[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2013:
--
Attachment: (was: RANGER-2013.patch)

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 0001-RANGER-2013.patch
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2013:
--
Attachment: 0001-RANGER-2013.patch

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 0001-RANGER-2013.patch
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65978: RANGER-2013 : Restrict updation of user source

2018-03-07 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

(Updated March 8, 2018, 7:18 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/3/

Changes: https://reviews.apache.org/r/65978/diff/2-3/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2013:
--
Attachment: (was: 
0001-RANGER-2013-Restrict-updation-of-user-source.patch)

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2013.patch
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65978: RANGER-2013 : Restrict updation of user source

2018-03-07 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

(Updated March 8, 2018, 6:54 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/2/

Changes: https://reviews.apache.org/r/65978/diff/1-2/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2013:
--
Attachment: RANGER-2013.patch

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2013.patch
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65961: Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65961/#review198858
---


Ship it!




Ship It!

- Madhan Neethiraj


On March 8, 2018, 1:28 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65961/
> ---
> 
> (Updated March 8, 2018, 1:28 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2009
> https://issues.apache.org/jira/browse/RANGER-2009
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Improve delegate-admin processing for Ranger policies. In particular, HDFS 
> policy with delegate-admin flag set and with resource string terminated by 
> '/' is not listed in the policy page even though logged in user is allowed to 
> manage it.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  189dc2c84 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  29ecfa8ea 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  ffeea2628 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  60b350ee8 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cb7ca52da 
> 
> 
> Diff: https://reviews.apache.org/r/65961/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with local VM.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Closed] (RANGER-1982) Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan closed RANGER-1982.
-

> Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms
> -
>
> Key: RANGER-1982
> URL: https://issues.apache.org/jira/browse/RANGER-1982
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 0001-RANGER-1982-V2.patch, RANGER-1982.patch
>
>
> Improve Error handling in analytical metrics of ranger admin and ranger kms



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Closed] (RANGER-1998) Add ability to specify passwords for admin accounts during ranger install only.

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan closed RANGER-1998.
-

> Add ability to specify passwords for admin accounts during ranger install 
> only.
> ---
>
> Key: RANGER-1998
> URL: https://issues.apache.org/jira/browse/RANGER-1998
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1998-Add-ability-to-specify-passwords-for-adm.patch
>
>
> 1] Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
> rangertagsync users are seeded users and they are not configurable during the 
> install process. This task is to provide a facility to specify the admin 
> users password during ranger install.
> 2] This feature can only be used once, for changing the admin user password 
> for more than one time, users can use Ranger UI or using change password 
> utility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Closed] (RANGER-1993) Improvement on permission module for listing modules

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan closed RANGER-1993.
-

> Improvement on permission module for listing modules
> 
>
> Key: RANGER-1993
> URL: https://issues.apache.org/jira/browse/RANGER-1993
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1993-Improvement-on-permission-module-for-lis.patch
>
>
> # On permission listing page, if there are many users/group added in modules 
> and we do partial search then it gives pagination even when number of modules 
> are 7.
>  # on Policy Listing Page, we don't have partial search for users and groups.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 65978: RANGER-2013 : Restrict updation of user source

2018-03-07 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/1/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2013:
--
Attachment: 0001-RANGER-2013-Restrict-updation-of-user-source.patch

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 0001-RANGER-2013-Restrict-updation-of-user-source.patch
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2009) Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Abhay Kulkarni (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390678#comment-16390678
 ] 

Abhay Kulkarni commented on RANGER-2009:


Patch is available at the review board:

https://reviews.apache.org/r/65961/

> Improve delegate-admin processing for Ranger policies
> -
>
> Key: RANGER-2009
> URL: https://issues.apache.org/jira/browse/RANGER-2009
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2009-HDFS-resource-delegation-improvement.patch, 
> RANGER-2009.patch
>
>
> HDFS resource delegation improvement.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2009) Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Abhay Kulkarni (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-2009:
---
Attachment: RANGER-2009.patch

> Improve delegate-admin processing for Ranger policies
> -
>
> Key: RANGER-2009
> URL: https://issues.apache.org/jira/browse/RANGER-2009
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2009-HDFS-resource-delegation-improvement.patch, 
> RANGER-2009.patch
>
>
> HDFS resource delegation improvement.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-2009) Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Abhay Kulkarni (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni reassigned RANGER-2009:
--

Assignee: Abhay Kulkarni  (was: Nikhil Purbhe)

> Improve delegate-admin processing for Ranger policies
> -
>
> Key: RANGER-2009
> URL: https://issues.apache.org/jira/browse/RANGER-2009
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2009-HDFS-resource-delegation-improvement.patch
>
>
> HDFS resource delegation improvement.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 65961: Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65961/
---

Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.


Summary (updated)
-

Improve delegate-admin processing for Ranger policies


Bugs: RANGER-2009
https://issues.apache.org/jira/browse/RANGER-2009


Repository: ranger


Description (updated)
---

Improve delegate-admin processing for Ranger policies. In particular, HDFS 
policy with delegate-admin flag set and with resource string terminated by '/' 
is not listed in the policy page even though logged in user is allowed to 
manage it.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 189dc2c84 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 29ecfa8ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 ffeea2628 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
 60b350ee8 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
cb7ca52da 


Diff: https://reviews.apache.org/r/65961/diff/1/


Testing (updated)
---

Tested with local VM.


Thanks,

Abhay Kulkarni

[jira] [Updated] (RANGER-2009) Improve delegate-admin processing for Ranger policies

2018-03-07 Thread Abhay Kulkarni (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2009?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-2009:
---
Summary: Improve delegate-admin processing for Ranger policies  (was: HDFS 
resource delegation improvement)

> Improve delegate-admin processing for Ranger policies
> -
>
> Key: RANGER-2009
> URL: https://issues.apache.org/jira/browse/RANGER-2009
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2009-HDFS-resource-delegation-improvement.patch
>
>
> HDFS resource delegation improvement.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65950: Add support to allow clients to access resource permissions stored in Ranger

2018-03-07 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review198831
---




agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
Line 384 (original), 384 (patched)


Please consider adding another method with a diffrent signature to get list 
of RangerPolicyItemEvaluators, instead of changing signature and implementation 
of this critical method.

Signature of new method may look like:

List getDeterminingPolicyItems(String user, 
Set userGroups, List accessType);

Then have the caller provide list of all available hbase accessTypes - they 
can be figured out from hbase Service-definition).

Method implementation may call getDeterminingPolicyItem for each accessType 
to build a list.

This will isolate current implementation from hbase specific changes.

Thanks!


- Abhay Kulkarni


On March 7, 2018, 2:13 p.m., Ankit Singhal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> ---
> 
> (Updated March 7, 2018, 2:13 p.m.)
> 
> 
> Review request for ranger and Ramesh Mani.
> 
> 
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-1958 [HBase] Implement getUserPermissions API of 
> AccessControlService.Interface to allow clients to access HBase permissions 
> stored in Ranger
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  189dc2c 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  f8241c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  2b66c70 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  7a890b8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  aad7834 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  12b675b 
>   
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
>  665640f 
>   
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
>  9f0e5ac 
>   hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json 
> f563c28 
> 
> 
> Diff: https://reviews.apache.org/r/65950/diff/1/
> 
> 
> Testing
> ---
> 
> Unit testing is done
> 
> 
> Thanks,
> 
> Ankit Singhal
> 
>

Re: Review Request 65950: Add support to allow clients to access resource permissions stored in Ranger

2018-03-07 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/#review198830
---




agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Lines 32 (patched)


Ankit, please rebase the patch for the Apache Master and send it again. It 
is not applying.


