ Testing --- 1. Tested multiple search is working correctly in "Audit" tab. 2. Tested search remains the same when we navigate from one tab to other. 3. Tested search is working correctly for different user role. Thanks, bhavik patel
[jira] [Updated] (RANGER-1471) Remember filters on all tabs of Ranger Audits page
[ https://issues.apache.org/jira/browse/RANGER-1471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel updated RANGER-1471: - Attachment: (was: RANGER-1471-3.patch) > Remember filters on all tabs of Ranger Audits page > -- > > Key: RANGER-1471 > URL: https://issues.apache.org/jira/browse/RANGER-1471 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 0.7.1 >Reporter: bhavik patel >Assignee: bhavik patel > Fix For: 0.7.1 > > Attachments: RANGER-1471-1.patch, RANGER-1471-2.patch, > RANGER-1471-master.patch, RANGER-1471.patch > > > Currently, when we apply filter for anything in Ranger Audit page for any of > the tabs. It resets the filter on change of tab or if we move to any other > page in Ranger. > Planning to add feature of remembering latest filters on all Tabs of Audits > page. That will help users to stay focused on what they are looking for in > audits tab and users will not have to apply for filters again and again to > check audit events of a particular service. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (RANGER-1471) Remember filters on all tabs of Ranger Audits page
[ https://issues.apache.org/jira/browse/RANGER-1471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel updated RANGER-1471: - Attachment: RANGER-1471-master.patch > Remember filters on all tabs of Ranger Audits page > -- > > Key: RANGER-1471 > URL: https://issues.apache.org/jira/browse/RANGER-1471 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 0.7.1 >Reporter: bhavik patel >Assignee: bhavik patel > Fix For: 0.7.1 > > Attachments: RANGER-1471-1.patch, RANGER-1471-2.patch, > RANGER-1471-master.patch, RANGER-1471.patch > > > Currently, when we apply filter for anything in Ranger Audit page for any of > the tabs. It resets the filter on change of tab or if we move to any other > page in Ranger. > Planning to add feature of remembering latest filters on all Tabs of Audits > page. That will help users to stay focused on what they are looking for in > audits tab and users will not have to apply for filters again and again to > check audit events of a particular service. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (RANGER-1544) Misaligned input boxes and cleanup on Reports Search
[ https://issues.apache.org/jira/browse/RANGER-1544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anna Shaverdian updated RANGER-1544: Attachment: Screen Shot 2017-04-25 at 8.58.31 PM.png > Misaligned input boxes and cleanup on Reports Search > > > Key: RANGER-1544 > URL: https://issues.apache.org/jira/browse/RANGER-1544 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.7.1 >Reporter: Anna Shaverdian >Priority: Trivial > Attachments: Screen Shot 2017-04-25 at 8.58.31 PM.png > > > On the Ranger Admin > User Access Report page, the input boxes for Policy > Type and Resource will overlap the other text boxes when resizing the window. > Also UserAccessLayout_tmpl.html has some typos (ie searchInfoUserAccss) and > needs to reformat the indentation. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (RANGER-1544) Misaligned input boxes and cleanup on Reports Search
Anna Shaverdian created RANGER-1544: --- Summary: Misaligned input boxes and cleanup on Reports Search Key: RANGER-1544 URL: https://issues.apache.org/jira/browse/RANGER-1544 Project: Ranger Issue Type: Bug Components: admin Affects Versions: 0.7.1 Reporter: Anna Shaverdian Priority: Trivial On the Ranger Admin > User Access Report page, the input boxes for Policy Type and Resource will overlap the other text boxes when resizing the window. Also UserAccessLayout_tmpl.html has some typos (ie searchInfoUserAccss) and needs to reformat the indentation. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1542) Exceptions occured when I test connection during create a new service for atlas-plugin
[
https://issues.apache.org/jira/browse/RANGER-1542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15984028#comment-15984028
]
Qiang Zhang commented on RANGER-1542:
-
[~Colm O hEigeartaigh],yes,but i found we should change the code
'formData.add("j_password", PasswordUtils.decryptPassword(password));'
to 'formData.add("j_password", decryptedPwd);'.
And i have updated the patch.
https://reviews.apache.org/r/58697/
> Exceptions occured when I test connection during create a new service for
> atlas-plugin
> --
>
> Key: RANGER-1542
> URL: https://issues.apache.org/jira/browse/RANGER-1542
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
> Labels: patch
> Attachments: test.JPG
>
>
> {code}
> 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
> org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
> to decrypt password due to error
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
> at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
> at
> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
> at javax.crypto.Cipher.doFinal(Cipher.java:2131)
> at
> org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:356)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
> at
> org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
> at
> org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
> at
> org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
> at
> org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550)
> at
> org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> 2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO
> apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) -
> Password decryption failed; trying Atlas connection with received password
> string
> 2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR
> org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
> to decrypt password due to error
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
> at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
> at
> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
> at javax.crypto.Cipher.doFinal(Cipher.java:2131)
> at
> org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:192)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
> at
>
Re: Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/
---
(Updated 四月 26, 2017, 2:20 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1542
https://issues.apache.org/jira/browse/RANGER-1542
Repository: ranger
Description
---
there is a bug, as follows:
When I create a new service or modify a service and input the new password, the
pwd is unencrypted
but the code as follows:
private ClientResponse getStatusResponse(Client client) {
final String errMsg = errMessage;
ClientResponse statusResponse = null;
try {
WebResource webResource = client.resource(statusUrl);
MultivaluedMap formData = new
MultivaluedMapImpl();
formData.add("j_username", userName);
String decryptedPwd = null;
try {
decryptedPwd =
PasswordUtils.decryptPassword(password);
..
return statusResponse;
}
will decrypt the unencrypted password,it will cause exceptions.
I analyzed the reasons, as follows:
this code will decrypt the encrypted password because the code in
RangerServiceService.java
public Map getConfigsWithDecryptedPassword(RangerService
service) throws IOException {
Map configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if(!stringUtil.isEmpty(pwd) &&
ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig =
daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
ServiceDBStore.CONFIG_KEY_PASSWORD);
if(pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
String decryptedPwd =
PasswordUtils.decryptPassword(encryptedPwd);
if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd),
encryptedPwd)) {
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD,
encryptedPwd);
}
}
}
return configs;
}
but if I create a new service or modify a service and input the new password,
the pwd above is unencrypted,
this code will not handle,so we should encrypt the unencrypted pwd.
