Review Request 66107: Evaluate grantor's group membership in the plugin for grant/revoke request
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66107/ --- Review request for ranger and Madhan Neethiraj. Bugs: RANGER-2027 https://issues.apache.org/jira/browse/RANGER-2027 Repository: ranger Description --- Instead of computing group membership in the ranger-admin, it is better to compute it in the plugin using component's user identity manager and relayed to ranger-admin in the grant/revoke request. Ranger-Admin's user identify manager may be used to compute group membership only as a fallback for backward compatibility. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/GrantRevokeRequest.java 0c5b2d80b hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java 12b675b45 hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 2c2a51866 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java dad8a975e Diff: https://reviews.apache.org/r/66107/diff/1/ Testing --- Passed all unit tests Thanks, Abhay Kulkarni
[jira] [Created] (RANGER-2027) Evaluate grantor's group membership in the plugin for grant/revoke request
Abhay Kulkarni created RANGER-2027: -- Summary: Evaluate grantor's group membership in the plugin for grant/revoke request Key: RANGER-2027 URL: https://issues.apache.org/jira/browse/RANGER-2027 Project: Ranger Issue Type: Bug Components: plugins, Ranger Affects Versions: master Reporter: Abhay Kulkarni Assignee: Abhay Kulkarni Fix For: master, 1.1.0 Instead of computing group membership in the ranger-admin, it is better to compute it in the plugin using component's user identity manager and relayed to ranger-admin in the grant/revoke request. Ranger-Admin's user identify manager may be used to compute group membership only as a fallback for backward compatibility. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66106: Update Hbase plugin to handle default namespace
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66106/ --- Review request for ranger and Madhan Neethiraj. Bugs: RANGER-2026 https://issues.apache.org/jira/browse/RANGER-2026 Repository: ranger Description --- HBase supports a "default" namespace in which Hbase tables are implicitly present when namespace is not explicitly specified. Ranger Hbase policies with table-resource specified with or without a "default" namespace qualifier should match if a table in default namespace is accessed with or without "default" namespace qualifier. Diffs - hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java 1349aef9e hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/HBaseRangerAuthorizationTest.java 665640f07 hbase-agent/src/test/resources/hbase-policies-tag.json 61728c800 Diff: https://reviews.apache.org/r/66106/diff/1/ Testing --- Passed all unit tests. Thanks, Abhay Kulkarni
[jira] [Created] (RANGER-2026) Update Hbase plugin to handle default namespace
Abhay Kulkarni created RANGER-2026: -- Summary: Update Hbase plugin to handle default namespace Key: RANGER-2026 URL: https://issues.apache.org/jira/browse/RANGER-2026 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: master Reporter: Abhay Kulkarni Assignee: Abhay Kulkarni Fix For: master, 1.1.0 HBase supports a "default" namespace in which Hbase tables are implicitly present when namespace is not explicitly specified. Ranger Hbase policies with table-resource specified with or without a "default" namespace qualifier should match if a table in default namespace is accessed with or without "default" namespace qualifier. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66105: tagsync updates to handle hbase namespace entity notification
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66105/ --- Review request for ranger, Madhan Neethiraj and Ramesh Mani. Bugs: RANGER-2025 https://issues.apache.org/jira/browse/RANGER-2025 Repository: ranger Description --- Updated tagsync to handle notification about a Hbase namespace is associated with a classification (tag). Diffs - tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasHbaseResourceMapper.java 33e804a20 tagsync/src/test/java/org/apache/ranger/tagsync/process/TestHbaseResourceMapper.java 499247c41 Diff: https://reviews.apache.org/r/66105/diff/1/ Testing --- Developed and passed unit tests. Thanks, Abhay Kulkarni
[jira] [Created] (RANGER-2025) tagsync updates to handle hbase namespace entity notification