- Ramesh Mani


On March 7, 2018, 2:13 p.m., Ankit Singhal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65950/
> ---
> 
> (Updated March 7, 2018, 2:13 p.m.)
> 
> 
> Review request for ranger and Ramesh Mani.
> 
> 
> Bugs: RANGER-1958
> https://issues.apache.org/jira/browse/RANGER-1958
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-1958 [HBase] Implement getUserPermissions API of 
> AccessControlService.Interface to allow clients to access HBase permissions 
> stored in Ranger
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  189dc2c 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  f8241c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  2b66c70 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  7a890b8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  aad7834 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  12b675b 
>   
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
>  665640f 
>   
> hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
>  9f0e5ac 
>   hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json 
> f563c28 
> 
> 
> Diff: https://reviews.apache.org/r/65950/diff/1/
> 
> 
> Testing
> ---
> 
> Unit testing is done
> 
> 
> Thanks,
> 
> Ankit Singhal
> 
>

[jira] [Updated] (RANGER-1495) Good coding practices recommendation by static code analysis

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1495:
-
Fix Version/s: 1.0.0

> Good coding practices recommendation by static code analysis
> 
>
> Key: RANGER-1495
> URL: https://issues.apache.org/jira/browse/RANGER-1495
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.1
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
>
> Good coding practices recommendation by static code analysis



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1513) Add Support for S3 authorization in Ranger Hive Plugin

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1513:
-
Fix Version/s: 1.0.0

> Add Support for S3 authorization in Ranger Hive Plugin
> --
>
> Key: RANGER-1513
> URL: https://issues.apache.org/jira/browse/RANGER-1513
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
> Attachments: s3.png
>
>
> Ranger Hive Plugin currently does authorization on the URI which are in Hive 
> commands. 
> e.g
>  CREATE EXTERNAL TABLE  LOCATION [URI];
>  LOAD DATA INPATH [URI] INTO TABLE ...;
> THE URIs in this commands would be HDFS uri and currently authorized by 
> ranger.
> This URI can be in various hive commands like
> create database
> create table
> create function
> insert
> delete
> add jar
> add partition
> But in case if these URI is S3 it not authorized as hdfs doesn't have the api 
> to do on this. This JIRA would provide a READ and WRITE permission to s3 URI 
> via a new Ranger Hive Service URI resource. Attaching a screen shot on the 
> same



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1561) Good coding practice in Ranger recommended by static code analysis

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1561:
-
Fix Version/s: 1.0.0

> Good coding practice in Ranger recommended by static code analysis
> --
>
> Key: RANGER-1561
> URL: https://issues.apache.org/jira/browse/RANGER-1561
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
>
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1665) Ranger needs to provide a way to get list of policies associated with given resource

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1665?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1665:
-
Fix Version/s: 1.0.0

> Ranger needs to provide a way to get list of policies associated with given 
> resource
> 
>
> Key: RANGER-1665
> URL: https://issues.apache.org/jira/browse/RANGER-1665
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: master, 0.7.1
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master, 0.7.2
>
>
> It is useful to support a way (REST API) to fetch all applicable ranger 
> policies for a given resource. This is helpful in ensuring that Ranger 
> security policies exist to control access to the resource in question, and to 
> support/implement security audit controls.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1578) Ranger plugins should use default service-def when it fails to obtain from Ranger Admin or cache

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1578:
-
Fix Version/s: 1.0.0

> Ranger plugins should use default service-def when it fails to obtain from 
> Ranger Admin or cache
> 
>
> Key: RANGER-1578
> URL: https://issues.apache.org/jira/browse/RANGER-1578
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 0.7.0, master
>Reporter: Madhan Neethiraj
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
>
> Ranger plugins obtain service-def at runtime from Ranger Admin. This enables  
> the plugins to receive the latest service-def, which might have been updated 
> to use custom conditions, context-enrichers, etc. However, if the plugin 
> fails to obtain the service-def from Ranger Admin (or from local-cache), it 
> should use a default version of service-def - against which the plugin was 
> developed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1678:
-
Fix Version/s: 1.0.0

> In different places to achieve the same function using repeat codes, new 
> issue is perhaps generated when these functions are modified.
> --
>
> Key: RANGER-1678
> URL: https://issues.apache.org/jira/browse/RANGER-1678
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Major
>  Labels: newbie, patch
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch
>
>
> In agents-audit module, there are following two places of writing audit logs 
> to solr: 
> 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
> 2. org.apache.ranger.audit.destination.SolrAuditDestination.
> Above classes use the same method( "MiscUtil.executePrivilegedAction") to 
> send the audit logs to solr. Codes is as following
> final UpdateResponse response = MiscUtil.executePrivilegedAction(new 
> PrivilegedExceptionAction() {
> @Override
> public UpdateResponse run() throws Exception {
> return solrClient.add(docs);
> }
>  }); 
> We should extract the common method to let our codes more cleaner and reduce 
> the possibility of new issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1705) Good coding practice in Ranger recommended by static code analysis

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1705:
-
Fix Version/s: 1.0.0

> Good coding practice in Ranger recommended by static code analysis
> --
>
> Key: RANGER-1705
> URL: https://issues.apache.org/jira/browse/RANGER-1705
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Ankita Sinha
>Assignee: Ankita Sinha
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
> Attachments: RANGER-1705.patch
>
>
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1695) Optimize Ranger code for authorization of HDFS 'getContentSummary' and 'delete' commands

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1695:
-
Fix Version/s: 1.0.0

> Optimize Ranger code for authorization of HDFS 'getContentSummary' and 
> 'delete' commands
> 
>
> Key: RANGER-1695
> URL: https://issues.apache.org/jira/browse/RANGER-1695
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master, 0.7.2
>
>
> HDFS commands such as getContentSummary and delete require Ranger to 
> authorize access to entire directory hierarchy rooted at the directory passed 
> in as argument. Ranger could optimize this code by pruning the directory tree 
> whenever a sub-directory, and directory hierarchy rooted in it, is authorized 
> for requested access. This could potentially save many spurious authorization 
> API calls with Ranger policy engine.
> Also, it will be useful to gather and log performance metrics for the Ranger 
> authorization API call for every Ranger plugin.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1736) Good coding practice in Ranger recommended by static code analysis

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1736:
-
Fix Version/s: 1.0.0

> Good coding practice in Ranger recommended by static code analysis
> --
>
> Key: RANGER-1736
> URL: https://issues.apache.org/jira/browse/RANGER-1736
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
>
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1739) build_ranger_using_docker script cannot download jdk8

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1739:
-
Fix Version/s: 1.0.0

> build_ranger_using_docker script cannot download jdk8
> -
>
> Key: RANGER-1739
> URL: https://issues.apache.org/jira/browse/RANGER-1739
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Endre Kovacs
>Assignee: Don Bosco Durai
>Priority: Trivial
>  Labels: building, docker, patch, ranger
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1739-replaced-broken-Oracle-link-of-JDK8.patch
>
>
> when running the build_ranger_using_docker.sh at the root of the ranger git 
> repo, it fails at downloading the JDK:
> {code}
> Step 7/27 : RUN wget --no-cookies --no-check-certificate --header "Cookie: 
> gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; 
> oraclelicense=accept-securebackup-cookie" 
> http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm
>  ---> Running in b584c91a8c0c
> --2017-08-17 14:17:26--  
> http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm
> Resolving download.oracle.com (download.oracle.com)... 184.25.56.53, 
> 184.25.56.42
> Connecting to download.oracle.com (download.oracle.com)|184.25.56.53|:80... 
> connected.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location: 
> https://edelivery.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm
>  [following]
> --2017-08-17 14:17:27--  
> https://edelivery.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm
> Resolving edelivery.oracle.com (edelivery.oracle.com)... 23.38.230.138, 
> 2600:1406:1a:394::2d3e, 2600:1406:1a:3a1::2d3e
> Connecting to edelivery.oracle.com 
> (edelivery.oracle.com)|23.38.230.138|:443... connected.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location: 
> http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm?AuthParam=1502979568_edc79e4130b659b00994116519f1815c
>  [following]
> --2017-08-17 14:17:28--  
> http://download.oracle.com/otn-pub/java/jdk/8u101-b13/jdk-8u101-linux-x64.rpm?AuthParam=1502979568_edc79e4130b659b00994116519f1815c
> Connecting to download.oracle.com (download.oracle.com)|184.25.56.53|:80... 
> connected.
> HTTP request sent, awaiting response... 404 Not Found
> 2017-08-17 14:17:29 ERROR 404: Not Found.
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1782) When the drop-down box is switched, more than one symbol is displayed each time in ranger-web-hivedev

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1782:
-
Fix Version/s: 1.0.0

> When the drop-down box is switched, more than one symbol is displayed each 
> time in ranger-web-hivedev 
> --
>
> Key: RANGER-1782
> URL: https://issues.apache.org/jira/browse/RANGER-1782
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Minor
>  Labels: patch
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1782-When-the-drop-down-box-is-switched-more-.patch, 1.bmp
>
>
> In ranger-web-hivedev ,when the drop-down box is switched, more than one 
> symbol is displayed each time(see 1.bmp).
> 1.switch "database" and "url"
> 2.switch "udf" and "table"
> 3.then show ** , but correctly it should display only one *
> I have modifyed with patch



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1760) test_resourcematcher_default.json is invalid

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1760?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1760:
-
Fix Version/s: 1.0.0

