[jira] [Commented] (RANGER-2238) String comparison should not use ‘==’ in ServiceUtil.java
[
https://issues.apache.org/jira/browse/RANGER-2238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631299#comment-16631299
]
Qiang Zhang commented on RANGER-2238:
-
Review request available at:
https://reviews.apache.org/r/68871/
> String comparison should not use ‘==’ in ServiceUtil.java
> -
>
> Key: RANGER-2238
> URL: https://issues.apache.org/jira/browse/RANGER-2238
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Minor
> Labels: patch
> Attachments:
> 0001-RANGER-2238-String-comparison-should-not-use-in-Serv.patch
>
>
> Here is related code:
> {code:java}
> for(RangerPolicy.RangerPolicyItemCondition condition :
> policyItem.getConditions()) {
> if(condition.getType() == "ipaddress") {
> {code}
> equals() should be used to compare Strings.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (RANGER-2238) String comparison should not use ‘==’ in ServiceUtil.java
[
https://issues.apache.org/jira/browse/RANGER-2238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Qiang Zhang updated RANGER-2238:
Attachment: 0001-RANGER-2238-String-comparison-should-not-use-in-Serv.patch
> String comparison should not use ‘==’ in ServiceUtil.java
> -
>
> Key: RANGER-2238
> URL: https://issues.apache.org/jira/browse/RANGER-2238
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Minor
> Labels: patch
> Attachments:
> 0001-RANGER-2238-String-comparison-should-not-use-in-Serv.patch
>
>
> Here is related code:
> {code:java}
> for(RangerPolicy.RangerPolicyItemCondition condition :
> policyItem.getConditions()) {
> if(condition.getType() == "ipaddress") {
> {code}
> equals() should be used to compare Strings.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Review Request 68871: RANGER-2238 String comparison should not use ‘==’ in ServiceUtil.java
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68871/
---
Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh,
Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua,
Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat
Ranganathan, and Velmurugan Periasamy.
Bugs: RANGER-2238
https://issues.apache.org/jira/browse/RANGER-2238
Repository: ranger
Description
---
Here is related code:
for(RangerPolicy.RangerPolicyItemCondition condition :
policyItem.getConditions()) {
if(condition.getType() == "ipaddress") {
equals() should be used to compare Strings.
Diffs
-
security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
0292881b4
Diff: https://reviews.apache.org/r/68871/diff/1/
Testing
---
Thanks,
Qiang Zhang
[jira] [Created] (RANGER-2238) String comparison should not use ‘==’ in ServiceUtil.java
Qiang Zhang created RANGER-2238:
---
Summary: String comparison should not use ‘==’ in ServiceUtil.java
Key: RANGER-2238
URL: https://issues.apache.org/jira/browse/RANGER-2238
Project: Ranger
Issue Type: Bug
Components: admin
Affects Versions: master
Reporter: Qiang Zhang
Assignee: Qiang Zhang
Here is related code:
{code:java}
for(RangerPolicy.RangerPolicyItemCondition condition :
policyItem.getConditions()) {
if(condition.getType() == "ipaddress") {
{code}
equals() should be used to compare Strings.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16618108#comment-16618108 ] Yuan Gao edited comment on RANGER-2209 at 9/28/18 12:07 AM: [~rmani] The fine-grained operations will fall into READ / WRITE categories as of now. Here is the driver change on how to categorize them: https://jira.apache.org/jira/browse/HADOOP-15723. Please take a look and let me know if you have more questions. was (Author: kowon2008): [~rmani] The fine-grained operations will fall into READ / WRITE categories as of now. Here is the driver change on how to categorize them: [https://reviews.apache.org/r/68708.] Please take a look and let me know if you have more questions. > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > Attachments: RANGER-2209-001.patch > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yuan Gao updated RANGER-2209: - Attachment: RANGER-2209-001.patch > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > Attachments: RANGER-2209-001.patch > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yuan Gao updated RANGER-2209: - Attachment: (was: RANGER-2209-0001.patch) > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > Attachments: RANGER-2209-001.patch > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yuan Gao updated RANGER-2209: - Attachment: RANGER-2209-0001.patch > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > Attachments: RANGER-2209-0001.patch > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 68796: RANGER-2231 - Upgrade to Knox 1.1.