Error message poped out as below:
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
[jira] [Created] (RANGER-1543) Fix the spelling in RangerBaseUdf
Qiang Zhang created RANGER-1543: --- Summary: Fix the spelling in RangerBaseUdf Key: RANGER-1543 URL: https://issues.apache.org/jira/browse/RANGER-1543 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 1.0.0 Reporter: Qiang Zhang Assignee: Qiang Zhang Priority: Trivial Fix For: 1.0.0 Should be 'Initialize' instead of 'Initialzie'. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Resolved] (RANGER-1533) Fix the spelling in HiveConnectionMgr
[ https://issues.apache.org/jira/browse/RANGER-1533?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang resolved RANGER-1533. - Resolution: Fixed > Fix the spelling in HiveConnectionMgr > - > > Key: RANGER-1533 > URL: https://issues.apache.org/jira/browse/RANGER-1533 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 1.0.0 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Trivial > Fix For: 1.0.0 > > > Should be 'possibility' instead of 'possiblity'. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1481) Capture cluster name in ranger audit info
[ https://issues.apache.org/jira/browse/RANGER-1481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983766#comment-15983766 ] Pradeep Agrawal commented on RANGER-1481: - Committed to ranger 0.7 branch: https://github.com/apache/ranger/commit/1bd34894bdae33e159b2de89c503b060ff8351e9 Committed to the ranger master branch: https://github.com/apache/ranger/commit/ac24f705fb7d1902c8f8553ed98b988ac59678ec > Capture cluster name in ranger audit info > - > > Key: RANGER-1481 > URL: https://issues.apache.org/jira/browse/RANGER-1481 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: bhavik patel >Assignee: bhavik patel > Fix For: 1.0.0, 0.7.1 > > Attachments: RANGER-1481-07-1.patch, RANGER-1481-07-2.patch, > RANGER-1481-07-3.patch, RANGER-1481-07.patch, RANGER-1481-master-1.patch, > RANGER-1481-master-2.patch, RANGER-1481-master-3.patch, > RANGER-1481-master-4.patch, RANGER-1481-master.patch > > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1490) Increase size of sort_order column of x_policy_resource_map
[ https://issues.apache.org/jira/browse/RANGER-1490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983753#comment-15983753 ] Pradeep Agrawal commented on RANGER-1490: - Committed to ranger 0.7 branch: https://github.com/apache/ranger/commit/c6f5f101b75f8ae0386a94ffa36e8b3653649c7a Committed to the ranger master branch: https://github.com/apache/ranger/commit/37667d7faf87ece5d236a19891046d66f1c1 > Increase size of sort_order column of x_policy_resource_map > --- > > Key: RANGER-1490 > URL: https://issues.apache.org/jira/browse/RANGER-1490 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.5.0, 0.6.0, 0.7.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.1 > > Attachments: RANGER-1490-master-branch.patch > > > Problem Statement : Currently data type of sort_order column is tinyint which > can accept maximum 128 unsigned number; if any policy is having more than 128 > resource entries then data truncation error might be generated at DB end and > application will not be able to insert entry of any more resources for > specific policy. > Proposed Solution : Change data type of sort_order column of > 'x_policy_resource_map' from tinyint to integer(4 byte) -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1483) Ranger hive service definition to use hive metastore directly
[ https://issues.apache.org/jira/browse/RANGER-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983331#comment-15983331 ] Ankita Sinha commented on RANGER-1483: -- Committed to Master branch : https://github.com/apache/ranger/commit/66b258ae951611a4a2862d8f0547071d8d411146 Committed to 0.7 branch : https://github.com/apache/ranger/commit/70dcd590701f581f864ee847f7a28c41620349a8 > Ranger hive service definition to use hive metastore directly > - > > Key: RANGER-1483 > URL: https://issues.apache.org/jira/browse/RANGER-1483 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.1 >Reporter: Ankita Sinha >Assignee: Ankita Sinha > Fix For: 0.7.1 > > Attachments: RANGER-1483_07.patch, RANGER-1483_Master.patch, > RANGER-1483.patch > > > Currently, ranger hive service definition uses hiveserver2(hs2) jdbc driver > to fetch hive db/table info, which is used to populate drop downs while > creating/updating policies. Adding ranger hive service definition to also use > hive metastore client which read from hive metastore db. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983247#comment-15983247 ] Yan edited comment on RANGER-1501 at 4/25/17 4:55 PM: -- [~coheig] 1) This jira is about the HDFS is not actually flushed *when the abstract AuditDestination.flush()*is called* so HDFS users can view the audit records. The problem you are experiencing seems to be related to somehow AuditDestination.flush() not being called at all. 2) PrinterWriter.flush() should also flush the underlying wrapped HDFS streams. But the point is that HDFS has 3 flush()-related mechanisms. And the plain flush() by HDFS does not flush the data all the way to HDFS datanode. See https://issues.apache.org/jira/browse/HADOOP-6313 for details. On the other hand, "real flushing" all the way to DN for each logJSON call may have performance impacts. was (Author: yzhou2001): [~coheig] 1) This jira is about the HDFS is not actually flushed *when the abstract AuditDestination.flush()* is called so HDFS users can view the audit records. The problem you are experiencing seems to be related to somehow AuditDestination.flush() not being called at all. 2) PrinterWriter.flush() should also flush the underlying wrapped HDFS streams. But the point is that HDFS has 3 flush()-related mechanisms. And the plain flush() by HDFS does not flush the data all the way to HDFS datanode. See https://issues.apache.org/jira/browse/HADOOP-6313 for details. On the other hand, "real flushing" all the way to DN for each logJSON call may have performance impacts. > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Yan > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983247#comment-15983247 ] Yan edited comment on RANGER-1501 at 4/25/17 4:55 PM: -- [~coheig] 1) This jira is about the HDFS is not actually flushed *when the abstract AuditDestination.flush() is called* so HDFS users can view the audit records. The problem you are experiencing seems to be related to somehow AuditDestination.flush() not being called at all. 2) PrinterWriter.flush() should also flush the underlying wrapped HDFS streams. But the point is that HDFS has 3 flush()-related mechanisms. And the plain flush() by HDFS does not flush the data all the way to HDFS datanode. See https://issues.apache.org/jira/browse/HADOOP-6313 for details. On the other hand, "real flushing" all the way to DN for each logJSON call may have performance impacts. was (Author: yzhou2001): [~coheig] 1) This jira is about the HDFS is not actually flushed *when the abstract AuditDestination.flush()*is called* so HDFS users can view the audit records. The problem you are experiencing seems to be related to somehow AuditDestination.flush() not being called at all. 2) PrinterWriter.flush() should also flush the underlying wrapped HDFS streams. But the point is that HDFS has 3 flush()-related mechanisms. And the plain flush() by HDFS does not flush the data all the way to HDFS datanode. See https://issues.apache.org/jira/browse/HADOOP-6313 for details. On the other hand, "real flushing" all the way to DN for each logJSON call may have performance impacts. > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Yan > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983247#comment-15983247 ] Yan commented on RANGER-1501: - [~coheig] 1) This jira is about the HDFS is not actually flushed *when the abstract AuditDestination.flush()* is called so HDFS users can view the audit records. The problem you are experiencing seems to be related to somehow AuditDestination.flush() not being called at all. 2) PrinterWriter.flush() should also flush the underlying wrapped HDFS streams. But the point is that HDFS has 3 flush()-related mechanisms. And the plain flush() by HDFS does not flush the data all the way to HDFS datanode. See https://issues.apache.org/jira/browse/HADOOP-6313 for details. On the other hand, "real flushing" all the way to DN for each logJSON call may have performance impacts. > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Yan > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15983057#comment-15983057 ] Colm O hEigeartaigh commented on RANGER-1501: - Hi [~rmani], [~yzhou2001], Even with this patch applied, I can't see audit events in the HDFS audit file without shutting down HDFS + starting it up again. The "finally" section in "logJSON" just flushes the PrintWriter, shouldn't it be calling flush() as well to flush the ostream? > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 58495: Ranger hive service definition to use hive metastore directly