> test_resourcematcher_default.json is invalid
> 
>
> Key: RANGER-1760
> URL: https://issues.apache.org/jira/browse/RANGER-1760
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Deepak Sharma
>Priority: Major
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1760-fixing-the-issue-in-test_resourcematcher.patch
>
>
> test_resourcematcher_default.json is invalid
> there are many such instance in that
> {code}
> Error: Parse error on line 133:
> ...t": false  },  ]   
> },  {   "name"
> -^
> Expecting 'STRING', 'NUMBER', 'NULL', 'TRUE', 'FALSE', '{', '[', got ']'
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1795) Service should not be renamed if tagged service resources exist for it

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1795:
-
Fix Version/s: 1.0.0

> Service should not be renamed if tagged service resources exist for it
> --
>
> Key: RANGER-1795
> URL: https://issues.apache.org/jira/browse/RANGER-1795
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master, 0.7.2
>
>
> If a service is renamed in the presence of tagged service-resources that 
> refer to the service (through service-id), then a major discrepancy is 
> introduced in security+governance database. Therefore, it is necessary to 
> fail service update under these circumstances.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1806) Good coding practice in Ranger recommended by static code analysis

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1806:
-
Fix Version/s: 1.0.0

> Good coding practice in Ranger recommended by static code analysis
> --
>
> Key: RANGER-1806
> URL: https://issues.apache.org/jira/browse/RANGER-1806
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
> Attachments: 0001-RANGER-1806-v1.patch, 0001-RANGER-1806.patch
>
>
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1817) Audit to Solr fails to log when the number of columns are in large number

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1817:
-
Fix Version/s: 1.0.0

> Audit to Solr fails to log when the number of columns are in large number
> -
>
> Key: RANGER-1817
> URL: https://issues.apache.org/jira/browse/RANGER-1817
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0, master, 0.7.1
>
> Attachments: 0001-RANGER-1817.patch
>
>
> Audit to Solr fails to log when the number of columns are in large number. 
> This is due to Solr has a hard limit on solr.StrField and if this string is 
> exceeding max length 32766, it throws exception which causes the audit to 
> fail. To overcome this we need to trip this in Audit records and the best 
> place to do it is in solr schema for ranger-audits.
> For this we need to change the file managed_schema in ranger and commit it to 
> zookeeper.
> Change required in the managed_schema file is, find the following in the 
> managed_schema file and add this param to limit the length to 2500 max. 
> {noformat}
>  sortMissingLast="true" omitNorms="true">
> 
> 
> 
> 
> 
> 
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1833) Update Ranger to use 0.8.1 Atlas version

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1833:
-
Fix Version/s: 1.0.0

> Update Ranger to use 0.8.1 Atlas version
> 
>
> Key: RANGER-1833
> URL: https://issues.apache.org/jira/browse/RANGER-1833
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master
>
>
> Ranger currently uses an old Atlas version (0.7-incubating). It needs to use 
> latest Apache Atlas version (0.8.1).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1907) The solr-solrj jar is not need for hive-agent. So it should be removed from the pom.xml file of the hive-agent

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1907:
-
Fix Version/s: 1.0.0

> The solr-solrj jar is not need for hive-agent. So it should be removed from 
> the pom.xml file of the hive-agent
> --
>
> Key: RANGER-1907
> URL: https://issues.apache.org/jira/browse/RANGER-1907
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Minor
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1907-The-solr-solrj-jar-is-not-need-for-hive-.patch
>
>
> The solr-solrj jar is not need for hive-agent. So it should be removed from 
> the pom.xml file of the hive-agent.
> I had carefully tested the ranger + hive-agent after modified the issue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1930) Add consolidated db schema script for all supported DB flavor

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1930:
-
Fix Version/s: 1.0.0

> Add consolidated db schema script for all supported DB flavor
> -
>
> Key: RANGER-1930
> URL: https://issues.apache.org/jira/browse/RANGER-1930
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.0.0, master
>
> Attachments: RANGER-1930-master.patch
>
>
> A consolidated db schema script for all supported DB flavor would be required 
> as execution of db patches and java patches takes lot of time. Before 
> installing Ranger User can separately run this script to reduce db setup and 
> installation time.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1932) After create the service of yarndev,the policy named 'all-queue' created for the default user should have all the permissions.However, this policy does't take effect.

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1932:
-
Fix Version/s: 1.0.0

> After create the service of yarndev,the policy named 'all-queue' created for 
> the default user should have all the permissions.However, this policy does't 
> take effect.
> --
>
> Key: RANGER-1932
> URL: https://issues.apache.org/jira/browse/RANGER-1932
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Major
>  Labels: patch
> Fix For: 1.0.0, master, 0.7.2
>
> Attachments: 0001-RANGER-1932.patch
>
>
> Steps:
> 1.Create service named yarndev and userName is xiehh
> 2.The Queue of the default policy for user xiehh is .\*
> 3.Using xiehh to execute the command line 'hadoop jar 
> /home/xiehh/hadoop-2.7.1/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.1.jar
>  wordcount -Dmapreduce.job.queuename=default /input /output/mr'
>   Exceptions are as follows:
> {code}
>   [xiehh@zdh41 hadoop-2.7.1]$ hadoop jar 
> /home/xiehh/hadoop-2.7.1/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.1.jar
>  wordcount -Dmapreduce.job.queuename=default /input /output/mr
> 17/12/15 10:53:27 WARN util.NativeCodeLoader: Unable to load native-hadoop 
> library for your platform... using builtin-java classes where applicable
> 17/12/15 10:53:28 INFO client.RMProxy: Connecting to ResourceManager at 
> /0.0.0.0:8032
> 17/12/15 10:53:28 INFO input.FileInputFormat: Total input paths to process : 1
> 17/12/15 10:53:28 INFO mapreduce.JobSubmitter: number of splits:1
> 17/12/15 10:53:29 INFO mapreduce.JobSubmitter: Submitting tokens for job: 
> job_1513238905285_0005
> 17/12/15 10:53:44 INFO mapreduce.JobSubmitter: Cleaning up the staging area 
> /tmp/hadoop-yarn/staging/xiehh/.staging/job_1513238905285_0005
> java.io.IOException: org.apache.hadoop.yarn.exceptions.YarnException: Failed 
> to submit application_1513238905285_0005 to YARN : 
> org.apache.hadoop.security.AccessControlException: User xiehh cannot submit 
> applications to queue root.default
>   at org.apache.hadoop.mapred.YARNRunner.submitJob(YARNRunner.java:306)
>   at 
> org.apache.hadoop.mapreduce.JobSubmitter.submitJobInternal(JobSubmitter.java:240)
>   at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1290)
>   at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1287)
>   at java.security.AccessController.doPrivileged(Native Method)
>   at javax.security.auth.Subject.doAs(Subject.java:415)
>   at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>   at org.apache.hadoop.mapreduce.Job.submit(Job.java:1287)
>   at org.apache.hadoop.mapreduce.Job.waitForCompletion(Job.java:1308)
>   at org.apache.hadoop.examples.WordCount.main(WordCount.java:87)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:606)
>   at 
> org.apache.hadoop.util.ProgramDriver$ProgramDescription.invoke(ProgramDriver.java:71)
>   at org.apache.hadoop.util.ProgramDriver.run(ProgramDriver.java:144)
>   at org.apache.hadoop.examples.ExampleDriver.main(ExampleDriver.java:74)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:606)
>   at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
>   at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
> Caused by: org.apache.hadoop.yarn.exceptions.YarnException: Failed to submit 
> application_1513238905285_0005 to YARN : 
> org.apache.hadoop.security.AccessControlException: User xiehh cannot submit 
> applications to queue root.default
>   at 
> org.apache.hadoop.yarn.client.api.impl.YarnClientImpl.submitApplication(YarnClientImpl.java:270)
>   at 
> org.apache.hadoop.mapred.ResourceMgrDelegate.submitApplication(ResourceMgrDelegate.java:290)
>   at org.apache.hadoop.mapred.YARNRunner.submitJob(YARNRunner.java:290)
>   ... 22 more
> {code}
> The user xiehh does't have the permission, and the default policy for 
> 'all-queue' does't take effect.
> 4.Through analysis,I find that the Queue {noformat} .*{noformat}  is wrong,
>  and we

[jira] [Commented] (RANGER-1939) Simplify Maven dependencies and assembly specification for hdfs plugin module

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390354#comment-16390354
 ] 

Velmurugan Periasamy commented on RANGER-1939:
--

[~abhayk] - is this JIRA still required? Review request seems to be discarded. 