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68796/#review209083 --- Ship it! Ship It! - Velmurugan Periasamy On Sept. 26, 2018, 11:09 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68796/ > --- > > (Updated Sept. 26, 2018, 11:09 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-2231 > https://issues.apache.org/jira/browse/RANGER-2231 > > > Repository: ranger > > > Description > --- > > Upgrade to Knox 1.1.0 > > > Diffs > - > > pom.xml e6695b440 > > > Diff: https://reviews.apache.org/r/68796/diff/2/ > > > Testing > --- > > Tested authorization with Knox + also Knox SSO. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Updated] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yuan Gao updated RANGER-2209: - Fix Version/s: 0.7.0 > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2209) Service Definition for ABFS to support Ranger Authorization
[ https://issues.apache.org/jira/browse/RANGER-2209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yuan Gao updated RANGER-2209: - Affects Version/s: 0.7.0 > Service Definition for ABFS to support Ranger Authorization > --- > > Key: RANGER-2209 > URL: https://issues.apache.org/jira/browse/RANGER-2209 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Yuan Gao >Priority: Major > Fix For: 0.7.0 > > > This is to add Service Definition for Azure Blob File System (ABFS) in Ranger > Authorization. This will give an option to add ABFS as a Service in the > Ranger. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[VOTE] Apache Ranger Release 1.2.0-rc1
Hello Rangers: Thank you for your contribution to Apache Ranger community. Apache Ranger 1.2.0 release candidate #1 is now available for a vote within dev community. Links to RC1 release artifacts are given below. Kindly request all Rangers (Dev's & PMC members) to review and vote on this release. Git tag for the release: https://github.com/apache/ranger/tree/ranger-1.2.0-rc1 (last commit id: 39ec5a38913e1d852cffecbdb8688b2370b6318f) Sources for the release: https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz Source release verification: PGP Signature: https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz.asc MD5/SHA Hashes: https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz.mds https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz.sha1 https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz.sha256 https://dist.apache.org/repos/dist/dev/ranger/1.2.0-rc1/apache-ranger-1.2.0.tar.gz.sha512 Keys to verify the signature of the release artifact are available at: https://dist.apache.org/repos/dist/release/ranger/KEYS Release Notes: https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+1.2.0+-+Release+Notes Build verification steps can be found at: http://ranger.apache.org/quick_start_guide.html The vote will be open for at least 72 hours or until necessary number of votes are reached. [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) Here is my +1 Thank you, Vel
[jira] [Commented] (RANGER-2218) Service-Definition update should not allow updates to names of resources, access-types, conditions or data-masks
[ https://issues.apache.org/jira/browse/RANGER-2218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630633#comment-16630633 ] Velmurugan Periasamy commented on RANGER-2218: -- master - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=f2e148abbe473a5fa23419373897082a3bf63974] ranger-1 - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=b7c84df7f792acd7ed8ec0654b6b969b3a407a67] ranger-1.1 - [https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=4fe455699a8de3894c5bebc5d7b88d1fb93d97e3] > Service-Definition update should not allow updates to names of resources, > access-types, conditions or data-masks > - > > Key: RANGER-2218 > URL: https://issues.apache.org/jira/browse/RANGER-2218 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 2.0.0, 1.2.0 > > Attachments: > 0001-RANGER-2218-Added-validations-for-names-duing-servic.patch > > > Updates to service definitions should not allow updating names of the > following components: > * Resources > * Access types > * Policy conditions > * Data Masks > In general, these updates are seldom needed and can be avoided by careful > design of service definition. Also, with a de-normalized database schema for > storing policies, it is expensive and inefficient to maintain and lookup > mapping from internal IDs to names for each of these components. By not > allowing updates to these names, there is no need to maintain ( or reference) > such mappings after updating (or reading) policy when using de-normalized > database schema. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2193) Form validation during testconnection should be consistent with service creation/editing