Abhay Kulkarni created RANGER-2025: -- Summary: tagsync updates to handle hbase namespace entity notification Key: RANGER-2025 URL: https://issues.apache.org/jira/browse/RANGER-2025 Project: Ranger Issue Type: Bug Components: tagsync Affects Versions: master Reporter: Abhay Kulkarni Assignee: Abhay Kulkarni Fix For: master, 1.1.0 tagsync needs to be able to handle notification about a Hbase namespace is associated with a classification (tag). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66102: tagsync updates to handle name-services in federated hdfs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66102/ --- Review request for ranger, Apoorv Naik, Madhan Neethiraj, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-2024 https://issues.apache.org/jira/browse/RANGER-2024 Repository: ranger Description --- HDFS entity contained in entity notification includes a name-service-id in case a federated hdfs file/directory is associated with a classification(i.e. tag). tagsync needs to be able to handle such entities and map them correctly to appropriate service-resource in Ranger. Diffs - tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasHdfsResourceMapper.java 378542cd8 tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasResourceMapper.java 5d067a5b4 tagsync/src/test/java/org/apache/ranger/tagsync/process/TestHdfsResourceMapper.java 627690405 Diff: https://reviews.apache.org/r/66102/diff/1/ Testing --- Developed and passed unit tests. Thanks, Abhay Kulkarni
[jira] [Created] (RANGER-2024) tagsync updates to handle name-services in federated hdfs
Abhay Kulkarni created RANGER-2024: -- Summary: tagsync updates to handle name-services in federated hdfs Key: RANGER-2024 URL: https://issues.apache.org/jira/browse/RANGER-2024 Project: Ranger Issue Type: Bug Components: tagsync Affects Versions: master Reporter: Abhay Kulkarni Assignee: Abhay Kulkarni Fix For: master, 1.1.0 HDFS entity contained in entity notification includes a name-service-id in case a federated hdfs file/directory is associated with a classification(i.e. tag). tagsync needs to be able to handle such entities and map them correctly to appropriate service-resource in Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66093: RANGER-2023: Hive test connection / lookup failed in kerberos cluster.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66093/ --- Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan Periasamy. Repository: ranger Description --- RANGER-2023: Hive test connection / lookup failed in kerberos cluster. Diffs - hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveClient.java 265c015 Diff: https://reviews.apache.org/r/66093/diff/1/ Testing --- Tested in Local VM Thanks, Ramesh Mani
[jira] [Updated] (RANGER-2023) Hive test connection / lookup failed in kerberos cluster.
[ https://issues.apache.org/jira/browse/RANGER-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2023: Description: Hive test connection / lookup failed in kerberos cluster . This is caused by regression in https://issues.apache.org/jira/browse/RANGER-1713 (was: Hive test connection failed in kerberos cluster.. This is caused by regression in https://issues.apache.org/jira/browse/RANGER-1713) > Hive test connection / lookup failed in kerberos cluster. > - > > Key: RANGER-2023 > URL: https://issues.apache.org/jira/browse/RANGER-2023 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.1.0 > > > Hive test connection / lookup failed in kerberos cluster . This is caused by > regression in https://issues.apache.org/jira/browse/RANGER-1713 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2023) Hive test connection / lookup failed in kerberos cluster.
[ https://issues.apache.org/jira/browse/RANGER-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2023: Summary: Hive test connection / lookup failed in kerberos cluster. (was: Hive test connection failed in kerberos cluster.) > Hive test connection / lookup failed in kerberos cluster. > - > > Key: RANGER-2023 > URL: https://issues.apache.org/jira/browse/RANGER-2023 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.1.0 > > > Hive test connection failed in kerberos cluster.. This is caused by > regression in https://issues.apache.org/jira/browse/RANGER-1713 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (RANGER-2023) Hive test connection failed in kerberos cluster.