> Simplify Maven dependencies and assembly specification for hdfs plugin module
> -
>
> Key: RANGER-1939
> URL: https://issues.apache.org/jira/browse/RANGER-1939
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
>
> There are two issues with the Maven POM files for Ranger's hdfs plugin module.
> 1. There are overlapping and sometimes conflicting versions of libraries on 
> which hdfs plugin code depends. Conflicts arise partly because some of the 
> libraries packaged with hdfs plugin module are already exist in hdfs 
> component and have different versions.
> 2. assembly specification for hdfs plugin module uses DependencySets - a 
> construct which is confusing and hard to get right. They also clutter up 
> build output log with spurious messages. It is desirable to use FileSets 
> which are easier to understand and straightforward to specify in an assembly 
> spec.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1943) Ranger Solr authorization is skipped when collection is empty or null

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1943:
-
Fix Version/s: 1.0.0

> Ranger Solr authorization is skipped when collection is empty or null
> -
>
> Key: RANGER-1943
> URL: https://issues.apache.org/jira/browse/RANGER-1943
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.2
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
> Fix For: 1.0.0, master, 0.7.2
>
> Attachments: 
> 0001-RANGER-1943-Ranger-Solr-authorization-is-skipped-whe.patch
>
>
> Ranger Solr authorization is skipped when collection is empty or null. This 
> happens when you do a LIST Command.
> curl --negotiate -u : "http://`hostname 
> -f`:8983/solr/admin/collections?action=LIST=json"



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1996) Change Atlas version from 0.8.2 to 1.0.0-SNAPSHOT

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1996:
-
Fix Version/s: 1.1.0

> Change Atlas version from 0.8.2 to 1.0.0-SNAPSHOT
> -
>
> Key: RANGER-1996
> URL: https://issues.apache.org/jira/browse/RANGER-1996
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Reapply commit 
> [e8afb9faad81e7042877aa528635848a0043cb0c|https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=object;h=e8afb9faad81e7042877aa528635848a0043cb0c]
>  and appropriate changes to RangerAtlasAuthorizer.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2001) Similar to RANGER-1469, we should check whether the user or group has existed before the installer create a new user or group when user install usersync

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2001:
-
Fix Version/s: 1.1.0

> Similar to RANGER-1469, we should check whether the user or group has existed 
> before the installer create a new user or group when user install usersync
> 
>
> Key: RANGER-2001
> URL: https://issues.apache.org/jira/browse/RANGER-2001
> Project: Ranger
>  Issue Type: Improvement
>  Components: usersync
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Major
> Fix For: master, 1.1.0
>
> Attachments: 
> 0001-RANGER-2001-Similar-to-RANGER-1469-we-should-check-w.patch
>
>
> Similar to RANGER-1469, we should check whether the user or group has existed 
> before the installer create a new user or group when user install usersync



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2000) Policy effective dates to support time-bound and temporary authorization

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2000:
-
Fix Version/s: 1.1.0

> Policy effective dates to support time-bound and temporary authorization
> 
>
> Key: RANGER-2000
> URL: https://issues.apache.org/jira/browse/RANGER-2000
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Currently Ranger policies have effectiveness period that is permanent i.e. 
> once authored they can only be disabled or enabled. There are many use cases 
> where such policies or even a policy condition needs to be time bound. For 
> example certain financial information about earnings that is sensitive and 
> restricted only until the earnings release date. 
> it would be great to have the ability to specify with each policy a time 
> horizon when it is effective (i.e.) either be effective after a certain date 
> and/or expire after a specific date or only valid within a certain time 
> window and have Ranger check whether the policy is effective before 
> evaluating in the policy engine. Therefore, policy authoring can be 
> simplified and does not require any subsequent action from the user, 
> basically making policy authoring a one time effort and users do not have to 
> go back disable the policies once it is past the expiration date.
> This means that:
>  # Ranger policy engine needs to be able to recognize the start and end times 
> for policies  and enforce them based on period of validity specified by the 
> user.
>  # Active policies should be checked not only based on the resource, user and 
> environment context but also whether the policy is effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1997) Update tagsync to handle Atlas notifications of type V1 and V2

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1997:
-
Fix Version/s: 1.1.0

> Update tagsync to handle Atlas notifications of type V1 and V2
> --
>
> Key: RANGER-1997
> URL: https://issues.apache.org/jira/browse/RANGER-1997
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Atlas is upgraded to emit more efficient Entity Notifications (of type V2). 
> Tagsync needs to be upgraded to handle them.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2002) Ranger support for time based classifications and business terms from Apache Atlas

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2002:
-
Fix Version/s: 1.1.0

> Ranger support for time based classifications and business terms from Apache 
> Atlas
> --
>
> Key: RANGER-2002
> URL: https://issues.apache.org/jira/browse/RANGER-2002
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Currently classifications and business glossary terms in Apache Atlas are 
> treated as being valid permanently in Ranger. There are use cases where such 
> classifications are time bound based on customer input (such as financial 
> information about earnings that is sensitive and restricted only until the 
> earnings release) (i.e) either be effective after a certain date/time and/or 
> expire after a specific date/time or valid only during an interval from a 
> start date/time to an end date/time
> Ranger policy engine needs to be able to recognize the start and end times 
> for tags/classifications received from Apache Atlas via tag sync and enforce 
> tag-based policies depending on attributes of the tags that represent its 
> validity period.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1984) Hbase audit log records may not show all tags associated with accessed column

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1984:
-
Fix Version/s: (was: master)

> Hbase audit log records may not show all tags associated with accessed column
> -
>
> Key: RANGER-1984
> URL: https://issues.apache.org/jira/browse/RANGER-1984
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0
>
>
> When a Hbase column is tagged with a classification,with an active tag and 
> resource policy that allows access, the audit log does not show the tag.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1984) Hbase audit log records may not show all tags associated with accessed column

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1984:
-
Fix Version/s: 1.0.0

> Hbase audit log records may not show all tags associated with accessed column
> -
>
> Key: RANGER-1984
> URL: https://issues.apache.org/jira/browse/RANGER-1984
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0
>
>
> When a Hbase column is tagged with a classification,with an active tag and 
> resource policy that allows access, the audit log does not show the tag.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1988) Fix insecure randomness

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1988:
-
Fix Version/s: (was: master)

> Fix insecure randomness
> ---
>
> Key: RANGER-1988
> URL: https://issues.apache.org/jira/browse/RANGER-1988
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0
>
>
> The random number generator implemented by random() cannot withstand a 
> cryptographic attack. It is more secure to replace it with SecureRandom class.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1988) Fix insecure randomness

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1988:
-
Fix Version/s: 1.0.0

> Fix insecure randomness
> ---
>
> Key: RANGER-1988
> URL: https://issues.apache.org/jira/browse/RANGER-1988
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 0.7.1
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0, master
>
>
> The random number generator implemented by random() cannot withstand a 
> cryptographic attack. It is more secure to replace it with SecureRandom class.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2010) Ranger Tagsync should use cookie based authentication for subsequent requests to Ranger admin

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2010?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2010:
-
Fix Version/s: (was: master)
   1.1.0

> Ranger Tagsync should use cookie based authentication for subsequent requests 
> to Ranger admin
> -
>
> Key: RANGER-2010
> URL: https://issues.apache.org/jira/browse/RANGER-2010
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger, tagsync
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> RANGER-2010-Ranger-Tagsync-should-use-cookie-based-a.patch
>
>
> Ranger Tagsync should use cookie based authentication for subsequent requests 
> to Ranger admin.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-03-07 Thread Ramesh Mani (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16390319#comment-16390319
 ] 

Ramesh Mani commented on RANGER-1958:
-

Pinging [~mad...@apache.org] [~abhayk] also for the review.

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Prep for ranger-1.0.0 release

2018-03-07 Thread Sailaja Polavarapu 
Rangers:
 As we are coming close to releasing ranger-1.0.0, we want to control the 
commits to ranger-1.0 branch. Currently only two JIRAs are open for this 
release (https://issues.apache.org/jira/browse/RANGER-1995 and 
https://issues.apache.org/jira/browse/RANGER-1948). As soon as the fix for 
RANGER-1948 is checked in, we will prepare the sources for release and voting.
Please let me know if you have any concerns/comments.

Thanks,
Sailaja.

On 2/28/18, 2:21 AM, "Colm O hEigeartaigh"  wrote:

Thanks, please update the version on master to 1.1.0-SNAPSHOT as well when
you get a chance to avoid confusion.

Colm.

