[jira] [Commented] (RANGER-1974) Ranger Authorizer and Audits for AWS S3

2018-02-07 Thread Balaji Ganesan (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16356337#comment-16356337
 ] 

Balaji Ganesan commented on RANGER-1974:


[~srikvenk] Thanks for creating this. I believe we have a similar requirement 
in [Ranger-1300|https://issues.apache.org/jira/browse/RANGER-1300], though we 
have not progressed beyond initial discussions. Should we merge the 2 tickets?

cc [~GodenYao] [~aloklal99] [~bosco]

> Ranger Authorizer and Audits for AWS S3 
> 
>
> Key: RANGER-1974
> URL: https://issues.apache.org/jira/browse/RANGER-1974
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Priority: Blocker
>
> As an enterprise security admin, I need to be able to define and manage 
> authorization policies for data stored in AWS S3 so that I can manage my 
> access control and authorization entitlements in hybrid and cloud 
> environments along with other data in platforms that Ranger currently 
> authorizes. This feature will should allow interoperability with AWS IAM 
> policies and be able to gather audits from the native cloud audit 
> capabilities such as via AWS CloudTrail.
> Implementation considerations:
>  # AWS S3 IAM  information: https://aws.amazon.com/documentation/iam/
>  # AWS CloudTrail information: 
> https://aws.amazon.com/documentation/cloudtrail/
>  # This could be a policy mapping or sync mechanism (either online or 
> offline) that will allow Ranger policy conditions, and user/group/role or 
> other policy elements to be mapped to what is available in AWS IAM. This 
> might entail having a different model where the Ranger plugin might not be 
> running in the cloud native service and might require a proxy or other 
> paradigms to be effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1975) Address Ranger Website checks flagged by Whimsy

2018-02-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1975?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1975:
-
Summary: Address Ranger Website checks flagged by Whimsy  (was: Address 
Ranger Website checks flagged by Whimsey)

> Address Ranger Website checks flagged by Whimsy
> ---
>
> Key: RANGER-1975
> URL: https://issues.apache.org/jira/browse/RANGER-1975
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Velmurugan Periasamy
>Assignee: Velmurugan Periasamy
>Priority: Major
> Fix For: 1.0.0
>
>
> The ranger.apache.org website is failing a lot of the automated checks that 
> Apache runs.
> [https://whimsy.apache.org/site/project/ranger]
> In particular, Ranger should absolutely get the security check resolved.
> Reported by [~owen.omalley]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Ranger website checks

2018-02-07 Thread Velmurugan Periasamy 
Thanks for reporting this Owen.

Filed https://issues.apache.org/jira/browse/RANGER-1975 to address this.

From:  Owen O'Malley 
Reply-To:  "dev@ranger.apache.org" 
Date:  Wednesday, February 7, 2018 at 1:14 PM
To:  "dev@ranger.apache.org" 
Subject:  Ranger website checks

Hi,
   The ranger.apache.org website is failing a lot of the automated checks
that Apache runs.

https://whimsy.apache.org/site/project/ranger

In particular, Ranger should absolutely get the security check resolved.

Thanks,
   Owen

[jira] [Created] (RANGER-1975) Address Ranger Website checks flagged by Whimsey

2018-02-07 Thread Velmurugan Periasamy (JIRA) 
Velmurugan Periasamy created RANGER-1975:


 Summary: Address Ranger Website checks flagged by Whimsey
 Key: RANGER-1975
 URL: https://issues.apache.org/jira/browse/RANGER-1975
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Velmurugan Periasamy
Assignee: Velmurugan Periasamy
 Fix For: 1.0.0


The ranger.apache.org website is failing a lot of the automated checks that 
Apache runs.

[https://whimsy.apache.org/site/project/ranger]

In particular, Ranger should absolutely get the security check resolved.