[ https://issues.apache.org/jira/browse/RANGER-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-2023: --- Assignee: Ramesh Mani > Hive test connection failed in kerberos cluster. > > > Key: RANGER-2023 > URL: https://issues.apache.org/jira/browse/RANGER-2023 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.1.0 > > > Hive test connection failed in kerberos cluster.. This is caused by > regression in https://issues.apache.org/jira/browse/RANGER-1713 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: [VOTE] Apache Ranger Release 1.0.0-rc1
+1 for Apache Ranger 1.0.0 rc1 release - verified the build - verified some source files - verified MD5/SHA and PGP signature. Thanks, Ramesh On 3/14/18, 6:27 PM, "Sailaja Polavarapu"wrote: >Rangers: >Thank you for your contribution to Apache Ranger community. Apache Ranger >1.0.0 release candidate #1 is now available for a vote within dev >community. Links to release artifacts are given below. I kindly request >all of the Rangers (dev & PMC members) to review and vote on this release. > >Git tag for the release: > >https://github.com/apache/ranger/tree/release-1.0.0-rc1 (last commit id: >c79aad4362b6f806da47462ec84e35108ba8eb1f) > > >Sources for the release: >https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0. >0.tar.gz > > >Source release verification: > >PGP Signature: > >https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0. >0.tar.gz.asc > > >MD5/SHA Hash: > >https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0. >0.tar.gz.mds > > >Keys to verify the signature of the release artifact are available at: > >https://dist.apache.org/repos/dist/release/ranger/KEYS > > >Release Notes: > > >https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75975356 > > >Build verification steps can be found at: > > http://ranger.apache.org/quick_start_guide.html > > >The vote will be open for at least 72 hours or until necessary number of >votes are reached. >[ ] +1 approve >[ ] +0 no opinion >[ ] -1 disapprove (and reason why) > >Here is my +1 > >Thanks, >Sailaja. >
Review Request 66089: RANGER-2018: Upgrade to Spring 4
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66089/ --- Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Mehul Parikh, suja s, and Velmurugan Periasamy. Bugs: RANGER-2018 https://issues.apache.org/jira/browse/RANGER-2018 Repository: ranger Description --- Here I am proposing to change Spring Security to 4.2.4 and Spring Framework to 4.3.14. Diffs - pom.xml 1df5f2c security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java d9c2bcf security-admin/src/main/java/org/apache/ranger/security/web/filter/MyRememberMeFilter.java 370df70 security-admin/src/main/resources/conf.dist/security-applicationContext.xml 0dda56b security-admin/src/main/webapp/META-INF/applicationContext.xml de1dc67 security-admin/src/main/webapp/META-INF/asynctask-applicationContext.xml 10f1a84 security-admin/src/main/webapp/META-INF/scheduler-applicationContext.xml a9fb632 security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js 529a589 security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js eb65283 security-admin/src/main/webapp/scripts/views/common/ProfileBar.js c6301c3 security-admin/src/test/java/org/apache/ranger/service/PasswordComparisonAuthenticator.java 3dc6413 Diff: https://reviews.apache.org/r/66089/diff/1/ Testing --- Tested the Ranger admin installation, user login, ldap authentication , usersync and other crud operations on service, policy, user and group module. Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-2018) Upgrade to Spring 4
[ https://issues.apache.org/jira/browse/RANGER-2018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2018: Attachment: 0001-RANGER-2018-Upgrade-to-Spring-4.patch > Upgrade to Spring 4 > --- > > Key: RANGER-2018 > URL: https://issues.apache.org/jira/browse/RANGER-2018 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Fix For: 1.1.0 > > Attachments: 0001-RANGER-2018-Upgrade-to-Spring-4.patch > > > RANGER-1824 can be called duplicate of this Jira. Here I am proposing to > change Spring Security 4.2.4 and Spring Framework 4.3.14. > Reference: > * [https://pivotal.io/security/cve-2016-5007] > * https://issues.apache.org/jira/browse/ATLAS-1198 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Atlas policies to filter access
