Re: Review Request 58915: RANGER-1500 : Add support to exclude/disable SSL protocols

2017-05-01 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58915/
---

(Updated May 2, 2017, 6:42 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-1500
https://issues.apache.org/jira/browse/RANGER-1500


Repository: ranger


Description
---

Add support to disable/exclude weaker SSL protocols like TLSv1, TLSv1.1 for 
ranger.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 aef59bd 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
fb6d844 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml a4c36e0 


Diff: https://reviews.apache.org/r/58915/diff/1/


Testing (updated)
---

1. Verifeid Ranger Admin & Ranger KMS on SSL enabled environment with excluding 
different protocols.


Thanks,

bhavik patel

Review Request 58915: RANGER-1500 : Add support to exclude/disable SSL protocols

2017-05-01 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58915/
---

Review request for ranger.


Bugs: RANGER-1500
https://issues.apache.org/jira/browse/RANGER-1500


Repository: ranger


Description
---

Add support to disable/exclude weaker SSL protocols like TLSv1, TLSv1.1 for 
ranger.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 aef59bd 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
fb6d844 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml a4c36e0 


Diff: https://reviews.apache.org/r/58915/diff/1/


Testing
---


Thanks,

bhavik patel

[jira] [Updated] (RANGER-1500) Add support to exclude/disable SSL protocols.

2017-05-01 Thread bhavik patel (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

bhavik patel updated RANGER-1500:
-
Attachment: RANGER-1500.patch

> Add support to exclude/disable SSL protocols.
> -
>
> Key: RANGER-1500
> URL: https://issues.apache.org/jira/browse/RANGER-1500
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0
>Reporter: Ayub Pathan
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.0.0, 0.7.1
>
> Attachments: RANGER-1500.patch
>
>
> Add support to disable/exclude weaker SSL protocols like TLSv1, TLSv1.1 for 
> ranger.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Assigned] (RANGER-1500) Add support to exclude/disable SSL protocols.

2017-05-01 Thread bhavik patel (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1500?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

bhavik patel reassigned RANGER-1500:


Assignee: bhavik patel

> Add support to exclude/disable SSL protocols.
> -
>
> Key: RANGER-1500
> URL: https://issues.apache.org/jira/browse/RANGER-1500
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0
>Reporter: Ayub Pathan
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.0.0, 0.7.1
>
>
> Add support to disable/exclude weaker SSL protocols like TLSv1, TLSv1.1 for 
> ranger.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Re: Review Request 58870: RANGER-1550 : HDFS test connection and resource lookup failing

2017-05-01 Thread Ankita Sinha 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58870/#review173553
---


Ship it!




Ship It!

- Ankita Sinha


On April 29, 2017, 7:25 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58870/
> ---
> 
> (Updated April 29, 2017, 7:25 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1550
> https://issues.apache.org/jira/browse/RANGER-1550
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement :** Test connection is failing with below message on UI.
> Connection Failed.
> Unable to retrieve any files using given parameters, You can still save the 
> repository and start creating policies, but you would not be able to use 
> autocomplete for resource names. Check ranger_admin.log for more info.
> java.lang.NullPointerException.
> 
> ** Proposed Solution: ** HIVE_SITE_FILE_PATH property is set to null at line 
> 153 of HadoopConfigHolder.java. we need to set it blank or have null check 
> before reading the file everywhere otherwise while reading the file directly 
> may cause nullpointer exception. I have set the properties value to blank for 
> now. 
> Note : Implementation can be changed if the proposed approach is not good and 
> there is a better way to solve this issue.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java
>  fabbdcb 
> 
> 
> Diff: https://reviews.apache.org/r/58870/diff/1/
> 
> 
> Testing
> ---
> 
> Checked test Connection of HDFS, HIVE and Hbase service.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 58871: RANGER-1550 : HDFS test connection and resource lookup failing

2017-05-01 Thread Ankita Sinha 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58871/#review173554
---


Ship it!




Ship It!