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58495/#review172932 --- Ship it! Ship It! - Velmurugan Periasamy On April 25, 2017, 7:37 a.m., Ankita Sinha wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58495/ > --- > > (Updated April 25, 2017, 7:37 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1483 > https://issues.apache.org/jira/browse/RANGER-1483 > > > Repository: ranger > > > Description > --- > > Added some libraries for Ranger to use Hive Metastore for Test connection and > Resource Lookup > > > Diffs > - > > pom.xml de2eeb2 > src/main/assembly/admin-web.xml 40ec368 > > > Diff: https://reviews.apache.org/r/58495/diff/2/ > > > Testing > --- > > Tested Hive Test Connection and Resource Lookup with different settings on > simple and secure cluster. > > > Thanks, > > Ankita Sinha > >
Re: Review Request 58608: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58608/#review172931 --- Ship it! Ship It! - Velmurugan Periasamy On April 25, 2017, 6:30 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58608/ > --- > > (Updated April 25, 2017, 6:30 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1481 > https://issues.apache.org/jira/browse/RANGER-1481 > > > Repository: ranger > > > Description > --- > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > e689e5d > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > b547c43 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > 22aebb5 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > bcb07d7 > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > 1cb2295 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 0668d57 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 17d1a71 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java > a18e8bc > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > eda0014 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java > c9b3481 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 609f717 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java > dedbe1e > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8ee3580 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 460c692 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > b9f1cde > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2baa97b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fb92616 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java > 61604b0 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 55ebf58 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 2038645 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > 472b734 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 9bebafa > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 2338ba1 > security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java > 4544614 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 9ec81b3 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > e8fff6a > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java > 870e45d > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java > e83d70a > >
[jira] [Assigned] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reassigned RANGER-1501: --- Assignee: Colm O hEigeartaigh (was: Yan) > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 58268: Ranger-1501: Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58268/ --- (Updated April 25, 2017, 2:54 p.m.) Review request for ranger. Bugs: RANGER-1501 https://issues.apache.org/jira/browse/RANGER-1501 Repository: ranger Description --- The reason is that HDFS file stream's flush() call does not really flush the data all the way to disk, nor even makes the data visible to HDFS users. See the HDFS semantics of the flush/sync at https://issues.apache.org/jira/browse/HADOOP-6313. Consequently the audit logs on HDFS won't be visible/durable from HDFS client until the log file is closed. This will, among other issues, boost chances of losing audit logs in case of system failure. Diffs - agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java 889b6ffd Diff: https://reviews.apache.org/r/58268/diff/1/ Testing --- Automated and manual Thanks, Yan Zhou
Re: Review Request 58494: Ranger hive service definition to use hive metastore directly
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58494/#review172925 --- Ship it! Ship It! - Velmurugan Periasamy On April 25, 2017, 7:38 a.m., Ankita Sinha wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58494/ > --- > > (Updated April 25, 2017, 7:38 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1483 > https://issues.apache.org/jira/browse/RANGER-1483 > > > Repository: ranger > > > Description > --- > > Added some libraries for Ranger to use Hive Metastore for Test connection and > Resource Lookup > > > Diffs > - > > pom.xml de2eeb2 > src/main/assembly/admin-web.xml 40ec368 > > > Diff: https://reviews.apache.org/r/58494/diff/2/ > > > Testing > --- > > Tested on simple environment > > > Thanks, > > Ankita Sinha > >
Re: Review Request 58494: Ranger hive service definition to use hive metastore directly
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58494/#review172918 --- Ship it! Ship It! - Pradeep Agrawal On April 25, 2017, 7:38 a.m., Ankita Sinha wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58494/ > --- > > (Updated April 25, 2017, 7:38 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1483 > https://issues.apache.org/jira/browse/RANGER-1483 > > > Repository: ranger > > > Description > --- > > Added some libraries for Ranger to use Hive Metastore for Test connection and > Resource Lookup > > > Diffs > - > > pom.xml de2eeb2 > src/main/assembly/admin-web.xml 40ec368 > > > Diff: https://reviews.apache.org/r/58494/diff/2/ > > > Testing > --- > > Tested on simple environment > > > Thanks, > > Ankita Sinha > >
Re: Review Request 58607: RANGER-1490 : Increase size of sort_order column of x_policy_resource_map
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58607/#review172917 --- Ship it! Ship It! - Ankita Sinha On April 21, 2017, 8:59 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58607/ > --- > > (Updated April 21, 2017, 8:59 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1490 > https://issues.apache.org/jira/browse/RANGER-1490 > > > Repository: ranger > > > Description > --- > > **Problem Statement :** Currently data type of sort_order column is tinyint > which can accept maximum 128 unsigned number; if any policy is having more > than 128 resource entries then data truncation error might be generated at DB > end and application will not be able to insert entry of any more resources > for specific policy. > **Proposed Solution :** Change data type of sort_order column of > 'x_policy_resource_map' from tinyint to integer(4 byte) > > > Diffs > - > > security-admin/db/mysql/patches/027-sortorder-column-size.sql PRE-CREATION > security-admin/db/oracle/patches/027-sortorder-column-size.sql PRE-CREATION > security-admin/db/postgres/patches/027-sortorder-column-size.sql > PRE-CREATION > security-admin/db/sqlanywhere/patches/027-sortorder-column-size.sql > PRE-CREATION > security-admin/db/sqlserver/patches/027-sortorder-column-size.sql > PRE-CREATION > > > Diff: https://reviews.apache.org/r/58607/diff/1/ > > > Testing > --- > > **Steps Performed (with patch) :** > 1. After mvn Build; untar the Ranger module and updated install.properties > for MySQL DB flavor. > 2. Called setup.sh to install Ranger. > > **Expected Behavior :** > 1. Ranger installation should finish successfully and patch 027 should get > applied successfully. > 2. Data type of sort_order column of x_policy_resource_map table should get > change to 'int' > 2. Ranger UI should work. > > **Actual Behavior :** > 1. Ranger Installtion finished successfully and patch 027 was applied > successfully. > 2. Data type of sort_order column of x_policy_resource_map table was changed > to 'int' > 2. Started Ranger Admin and was able to login in Ranger UI. > > Note: Patch has been tested on all supported DB Flavors. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 58608: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58608/#review172916 --- Ship it! Ship It! - Ankita Sinha On April 25, 2017, 6:30 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58608/ > --- > > (Updated April 25, 2017, 6:30 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1481 > https://issues.apache.org/jira/browse/RANGER-1481 > > > Repository: ranger > > > Description > --- > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > e689e5d > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > b547c43 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > 22aebb5 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > bcb07d7 > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > 1cb2295 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 0668d57 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 17d1a71 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java > a18e8bc > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > eda0014 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java > c9b3481 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 609f717 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java > dedbe1e > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8ee3580 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 460c692 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > b9f1cde > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2baa97b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fb92616 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java > 61604b0 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 55ebf58 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 2038645 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > 472b734 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 9bebafa > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 2338ba1 > security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java > 4544614 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 9ec81b3 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > e8fff6a > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java > 870e45d > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java > e83d70a > >
Re: Review Request 58229: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58229/#review172915 --- Ship it! Ship It! - Ankita Sinha On April 25, 2017, 10:15 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58229/ > --- > > (Updated April 25, 2017, 10:15 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1481 > https://issues.apache.org/jira/browse/RANGER-1481 > > > Repository: ranger > > > Description > --- > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > e689e5d > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > b547c43 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > 22aebb5 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > dec649d > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > cee46a3 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 0668d57 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 15e872a > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java > a18e8bc > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 272e133 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java > 33f1dd4 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 609f717 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java > dedbe1e > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8ee3580 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 460c692 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > b9f1cde > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2baa97b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fb92616 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java > 61604b0 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 55ebf58 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 2038645 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > 472b734 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 9bebafa > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 2338ba1 > security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java > 4544614 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 8e539e7 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > e8fff6a > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java > 870e45d > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java > e83d70a > >
Re: Review Request 58660: Log is very important for big data platform. The main purpose of log analysis is that we need to know who is running the service, in which machine running service, which serv
> On April 25, 2017, 9:56 a.m., Colm O hEigeartaigh wrote:
> > I'm a bit unsure about changing the name of the log file. Could we just not
> > log the user + host information inside the file?
>
> pengjianhua wrote:
> The user can not directly determine following information from current
> log file when they collect log files from the large data platform to log
> analysis center for analysis log.
> 1. Who is running the Ranger.
> 2. In which machine running the Ranger.
> Of course, they can also get above information using other ways, Such as
> by analyzing the owner of the log and so on when collecting log files. This
> will bring more work to users who use ranger and reduce collect system
> performance.
>
> So The new method should be more reasonable than the current method. do
> you think?
I'd like to get the feedback of some of the other developers before merging
this fix.
- Colm
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58660/#review172904
---
On April 24, 2017, 9:01 a.m., pengjianhua wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58660/
> ---
>
> (Updated April 24, 2017, 9:01 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1540
> https://issues.apache.org/jira/browse/RANGER-1540
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Log is very important for big data platform. The main purpose of log analysis
> is that we need to know who is running the service, in which machine running
> service, which service out of the problem. The ranger security admin should
> support the feature.
> Implement logic:
> 1. Modify the value of log4j.appender.xa_log_appender.file from $
> {logdir}/ranger_admin.log to ${logdir}
>
> /ranger-$
> {user}rangeradmin${hostname}.log in
> /security-admin/src/main/webapp/WEB-INF/log4j.properties file.
> 2. Pass ${user}
>
> and $
> {hostname}
>
> as parameters to org.apache.ranger.server.tomcat.EmbeddedServer.
> 3. User obtains the user and hostname information by parsing the log file
> name.
>
>
> Diffs
> -
>
> embeddedwebserver/scripts/ranger-admin-services.sh f2d2bf5
> security-admin/src/main/webapp/WEB-INF/log4j.properties 211de86
>
>
> Diff: https://reviews.apache.org/r/58660/diff/1/
>
>
> Testing
> ---
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 58660: Log is very important for big data platform. The main purpose of log analysis is that we need to know who is running the service, in which machine running service, which serv
> On 四月 25, 2017, 9:56 a.m., Colm O hEigeartaigh wrote:
> > I'm a bit unsure about changing the name of the log file. Could we just not
> > log the user + host information inside the file?