[ https://issues.apache.org/jira/browse/RANGER-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2193: - Fix Version/s: 1.2.0 > Form validation during testconnection should be consistent with service > creation/editing > > > Key: RANGER-2193 > URL: https://issues.apache.org/jira/browse/RANGER-2193 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Fix For: 2.0.0, 1.2.0 > > Attachments: > 0001-RANGER-2193-Form-validation-during-testconnection-sh.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2218) Service-Definition update should not allow updates to names of resources, access-types, conditions or data-masks
[ https://issues.apache.org/jira/browse/RANGER-2218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2218: - Fix Version/s: 1.2.0 > Service-Definition update should not allow updates to names of resources, > access-types, conditions or data-masks > - > > Key: RANGER-2218 > URL: https://issues.apache.org/jira/browse/RANGER-2218 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 2.0.0, 1.2.0 > > Attachments: > 0001-RANGER-2218-Added-validations-for-names-duing-servic.patch > > > Updates to service definitions should not allow updating names of the > following components: > * Resources > * Access types > * Policy conditions > * Data Masks > In general, these updates are seldom needed and can be avoided by careful > design of service definition. Also, with a de-normalized database schema for > storing policies, it is expensive and inefficient to maintain and lookup > mapping from internal IDs to names for each of these components. By not > allowing updates to these names, there is no need to maintain ( or reference) > such mappings after updating (or reading) policy when using de-normalized > database schema. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2191) Update ranger-tool with new options to control Trie
[ https://issues.apache.org/jira/browse/RANGER-2191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630231#comment-16630231 ] Mehul Parikh commented on RANGER-2191: -- Committed to ranger-0.7 : https://github.com/apache/ranger/commit/53a7acd0de0978b199d0c7648d557850783daf3f > Update ranger-tool with new options to control Trie > --- > > Key: RANGER-2191 > URL: https://issues.apache.org/jira/browse/RANGER-2191 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 2.0.0, 1.2.0 > > > Update ranger-tool for using new options to control Trie -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1403) There is a problem in buildks class when delete invalid keystore file.
[ https://issues.apache.org/jira/browse/RANGER-1403?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630204#comment-16630204 ] Mehul Parikh commented on RANGER-1403: -- Committed on [ranger-0.7|https://github.com/apache/ranger/commit/1de5cab130c4d3b85a56ee96ae33539ba7b2ad52] > There is a problem in buildks class when delete invalid keystore file. > -- > > Key: RANGER-1403 > URL: https://issues.apache.org/jira/browse/RANGER-1403 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1403-There-is-a-problem-in-buildks-class-when.patch > > > The system will print the following information when the Keystore file is not > exist. > Provider file '/etc/ranger/hadoopdev/cred.jceks' is in invalid state or > corrupt!! will try to delete first. > The reason for the error is that the program does not check whether the file > exists. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1402) NPE if there is a problem with the HiveClient driverClassName
[ https://issues.apache.org/jira/browse/RANGER-1402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630200#comment-16630200 ] Mehul Parikh commented on RANGER-1402: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/8a8bcd195e92f48c9392fc351cb9ee96e776f38a] > NPE if there is a problem with the HiveClient driverClassName > - > > Key: RANGER-1402 > URL: https://issues.apache.org/jira/browse/RANGER-1402 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1402-NPE-if-there-is-a-problem-with-the-HiveC.patch > > > There is a NPE if there is a problem with the HiveClient driverClassName. > This is because the code is trying to put a "null" HiveClient instance into a > ConcurrentMap. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (RANGER-2227) Visiting Ranger Admin UI forces subsequent requests to other services redirect to HTTPS
