[jira] [Commented] (RANGER-1974) Ranger Authorizer and Audits for AWS S3
[ https://issues.apache.org/jira/browse/RANGER-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16356337#comment-16356337 ] Balaji Ganesan commented on RANGER-1974: [~srikvenk] Thanks for creating this. I believe we have a similar requirement in [Ranger-1300|https://issues.apache.org/jira/browse/RANGER-1300], though we have not progressed beyond initial discussions. Should we merge the 2 tickets? cc [~GodenYao] [~aloklal99] [~bosco] > Ranger Authorizer and Audits for AWS S3 > > > Key: RANGER-1974 > URL: https://issues.apache.org/jira/browse/RANGER-1974 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Srikanth Venkat >Priority: Blocker > > As an enterprise security admin, I need to be able to define and manage > authorization policies for data stored in AWS S3 so that I can manage my > access control and authorization entitlements in hybrid and cloud > environments along with other data in platforms that Ranger currently > authorizes. This feature will should allow interoperability with AWS IAM > policies and be able to gather audits from the native cloud audit > capabilities such as via AWS CloudTrail. > Implementation considerations: > # AWS S3 IAM information: https://aws.amazon.com/documentation/iam/ > # AWS CloudTrail information: > https://aws.amazon.com/documentation/cloudtrail/ > # This could be a policy mapping or sync mechanism (either online or > offline) that will allow Ranger policy conditions, and user/group/role or > other policy elements to be mapped to what is available in AWS IAM. This > might entail having a different model where the Ranger plugin might not be > running in the cloud native service and might require a proxy or other > paradigms to be effective. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-1975) Address Ranger Website checks flagged by Whimsy
[ https://issues.apache.org/jira/browse/RANGER-1975?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-1975: - Summary: Address Ranger Website checks flagged by Whimsy (was: Address Ranger Website checks flagged by Whimsey) > Address Ranger Website checks flagged by Whimsy > --- > > Key: RANGER-1975 > URL: https://issues.apache.org/jira/browse/RANGER-1975 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: Velmurugan Periasamy >Priority: Major > Fix For: 1.0.0 > > > The ranger.apache.org website is failing a lot of the automated checks that > Apache runs. > [https://whimsy.apache.org/site/project/ranger] > In particular, Ranger should absolutely get the security check resolved. > Reported by [~owen.omalley] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Ranger website checks
Thanks for reporting this Owen. Filed https://issues.apache.org/jira/browse/RANGER-1975 to address this. From: Owen O'MalleyReply-To: "dev@ranger.apache.org" Date: Wednesday, February 7, 2018 at 1:14 PM To: "dev@ranger.apache.org" Subject: Ranger website checks Hi, The ranger.apache.org website is failing a lot of the automated checks that Apache runs. https://whimsy.apache.org/site/project/ranger In particular, Ranger should absolutely get the security check resolved. Thanks, Owen
[jira] [Created] (RANGER-1975) Address Ranger Website checks flagged by Whimsey
Velmurugan Periasamy created RANGER-1975: Summary: Address Ranger Website checks flagged by Whimsey Key: RANGER-1975 URL: https://issues.apache.org/jira/browse/RANGER-1975 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Velmurugan Periasamy Assignee: Velmurugan Periasamy Fix For: 1.0.0 The ranger.apache.org website is failing a lot of the automated checks that Apache runs. [https://whimsy.apache.org/site/project/ranger] In particular, Ranger should absolutely get the security check resolved. Reported by [~owen.omalley] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-1974) Ranger Authorizer and Audits for AWS S3
Srikanth Venkat created RANGER-1974: --- Summary: Ranger Authorizer and Audits for AWS S3 Key: RANGER-1974 URL: https://issues.apache.org/jira/browse/RANGER-1974 Project: Ranger Issue Type: New Feature Components: Ranger Reporter: Srikanth Venkat As an enterprise security admin, I need to be able to define and manage authorization policies for data stored in AWS S3 so that I can manage my access control and authorization entitlements in hybrid and cloud environments along with other data in platforms that Ranger currently authorizes. This feature will should allow interoperability with AWS IAM policies and be able to gather audits from the native cloud audit capabilities such as via AWS CloudTrail. Implementation considerations: # AWS S3 IAM information: https://aws.amazon.com/documentation/iam/ # AWS CloudTrail information: https://aws.amazon.com/documentation/cloudtrail/ # This could be a policy mapping or sync mechanism (either online or offline) that will allow Ranger policy conditions, and user/group/role or other policy elements to be mapped to what is available in AWS IAM. This might entail having a different model where the Ranger plugin might not be running in the cloud native service and might require a proxy or other paradigms to be effective. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-1973) XACML standards based Ranger Policy Set export and import
Srikanth Venkat created RANGER-1973: --- Summary: XACML standards based Ranger Policy Set export and import Key: RANGER-1973 URL: https://issues.apache.org/jira/browse/RANGER-1973 Project: Ranger Issue Type: New Feature Components: Ranger Reporter: Srikanth Venkat As an enterprise security admin, I need to be able to export Ranger policy set in XACML compliant format and also translate or bulk import policy sets expressed in XACML into Ranger so that I can enhance my access control and authorization entitlements with a standards based approach. This feature will also allow interoperability with other XACML compliant policy environments and provide a clean integration with such systems. Implementation considerations: # OASIS XACML 3.0 standards and implementation considerations at: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html # This should work both with REST API based export/import and also be available via Ranger Admin UI -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-1880) TagSync update to process TRAIT_UPDATE notification from Atlas
[ https://issues.apache.org/jira/browse/RANGER-1880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-1880: - Fix Version/s: 1.0.0 > TagSync update to process TRAIT_UPDATE notification from Atlas > -- > > Key: RANGER-1880 > URL: https://issues.apache.org/jira/browse/RANGER-1880 > Project: Ranger > Issue Type: Bug > Components: tagsync >Affects Versions: master >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 1.0.0 > > > Apache Atlas introduced a REST API to update attributes of a tag > (ATLAS-1751). A notification type, TRAIT_UPDATE, was added to notify when > attributes of a tag are updated using this new API. Apache Ranger TagSync > module should be updated to process this new notification type from Apache > Atlas. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (RANGER-1940) Upgrade to Knox 1.0.0
[ https://issues.apache.org/jira/browse/RANGER-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1940. - Resolution: Fixed > Upgrade to Knox 1.0.0 > - > > Key: RANGER-1940 > URL: https://issues.apache.org/jira/browse/RANGER-1940 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Major > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1940-Upgrade-to-Knox-1.0.0.patch > > > This task is to upgrade to Knox 1.0.0. We can take advantage of the changes > made to the GatewayTestDriver to simplify the test configuration as a result. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-1972) Ability to label policies, filter/search and show policies by labels
bhavik patel created RANGER-1972: Summary: Ability to label policies, filter/search and show policies by labels Key: RANGER-1972 URL: https://issues.apache.org/jira/browse/RANGER-1972 Project: Ranger Issue Type: New Feature Components: Ranger Affects Versions: 1.0.0 Reporter: bhavik patel Assignee: bhavik patel Fix For: 1.0.0 In Ranger Admin, need a feature to be able to group (for example by tenant name or business unit) sets of policies with one or more labels that are relevant to business. Furthermore, Need to able to search policies on this additional set of labels. This will be useful for export/import policies as well. -- This message was sent by Atlassian JIRA (v7.6.3#76005)