The user can not directly determine following information from current log file
when they collect log files from the large data platform to log analysis center
for analysis log.
1. Who is running the Ranger.
2. In which machine running the Ranger.
Of course, they can also get above information using other ways, Such as by
analyzing the owner of the log and so on when collecting log files. This will
bring more work to users who use ranger and reduce collect system performance.
So The new method should be more reasonable than the current method. do you
think?
- pengjianhua
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58660/#review172904
---
On 四月 24, 2017, 9:01 a.m., pengjianhua wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58660/
> ---
>
> (Updated 四月 24, 2017, 9:01 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1540
> https://issues.apache.org/jira/browse/RANGER-1540
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Log is very important for big data platform. The main purpose of log analysis
> is that we need to know who is running the service, in which machine running
> service, which service out of the problem. The ranger security admin should
> support the feature.
> Implement logic:
> 1. Modify the value of log4j.appender.xa_log_appender.file from $
> {logdir}/ranger_admin.log to ${logdir}
>
> /ranger-$
> {user}rangeradmin${hostname}.log in
> /security-admin/src/main/webapp/WEB-INF/log4j.properties file.
> 2. Pass ${user}
>
> and $
> {hostname}
>
> as parameters to org.apache.ranger.server.tomcat.EmbeddedServer.
> 3. User obtains the user and hostname information by parsing the log file
> name.
>
>
> Diffs
> -
>
> embeddedwebserver/scripts/ranger-admin-services.sh f2d2bf5
> security-admin/src/main/webapp/WEB-INF/log4j.properties 211de86
>
>
> Diff: https://reviews.apache.org/r/58660/diff/1/
>
>
> Testing
> ---
>
>
> Thanks,
>
> pengjianhua
>
>
Review Request 58697: RANGER-1542:Exceptions occured when I test connection during create a new service for atlas-plugin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58697/
---
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Ramesh Mani,
Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1542
https://issues.apache.org/jira/browse/RANGER-1542
Repository: ranger
Description
---
there is a bug, as follows:
When I create a new service or modify a service and input the new password, the
pwd is unencrypted
but the code as follows:
private ClientResponse getStatusResponse(Client client) {
final String errMsg = errMessage;
ClientResponse statusResponse = null;
try {
WebResource webResource = client.resource(statusUrl);
MultivaluedMap formData = new
MultivaluedMapImpl();
formData.add("j_username", userName);
String decryptedPwd = null;
try {
decryptedPwd =
PasswordUtils.decryptPassword(password);
..
return statusResponse;
}
will decrypt the unencrypted password,it will cause exceptions.
I analyzed the reasons, as follows:
this code will decrypt the encrypted password because the code in
RangerServiceService.java
public Map getConfigsWithDecryptedPassword(RangerService
service) throws IOException {
Map configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if(!stringUtil.isEmpty(pwd) &&
ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig =
daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
ServiceDBStore.CONFIG_KEY_PASSWORD);
if(pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
String decryptedPwd =
PasswordUtils.decryptPassword(encryptedPwd);
if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd),
encryptedPwd)) {
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD,
encryptedPwd);
}
}
}
return configs;
}
but if I create a new service or modify a service and input the new password,
the pwd above is unencrypted,
this code will not handle,so we should encrypt the unencrypted pwd.
Error message poped out as below:
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
[jira] [Updated] (RANGER-1499) Upgrade Tomcat version
[ https://issues.apache.org/jira/browse/RANGER-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel updated RANGER-1499: - Attachment: RANGER-1499.patch > Upgrade Tomcat version > -- > > Key: RANGER-1499 > URL: https://issues.apache.org/jira/browse/RANGER-1499 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: bhavik patel > Fix For: 0.6.4, 1.0.0, 0.7.1 > > Attachments: RANGER-1499.patch > > > Tomcat version used by Ranger & Ranger KMS is 7.0.68. > Need to upgrade to 7.0.73 -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 58229: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58229/#review172906 --- Ship it! Ship It! - Colm O hEigeartaigh On April 25, 2017, 10:15 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58229/ > --- > > (Updated April 25, 2017, 10:15 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1481 > https://issues.apache.org/jira/browse/RANGER-1481 > > > Repository: ranger > > > Description > --- > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > e689e5d > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > b547c43 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > 22aebb5 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > dec649d > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > cee46a3 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 0668d57 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 15e872a > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java > a18e8bc > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 272e133 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java > 33f1dd4 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 609f717 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java > dedbe1e > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8ee3580 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 460c692 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > b9f1cde > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2baa97b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fb92616 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java > 61604b0 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 55ebf58 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 2038645 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > 472b734 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 9bebafa > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 2338ba1 > security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java > 4544614 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 8e539e7 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > e8fff6a > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java > 870e45d > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java > e83d70a > >
Re: Review Request 58229: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58229/ --- (Updated April 25, 2017, 10:15 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Changes --- Beacuse of the latest commit, the patch is not applied. Bugs: RANGER-1481 https://issues.apache.org/jira/browse/RANGER-1481 Repository: ranger Description --- In order to support Ranger authorization from multiple clusters, it will be useful to capture details of Ambari cluster name, Ranger needs to make provision to capture that info to be shown in Audit Access logs. This will be helpful when centralized Ranger is used to authorize hadoop components across multiple clusters setup by Ambari. Diffs (updated) - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java e689e5d agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java b547c43 agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java 22aebb5 agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java dec649d agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java cee46a3 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 0668d57 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java 15e872a agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java a18e8bc agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 272e133 agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 33f1dd4 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 609f717 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java dedbe1e hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 8ee3580 hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 460c692 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java b9f1cde hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java fb92616 knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java 61604b0 knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java 55ebf58 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 2038645 plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java 472b734 plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 9bebafa plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java 2338ba1 security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java 4544614 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 8e539e7 security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java e8fff6a security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java 870e45d security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java e83d70a security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 3bdf962 security-admin/src/main/java/org/apache/ranger/solr/SolrUtil.java 049985c security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java f99aa05 security-admin/src/main/java/org/apache/ranger/view/VXPolicyExportAudit.java 41322da security-admin/src/main/webapp/scripts/modules/globalize/message/en.js dd5d146 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 8a0abb8
[jira] [Updated] (RANGER-1481) Capture cluster name in ranger audit info
[ https://issues.apache.org/jira/browse/RANGER-1481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel updated RANGER-1481: - Attachment: RANGER-1481-master-4.patch > Capture cluster name in ranger audit info > - > > Key: RANGER-1481 > URL: https://issues.apache.org/jira/browse/RANGER-1481 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: bhavik patel >Assignee: bhavik patel > Fix For: 1.0.0, 0.7.1 > > Attachments: RANGER-1481-07-1.patch, RANGER-1481-07-2.patch, > RANGER-1481-07-3.patch, RANGER-1481-07.patch, RANGER-1481-master-1.patch, > RANGER-1481-master-2.patch, RANGER-1481-master-3.patch, > RANGER-1481-master-4.patch, RANGER-1481-master.patch > > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 58660: Log is very important for big data platform. The main purpose of log analysis is that we need to know who is running the service, in which machine running service, which serv
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58660/#review172904
---
I'm a bit unsure about changing the name of the log file. Could we just not log
the user + host information inside the file?