[ https://issues.apache.org/jira/browse/RANGER-2227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh reassigned RANGER-2227: Assignee: Nitin Galave > Visiting Ranger Admin UI forces subsequent requests to other services > redirect to HTTPS > --- > > Key: RANGER-2227 > URL: https://issues.apache.org/jira/browse/RANGER-2227 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.1.0 >Reporter: Vipin Rathor >Assignee: Nitin Galave >Priority: Critical > > *Problem Description:* > Visiting Ranger Admin UI in any browser (Firefox / Chrome) sets the HTTP > Strict Transport Security (HSTS) header for the host where Ranger is running. > Any subsequent request to other service on the same host (e.g. YARN RM UI > etc.) over HTTP would get redirected to HTTPS because of this header and due > to change in browser behavior recently: > [Firefox|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security] > and [Chrome|https://www.chromium.org/hsts]. > Ideally, these headers should be configurable, so that admin can set them as > per requirement. Like the way Knox expose this via > [configuration|https://knox.apache.org/books/knox-1-1-0/user-guide.html#HTTP+Strict+Transport+Security], > I recently reported similar in Knox via KNOX-1434 > *Impact:* > All the non-SSL requests to other services get redirected automatically to > HTTPS and would result in SSL errors like: SSL_ERROR_RX_RECORD_TOO_LONG or > some other error. > *Expected Behavior:* > 1. Unless HSTS is specifically enabled for Ranger Admin UI, it should not > set HSTS header. Therefore, there should be a configurable option to > enable/disable HSTS. > 2. HSTS should be disabled by default for Ranger Admin. > *Steps to reproduce:* > 1. Install & configure Ranger with SSL and a trusted CA (no self-signed) > 2. Also configure few other services like RM, Oozie on the same Ranger Admin > host > 3. Once Ranger is up, visit Ranger Admin UI > 4. Now, in the same browser session, visit any non-SSL service running on > the same Ranger host (like RM UI, Oozie UI). > 5. Browser will redirect this HTTP request to HTTPS. > 6. If one can carefully clear the HSTS header in browser, then redirection > will stop until the next time one visits Ranger Admin UI again. > *Workaround:* > Currently the workaround is to open Ranger Admin UI in a separate browser OR > move Ranger Admin service to a host where other UI services are not installed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1505) Remove KeyProtector code in KMS
[ https://issues.apache.org/jira/browse/RANGER-1505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630112#comment-16630112 ] Mehul Parikh commented on RANGER-1505: -- Committed on [ranger-0.7|https://github.com/apache/ranger/commit/13f17952d9a6869307b10b6dba73001ffd33ee8e] > Remove KeyProtector code in KMS > --- > > Key: RANGER-1505 > URL: https://issues.apache.org/jira/browse/RANGER-1505 > Project: Ranger > Issue Type: Improvement > Components: kms >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Major > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1505-Remove-KeyProtector-code-in-KMS.patch > > > The KMS service uses reflection to call on the > com.sun.crypto.provider.KeyProtector class to encrypt/decrypt keys using a > password. This causes problems with Java 9 and is generally unnecessary, as > we can just use the normal Java API to do this. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1408) When the error occurs, the system does not record the error message in RangerServiceService class
[ https://issues.apache.org/jira/browse/RANGER-1408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630107#comment-16630107 ] Mehul Parikh commented on RANGER-1408: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/48fd2586e96bc76216c20f260dd29da6d914b9a5] > When the error occurs, the system does not record the error message in > RangerServiceService class > - > > Key: RANGER-1408 > URL: https://issues.apache.org/jira/browse/RANGER-1408 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Trivial > Labels: patch > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1408-When-the-error-occurs-the-system-does-no.patch > > > When the error occurs, the system does not record the error message in > RangerServiceService class -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1415) The ranger can be opened when the user enters http://localhost:6080/ in the browser address bar. But request policy from hadoop to ranger will failed after installing
