Review Request 65135: [RANGER-1949] instead of checking that all the keys could be listed, check it one-by-one
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65135/ --- Review request for ranger. Bugs: RANGER-1949 https://issues.apache.org/jira/browse/RANGER-1949 Repository: ranger Description --- So the getKeyNames call will return an empty list, if there were no keys allowed to see - previously it was returning an exception. It seems a more consistent behaviour, as user could only see their own readable keys. Diffs - kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java be3700ffa Diff: https://reviews.apache.org/r/65135/diff/1/ Testing --- Tested on a live cluster with 'hadoop key list' and playing around with various KMS policies. Thanks, Zsombor Gegesy
[jira] [Updated] (RANGER-1949) KMS getKeys should filter based on name policy
[
https://issues.apache.org/jira/browse/RANGER-1949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zsombor Gegesy updated RANGER-1949:
---
Attachment: RANGER-1949.patch
> KMS getKeys should filter based on name policy
> --
>
> Key: RANGER-1949
> URL: https://issues.apache.org/jira/browse/RANGER-1949
> Project: Ranger
> Issue Type: Bug
> Components: kms
>Reporter: Owen O'Malley
>Assignee: Zsombor Gegesy
> Attachments: RANGER-1949.patch
>
>
> Currently when there are policies that limit users to certain keys, such as
> "pii*" those users can't call KMS.getKeyNames() even if they have the
> "getkeys" permission.
> This is because the method passes a null down for the key name, which will
> only match if the user can see all keys. A much better solution would be to
> filter each key individually and just returns the ones that should be
> visible. So if they have permission to see "pii*" and the keys were {"pii",
> "pii256", and "secret"} they would get back a list of "pii" and "pii256".
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Re: Review Request 65129: RANGER-1954 - Specify a version for the native-maven-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65129/#review195343 --- Ship it! Ship It! - Zsombor Gegesy On Jan. 12, 2018, 6:26 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65129/ > --- > > (Updated Jan. 12, 2018, 6:26 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1954 > https://issues.apache.org/jira/browse/RANGER-1954 > > > Repository: ranger > > > Description > --- > > As we don't specify a version for the native-maven-plugin, the following > warning appears in the console: > > [WARNING] Some problems were encountered while building the effective model > for org.apache.ranger:credValidator:uexe:1.0.0-SNAPSHOT > [WARNING] 'build.plugins.plugin.version' for > org.codehaus.mojo:native-maven-plugin is missing. @ > org.apache.ranger:credValidator:[unknown-version], > /ranger/unixauthnative/pom.xml, line 32, column 21 > > > Diffs > - > > unixauthnative/pom.xml f4016f9b > > > Diff: https://reviews.apache.org/r/65129/diff/1/ > > > Testing > --- > > > Thanks, > > Colm O hEigeartaigh > >
Review Request 65129: RANGER-1954 - Specify a version for the native-maven-plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65129/ --- Review request for ranger. Bugs: RANGER-1954 https://issues.apache.org/jira/browse/RANGER-1954 Repository: ranger Description --- As we don't specify a version for the native-maven-plugin, the following warning appears in the console: [WARNING] Some problems were encountered while building the effective model for org.apache.ranger:credValidator:uexe:1.0.0-SNAPSHOT [WARNING] 'build.plugins.plugin.version' for org.codehaus.mojo:native-maven-plugin is missing. @ org.apache.ranger:credValidator:[unknown-version], /ranger/unixauthnative/pom.xml, line 32, column 21 Diffs - unixauthnative/pom.xml f4016f9b Diff: https://reviews.apache.org/r/65129/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1954) Specify a version for the native-maven-plugin
[ https://issues.apache.org/jira/browse/RANGER-1954?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1954: Attachment: 0001-RANGER-1954-Specify-a-version-for-the-native-maven-p.patch > Specify a version for the native-maven-plugin > - > > Key: RANGER-1954 > URL: https://issues.apache.org/jira/browse/RANGER-1954 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Trivial > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1954-Specify-a-version-for-the-native-maven-p.patch > > > As we don't specify a version for the native-maven-plugin, the following > warning appears in the console: > [WARNING] Some problems were encountered while building the effective model > for org.apache.ranger:credValidator:uexe:1.0.0-SNAPSHOT > [WARNING] 'build.plugins.plugin.version' for > org.codehaus.mojo:native-maven-plugin is missing. @ > org.apache.ranger:credValidator:[unknown-version], > /ranger/unixauthnative/pom.xml, line 32, column 21 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1954) Specify a version for the native-maven-plugin
Colm O hEigeartaigh created RANGER-1954: --- Summary: Specify a version for the native-maven-plugin Key: RANGER-1954 URL: https://issues.apache.org/jira/browse/RANGER-1954 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Priority: Trivial Fix For: 1.0.0 As we don't specify a version for the native-maven-plugin, the following warning appears in the console: [WARNING] Some problems were encountered while building the effective model for org.apache.ranger:credValidator:uexe:1.0.0-SNAPSHOT [WARNING] 'build.plugins.plugin.version' for org.codehaus.mojo:native-maven-plugin is missing. @ org.apache.ranger:credValidator:[unknown-version], /ranger/unixauthnative/pom.xml, line 32, column 21 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 64746: RANGER-1940 - Upgrade to Knox 0.14.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64746/#review195324 --- *ping* - Colm O hEigeartaigh On Dec. 20, 2017, 11:12 a.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64746/ > --- > > (Updated Dec. 20, 2017, 11:12 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1940 > https://issues.apache.org/jira/browse/RANGER-1940 > > > Repository: ranger > > > Description > --- > > This task is to upgrade to Knox 0.14.0. We can take advantage of the changes > made to the GatewayTestDriver to simplify the test configuration as a result. > > > Diffs > - > > > knox-agent/src/test/java/org/apache/ranger/services/knox/KnoxRangerTest.java > 53e66df4 > pom.xml 255b02aa > > > Diff: https://reviews.apache.org/r/64746/diff/1/ > > > Testing > --- > > > Thanks, > > Colm O hEigeartaigh > >