On Tue, Feb 27, 2018 at 11:50 PM, Sailaja Polavarapu <
spolavar...@hortonworks.com> wrote:

> FYI – ranger-1.0 branch is created with the pom files updated to 1.0.0
> version. From now on, only the patches that are required for 1.0.0 release
> should be cherry picked into this branch.
> Master branch is open for regular commits and will track for next release
> (1.1).
>
> Thanks,
> Sailaja.
>
> On 2/27/18, 1:48 PM, "Sailaja Polavarapu" 
> wrote:
>
> Thanks for all the feedback and +1s. I will be including latest
> version of kafka in ranger-1.0.0. But for Kylin, since there will be
> hadoop3 support release soon, it can be included in that.
> -Sailaja.
>
> On 2/23/18, 2:36 PM, "Zsombor Gegesy"  wrote:
>
> +1 for Ranger 1.0 !
>
> Regards,
>  Zsombor
>
> On Sat, Feb 24, 2018 at 5:03 AM, Velmurugan Periasamy <
> v...@apache.org>
> wrote:
>
> > +1 for Ranger 1.0 release.
> >
> > Thanks Sailaja for volunteering.
> >
> > From:  pengjianhua <35573...@qq.com>
> > Reply-To:  "dev@ranger.apache.org" 
> > Date:  Friday, February 23, 2018 at 4:55 AM
> > To:  "dev@ranger.apache.org" 
> > Subject:  Re: Prep for ranger-1.0.0 release
> >
> > I agree with Colm's point of view. Zhangqiang am developing this
> issue
> > to upgrade Kafka whichwas delayed due to our Spring Festival.
> >
> > I also hope to merge the Apacke Kylin Plugin into the ranger
> 1.0.0. the
> > 2.3.0 version of the Apache kylin is being voted. The Apacke
> Kylin
> > Plugin of the ranger has been successfully applied in some
> business
> > projects.
> >
> >
> >
> > Jianhua Peng
> >
> > 在 2018年02月23日 17:36, Colm O hEigeartaigh 写道:
> > >  +1. It would be nice to get the Kafka upgrade in if possible,
> as
> > currently
> > >  we support a very old version of Kafka.
> > >
> > >  Colm.
> > >
> > >  On Fri, Feb 23, 2018 at 9:00 AM, Jianhua Peng <
> pengjian...@apache.org>
> > >  wrote:
> > >
> > >>  +1
> > >>
> > >>  On 2018/02/23 01:34:36, Sailaja Polavarapu <
> > spolavar...@hortonworks.com>
> > >>  wrote:
> > >>>  Rangers:
> > >>>  As we are planning to do a release of ranger 1.0.0 soon
> (tentatively
> > >>  3/15/2018), I would like to create a branch ranger-1.0.0 for
> > stabilizing
> > >>  the release. All of the fixes should go into the master
> which will
> > track
> > >>  for our next major release and if needed will get
> cherry-picked into
> > >>  ranger-1.0.0 release.
> > >>>  I am volunteering to be the release manager for ranger
> 1.0.0 release.
> > >>  Based on the discussion, current plan is to make the ranger
> 1.0.0
> > release
> > >>  with Hadoop 2.7.x (not Hadoop 3) and Atlas 0.8.2 as
> dependencies.
> > >>>  Please let me know if any of you have any concerns and/or
> suggestions
> > on
> > >>  the release process.
> > >>>  Thanks,
> > >>>  Sailaja.
> > >>>
> > >
> > >
> >
> >
> >
> >
> >
>
>
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

[jira] [Updated] (RANGER-1326) Fix remaining licensing issues

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1326:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Fix remaining licensing issues
> --
>
> Key: RANGER-1326
> URL: https://issues.apache.org/jira/browse/RANGER-1326
> Project: Ranger
>  Issue Type: Bug
>Affects Versions: 0.6.2
>Reporter: Colm O hEigeartaigh
>Priority: Major
> Fix For: 1.1.0
>
>
> We need to fix the remaining licensing issues as raised by Jusin:
> For items not fixed please see [1][2][3].
> Also note that with json2.js license it seems a little unclear to me and may 
> be under the JSON license. It does have “public domain” in the code so it may 
> be OK, it still however needs to be added to LICENSE. Just be careful as the 
> JSON license no longer allowed in Apache software and it is considered 
> category X. [4] In this case you do have a few months grace to remove this 
> [5] but you need to call it out in NOTICE and it still needs to be removed by 
> end of April. [5]
> 1. 
> https://lists.apache.org/thread.html/6949e2f048b07478c861a675ad8e98d750e0f786b272a6afc69df78e@%3Cgeneral.incubator.apache.org%3E
> 2. 
> https://lists.apache.org/thread.html/9552c63b71a38ed75cd252463e788408aa4a9a05abeba36168df5a12@%3Cgeneral.incubator.apache.org%3E
> 3. 
> https://lists.apache.org/thread.html/de169a09f7527fbc3549518f0227ba40ee8524c6e60ba8105d82479b@%3Cgeneral.incubator.apache.org%3E
> 4. https://www.apache.org/legal/resolved#category-x
> 5. 
> https://lists.apache.org/thread.html/bb18f942ce7eb83c11438303c818b885810fb76385979490366720d5@%3Clegal-discuss.apache.org%3E



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1823:
-
Fix Version/s: (was: 1.0.0)
   (was: 0.5.4)
   1.1.0

> Allowed TRUNCATE and INSERT to partition table when the policy item is only 
> "SELECT"
> 
>
> Key: RANGER-1823
> URL: https://issues.apache.org/jira/browse/RANGER-1823
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 0.5.3, 0.7.1
>Reporter: Haihui Xu
>Assignee: Haihui Xu
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition 
> table when the policy item is only SELECT.patch, Screen Shot 2018-01-24 at 
> 12.59.55 PM.png, clipboard.png
>
>
> In beeline, useraa  create table hive_test, such as :  CREATE TABLE 
> hive_test(b string) PARTITIONED BY (a string); then  in ranger admin UI  add 
> a policy for userbb, the policy has only "SELECT"  of table hive_test;   in 
> beeline  userbb  execute "truncate table hive_test" / "insert into hive_test 
> partition(a=20171003) select 1 from hive_test"  is allowed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1645) Update Doc/Wiki to provide details on using custom encryption key and salt for encryption of credentials

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1645:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Update Doc/Wiki to provide details on using custom encryption key and salt 
> for encryption of credentials
> 
>
> Key: RANGER-1645
> URL: https://issues.apache.org/jira/browse/RANGER-1645
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Selvamohan Neethiraj
>Assignee: Endre Kovacs
>Priority: Critical
> Fix For: 1.1.0
>
>
> Please update the Wiki/Doc to show the process to use custom encryption key 
> and salt.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1480) Implement plugin for Druid

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1480:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Implement plugin for Druid
> --
>
> Key: RANGER-1480
> URL: https://issues.apache.org/jira/browse/RANGER-1480
> Project: Ranger
>  Issue Type: New Feature
>  Components: admin, plugins
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 0001-RANGER-1480-Second-version-of-the-druid-plugin.patch
>
>
> Druid is a high-performance, column-oriented, distributed data store, which 
> has an extension mechanism to incorporate various functionalities, for 
> example an external authorization system - just like ranger.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1773) Update Ranger KMS REST APIs to incorporate enunciate documentation

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1773?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1773:
-
Fix Version/s: (was: 0.7.2)
   (was: 1.0.0)
   1.1.0

> Update Ranger KMS REST APIs to incorporate enunciate documentation
> --
>
> Key: RANGER-1773
> URL: https://issues.apache.org/jira/browse/RANGER-1773
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 0.7.1
>Reporter: Mehul Parikh
>Assignee: Mehul Parikh
>Priority: Major
> Fix For: 1.1.0
>
>
> REST API docs for detailed pages of Ranger KMS are not coming from enunciate 
> plugin. Need to make changes in REST APIs of Ranger KMS to get that working. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1821) Logout does not work with RangerSSOAuthenticationFilter

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1821:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Logout does not work with RangerSSOAuthenticationFilter
> ---
>
> Key: RANGER-1821
> URL: https://issues.apache.org/jira/browse/RANGER-1821
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Reporter: Colm O hEigeartaigh
>Priority: Major
> Fix For: 1.1.0
>
>
> Logout does not work with RangerSSOAuthenticationFilter (tested with Knox). 
> There are two issues that I can see:
> a) Logging out while the token is still valid (30s by default from Knox) just 
> logs the user back in again
> b) Logging out while the token is invalid (expired) redirects the user to the 
> user profile page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1885) Remove implied grant for the administer queue permission for the Yarn plugin