[ https://issues.apache.org/jira/browse/RANGER-1415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630102#comment-16630102 ] Mehul Parikh commented on RANGER-1415: -- Committed to [ranger-0.7| https://github.com/apache/ranger/commit/637f01a6c12ac53c6b3bee811d4538bdea1c5598] > The ranger can be opened when the user enters http://localhost:6080/ in the > browser address bar. But request policy from hadoop to ranger will failed > after installing hdfs plugin if we set POLICY_MGR_URL equal to > http://localhost:6080/. > > > Key: RANGER-1415 > URL: https://issues.apache.org/jira/browse/RANGER-1415 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.0 >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1415-update-The-ranger-can-be-opened-when-the.patch > > > The ranger can be opened when the user enters http://localhost:6080/ in the > browser address bar. But request policy from hadoop to ranger will failed > after installing hdfs plugin if we set POLICY_MGR_URL equal to > http://localhost:6080/.The error was as following: > 2017-02-27 21:16:42,859 ERROR > org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; > service not found. secureMode=false, user=root (auth:SIMPLE), response=404, > serviceName=hadoopdev, lastKnownVersion=4, > lastActivationTimeInMillis=1488246663112 > 2017-02-27 21:16:42,867 ERROR org.apache.ranger.plugin.util.PolicyRefresher: > PolicyRefresher(serviceName=hadoopdev): failed to find service. Will clean up > local cache of policies (4) > org.apache.ranger.plugin.util.RangerServiceNotFoundException: hadoopdev > at > org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35) > at > org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:145) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:257) > at > org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:201) > at > org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:170) > Reason: > The brower will remove the last '/' character when the user enters > http://localhost:6080/ in the browser address bar. The rest request address > will be > http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev > when hadoop periodically requests policy from ranger. The request will fail > because there are two '/' character after 'Http://localhost:6080' in > http://localhost:6080//service/plugins/policies/download/hadoopdev?lastKnownVersion=-1&lastActivationTime=0&pluginId=hdfs@VBoxNodeEng-1-hadoopdev. > The result is that we can't see the hdfs plugins in audit web UI. > The program should be compatible with this situation like the browser. > Scenario: > The issue can be reoccurred after we set the value of > ranger.plugin.hdfs.policy.rest.url to http://localhost:6080/ in > ../hadoop/hadoop-2.7.3/etc/hadoop/ranger-hdfs-security.xml > Test and verify: > I carefully tested and verified the patch before commit the issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1501) Audit Flush to HDFS does not actually cause the audit logs to be flushed to HDFS
[ https://issues.apache.org/jira/browse/RANGER-1501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630098#comment-16630098 ] Mehul Parikh commented on RANGER-1501: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/a3be2390eeae26fa41147270d358e51a552fa55c] > Audit Flush to HDFS does not actually cause the audit logs to be flushed to > HDFS > - > > Key: RANGER-1501 > URL: https://issues.apache.org/jira/browse/RANGER-1501 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Yan >Priority: Major > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1501-Audit-Flush-to-HDFS-does-not-actually-ca.patch, > 0001-RANGER-1501-Audit-Flush-to-HDFS-improvement.patch > > > The reason is that HDFS file stream's flush() call does not really flush the > data all the way to disk, nor even makes the data visible to HDFS users. See > the HDFS semantics of the flush/sync at > https://issues.apache.org/jira/browse/HADOOP-6313. > Consequently the audit logs on HDFS won't be visible/durable from HDFS client > until the log file is closed. This will, among other issues, boost chances of > losing audit logs in case of system failure. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1502) Solr shutdown does not cause the audit log file to be flushed and closed.