- Ankita Sinha


On April 29, 2017, 7:35 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58871/
> ---
> 
> (Updated April 29, 2017, 7:35 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1550
> https://issues.apache.org/jira/browse/RANGER-1550
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement :** Test connection is failing with below message on UI.
> Connection Failed.
> Unable to retrieve any files using given parameters, You can still save the 
> repository and start creating policies, but you would not be able to use 
> autocomplete for resource names. Check ranger_admin.log for more info.
> java.lang.NullPointerException.
> 
> ** Proposed Solution:**  HIVE_SITE_FILE_PATH property is set to null at line 
> 152 of HadoopConfigHolder.java. we need to set it blank or have null check 
> before reading the file everywhere otherwise while reading the file directly 
> may cause nullpointer exception. I have set the properties value to blank for 
> now. 
> Note : Implementation can be changed if the proposed approach is not good and 
> there is a better way to solve this issue.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java
>  928398d 
> 
> 
> Diff: https://reviews.apache.org/r/58871/diff/1/
> 
> 
> Testing
> ---
> 
> Checked test Connection of HDFS, HIVE and Hbase service.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Review Request 58912: Audit log record for 'show databases' hive command contains all tags

2017-05-01 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58912/
---

Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj.


Bugs: RANGER-1553
https://issues.apache.org/jira/browse/RANGER-1553


Repository: ranger


Description
---

If hive service is associated with a tag service then when a ‘show databases’ 
command is authorized by Ranger, potentially, all tags associated with all hive 
entities are evaluated to determine the authorization of the command. 
Consequently, the audit log record generated for it will show, in the tags 
field, every tag provisioned for any hive entity in Ranger. When a large number 
of tags are associated with hive entities the audit log is very cluttered and 
does not convey meaningful information.

For this specific command, tags information in the generated audit log record 
is scrubbed.


Diffs
-

  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
 9dea37a 


Diff: https://reviews.apache.org/r/58912/diff/1/


Testing
---

Tested with local VM


Thanks,

Abhay Kulkarni

[jira] [Created] (RANGER-1553) Audit log record for 'show databases' hive command contains all tags

2017-05-01 Thread Abhay Kulkarni (JIRA) 
Abhay Kulkarni created RANGER-1553:
--

 Summary: Audit log record for 'show databases' hive command 
contains all tags
 Key: RANGER-1553
 URL: https://issues.apache.org/jira/browse/RANGER-1553
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.0.0
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
 Fix For: 1.0.0


If hive service is associated with a tag service, then when a ‘show databases’ 
command is authorized by Ranger, potentially, all tags associated with all hive 
entities are evaluated to determine the authorization of the command. 
Consequently, the audit log record generated for it will show, in the tags 
field, every tag provisioned for any hive entity in Ranger. With large number 
of tags associated with hive entities, the audit log is very cluttered and does 
not convey meaningful information. For the sake of usability, it will be better 
not to log all tags in the corresponding audit log record for this specific 
command.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Re: Contributing to Ranger

2017-05-01 Thread Don Bosco Durai 
Madhavi, thanks for volunteering. I have added you as contributor and assigned 
JIRA in your name.

Please follow the instructions in the wiki page 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=55151244 for 
uploading patch/review 

Thanks

Bosco

On 5/1/17, 5:17 PM, "Madhavi Amirneni"  wrote:

Hi, 

I would like to contribute to the Ranger and work on the Jira -- 
RANGER-1552 . Can you please assign the Jira to me. 

Thank you, 
Madhavi Amirneni

[jira] [Assigned] (RANGER-1552) Ranger usersync or ranger kms not able to communicate to ranger admin and no exception or error seen in the ranger user sync or kms logs.

2017-05-01 Thread Don Bosco Durai (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Don Bosco Durai reassigned RANGER-1552:
---

Assignee: Madhavi Amirneni

> Ranger usersync or ranger kms not able to communicate to ranger admin and no 
> exception or error seen in the ranger user sync or kms logs.
> -
>
> Key: RANGER-1552
> URL: https://issues.apache.org/jira/browse/RANGER-1552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0, 0.6.2
>Reporter: Madhavi Amirneni
>Assignee: Madhavi Amirneni
>Priority: Minor
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Ranger usersync or ranger kms not able to communicate to ranger admin because 
> there was an error during the keystore creation and information was logged or 
> exception thrown for the error. This occurred because the default 
> communication between ranger admin and Ranger usersync or ranger kms is SSL 
> enabled.  
> When ranger is installed through ambari, a connection failed alert is 
> displayed regarding this. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Contributing to Ranger

2017-05-01 Thread Madhavi Amirneni 
Hi, 

I would like to contribute to the Ranger and work on the Jira -- 
RANGER-1552 . Can you please assign the Jira to me. 

Thank you, 
Madhavi Amirneni

[jira] [Commented] (RANGER-1552) Ranger usersync or ranger kms not able to communicate to ranger admin and no exception or error seen in the ranger user sync or kms logs.

2017-05-01 Thread Madhavi Amirneni (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991808#comment-15991808
 ] 

Madhavi Amirneni commented on RANGER-1552:
--

Hi, I would like to work on this jira, can you please help assign this jira to 
me?  thanks!