I was able to get past the problems in the previous mail. I'm trying to use the v2 API but authorization doesn't seem to kick in: curl -v -u username:password http://localhost:21000/api/atlas/v2/search/basic?typeName=hdfs_path This call succeeds without the Ranger plugin being called. In 'conf/application.properties' I have "atlas.authorizer.impl = RANGER" and there are no obvious errors in the logs. Is the Atlas authorization framework integrated with the newer REST API yet? Colm. On Tue, Mar 13, 2018 at 5:49 PM, Colm O hEigeartaighwrote: > Thanks Madhan. Just to clarify - ATLAS-2459 is not yet applied, so do I > have to apply this manually to get this to work? > > When trying to install the current Ranger 1.1.0-SNAPSHOT plugin with the > latest Atlas SNAPSHOT distribution I see an error in application.log: > > java.lang.NoClassDefFoundError: org/codehaus/jackson/jaxrs/ > JacksonJsonProvider > at org.apache.ranger.plugin.util.RangerRESTClient.buildClient( > RangerRESTClient.java:209) > > I'm wondering if there is a conflict between the jackson-jaxrs-1.9.13.jar > in the Atlas plugin lib and the version of Jackson used in Atlas? > > Colm. > > On Mon, Mar 12, 2018 at 9:14 PM, Madhan Neethiraj > wrote: > >> Colm, >> >> Perhaps you are using the Atlas service-def from Ranger master, against >> Atlas from branch-0.8 (or from master before ATLAS-2459)? Earlier Atlas >> versions use a different authorization model, which don't allow access >> controls at instance/type levels. Please try with Atlas from master branch. >> >> Hope this helps. >> >> Madhan >> >> >> >> >> On 3/12/18, 11:16 AM, "Colm O hEigeartaigh" wrote: >> >> Hi all, >> >> I'm using the Ranger plugin to secure access to Atlas. How can I >> create a >> policy in Ranger to allow a user access to a subset of the entities? >> So for >> example, I want to allow "alice" to "read" all entities that have a >> given >> type. I created an authorization policy of "type" "Table", but I get >> the >> following error: >> >> curl -u alice:password "http://localhost:21000/api/at >> las/entities?type=Table >> " >> Error 403 {AuthorizationError:You are not >> authorized for READ on [ENTITY] : *} >> >> How can I allow authorization for a subset of the entities? I guess I >> need >> an authorization policy for "Entity" but it's not clear what values >> apart >> from "*" are supported here? >> >> Colm. >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Commented] (RANGER-2015) In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
[ https://issues.apache.org/jira/browse/RANGER-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16400156#comment-16400156 ] Nitin Galave commented on RANGER-2015: -- Committed to [master|https://github.com/apache/ranger/commit/57222febb111066c0867618b89e36c0d44c653c5] branch. > In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if > 'enableDenyAndExceptionsInPolicies : false' > - > > Key: RANGER-2015 > URL: https://issues.apache.org/jira/browse/RANGER-2015 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2015.1.patch > > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > 2. Improvement in policy view mode popup -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2019) Handle upgrade scenario to rename the old ATLAS service def and use the new service def
