[jira] [Commented] (RANGER-2045) Hive table columns with no explicit allow policy are listed with 'desc table' command
[ https://issues.apache.org/jira/browse/RANGER-2045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16429575#comment-16429575 ] Abhay Kulkarni commented on RANGER-2045: Additional commits: ranger-1.0: https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=88a1ffbc230fa9204d2e8a0464bfcf024180 master: https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=fe854a061e0948f27437fb5d9e6f24f0cac0f372 > Hive table columns with no explicit allow policy are listed with 'desc table' > command > - > > Key: RANGER-2045 > URL: https://issues.apache.org/jira/browse/RANGER-2045 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Anuja Leekha >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 1.0.0, master > > > *Test scenario* > 'xasecure.hive.describetable.showcolumns.authorization.option' set to 'none' > Database 'testdb' has a table 'testtable1' with 3 columns 'name', 'age', > 'city'. > Hive Policy exists giving user 'hrt_1' 'select' privilege on DB='testdb', > table='testtable1' and columns='name', 'age' [user does not have permissions > on 'city' column]. > "DESCRIBE testdb.testtable1" and "show columns in testdb.testtable1" commands > show results with 'city' column included. > When 'xasecure.hive.describetable.showcolumns.authorization.option' is set to > 'none', Hive would follow default behavior and should deny DESCRIBE table and > show column commands as the policy does not grant the test user access to all > columns of the table. But the commands go through fine. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 66495: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66495/ --- Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy. Bugs: RANGER-2061 https://issues.apache.org/jira/browse/RANGER-2061 Repository: ranger Description --- It is useful to be able to retrieve user and group based Access Control Lists from Ranger policies for a given resource. When, given the set of Ranger policies, permission cannot be determined statically, permission will be flagged as CONDITIONAL. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java 5febf956d agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java f6e462ccc agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java 9d0b9852b agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java d5d14a22d agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java 3b06f423f agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java 313a8a96f agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java 5510f6ea3 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineOptions.java 2bbdcede5 agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java 4e6ca2f62 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java cd7c3c1c4 agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java c539cc0dc agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java 613a0017d agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java bd61cfd0a agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContextListener.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 725ed74d0 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java 325626a58 agents-common/src/test/resources/log4j.xml 926f47ced agents-common/src/test/resources/policyengine/ACLResourceTags.json PRE-CREATION agents-common/src/test/resources/policyengine/test_aclprovider_default.json PRE-CREATION agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 11f31e317 Diff: https://reviews.apache.org/r/66495/diff/1/ Testing --- Developed and ran unit tests. Thanks, Abhay Kulkarni
[jira] [Created] (RANGER-2061) Add policy engine support to get summary user and group ACLs for a resource
Abhay Kulkarni created RANGER-2061: -- Summary: Add policy engine support to get summary user and group ACLs for a resource Key: RANGER-2061 URL: https://issues.apache.org/jira/browse/RANGER-2061 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: master Reporter: Abhay Kulkarni Assignee: Abhay Kulkarni Fix For: master, 1.1.0 It is useful to be able to retrieve user and group based Access Control Lists from Ranger policies for a given resource. When, given the set of Ranger policies, permission cannot be determined statically, permission will be flagged as CONDITIONAL. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2041) Handle validations for passwords of admin accounts during ranger install.
[ https://issues.apache.org/jira/browse/RANGER-2041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Fatima Amjad Khan updated RANGER-2041: -- Attachment: RANGER-2041.patch > Handle validations for passwords of admin accounts during ranger install. > - > > Key: RANGER-2041 > URL: https://issues.apache.org/jira/browse/RANGER-2041 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.1 >Reporter: Fatima Amjad Khan >Assignee: Fatima Amjad Khan >Priority: Major > Fix For: 1.0.1 > > Attachments: RANGER-2041.patch > > > Currently, when Ranger is installed admin,keyadmin, rangerusersync, > rangertagsync users are seeded users and they are configurable during the > install process. This task is to provide a facility to add validations to the > admin users password during ranger install. Python doesn’t support ‘ ` “ \ so > these characters will not be supported during update of default password of > seeded users in manual install. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2041) Handle validations for passwords of admin accounts during ranger install.
[ https://issues.apache.org/jira/browse/RANGER-2041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Fatima Amjad Khan updated RANGER-2041: -- Attachment: (was: RANGER-2041.patch) > Handle validations for passwords of admin accounts during ranger install. > - > > Key: RANGER-2041 > URL: https://issues.apache.org/jira/browse/RANGER-2041 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.1 >Reporter: Fatima Amjad Khan >Assignee: Fatima Amjad Khan >Priority: Major > Fix For: 1.0.1 > > Attachments: RANGER-2041.patch > > > Currently, when Ranger is installed admin,keyadmin, rangerusersync, > rangertagsync users are seeded users and they are configurable during the > install process. This task is to provide a facility to add validations to the > admin users password during ranger install. Python doesn’t support ‘ ` “ \ so > these characters will not be supported during update of default password of > seeded users in manual install. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66304/ --- (Updated April 7, 2018, 12:27 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2041 https://issues.apache.org/jira/browse/RANGER-2041 Repository: ranger Description --- Currently, when Ranger is installed admin,keyadmin, rangerusersync, rangertagsync users are seeded users and they are configurable during the install process. This task is to provide a facility to add validations to the admin users password during ranger install.Python doesn’t support ‘ " \ ` so these characters will not be supported during update of default password of seeded users in manual install. Diffs (updated) - security-admin/scripts/changepasswordutil.py 95bd613 security-admin/scripts/db_setup.py 83ccc32 security-admin/scripts/dba_script.py d5eaaf0 security-admin/scripts/install.properties 8128678 security-admin/scripts/setup.sh f79a79e security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java e7a4035 Diff: https://reviews.apache.org/r/66304/diff/2/ Changes: https://reviews.apache.org/r/66304/diff/1-2/ Testing --- Tested the validation for all password combinations. Thanks, Fatima Khan
[jira] [Commented] (RANGER-2056) Good coding practices for KMS and unixauth
[ https://issues.apache.org/jira/browse/RANGER-2056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16429262#comment-16429262 ] Nikhil Purbhe commented on RANGER-2056: --- patch committed on [master|https://github.com/apache/ranger/commit/e65a3e81265f46c76611b0c3e7265af932629bb1] > Good coding practices for KMS and unixauth > -- > > Key: RANGER-2056 > URL: https://issues.apache.org/jira/browse/RANGER-2056 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nikhil Purbhe >Assignee: Nikhil Purbhe >Priority: Major > Fix For: master > > Attachments: > RANGER-2056-Good-coding-practices-for-KMS-and-unixau.patch > > > Good coding practices for KMS and unixauth -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 66448: Good coding practices for KMS and unixauth
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66448/#review200697 --- Ship it! Ship It! - Mehul Parikh On April 5, 2018, 11 a.m., Nikhil P wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66448/ > --- > > (Updated April 5, 2018, 11 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan > Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2056 > https://issues.apache.org/jira/browse/RANGER-2056 > > > Repository: ranger > > > Description > --- > > Good coding practices for KMS and unixauth > > > Diffs > - > > kms/src/main/java/org/apache/hadoop/crypto/key/ConsoleUtil.java 9f43740 > kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java ad85245 > kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java b330a01 > kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 13833cb > kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java f7c3e6d > > unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java > 803e3e8 > > unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java > 40cc51e > > > Diff: https://reviews.apache.org/r/66448/diff/1/ > > > Testing > --- > > 1)verified if Ranger KMS is working properly. > 2)verified if unix authentication,pam authentication works properly. > > > Thanks, > > Nikhil P > >