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1885:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Remove implied grant for the administer queue permission for the Yarn plugin
> 
>
> Key: RANGER-1885
> URL: https://issues.apache.org/jira/browse/RANGER-1885
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
>Priority: Major
> Fix For: 1.1.0
>
>
> This task is to remove the implied grant for the administer queue permission 
> for the Yarn plugin. Previously, the administer queue permission implied the 
> submit application permission. However, this implication can cause problems 
> when a user is denied the administer queue permission, but explicitly allowed 
> the submit application permission, as the administer queue negative 
> permission then overrides the positive submit application permission (see 
> https://issues.apache.org/jira/browse/RANGER-1339). The easiest fix is just 
> to remove the implied grant, so a user must be explicitly granted the submit 
> application permission in addition to administer queue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1395) LDAP group sync fails with InvalidNameException

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1395:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> LDAP group sync fails with InvalidNameException
> ---
>
> Key: RANGER-1395
> URL: https://issues.apache.org/jira/browse/RANGER-1395
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 0.6.0, 0.7.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 1.0.0
>Reporter: Yan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: ldap_2.patch
>
>
> Some LDAP servers throw exception on group search on posix user names that 
> are not full DNs. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1566) Ranger User Guide on Wiki has outdated information

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1566:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Ranger User Guide on Wiki has outdated information
> --
>
> Key: RANGER-1566
> URL: https://issues.apache.org/jira/browse/RANGER-1566
> Project: Ranger
>  Issue Type: Improvement
>  Components: documentation
>Affects Versions: master
>Reporter: Anna Shaverdian
>Assignee: Anna Shaverdian
>Priority: Major
> Fix For: 1.1.0
>
>
> On the Ranger wiki, the page "Ranger User Guide (work in progress)" is 
> outdated and has some incorrect information, (eg Ranger doesn't have a 
> Analytics tab).  
> It would be helpful to propose new material for this page, which will link to 
> the different key features in Ranger that are available in the "Release 
> Folders" section.
> New Ranger users may need to search through the different releases in 
> "Release Folders" to find the useful information on a topic.  But it might be 
> helpful to update this page to include some links to key features, and update 
> the material on this page.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1951) build problems with the saveVersion.py script

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1951:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> build problems with the saveVersion.py script
> -
>
> Key: RANGER-1951
> URL: https://issues.apache.org/jira/browse/RANGER-1951
> Project: Ranger
>  Issue Type: Bug
>  Components: build-infra
>Affects Versions: 0.7.1
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-1951-1.patch
>
>
> Currently the saveVersion.py has the following problems:
> * it doesn't work with python3 due to 'inconsistent whitespace usage' and 
> because in python3 the byte array is different from a string
> * The checksum is generated from all the java source files from 
> ranger-util/target, which contains at most one java file - a previously 
> generated ranger-util/target/gen/org/apache/ranger/common/package-info.java 
> * 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1496) Excel/csv exported file should have complete details of the policy

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1496:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Excel/csv exported file should have complete details of the policy
> --
>
> Key: RANGER-1496
> URL: https://issues.apache.org/jira/browse/RANGER-1496
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.7.0
>Reporter: Mehul Parikh
>Priority: Minor
> Fix For: 1.1.0
>
>
> If export of the policy is done from the Reports page in excel/csv format 
> then we are not showing info like Isaudit enabled, delegate admin and row 
> filter and masking condition etc .
> Add following fields in exported excel / csv files : 
> * policyType
> * delegateAdmin
> * isRecursiveValue
> * isExcludesValue
> * serviceName
> * description
> * isAuditEnabled
> * conditionKeyValue
> * policyConditionTypeValue
> * maskingInfo
> * filterExpr



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1869) KMS has duplicated code from Hadoop KMS

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1869:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> KMS has duplicated code from Hadoop KMS
> ---
>
> Key: RANGER-1869
> URL: https://issues.apache.org/jira/browse/RANGER-1869
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Affects Versions: 0.7.1
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: hadoop, kms
> Fix For: 1.1.0
>
>
> Ranger KMS contains big chunk of code from Hadoop KMS, slightly altered to 
> implement necessary changes.
>  It seems that two thing changed in Ranger side : 
> * It is possible to customize the implementation for 'KMSACL'
> * It is possible to capture the originating IP address
> For the first, it would be better, if this code is up-streamed. For the 
> second, a servlet filter with a thread local variable would work perfectly.
> For Hadoop 3.0, the KMS module is evolved a bit, so the other solution, is to 
> copy - again - a lot of code, would be a bigger change.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1780:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 0.7.1
>Reporter: Alejandro Fernandez
>Assignee: Alejandro Fernandez
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-1780.patch, ranger_summary.png
>
>
> AuditSummaryQueue already has logic to enable the summarization, but it 
> requires 2 events to have the exact same resource path (plus a couple of 
> other fields such as user, access type, access result, action, client ip, 
> session).
> This Jira is to add a config called 
> xasecure.audit.provider.summary.aggregate.level so that if it is set to 
> "directory" then 2 events can still be aggregated if they are files in the 
> same directory.
> If the config is not specified its default value will be "file" which 
> preserves the existing behavior.
> See [^ranger_summary.png] for screenshot on desired behavior.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1644:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Change the default Crypt Algo to use stronger cryptographic algo. 
> --
>
> Key: RANGER-1644
> URL: https://issues.apache.org/jira/browse/RANGER-1644
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Selvamohan Neethiraj
>Assignee: Endre Kovacs
>Priority: Critical
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch
>
>
> Change the default crypt algorithm to use a stronger cipher algorithm



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1252) Policy lookup does not honor the case sensitivity flag of resources

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1252:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Policy lookup does not honor the case sensitivity flag of resources
> ---
>
> Key: RANGER-1252
> URL: https://issues.apache.org/jira/browse/RANGER-1252
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.6.2
>Reporter: Yan
>Assignee: Yan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: Ranger-1252.patch
>
>
> For case insensitive Hive db/table names, the public API's policy lookup does 
> not hit the case insensitive names. For instance, the following curl command:
> curl -iv -u admin:admin -H "Content-type:application/json" -X GET 
> http://11.22.33.444:6080/service/public/api/policy?databases=db1=table1
> returns different results from running the following command using different 
> cases in names:
> curl -iv -u admin:admin -H "Content-type:application/json" -X GET 
> http://11.22.33.444:6080/service/public/api/policy?databases=DB1=TABLE1
> if there exists such a Hive table db1/table1 in the metastore.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2013:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Restrict updation of user source
> 
>
> Key: RANGER-2013
> URL: https://issues.apache.org/jira/browse/RANGER-2013
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
>
> Improvise validation in  user profile to handle retention of original user 
> source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1567) Base on RANGER-1540, we should provide the appropriate documentaion when the new version is released.

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1567:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Base on RANGER-1540, we should provide the appropriate documentaion when the 
> new version is released.
> -
>
> Key: RANGER-1567
> URL: https://issues.apache.org/jira/browse/RANGER-1567
> Project: Ranger
>  Issue Type: Bug
>  Components: documentation
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Major
>  Labels: patch
> Fix For: 1.1.0
>
>
> Base on RANGER-1540, we should provide the appropriate documentaion when the 
> new version is released.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1643) Handle multiple comma in credentials ...

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1643:
-
Fix Version/s: (was: 1.0.0)
   1.1.0

> Handle multiple comma in credentials ...
> 
>
> Key: RANGER-1643
> URL: https://issues.apache.org/jira/browse/RANGER-1643
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.6.3, 0.7.1
>Reporter: Selvamohan Neethiraj
>Assignee: Endre Kovacs
>Priority: Minor
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-1644-RANGER-1643-using-stronger-crypto-algo-s.patch
>
>
> Currently, PasswordUtils parses the encryption configuration based on the 
> presence of a comma character. The actual password itself may have comma 
> characters. We should fix this to allow the user with the password or we 
> should remove the code that handles the password without having encryption 
> configuration as part of the input string.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389637#comment-16389637
 ] 

Velmurugan Periasamy commented on RANGER-1958:
--

[~an...@apache.org] - I have added you as contributor for Ranger project and 
assigned the ticket to you. 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy reassigned RANGER-1958:


Assignee: Ankit Singhal  (was: Ankita Sinha)

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankit Singhal
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-03-07 Thread Ankit Singhal (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389609#comment-16389609
 ] 

Ankit Singhal edited comment on RANGER-1958 at 3/7/18 2:30 PM:
---

Thanks [~rmani] for volunteering the review, Here is the review request.

[https://reviews.apache.org/r/65950/]

And, also can you please assign this ticket to me(Ankit Singhal).


was (Author: an...@apache.org):
Thanks [~rmani] for volunteering the review, Here is the review request.