[ https://issues.apache.org/jira/browse/RANGER-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630095#comment-16630095 ] Mehul Parikh commented on RANGER-1502: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/302c20a595b93c5af7824f56b7b922fa494d5986] > Solr shutdown does not cause the audit log file to be flushed and closed. > - > > Key: RANGER-1502 > URL: https://issues.apache.org/jira/browse/RANGER-1502 > Project: Ranger > Issue Type: Bug > Components: audit, plugins >Affects Versions: 0.7.0 >Reporter: Yan >Assignee: Yan >Priority: Major > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1502-Solr-shutdown-does-not-cause-the-audit-l.patch > > > The current audit stream close mechanism uses a Java shutdown hook registered > with Hadoop's ShutdownHookManager. Solr shutdown, however, somehow does not > cause the shutdown hook to be invoked, potentially resulting lost audit logs. > We are experiencing lost logs toward HDFS audit destination. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1580) Update Kafka tests to work with 0.10.1.1
[ https://issues.apache.org/jira/browse/RANGER-1580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630094#comment-16630094 ] Mehul Parikh commented on RANGER-1580: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/73b8c6eee1d96dee91193035043a389784bcd34b] > Update Kafka tests to work with 0.10.1.1 > > > Key: RANGER-1580 > URL: https://issues.apache.org/jira/browse/RANGER-1580 > Project: Ranger > Issue Type: Test > Components: plugins >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Major > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1580-Update-Kafka-tests-to-work-with-0.10.1.1.patch > > > Right now, the Ranger Kafka tests hang with 0.10.1.1, as the authorizer needs > the "describe" policy for the given principal + topic, even when the > principal is not authorized to read the topic. Merging this update will > smooth future migration. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1631) create temp function failing with permission issues
[ https://issues.apache.org/jira/browse/RANGER-1631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630084#comment-16630084 ] Mehul Parikh commented on RANGER-1631: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/fdf8551a05cd30bd451d7aa5ee2d0a3f2cce1d19] > create temp function failing with permission issues > --- > > Key: RANGER-1631 > URL: https://issues.apache.org/jira/browse/RANGER-1631 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0, master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.0.0, 0.7.2 > > > create temp function failing with permission issues, even when the policy is > maintained for database=*, table=*, column=*. Reason being Hive didn't send > database name. In earlier version, this was working because resource match > did check for the hierarchy relation for the resource, not in current version > we do the check and this is causing the issue > SOLUTION: When create function is done and when database is null we need to > make the database="" so the check for hierarchy passes and policy get > evaluated. This is a workaround to avoid regression and actual fix has to be > done in HIVE , for which there is already a bug raised. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1648) Ranger Kafka Plugin now should use the Short name from Kafka Session Object
[ https://issues.apache.org/jira/browse/RANGER-1648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630079#comment-16630079 ] Mehul Parikh commented on RANGER-1648: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/1c68d4fe889520f17546eb0e925e06b85843b23c] > Ranger Kafka Plugin now should use the Short name from Kafka Session Object > --- > > Key: RANGER-1648 > URL: https://issues.apache.org/jira/browse/RANGER-1648 > Project: Ranger > Issue Type: Bug > Components: plugins, Ranger >Affects Versions: 1.0.0, master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Fix For: 1.0.0 > > > Ranger Kafka Plugin now should use the Short name from Kafka Session Object. > Based on the change on https://issues.apache.org/jira/browse/AMBARI-21238, > kafka will have the necessary rules for getting the short name and passing it > in the Session object of Kafka Authorization. We don't need to specifically > convert it to get the shortname. > In non ambari install following file will have the rules like > sasl.kerberos.principal.to.local.rules=RULE:[1:$1@$0](ambari-qa-...@example.com)s/.*/ambari-qa/,RULE:[1:$1@$0](hdfs-...@example.com)s/.*/hdfs/,RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//,RULE:[2:$1@$0](d...@example.com)s/.*/hdfs/,RULE:[2:$1@$0](n...@example.com)s/.*/hdfs/,DEFAULT > in file /etc/kafka/conf/server.properties for the correct user information to > be passed. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1553) Audit log record for 'show databases' hive command contains all tags