- Colm O hEigeartaigh
On April 24, 2017, 9:01 a.m., pengjianhua wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58660/
> ---
>
> (Updated April 24, 2017, 9:01 a.m.)
>
>
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
>
>
> Bugs: RANGER-1540
> https://issues.apache.org/jira/browse/RANGER-1540
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Log is very important for big data platform. The main purpose of log analysis
> is that we need to know who is running the service, in which machine running
> service, which service out of the problem. The ranger security admin should
> support the feature.
> Implement logic:
> 1. Modify the value of log4j.appender.xa_log_appender.file from $
> {logdir}/ranger_admin.log to ${logdir}
>
> /ranger-$
> {user}rangeradmin${hostname}.log in
> /security-admin/src/main/webapp/WEB-INF/log4j.properties file.
> 2. Pass ${user}
>
> and $
> {hostname}
>
> as parameters to org.apache.ranger.server.tomcat.EmbeddedServer.
> 3. User obtains the user and hostname information by parsing the log file
> name.
>
>
> Diffs
> -
>
> embeddedwebserver/scripts/ranger-admin-services.sh f2d2bf5
> security-admin/src/main/webapp/WEB-INF/log4j.properties 211de86
>
>
> Diff: https://reviews.apache.org/r/58660/diff/1/
>
>
> Testing
> ---
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 58229: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58229/#review172903 --- The latest patch does not apply: error: patch failed: agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java:108 - Colm O hEigeartaigh On April 25, 2017, 6:29 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58229/ > --- > > (Updated April 25, 2017, 6:29 a.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1481 > https://issues.apache.org/jira/browse/RANGER-1481 > > > Repository: ranger > > > Description > --- > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java > e689e5d > > agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java > b547c43 > > agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java > 22aebb5 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > dec649d > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > cee46a3 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java > 0668d57 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java > 15e872a > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java > a18e8bc > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 7010b43 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java > 33f1dd4 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > 609f717 > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java > dedbe1e > > hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java > 8ee3580 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > 460c692 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > b9f1cde > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 2baa97b > > knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java > fb92616 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java > 61604b0 > > knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java > 55ebf58 > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 2038645 > > plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java > 472b734 > > plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java > 9bebafa > > plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java > 2338ba1 > security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java > 4544614 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > b9f1832 > > security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java > e8fff6a > > security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java > 870e45d > >
[jira] [Assigned] (RANGER-1499) Upgrade Tomcat version
[ https://issues.apache.org/jira/browse/RANGER-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel reassigned RANGER-1499: Assignee: bhavik patel > Upgrade Tomcat version > -- > > Key: RANGER-1499 > URL: https://issues.apache.org/jira/browse/RANGER-1499 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: bhavik patel > Fix For: 0.6.4, 1.0.0, 0.7.1 > > > Tomcat version used by Ranger & Ranger KMS is 7.0.68. > Need to upgrade to 7.0.73 -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (RANGER-1483) Ranger hive service definition to use hive metastore directly
[ https://issues.apache.org/jira/browse/RANGER-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ankita Sinha updated RANGER-1483: - Attachment: RANGER-1483.patch > Ranger hive service definition to use hive metastore directly > - > > Key: RANGER-1483 > URL: https://issues.apache.org/jira/browse/RANGER-1483 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.1 >Reporter: Ankita Sinha >Assignee: Ankita Sinha > Fix For: 0.7.1 > > Attachments: RANGER-1483_07.patch, RANGER-1483_Master.patch, > RANGER-1483.patch > > > Currently, ranger hive service definition uses hiveserver2(hs2) jdbc driver > to fetch hive db/table info, which is used to populate drop downs while > creating/updating policies. Adding ranger hive service definition to also use > hive metastore client which read from hive metastore db. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (RANGER-1483) Ranger hive service definition to use hive metastore directly
[ https://issues.apache.org/jira/browse/RANGER-1483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ankita Sinha updated RANGER-1483: - Attachment: (was: RANGER-1483_master_01.patch) > Ranger hive service definition to use hive metastore directly > - > > Key: RANGER-1483 > URL: https://issues.apache.org/jira/browse/RANGER-1483 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.1 >Reporter: Ankita Sinha >Assignee: Ankita Sinha > Fix For: 0.7.1 > > Attachments: RANGER-1483_07.patch, RANGER-1483_Master.patch, > RANGER-1483.patch > > > Currently, ranger hive service definition uses hiveserver2(hs2) jdbc driver > to fetch hive db/table info, which is used to populate drop downs while > creating/updating policies. Adding ranger hive service definition to also use > hive metastore client which read from hive metastore db. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (RANGER-1542) Exceptions occured when I test connection during create a new service for atlas-plugin
[
https://issues.apache.org/jira/browse/RANGER-1542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15982520#comment-15982520
]
Qiang Zhang commented on RANGER-1542:
-
there is a bug, as follows:
When I create a new service or modify a service and input the new password, the
pwd is unencrypted
but the code as follows:
{code:java}
private ClientResponse getStatusResponse(Client client) {
final String errMsg = errMessage;
ClientResponse statusResponse = null;
try {
WebResource webResource = client.resource(statusUrl);
MultivaluedMap formData = new
MultivaluedMapImpl();
formData.add("j_username", userName);
String decryptedPwd = null;
try {
decryptedPwd =
PasswordUtils.decryptPassword(password);
..
return statusResponse;
}
{code}
will decrypt the unencrypted password,it will cause exceptions.