[https://reviews.apache.org/r/65950/]

 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1958) [HBase] Implement getUserPermissions API of AccessControlService.Interface to allow clients to access HBase permissions stored in Ranger

2018-03-07 Thread Ankit Singhal (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16389609#comment-16389609
 ] 

Ankit Singhal commented on RANGER-1958:
---

Thanks [~rmani] for volunteering the review, Here is the review request.

[https://reviews.apache.org/r/65950/]

 

> [HBase] Implement getUserPermissions API of AccessControlService.Interface to 
> allow clients to access HBase permissions stored in Ranger
> 
>
> Key: RANGER-1958
> URL: https://issues.apache.org/jira/browse/RANGER-1958
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Ankit Singhal
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1958.patch
>
>
> We have added the support of ACLs in Phoenix as part of PHOENIX-4198. 
> Currently, the implementation relies on some of the APIs provided by 
> AccessControlService.Interface to get the user permission of the table but we 
> see that the API "AccessControlService.Interface#getUserPermissions"  is not 
> yet implemented in Ranger authorization module for HBase and thus, we are 
> unable to access permissions stored for HBase Table in Phoenix.
> In class RangerAuthorizationCoprocessor
> {code}
> @Override
>   public void getUserPermissions(RpcController controller, 
> AccessControlProtos.GetUserPermissionsRequest request, 
> RpcCallback done) {
>   LOG.debug("getUserPermissions(): ");
>   }
> {code}
> If we just implement this API, we can leverage the current HBase Ranger 
> plugin for Phoenix too.
> Although the long-term solution for Ranger could be to implement the 
> coprocessor hooks for Phoenix as how it has been done for HBase so that we 
> can also authorize new entities like VIEW, SEQUENCES, FUNCTIONs  (which can 
> not be supported with native HBase ACLs) along with Table and Schema. 
> Let me know your thoughts, I can try to put up a patch soon.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65950: Add support to allow clients to access resource permissions stored in Ranger

2018-03-07 Thread Ankit Singhal 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65950/
---

(Updated March 7, 2018, 2:13 p.m.)


Review request for ranger and Ramesh Mani.


Bugs: RANGER-1958
https://issues.apache.org/jira/browse/RANGER-1958


Repository: ranger


Description
---

RANGER-1958 [HBase] Implement getUserPermissions API of 
AccessControlService.Interface to allow clients to access HBase permissions 
stored in Ranger


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 189dc2c 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 f8241c5 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceInfo.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 2b66c70 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
 7a890b8 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 aad7834 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 12b675b 
  
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java
 665640f 
  
hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
 9f0e5ac 
  hbase-agent/src/test/resources/policyengine/test_policyengine_hbase.json 
f563c28 


Diff: https://reviews.apache.org/r/65950/diff/1/


Testing
---

Unit testing is done


Thanks,

Ankit Singhal

[jira] [Reopened] (RANGER-1985) Auditing for Ranger Usersync operations

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy reopened RANGER-1985:
--

> Auditing for Ranger Usersync operations
> ---
>
> Key: RANGER-1985
> URL: https://issues.apache.org/jira/browse/RANGER-1985
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger, usersync
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-1985-Auditing-for-Ranger-usersync-operations.patch
>
>
> During every sync cycle, ranger usersync should audit some basic information 
> like number of users, number of groups that are sync'd for that cycle. Also 
> provide details on sync source like the unix, file, or ldap with relevant 
> configuration like ldap filters applied for that sync cycle, ldap host url, 
> etc...
> Add a new tab in the ranger admin UI audits for usersync and show the above 
> information.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1985) Auditing for Ranger Usersync operations

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1985:
-
Fix Version/s: (was: master)

> Auditing for Ranger Usersync operations
> ---
>
> Key: RANGER-1985
> URL: https://issues.apache.org/jira/browse/RANGER-1985
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger, usersync
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-1985-Auditing-for-Ranger-usersync-operations.patch
>
>
> During every sync cycle, ranger usersync should audit some basic information 
> like number of users, number of groups that are sync'd for that cycle. Also 
> provide details on sync source like the unix, file, or ldap with relevant 
> configuration like ldap filters applied for that sync cycle, ldap host url, 
> etc...
> Add a new tab in the ranger admin UI audits for usersync and show the above 
> information.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1985) Auditing for Ranger Usersync operations

2018-03-07 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1985:
-
Fix Version/s: 1.1.0

> Auditing for Ranger Usersync operations
> ---
>
> Key: RANGER-1985
> URL: https://issues.apache.org/jira/browse/RANGER-1985
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger, usersync
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: master, 1.1.0
>
> Attachments: 
> 0001-RANGER-1985-Auditing-for-Ranger-usersync-operations.patch
>
>
> During every sync cycle, ranger usersync should audit some basic information 
> like number of users, number of groups that are sync'd for that cycle. Also 
> provide details on sync source like the unix, file, or ldap with relevant 
> configuration like ldap filters applied for that sync cycle, ldap host url, 
> etc...
> Add a new tab in the ranger admin UI audits for usersync and show the above 
> information.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users

2018-03-07 Thread Pradeep Agrawal 


> On March 7, 2018, 10:43 a.m., Zsombor Gegesy wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
> > Lines 580 (patched)
> > 
> >
> > The same blockAuditorRoleUser method is copied everywhere.
> > 
> > Please move this method to a separate service, and write a unit test 
> > for it. As it is called everywhere it is important to work as expected

@Fatima : I think you can copy that method in RangerBizUtil.java file. see if 
that can fit there and works fine.


- Pradeep


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review198779
---


On March 7, 2018, 9:03 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> ---
> 
> (Updated March 7, 2018, 9:03 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: Ranger-1948
> https://issues.apache.org/jira/browse/Ranger-1948
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This Jira is to cater to need of Auditor roles in Ranger Admin.  
> 
> We can introduce Auditor Roles for both the Administrator Roles in Ranger 
> Admin. 
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/rolebasedusersearchutil.py d651461 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 
> 840bb38 
>   security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 224f1a0 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> ecde444 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
>   security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
>   security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
>   security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
> e31e9d7 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> 0e99be1 
>   security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
> bcf9080 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  d3a28f7 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cb7ca52 
>   
> security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 
> 9c19bb0 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
>  6951cbd 
>   security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
> 4227d85 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 87da9a0 
>   unixauthservice/scripts/install.properties 88bce69 
> 
> 
> Diff: https://reviews.apache.org/r/65914/diff/2/
> 
> 
> Testing
> ---
> 
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits 
> and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see 
> permission tab.
> 8.Auditor role users are  not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties 
> install.properties of usersync during initial start of usersync.Property 
> value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
> _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

[jira] [Created] (RANGER-2013) Restrict updation of user source

2018-03-07 Thread Fatima Amjad Khan (JIRA) 
Fatima Amjad Khan created RANGER-2013:
-

 Summary: Restrict updation of user source
 Key: RANGER-2013
 URL: https://issues.apache.org/jira/browse/RANGER-2013
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.0.0
Reporter: Fatima Amjad Khan
Assignee: Fatima Amjad Khan
 Fix For: 1.0.0


Improvise validation in  user profile to handle retention of original user 
source. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-1998) Add ability to specify passwords for admin accounts during ranger install only.

2018-03-07 Thread Pradeep Agrawal (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-1998.
-
Resolution: Fixed

Patch committed to master branch: 
[https://github.com/apache/ranger/commit/809a78b4a9549ac1d28ae600fc23e769c50ede20]

Patch committed in 1.0 branch : 

https://github.com/apache/ranger/commit/3b5686c5acd94fcbef15efe77aa1496892cc3f85

 

> Add ability to specify passwords for admin accounts during ranger install 
> only.
> ---
>
> Key: RANGER-1998
> URL: https://issues.apache.org/jira/browse/RANGER-1998
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1998-Add-ability-to-specify-passwords-for-adm.patch
>
>
> 1] Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
> rangertagsync users are seeded users and they are not configurable during the 
> install process. This task is to provide a facility to specify the admin 
> users password during ranger install.
> 2] This feature can only be used once, for changing the admin user password 
> for more than one time, users can use Ranger UI or using change password 
> utility.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: 0.7.0 -> 0.7.1 - servicedef changes?