> Ranger usersync or ranger kms not able to communicate to ranger admin and no 
> exception or error seen in the ranger user sync or kms logs.
> -
>
> Key: RANGER-1552
> URL: https://issues.apache.org/jira/browse/RANGER-1552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0, 0.6.2
>Reporter: Madhavi Amirneni
>Priority: Minor
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Ranger usersync or ranger kms not able to communicate to ranger admin because 
> there was an error during the keystore creation and information was logged or 
> exception thrown for the error. This occurred because the default 
> communication between ranger admin and Ranger usersync or ranger kms is SSL 
> enabled.  
> When ranger is installed through ambari, a connection failed alert is 
> displayed regarding this. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (RANGER-1552) Ranger usersync or ranger kms not able to communicate to ranger admin and no exception or error seen in the ranger user sync or kms logs.

2017-05-01 Thread Madhavi Amirneni (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhavi Amirneni updated RANGER-1552:
-
Request participants:   (was: )
  Remaining Estimate: 2h
   Original Estimate: 2h

> Ranger usersync or ranger kms not able to communicate to ranger admin and no 
> exception or error seen in the ranger user sync or kms logs.
> -
>
> Key: RANGER-1552
> URL: https://issues.apache.org/jira/browse/RANGER-1552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0, 0.6.2
>Reporter: Madhavi Amirneni
>Priority: Minor
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Ranger usersync or ranger kms not able to communicate to ranger admin because 
> there was an error during the keystore creation and information was logged or 
> exception thrown for the error. This occurred because the default 
> communication between ranger admin and Ranger usersync or ranger kms is SSL 
> enabled.  
> When ranger is installed through ambari, a connection failed alert is 
> displayed regarding this. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (RANGER-1552) Ranger usersync or ranger kms not able to communicate to ranger admin and no exception or error seen in the ranger user sync or kms logs.

2017-05-01 Thread Madhavi Amirneni (JIRA) 
Madhavi Amirneni created RANGER-1552:


 Summary: Ranger usersync or ranger kms not able to communicate to 
ranger admin and no exception or error seen in the ranger user sync or kms logs.
 Key: RANGER-1552
 URL: https://issues.apache.org/jira/browse/RANGER-1552
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 0.6.2, 0.7.0
Reporter: Madhavi Amirneni
Priority: Minor


Ranger usersync or ranger kms not able to communicate to ranger admin because 
there was an error during the keystore creation and information was logged or 
exception thrown for the error. This occurred because the default communication 
between ranger admin and Ranger usersync or ranger kms is SSL enabled.  

When ranger is installed through ambari, a connection failed alert is displayed 
regarding this. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (RANGER-1548) Display detailed error messages in Ranger for Audit store issues

2017-05-01 Thread Gautam Borad (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991385#comment-15991385
 ] 

Gautam Borad commented on RANGER-1548:
--

Committed to master : 501e05f1a1225dfbcc16bf4d2c0d86e55d4a928e
Committed to ranger-0.7 : ce7169f8f62fbadba516ea7af89a9ab9f9b5fb76

> Display detailed error messages in Ranger for Audit store issues
> 
>
> Key: RANGER-1548
> URL: https://issues.apache.org/jira/browse/RANGER-1548
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.1
>Reporter: Ankita Sinha
>Assignee: Ankita Sinha
> Fix For: 0.7.1
>
> Attachments: RANGER-1548_07.patch, RANGER-1548_master.patch
>
>
> Actual :
> When audit store is not configured properly or if audit store is down, Ranger 
> UI shows 
> "Unable to connect to Audit store !!"
> Expected : 
> To show more informative message if audit store has some issues.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Re: Review Request 58658: RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin

2017-05-01 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58658/#review173474
---




security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java
Line 35 (original), 35 (patched)


Should we not create a separate Java patch because this patch would have 
been already executed in an earlier version?


- Velmurugan Periasamy


On April 30, 2017, 9:37 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58658/
> ---
> 
> (Updated April 30, 2017, 9:37 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-1513
> https://issues.apache.org/jira/browse/RANGER-1513
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-1513:Add Support for S3 authorization in Ranger Hive Plugin
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
> b254d20 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
>  2baa97b 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
>  09ecd1e 
>   
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java
>  57b4eef 
>   hive-agent/src/test/resources/hive-policies.json 2b568dc 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10006.java
>  7d6a23d 
> 
> 
> Diff: https://reviews.apache.org/r/58658/diff/2/
> 
> 
> Testing
> ---
> 
> Test in local VM
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>