[ https://issues.apache.org/jira/browse/RANGER-1553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630073#comment-16630073 ] Mehul Parikh commented on RANGER-1553: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/49d2962da60c896d1ceeadff39749e4efd2cd8e0] > Audit log record for 'show databases' hive command contains all tags > > > Key: RANGER-1553 > URL: https://issues.apache.org/jira/browse/RANGER-1553 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 1.0.0 > > > If hive service is associated with a tag service, then when a ‘show > databases’ command is authorized by Ranger, potentially, all tags associated > with all hive entities are evaluated to determine the authorization of the > command. Consequently, the audit log record generated for it will show, in > the tags field, every tag provisioned for any hive entity in Ranger. With > large number of tags associated with hive entities, the audit log is very > cluttered and does not convey meaningful information. For the sake of > usability, it will be better not to log all tags in the corresponding audit > log record for this specific command. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-1436) Turn Ranger deny policy & except condition blocks ON by default
[ https://issues.apache.org/jira/browse/RANGER-1436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630070#comment-16630070 ] Mehul Parikh commented on RANGER-1436: -- Committed to [ranger-0.7|https://github.com/apache/ranger/commit/28733f047dcc6b5443f472e8fa9dfdccba631121] > Turn Ranger deny policy & except condition blocks ON by default > --- > > Key: RANGER-1436 > URL: https://issues.apache.org/jira/browse/RANGER-1436 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Srikanth Venkat >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 1.0.0 > > > Currently Ranger admins have to do a service def update to turn on Deny > Conditions block and Deny/Allow Except conditions in their Ranger install for > resource based policies. But these are enabled by default for tag based > policies. It would be useful to have consistency and turn this feature > consistently ON by default for both resource and tag based policies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2237) Upgrade Kylin version to 2.5.0
[ https://issues.apache.org/jira/browse/RANGER-2237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-2237: Priority: Major (was: Minor) > Upgrade Kylin version to 2.5.0 > -- > > Key: RANGER-2237 > URL: https://issues.apache.org/jira/browse/RANGER-2237 > Project: Ranger > Issue Type: Task > Components: plugins >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Major > Labels: patch > Fix For: 2.0.0 > > Attachments: 0001-RANGER-2237-Upgrade-Kylin-version-to-2.5.0.patch > > > Upgrade kylin version to 2.5.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (RANGER-2237) Upgrade Kylin version to 2.5.0
[ https://issues.apache.org/jira/browse/RANGER-2237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629856#comment-16629856 ] Qiang Zhang commented on RANGER-2237: - Review request available at: https://reviews.apache.org/r/68864/ > Upgrade Kylin version to 2.5.0 > -- > > Key: RANGER-2237 > URL: https://issues.apache.org/jira/browse/RANGER-2237 > Project: Ranger > Issue Type: Task > Components: plugins >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Fix For: 2.0.0 > > Attachments: 0001-RANGER-2237-Upgrade-Kylin-version-to-2.5.0.patch > > > Upgrade kylin version to 2.5.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2237) Upgrade Kylin version to 2.5.0
[ https://issues.apache.org/jira/browse/RANGER-2237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Qiang Zhang updated RANGER-2237: Attachment: 0001-RANGER-2237-Upgrade-Kylin-version-to-2.5.0.patch > Upgrade Kylin version to 2.5.0 > -- > > Key: RANGER-2237 > URL: https://issues.apache.org/jira/browse/RANGER-2237 > Project: Ranger > Issue Type: Task > Components: plugins >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: patch > Fix For: 2.0.0 > > Attachments: 0001-RANGER-2237-Upgrade-Kylin-version-to-2.5.0.patch > > > Upgrade kylin version to 2.5.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Review Request 68864: RANGER-2237 Upgrade Kylin version to 2.5.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68864/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. Bugs: RANGER-2237 https://issues.apache.org/jira/browse/RANGER-2237 Repository: ranger Description --- Upgrade Kylin version to 2.5.0 Diffs - pom.xml e6695b440 Diff: https://reviews.apache.org/r/68864/diff/1/ Testing --- 1. Passed all unit tests. 2. Tested authorization works correctly with Kylin v2.5.0 Thanks, Qiang Zhang
[jira] [Created] (RANGER-2237) Upgrade Kylin version to 2.5.0
Qiang Zhang created RANGER-2237: --- Summary: Upgrade Kylin version to 2.5.0 Key: RANGER-2237 URL: https://issues.apache.org/jira/browse/RANGER-2237 Project: Ranger Issue Type: Task Components: plugins Affects Versions: master Reporter: Qiang Zhang Assignee: Qiang Zhang Upgrade kylin version to 2.5.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