2018-03-07 Thread Nigel Jones 


On 2018/03/06 23:59:32, Nigel Jones  wrote: 
> I have a servicedef which is working well when deployed to a Ranger 0.7.0 
> server (HDP 2.6.4).
> I can create an instance of the new service, with access control & masking 
> policies & they work :-)
> 
> However we've found that when deployed to a cleanly built 0.7.1 / master 
> server (at a few dates in Feb 18) the SAME servicedef results in only access 
> control policies being authorable on the Ranger GUI, NOT tag based policies

Rebuilt with current master (was running ~1 Feb) and can confirm this problem 
does not occur, so looks like it was a temporary master regression

Re: Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users

2018-03-07 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/#review198779
---




security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
Lines 133 (patched)


session is not null here



security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java
Lines 738 (patched)


session is not null here



security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
Lines 580 (patched)


The same blockAuditorRoleUser method is copied everywhere.

Please move this method to a separate service, and write a unit test for 
it. As it is called everywhere it is important to work as expected


- Zsombor Gegesy


On March 7, 2018, 9:03 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65914/
> ---
> 
> (Updated March 7, 2018, 9:03 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: Ranger-1948
> https://issues.apache.org/jira/browse/Ranger-1948
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This Jira is to cater to need of Auditor roles in Ranger Admin.  
> 
> We can introduce Auditor Roles for both the Administrator Roles in Ranger 
> Admin. 
> * Auditor (Readonly privileges from current Admin role user )
> * KMS Auditor (Readonly privileges from current Keydmin role user )
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/rolebasedusersearchutil.py d651461 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 
> 840bb38 
>   security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 224f1a0 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> ecde444 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
>   security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
>   security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
>   security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
> e31e9d7 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> 0e99be1 
>   security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
> bcf9080 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  d3a28f7 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cb7ca52 
>   
> security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 
> 9c19bb0 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
>  6951cbd 
>   security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
> 4227d85 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 87da9a0 
>   unixauthservice/scripts/install.properties 88bce69 
> 
> 
> Diff: https://reviews.apache.org/r/65914/diff/2/
> 
> 
> Testing
> ---
> 
> Tested scenario's:
> 1.Tested admin user is able to create User role user.
> 2.Tested admin user is able to create Auditor role user.
> 3.Tested admin user is not able to create kms auditor role user.
> 4.Tested keyadmin user is able to create kms auditor.
> 5.Tested auditor is able to only view policies, users, services and audits.
> 6.Tested kms auditor is able to only view policies, users, services, audits 
> and keys.
> 7.Tested auditor is able to see permission tab but kms auditor should not see 
> permission tab.
> 8.Auditor role users are  not allowed to import/export policies
> 9.Verified syncing of users from auditor role :: if we add them in properties 
> install.properties of usersync during initial start of usersync.Property 
> value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
> _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName
> 
> 
> Thanks,
> 
> Fatima

[jira] [Updated] (RANGER-1512) Ranger installer fails if hostname contains upper case letter

2018-03-07 Thread Zsombor Gegesy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1512?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zsombor Gegesy updated RANGER-1512:
---
Fix Version/s: (was: master)
   1.0.0

> Ranger installer fails if hostname contains upper case letter 
> --
>
> Key: RANGER-1512
> URL: https://issues.apache.org/jira/browse/RANGER-1512
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Attila Csoma
>Priority: Minor
>  Labels: newbie
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1512-Convert-hostnames-to-lowercase-when-usin.patch
>
>
> Installing Ranger with Ambari 2.4.2 Web UI fails if hostname contains upper 
> case letter due to that mysql stores uppercase hostnames in lowercase format.
> Traceback:
> resource_management.core.exceptions.ExecutionFailed: Execution of 
> 'ambari-python-wrap /usr/hdp/current/ranger-admin/dba_script.py -q' 
> ...
> 2017-04-12 13:05:46,559  [I] Verifying user rangeradmin for Host 
> os-r6-EU-253TO255-Kerberized-2.openstacklocal
> 2017-04-12 13:05:46,559  [JISQL] /usr/jdk64/jdk1.8.0_112/bin/java -cp 
> /usr/hdp/2.5.3.0-37/ranger-admin/ews/lib/mysql-connector-java.jar:/usr/hdp/current/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://os-r6-EU-253TO255-Kerberized-2.openstacklocal/mysql -u root2 -p 
> '' -noheader -trim -c \; -query "select user from mysql.user where 
> user='rangeradmin' and host='os-r6-EU-253TO255-Kerberized-2.openstacklocal';"
> 2017-04-12 13:05:47,225  [I] MySQL user rangeradmin does not exists for host 
> os-r6-EU-253TO255-Kerberized-2.openstacklocal
> 2017-04-12 13:05:47,225  [JISQL] /usr/jdk64/jdk1.8.0_112/bin/java -cp 
> /usr/hdp/2.5.3.0-37/ranger-admin/ews/lib/mysql-connector-java.jar:/usr/hdp/current/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://os-r6-EU-253TO255-Kerberized-2.openstacklocal/mysql -u root2 -p 
> '' -noheader -trim -c \; -query "create user 
> 'rangeradmin'@'os-r6-EU-253TO255-Kerberized-2.openstacklocal' identified by 
> '';"
> 2017-04-12 13:05:47,892  [I] Verifying user rangeradmin for Host 
> os-r6-EU-253TO255-Kerberized-2.openstacklocal
> 2017-04-12 13:05:47,893  [JISQL] /usr/jdk64/jdk1.8.0_112/bin/java -cp 
> /usr/hdp/2.5.3.0-37/ranger-admin/ews/lib/mysql-connector-java.jar:/usr/hdp/current/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://os-r6-EU-253TO255-Kerberized-2.openstacklocal/mysql -u root2 -p 
> '' -noheader -trim -c \; -query "select user from mysql.user where 
> user='rangeradmin' and host='os-r6-EU-253TO255-Kerberized-2.openstacklocal';"
> 2017-04-12 13:05:48,563  [E] Creating MySQL user rangeradmin failed..
> However in mysql:
> mysql> select user, host from mysql.user;
> +-+---+
> | user| host  |
> +-+---+
> ...
> | rangeradmin | os-r6-eu-253to255-kerberized-2.openstacklocal |
> +-+---+



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 58606: RANGER-1512: Ranger installer fails if hostname contains upper case letter

2018-03-07 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58606/#review198777
---


Ship it!




Ship It!

- Zsombor Gegesy


On April 21, 2017, 8:19 a.m., Attila Csoma wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58606/
> ---
> 
> (Updated April 21, 2017, 8:19 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1512
> https://issues.apache.org/jira/browse/RANGER-1512
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Added code to convert hostnames to lowercase in mysql module
> 
> 
> Diffs
> -
> 
>   kms/scripts/dba_script.py c471f59c 
>   security-admin/scripts/dba_script.py 83d6fe72 
> 
> 
> Diff: https://reviews.apache.org/r/58606/diff/1/
> 
> 
> Testing
> ---
> 
> Unit tests ran successfully.
> Manually tested with hostnames containing uppercase letters.
> 
> 
> Thanks,
> 
> Attila Csoma
> 
>

Re: Review Request 62052: issues with test_resourcematcher_default.json

2018-03-07 Thread Zsombor Gegesy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62052/#review198776
---


Ship it!




Ship It!

- Zsombor Gegesy


On Sept. 2, 2017, 2:42 a.m., deepak sharma wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62052/
> ---
> 
> (Updated Sept. 2, 2017, 2:42 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1760
> https://issues.apache.org/jira/browse/RANGER-1760
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> issues with test_resourcematcher_default.json
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/test/resources/resourcematcher/test_resourcematcher_default.json
>  50b4cc3 
> 
> 
> Diff: https://reviews.apache.org/r/62052/diff/1/
> 
> 
> Testing
> ---
> 
> tested the json after the fix and run the tests TestResourceMatcher also 
> where it is used:
> 
> 
> Thanks,
> 
> deepak sharma
> 
>

Fwd: Found Issue In Ranger

2018-03-07 Thread Gautam Borad 
+ dev@ranger.apache.org


-- Forwarded message --
From: parveen Bhandari 
Date: Tue, Mar 6, 2018 at 8:07 PM
Subject: Found Issue In Ranger
To: gbo...@gmail.com




Hello

I have setup hadoop cluster and storm cluster with kerbeos enabled. I try
to enable Ranger in Storm but facing issue when ranger plugin download the
policy from policy server.

Getting Following error in logs of storm


cache file does not exist or not readable '/etc/ranger/stormacl/policyca
che/storm_stormacl.json'
2018-03-06 20:54:31.241 o.a.r.a.c.RangerAdminRESTClient Thread-4 [WARN]
Error getting policies. secureMode=true, user=storm/myserverhostn...@abc.com
(auth:KERBEROS),
response={"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication
Failed"}, serviceName=stormacl



Please Help me..i'm struggling  on this from last 3 weeks.

Thanks