[ https://issues.apache.org/jira/browse/RANGER-2019?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2019: Attachment: 0001-RANGER-2019-Handle-upgrade-scenario-to-rename-the-ol.patch > Handle upgrade scenario to rename the old ATLAS service def and use the new > service def > --- > > Key: RANGER-2019 > URL: https://issues.apache.org/jira/browse/RANGER-2019 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 1.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 1.1.0 > > Attachments: > 0001-RANGER-2019-Handle-upgrade-scenario-to-rename-the-ol.patch > > > Based on [this RANGER-2004 > commit|https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=9a3d4e306b5e536e294cb20fb67664e2e0b7a7f8], > Atlas service def is updated. During the upgrade of existing env, old Atlas > service def should be renamed so that new service def can be used. > > During migration to Ranger 1.1.0, this Jira should address the following: > # Check for service-def named 'atlas'. If it is not found - nothing more to > do. > # Rename all service instances of type 'atlas', with the addition of a > suffix "-v1". Existing service named 'cl1_atlas' will become 'cl1_atlas-v1'. > If 'cl1_atlas-v1' already exists, append an count like 'cl1_atlas-v1.1', > 'cl1_atlas-v1-2' > # After all service instances are renamed, rename service-def as 'atlas-v1'. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66080: RANGER-2015: In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66080/#review199251 --- Ship it! Ship It! - Mehul Parikh On March 15, 2018, 7:21 a.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66080/ > --- > > (Updated March 15, 2018, 7:21 a.m.) > > > Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-2015 > https://issues.apache.org/jira/browse/RANGER-2015 > > > Repository: ranger > > > Description > --- > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > > 2. Improvement in policy view mode popup. > > > Diffs > - > > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > d10c6a7 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js > 96d9c8b > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js > 80ef1f1 > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js > 998a0a9 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js > b4006ce > security-admin/src/main/webapp/styles/xa.css 4ba75fb > > security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html > 6a46bbd > > security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html > fae698d > security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html > 801681b > > > Diff: https://reviews.apache.org/r/66080/diff/2/ > > > Testing > --- > > 1. Unable to see 'Deny Policy' & 'Except Conditions' when > enableDenyAndExceptionsInPolicies is set to false and vice versa working as > expected. > 2. Also checked newly added policy view mode popup in various places (policy > listing view, Audit->access tab policy view etc.) > > > Thanks, > > Nitin Galave > >
Re: [VOTE] Apache Ranger Release 1.0.0-rc1
+1 On Thu, Mar 15, 2018 at 3:18 AM, Qiang Zhangwrote: > +1 > > On 2018/03/15 01:27:31, Sailaja Polavarapu > wrote: >> Rangers: >> Thank you for your contribution to Apache Ranger community. Apache Ranger >> 1.0.0 release candidate #1 is now available for a vote within dev community. >> Links to release artifacts are given below. I kindly request all of the >> Rangers (dev & PMC members) to review and vote on this release. >> >> Git tag for the release: >> >> https://github.com/apache/ranger/tree/release-1.0.0-rc1 (last commit id: >> c79aad4362b6f806da47462ec84e35108ba8eb1f) >> >> >> Sources for the release: >> https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0.0.tar.gz >> >> >> Source release verification: >> >> PGP Signature: >> >> https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0.0.tar.gz.asc >> >> >> MD5/SHA Hash: >> >> https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/apache-ranger-1.0.0.tar.gz.mds >> >> >> Keys to verify the signature of the release artifact are available at: >> >> https://dist.apache.org/repos/dist/release/ranger/KEYS >> >> >> Release Notes: >> >>https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75975356 >> >> >> Build verification steps can be found at: >> >>http://ranger.apache.org/quick_start_guide.html >> >> >> The vote will be open for at least 72 hours or until necessary number of >> votes are reached. >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >> >> Here is my +1 >> >> Thanks, >> Sailaja. >> >>
[jira] [Updated] (RANGER-2016) Fix null passed in as a HttpServletRequest - into the deletePoliciesProvidedInServiceMap method.