I analyzed the reasons, as follows:
this code will decrypt the encrypted password because the code in
RangerServiceService.java
{code:java}
public Map getConfigsWithDecryptedPassword(RangerService
service) throws IOException {
Map configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if(!stringUtil.isEmpty(pwd) &&
ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig =
daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(),
ServiceDBStore.CONFIG_KEY_PASSWORD);
if(pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
String decryptedPwd =
PasswordUtils.decryptPassword(encryptedPwd);
if(StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd),
encryptedPwd)) {
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD,
encryptedPwd);
}
}
}
return configs;
}
{code}
but if I create a new service or modify a service and input the new password,
the pwd above is unencrypted,
this code will not handle,so we should encrypt the unencrypted pwd.
> Exceptions occured when I test connection during create a new service for
> atlas-plugin
> --
>
> Key: RANGER-1542
> URL: https://issues.apache.org/jira/browse/RANGER-1542
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
> Labels: patch
>
> {code}
> 2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
> org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
> to decrypt password due to error
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
> at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
> at
> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
> at javax.crypto.Cipher.doFinal(Cipher.java:2131)
> at
> org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:356)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
> at
> org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
> at
> org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
> at
>
[jira] [Comment Edited] (RANGER-1540) Log is very important for big data platform. The main purpose of log analysis is that we need to know who is running the service, in which machine running service
[
https://issues.apache.org/jira/browse/RANGER-1540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15982291#comment-15982291
]
Qiang Zhang edited comment on RANGER-1540 at 4/25/17 7:21 AM:
--
The function is very useful. With this feature, we can get following
information directly from log file:
1. Who is running the Ranger.
2. In which machine running the Ranger.
3. What is the problem for the Ranger.
was (Author: zhangqiang2):
The function is very useful. With this feature, we can get following
information directly from log file:
1. who is running the Ranger.
2. In which machine running the Ranger.
3. What is the problem for the Ranger.
> Log is very important for big data platform. The main purpose of log analysis
> is that we need to know who is running the service, in which machine running
> service, which service out of the problem. The ranger security admin should
> support the feature.
> ---
>
> Key: RANGER-1540
> URL: https://issues.apache.org/jira/browse/RANGER-1540
> Project: Ranger
> Issue Type: New Feature
> Components: admin
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: patch
> Attachments:
> 0001-RANGER-1540-Log-is-very-important-for-big-data-platf.patch
>
>
> Log is very important for big data platform. The main purpose of log analysis
> is that we need to know who is running the service, in which machine running
> service, which service out of the problem. The ranger security admin should
> support the feature.
> Implement logic:
> 1. Modify the value of log4j.appender.xa_log_appender.file from
> ${logdir}/ranger_admin.log to
> ${logdir}/ranger-${user}-rangeradmin-${hostname}.log in
> /security-admin/src/main/webapp/WEB-INF/log4j.properties file.
> 2. Pass ${user} and ${hostname} as parameters to
> org.apache.ranger.server.tomcat.EmbeddedServer.
> 3. User obtains the user and hostname information by parsing the log file
> name.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Created] (RANGER-1542) Exceptions occured when I test connection during create a new service for atlas-plugin
Qiang Zhang created RANGER-1542:
---
Summary: Exceptions occured when I test connection during create a
new service for atlas-plugin
Key: RANGER-1542
URL: https://issues.apache.org/jira/browse/RANGER-1542
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Qiang Zhang
Assignee: Qiang Zhang
{code}
2017-04-25 07:02:20,358 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:183)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
org.apache.ranger.services.atlas.client.AtlasClient.getAtlasResource(AtlasClient.java:673)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTest(AtlasClient.java:619)
at
org.apache.ranger.services.atlas.client.AtlasResourceMgr.validateConfig(AtlasResourceMgr.java:40)
at
org.apache.ranger.services.atlas.RangerServiceAtlas.validateConfig(RangerServiceAtlas.java:58)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:563)
at
org.apache.ranger.biz.ServiceMgr$ValidateCallable.actualCall(ServiceMgr.java:550)
at
org.apache.ranger.biz.ServiceMgr$TimedCallable.call(ServiceMgr.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
2017-04-25 07:02:20,358 [timed-executor-pool-0] INFO
apache.ranger.services.atlas.client.AtlasClient (AtlasClient.java:185) -
Password decryption failed; trying Atlas connection with received password
string
2017-04-25 07:02:20,359 [timed-executor-pool-0] ERROR
org.apache.ranger.plugin.util.PasswordUtils (PasswordUtils.java:127) - Unable
to decrypt password due to error
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.PBECipherCore.doFinal(PBECipherCore.java:422)
at
com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(PBEWithMD5AndDESCipher.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at
org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:112)
at
org.apache.ranger.services.atlas.client.AtlasClient.getStatusResponse(AtlasClient.java:192)
at
org.apache.ranger.services.atlas.client.AtlasClient.connectionTestResource(AtlasClient.java:227)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:123)
at
org.apache.ranger.services.atlas.client.AtlasClient$1$1.run(AtlasClient.java:114)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:114)
at
org.apache.ranger.services.atlas.client.AtlasClient$1.call(AtlasClient.java:107)
at
org.apache.ranger.services.atlas.client.AtlasClient.timedTask(AtlasClient.java:692)
at
org.apache.ranger.services.atlas.client.AtlasClient.getResourceList(AtlasClient.java:161)
at
Review Request 58693: The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58693/ --- Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. Bugs: RANGER-1541 https://issues.apache.org/jira/browse/RANGER-1541 Repository: ranger Description --- The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. If the RANGER_ADMIN_HOME environment variable do not set, the Ranger Admin is installed using current path in linux. However the Ranger Admin is installed using empty path in windows. So it will cause a serious failure in windows system. Diffs - security-admin/scripts/db_setup.py b2b29ee security-admin/scripts/dba_script.py a4f6c97 Diff: https://reviews.apache.org/r/58693/diff/1/ Testing --- Thanks, Qiang Zhang
[jira] [Updated] (RANGER-1541) The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure.