Reported by [~owen.omalley]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-1974) Ranger Authorizer and Audits for AWS S3

2018-02-07 Thread Srikanth Venkat (JIRA) 
Srikanth Venkat created RANGER-1974:
---

 Summary: Ranger Authorizer and Audits for AWS S3 
 Key: RANGER-1974
 URL: https://issues.apache.org/jira/browse/RANGER-1974
 Project: Ranger
  Issue Type: New Feature
  Components: Ranger
Reporter: Srikanth Venkat


As an enterprise security admin, I need to be able to define and manage 
authorization policies for data stored in AWS S3 so that I can manage my access 
control and authorization entitlements in hybrid and cloud environments along 
with other data in platforms that Ranger currently authorizes. This feature 
will should allow interoperability with AWS IAM policies and be able to gather 
audits from the native cloud audit capabilities such as via AWS CloudTrail.

Implementation considerations:
 # AWS S3 IAM  information: https://aws.amazon.com/documentation/iam/
 # AWS CloudTrail information: https://aws.amazon.com/documentation/cloudtrail/
 # This could be a policy mapping or sync mechanism (either online or offline) 
that will allow Ranger policy conditions, and user/group/role or other policy 
elements to be mapped to what is available in AWS IAM. This might entail having 
a different model where the Ranger plugin might not be running in the cloud 
native service and might require a proxy or other paradigms to be effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-1973) XACML standards based Ranger Policy Set export and import

2018-02-07 Thread Srikanth Venkat (JIRA) 
Srikanth Venkat created RANGER-1973:
---

 Summary: XACML standards based Ranger Policy Set export and import 
 Key: RANGER-1973
 URL: https://issues.apache.org/jira/browse/RANGER-1973
 Project: Ranger
  Issue Type: New Feature
  Components: Ranger
Reporter: Srikanth Venkat


As an enterprise security admin, I need to be able to export Ranger policy set 
in XACML compliant format and also translate or bulk import policy sets 
expressed in XACML into Ranger so that I can enhance my access control and 
authorization entitlements with a standards based approach. This feature will 
also allow interoperability with other XACML compliant policy environments and 
provide a clean integration with such systems.

Implementation considerations:
 # OASIS XACML 3.0 standards and implementation considerations at: 
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
 # This should work both with REST API based export/import and also be 
available via Ranger Admin UI



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1880) TagSync update to process TRAIT_UPDATE notification from Atlas

2018-02-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1880:
-
Fix Version/s: 1.0.0

> TagSync update to process TRAIT_UPDATE notification from Atlas
> --
>
> Key: RANGER-1880
> URL: https://issues.apache.org/jira/browse/RANGER-1880
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: master
>Reporter: Madhan Neethiraj
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0
>
>
> Apache Atlas introduced a REST API to update attributes of a tag 
> (ATLAS-1751). A notification type, TRAIT_UPDATE, was added to notify when 
> attributes of a tag are updated using this new API. Apache Ranger TagSync 
> module should be updated to process this new notification type from Apache 
> Atlas.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-1940) Upgrade to Knox 1.0.0

2018-02-07 Thread Colm O hEigeartaigh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh resolved RANGER-1940.
-
Resolution: Fixed

> Upgrade to Knox 1.0.0
> -
>
> Key: RANGER-1940
> URL: https://issues.apache.org/jira/browse/RANGER-1940
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 0001-RANGER-1940-Upgrade-to-Knox-1.0.0.patch
>
>
> This task is to upgrade to Knox 1.0.0. We can take advantage of the changes 
> made to the GatewayTestDriver to simplify the test configuration as a result.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-1972) Ability to label policies, filter/search and show policies by labels

2018-02-07 Thread bhavik patel (JIRA) 
bhavik patel created RANGER-1972:


 Summary: Ability to label policies, filter/search and show 
policies by labels
 Key: RANGER-1972
 URL: https://issues.apache.org/jira/browse/RANGER-1972
 Project: Ranger
  Issue Type: New Feature
  Components: Ranger
Affects Versions: 1.0.0
Reporter: bhavik patel
Assignee: bhavik patel
 Fix For: 1.0.0


In Ranger Admin, need a feature to be able to group (for example by tenant name 
or business unit) sets of policies with one or more labels that are relevant to 
business. 
Furthermore, Need to able to search policies on this additional set of labels. 
This will be useful for export/import policies as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)