[ https://issues.apache.org/jira/browse/RANGER-2016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zsombor Gegesy updated RANGER-2016: --- Attachment: RANGER-2016.patch > Fix null passed in as a HttpServletRequest - into the > deletePoliciesProvidedInServiceMap method. > > > Key: RANGER-2016 > URL: https://issues.apache.org/jira/browse/RANGER-2016 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: Zsombor Gegesy >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2016.patch > > > Refer https://issues.apache.org/jira/browse/RANGER-1991 for details. > This issue is to get [~zsombor]'s fix into master and 1.1.0 release. CC > [~pradeepagrawal8184] > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66024: RANGER-2016 - fix the code cleanup
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66024/ --- (Updated March 15, 2018, 8:12 a.m.) Review request for ranger. Summary (updated) - RANGER-2016 - fix the code cleanup Bugs: RANGER-2016 https://issues.apache.org/jira/browse/RANGER-2016 Repository: ranger Description (updated) --- There is a code path, where a null is passed as a HttpServletRequest - to trigger 'searching with empty filter'. A simple fix is to introduce a getServicePolicies(serviceName,SearchFilter) method on ServiceREST class, so the HttpServletRequest is not needed anymore, and this method can be called freely. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 86b4e4309 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e74 Diff: https://reviews.apache.org/r/66024/diff/2/ Changes: https://reviews.apache.org/r/66024/diff/1-2/ Testing --- Tested locally Thanks, Zsombor Gegesy
Re: Review Request 66080: RANGER-2015: In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66080/#review199249 --- Ship it! Ship It! - Gautam Borad On March 15, 2018, 7:21 a.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66080/ > --- > > (Updated March 15, 2018, 7:21 a.m.) > > > Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-2015 > https://issues.apache.org/jira/browse/RANGER-2015 > > > Repository: ranger > > > Description > --- > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > > 2. Improvement in policy view mode popup. > > > Diffs > - > > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > d10c6a7 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js > 96d9c8b > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js > 80ef1f1 > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js > 998a0a9 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js > b4006ce > security-admin/src/main/webapp/styles/xa.css 4ba75fb > > security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html > 6a46bbd > > security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html > fae698d > security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html > 801681b > > > Diff: https://reviews.apache.org/r/66080/diff/2/ > > > Testing > --- > > 1. Unable to see 'Deny Policy' & 'Except Conditions' when > enableDenyAndExceptionsInPolicies is set to false and vice versa working as > expected. > 2. Also checked newly added policy view mode popup in various places (policy > listing view, Audit->access tab policy view etc.) > > > Thanks, > > Nitin Galave > >
Re: Review Request 66036: RANGER-1496 : Excel/csv exported file should have complete details of the policy
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66036/#review199248 --- Ship it! Ship It! - Pradeep Agrawal On March 13, 2018, 12:04 p.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66036/ > --- > > (Updated March 13, 2018, 12:04 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: RANGER-1496 > https://issues.apache.org/jira/browse/RANGER-1496 > > > Repository: ranger > > > Description > --- > > If export of the policy is done from the Reports page in excel/csv format > then we are not showing info like Isaudit enabled, delegate admin and row > filter and masking condition etc . > Add following fields in exported excel / csv files : > > * policyType > * delegateAdmin > * isRecursiveValue > * isExcludesValue > * serviceName > * description > * isAuditEnabled > * conditionKeyValue > * policyConditionTypeValue > * maskingInfo > * filterExpr > * policyLabel > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ecde444 > > > Diff: https://reviews.apache.org/r/66036/diff/1/ > > > Testing > --- > > Tested and validated the exported Excel. > Tested and validated the exported CSV. > > > Thanks, > > Fatima Khan > >
Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger Admin users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/#review199247 --- Ship it! Ship It! - Pradeep Agrawal On March 13, 2018, 1:43 p.