[ https://issues.apache.org/jira/browse/RANGER-1541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-1541: Summary: The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure. (was: The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure in windows system.) > The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME > variable in Ranger Admin. It will cause a serious failure. > -- > > Key: RANGER-1541 > URL: https://issues.apache.org/jira/browse/RANGER-1541 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Qiang Zhang >Assignee: Qiang Zhang > Labels: patch > > The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME > variable in Ranger Admin. If the RANGER_ADMIN_HOME environment variable do > not set, the Ranger Admin is installed using current path in linux. However > the Ranger Admin is installed using empty path in windows. So it will cause a > serious failure in windows system. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
Re: Review Request 58608: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58608/ --- (Updated April 25, 2017, 6:30 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Changes --- Testcases updated Bugs: RANGER-1481 https://issues.apache.org/jira/browse/RANGER-1481 Repository: ranger Description --- In order to support Ranger authorization from multiple clusters, it will be useful to capture details of Ambari cluster name, Ranger needs to make provision to capture that info to be shown in Audit Access logs. This will be helpful when centralized Ranger is used to authorize hadoop components across multiple clusters setup by Ambari. Diffs (updated) - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java e689e5d agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java b547c43 agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java 22aebb5 agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java bcb07d7 agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java 1cb2295 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 0668d57 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java 17d1a71 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java a18e8bc agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java eda0014 agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java c9b3481 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 609f717 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java dedbe1e hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 8ee3580 hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 460c692 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java b9f1cde hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java fb92616 knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java 61604b0 knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java 55ebf58 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 2038645 plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java 472b734 plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 9bebafa plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java 2338ba1 security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java 4544614 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 9ec81b3 security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java e8fff6a security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java 870e45d security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java e83d70a security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 917c760 security-admin/src/main/java/org/apache/ranger/solr/SolrUtil.java a851c3e security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java f99aa05 security-admin/src/main/java/org/apache/ranger/view/VXPolicyExportAudit.java 41322da security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 1551d86 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 8a0abb8 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 193bffe
Re: Review Request 58229: RANGER-1481 : Capture cluster name in ranger audit info
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58229/ --- (Updated April 25, 2017, 6:29 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Changes --- Testcases updated Bugs: RANGER-1481 https://issues.apache.org/jira/browse/RANGER-1481 Repository: ranger Description --- In order to support Ranger authorization from multiple clusters, it will be useful to capture details of Ambari cluster name, Ranger needs to make provision to capture that info to be shown in Audit Access logs. This will be helpful when centralized Ranger is used to authorize hadoop components across multiple clusters setup by Ambari. Diffs (updated) - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java e689e5d agents-audit/src/main/java/org/apache/ranger/audit/model/AuthzAuditEvent.java b547c43 agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java 22aebb5 agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java dec649d agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java cee46a3 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java 0668d57 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java 15e872a agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestReadOnly.java a18e8bc agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 7010b43 agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 33f1dd4 agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java 609f717 hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java dedbe1e hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 8ee3580 hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 460c692 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java b9f1cde hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2baa97b knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java fb92616 knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java 61604b0 knox-agent/src/main/java/org/apache/ranger/authorization/knox/RangerPDPKnoxFilter.java 55ebf58 plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 2038645 plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java 472b734 plugin-kms/src/main/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizer.java 9bebafa plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java 2338ba1 security-admin/db/mysql/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/oracle/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/postgres/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlanywhere/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/db/sqlserver/patches/026-add-column-in-x_policy_export_audit.sql PRE-CREATION security-admin/src/main/java/org/apache/ranger/entity/XXPolicyExportAudit.java 4544614 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java f0d2401 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b9f1832 security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java e8fff6a security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditService.java 870e45d security-admin/src/main/java/org/apache/ranger/service/XPolicyExportAuditServiceBase.java e83d70a security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 3bdf962 security-admin/src/main/java/org/apache/ranger/solr/SolrUtil.java 049985c security-admin/src/main/java/org/apache/ranger/view/VXAccessAudit.java f99aa05 security-admin/src/main/java/org/apache/ranger/view/VXPolicyExportAudit.java 41322da security-admin/src/main/webapp/scripts/modules/globalize/message/en.js dd5d146 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 8a0abb8 security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 193bffe
[jira] [Updated] (RANGER-1481) Capture cluster name in ranger audit info
[ https://issues.apache.org/jira/browse/RANGER-1481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] bhavik patel updated RANGER-1481: - Attachment: RANGER-1481-master-3.patch RANGER-1481-07-3.patch > Capture cluster name in ranger audit info > - > > Key: RANGER-1481 > URL: https://issues.apache.org/jira/browse/RANGER-1481 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: bhavik patel >Assignee: bhavik patel > Fix For: 1.0.0, 0.7.1 > > Attachments: RANGER-1481-07-1.patch, RANGER-1481-07-2.patch, > RANGER-1481-07-3.patch, RANGER-1481-07.patch, RANGER-1481-master-1.patch, > RANGER-1481-master-2.patch, RANGER-1481-master-3.patch, > RANGER-1481-master.patch > > > In order to support Ranger authorization from multiple clusters, it will be > useful to capture details of Ambari cluster name, Ranger needs to make > provision to capture that info to be shown in Audit Access logs. > This will be helpful when centralized Ranger is used to authorize hadoop > components across multiple clusters setup by Ambari. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Created] (RANGER-1541) The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure in windows system.
Qiang Zhang created RANGER-1541: --- Summary: The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. It will cause a serious failure in windows system. Key: RANGER-1541 URL: https://issues.apache.org/jira/browse/RANGER-1541 Project: Ranger Issue Type: Bug Components: admin Reporter: Qiang Zhang Assignee: Qiang Zhang The assignment logic is inconsistent for the value of the RANGER_ADMIN_HOME variable in Ranger Admin. If the RANGER_ADMIN_HOME environment variable do not set, the Ranger Admin is installed using current path in linux. However the Ranger Admin is installed using empty path in windows. So it will cause a serious failure in windows system. -- This message was sent by Atlassian JIRA (v6.3.15#6346)