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65914/ > --- > > (Updated March 13, 2018, 1:43 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: RANGER-1948 > https://issues.apache.org/jira/browse/RANGER-1948 > > > Repository: ranger > > > Description > --- > > This Jira is to cater to need of Auditor roles in Ranger Admin. > > We can introduce Auditor Roles for both the Administrator Roles in Ranger > Admin. > * Auditor (Readonly privileges from current Admin role user ) > * KMS Auditor (Readonly privileges from current Keydmin role user ) > > > Diffs > - > > security-admin/scripts/rolebasedusersearchutil.py d651461 > security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 > security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > 224f1a0 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > ecde444 > security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 > security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa > security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java > e31e9d7 > security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java > bcf9080 > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > d3a28f7 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 229863e > security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 > > security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java > 6951cbd > security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java > 4227d85 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 87da9a0 > security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f > unixauthservice/scripts/install.properties be8723c > > > Diff: https://reviews.apache.org/r/65914/diff/5/ > > > Testing > --- > > Tested scenario's: > 1.Tested admin user is able to create User role user. > 2.Tested admin user is able to create Auditor role user. > 3.Tested admin user is not able to create kms auditor role user. > 4.Tested keyadmin user is able to create kms auditor. > 5.Tested auditor is able to only view policies, users, services and audits. > 6.Tested kms auditor is able to only view policies, users, services, audits > and keys. > 7.Tested auditor is able to see permission tab but kms auditor should not see > permission tab. > 8.Auditor role users are not allowed to import/export policies > 9.Verified syncing of users from auditor role :: if we add them in properties > install.properties of usersync during initial start of usersync.Property > value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= > _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName > > > Thanks, > > Fatima Khan > >
[jira] [Updated] (RANGER-2015) In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
[ https://issues.apache.org/jira/browse/RANGER-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-2015: - Attachment: RANGER-2015.1.patch > In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if > 'enableDenyAndExceptionsInPolicies : false' > - > > Key: RANGER-2015 > URL: https://issues.apache.org/jira/browse/RANGER-2015 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2015.1.patch > > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > 2. Improvement in policy view mode popup -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2015) In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
[ https://issues.apache.org/jira/browse/RANGER-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-2015: - Attachment: (was: RANGER-2015.patch) > In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if > 'enableDenyAndExceptionsInPolicies : false' > - > > Key: RANGER-2015 > URL: https://issues.apache.org/jira/browse/RANGER-2015 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2015.1.patch > > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > 2. Improvement in policy view mode popup -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66080: RANGER-2015: In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66080/ --- Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: 2015 https://issues.apache.org/jira/browse/2015 Repository: ranger Description --- 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except Conditions are hidden in policy create/edit screen) 2. Improvement in policy view mode popup. Diffs - security-admin/src/main/webapp/scripts/modules/globalize/message/en.js d10c6a7 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 96d9c8b security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 80ef1f1 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 998a0a9 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b4006ce security-admin/src/main/webapp/styles/xa.css 4ba75fb security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html 6a46bbd security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html fae698d security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 801681b Diff: https://reviews.apache.org/r/66080/diff/1/ Testing --- 1. Unable to see 'Deny Policy' & 'Except Conditions' when enableDenyAndExceptionsInPolicies is set to false and vice versa working as expected. 2. Also checked newly added policy view mode popup in various places (policy listing view, Audit->access tab policy view etc.) Thanks, Nitin Galave
[jira] [Updated] (RANGER-1808) Write unit test for RANGER-1672
[ https://issues.apache.org/jira/browse/RANGER-1808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-1808: Affects Version/s: (was: 1.0.0) 1.1.0 > Write unit test for RANGER-1672 > --- > > Key: RANGER-1808 > URL: https://issues.apache.org/jira/browse/RANGER-1808 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Affects Versions: master, 1.1.0 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Major > Labels: newbie, patch > Attachments: > 0001-RANGER-1808-Write-unit-test-for-RANGER-1672-kylin-pl.patch, > kylin-policies.json > > > Write unit test for RANGER-1672 kylin plugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2015) In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if 'enableDenyAndExceptionsInPolicies : false'
[ https://issues.apache.org/jira/browse/RANGER-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-2015: - Attachment: RANGER-2015.patch > In view policy we are able to see 'Deny Policy' & 'Except Conditions' even if > 'enableDenyAndExceptionsInPolicies : false' > - > > Key: RANGER-2015 > URL: https://issues.apache.org/jira/browse/RANGER-2015 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 1.1.0 > > Attachments: RANGER-2015.patch > > > 1. In view policy we are able to see 'Deny Policy' & 'Except Conditions' even > if 'enableDenyAndExceptionsInPolicies : False' (Deny Policy and Except > Conditions are hidden in policy create/edit screen) > 2. Improvement in policy view mode popup -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1808) Write unit test for RANGER-1672
[ https://issues.apache.org/jira/browse/RANGER-1808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1636#comment-1636 ] Qiang Zhang commented on RANGER-1808: - Review Requet: https://reviews.apache.org/r/66079/ Solution patch, please see attachment: [patch|https://issues.apache.org/jira/secure/attachment/12914645/0001-RANGER-1808-Write-unit-test-for-RANGER-1672-kylin-pl.patch] Reference: [kylin-policies.json|https://issues.apache.org/jira/secure/attachment/12914646/kylin-policies.json] > Write unit test for RANGER-1672 > --- > > Key: RANGER-1808 > URL: https://issues.apache.org/jira/browse/RANGER-1808 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Affects Versions: 1.0.0, master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Major > Labels: newbie, patch > Attachments: > 0001-RANGER-1808-Write-unit-test-for-RANGER-1672-kylin-pl.patch, > kylin-policies.json > > > Write unit test for RANGER-1672 kylin plugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-1808) Write unit test for RANGER-1672
[ https://issues.apache.org/jira/browse/RANGER-1808?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-1808: Description: Write unit test for RANGER-1672 kylin plugin > Write unit test for RANGER-1672 > --- > > Key: RANGER-1808 > URL: https://issues.apache.org/jira/browse/RANGER-1808 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Affects Versions: 1.0.0, master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Major > Labels: newbie, patch > Attachments: > 0001-RANGER-1808-Write-unit-test-for-RANGER-1672-kylin-pl.patch, > kylin-policies.json > > > Write unit test for RANGER-1672 kylin plugin -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66079: RANGER-1808:Write unit test for RANGER-1672 kylin plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66079/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. Bugs: RANGER-1808 https://issues.apache.org/jira/browse/RANGER-1808 Repository: ranger Description --- Write unit test for RANGER-1672 kylin plugin Diffs - plugin-kylin/pom.xml bfce4c1 plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java PRE-CREATION plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizerTest.java PRE-CREATION plugin-kylin/src/test/resources/applicationContext.xml PRE-CREATION plugin-kylin/src/test/resources/kylin-policies.json PRE-CREATION plugin-kylin/src/test/resources/kylin.properties PRE-CREATION plugin-kylin/src/test/resources/kylinSecurity.xml PRE-CREATION plugin-kylin/src/test/resources/log4j.properties PRE-CREATION plugin-kylin/src/test/resources/ranger-kylin-security.xml PRE-CREATION Diff: https://reviews.apache.org/r/66079/diff/1/ Testing --- Test 1.eclipse->Run as->Junit Test 2.mvn test Thanks, Qiang Zhang
Re: [VOTE] Apache Ranger Release 1.0.0-rc1
+1 (binding) - Successfully extracted tar file - Able to clean and build successfully with rat plugin. On Thu, Mar 15, 2018 at 6:57 AM, Sailaja Polavarapu < spolavar...@hortonworks.com> wrote: > Rangers: > Thank you for your contribution to Apache Ranger community. Apache Ranger > 1.0.0 release candidate #1 is now available for a vote within dev > community. Links to release artifacts are given below. I kindly request all > of the Rangers (dev & PMC members) to review and vote on this release. > > Git tag for the release: > > https://github.com/apache/ranger/tree/release-1.0.0-rc1 (last commit id: > c79aad4362b6f806da47462ec84e35108ba8eb1f) > > > Sources for the release: > https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/ > apache-ranger-1.0.0.tar.gz > > > Source release verification: > > PGP Signature: > > https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/ > apache-ranger-1.0.0.tar.gz.asc > > > MD5/SHA Hash: > > https://dist.apache.org/repos/dist/dev/ranger/1.0.0-rc1/ > apache-ranger-1.0.0.tar.gz.mds > > > Keys to verify the signature of the release artifact are available at: > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > Release Notes: > >https://cwiki.apache.org/confluence/pages/viewpage. > action?pageId=75975356 > > > Build verification steps can be found at: > >http://ranger.apache.org/quick_start_guide.html > > > The vote will be open for at least 72 hours or until necessary number of > votes are reached. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Here is my +1 > > Thanks, > Sailaja. > > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com