Review Request 71413: RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71413/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Repository: ranger Description --- RANGER-2556:RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information Diffs - hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java bb015c5 Diff: https://reviews.apache.org/r/71413/diff/1/ Testing --- Testing done in Local VM - Create a new Rowfilter and column masking policy on a table t1 - do select * on table t1 with user who has masking / row filter policy - check audits are created for the policies - do select * on table t1 with user who does have masking / row filter policy - check that denial audits are not created for this and it audits only the resource policy if it allows. Thanks, Ramesh Mani
[jira] [Updated] (RANGER-2556) RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
[ https://issues.apache.org/jira/browse/RANGER-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2556: Attachment: 0001-RANGER-2556-RangerHivePlugin-Row-filtering-and-Colum.patch_master > RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent > audit information > --- > > Key: RANGER-2556 > URL: https://issues.apache.org/jira/browse/RANGER-2556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2556-RangerHivePlugin-Row-filtering-and-Colum.patch_master > > > RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent > audit information. > When there is a policy for Row filtering and Column Masking audit generated > for request given by users who has all access without filtering has wrong > value of request denial followed by allowed audit. > -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Assigned] (RANGER-2556) RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
[ https://issues.apache.org/jira/browse/RANGER-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-2556: --- Assignee: Ramesh Mani > RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent > audit information > --- > > Key: RANGER-2556 > URL: https://issues.apache.org/jira/browse/RANGER-2556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > > RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent > audit information. > When there is a policy for Row filtering and Column Masking audit generated > for request given by users who has all access without filtering has wrong > value of request denial followed by allowed audit. > -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (RANGER-2556) RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information
Ramesh Mani created RANGER-2556: --- Summary: RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information Key: RANGER-2556 URL: https://issues.apache.org/jira/browse/RANGER-2556 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: master Reporter: Ramesh Mani RangerHivePlugin Row filtering and Column Masking auditing gives inconsistent audit information. When there is a policy for Row filtering and Column Masking audit generated for request given by users who has all access without filtering has wrong value of request denial followed by allowed audit. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2554) Log out message for Ranger needs to be more informative on Knox enabled cluster
[ https://issues.apache.org/jira/browse/RANGER-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-2554: - Attachment: signOut.png > Log out message for Ranger needs to be more informative on Knox enabled > cluster > --- > > Key: RANGER-2554 > URL: https://issues.apache.org/jira/browse/RANGER-2554 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Attachments: 0001-RANGER-2554.patch, signOut.png > > > On a Knox enabled cluster, Ranger log out functionality needs to be more > informative. > In the case of Ranger UI, the 'log out' button does nothing and keeps the > user on the same page. > In this case, the RANGER UI message on trying to log out seems to be > informative enough for the user, informing the user as what the expected > behaviour would be in case of Knox enabled cluster. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2554) Log out message for Ranger needs to be more informative on Knox enabled cluster
[ https://issues.apache.org/jira/browse/RANGER-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-2554: - Attachment: 0001-RANGER-2554.patch > Log out message for Ranger needs to be more informative on Knox enabled > cluster > --- > > Key: RANGER-2554 > URL: https://issues.apache.org/jira/browse/RANGER-2554 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Attachments: 0001-RANGER-2554.patch > > > On a Knox enabled cluster, Ranger log out functionality needs to be more > informative. > In the case of Ranger UI, the 'log out' button does nothing and keeps the > user on the same page. > In this case, the RANGER UI message on trying to log out seems to be > informative enough for the user, informing the user as what the expected > behaviour would be in case of Knox enabled cluster. -- This message was sent by Atlassian Jira (v8.3.2#803003)
Re: Review Request 71176: RANGER-2497 Support Azure Key Vault for storing master keys of Ranger KMS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71176/#review217489 --- Ship it! Ship It! - Velmurugan Periasamy On Aug. 12, 2019, 9:12 a.m., Dhaval Shah wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71176/ > --- > > (Updated Aug. 12, 2019, 9:12 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, > Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-2497 > https://issues.apache.org/jira/browse/RANGER-2497 > > > Repository: ranger > > > Description > --- > > User story: As a security admin, I want to escrow and manage master > encryption keys for securing my Hadoop cluster EZs in Ranger KMS service with > Azure Key Vault service. > > For Microsoft Azure Key Vault overview refer to: > https://docs.microsoft.com/en-us/azure/key-vault/ > For REST API guide refer to: > https://docs.microsoft.com/en-us/rest/api/keyvault/ > > Acceptance Criteria: > > 1.) Ranger KMS has ability to configure AKV service to be used for master key > offload > 2.) Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using AKV > > > Diffs > - > > LICENSE.txt a424ebe > NOTICE.txt a82c1f0 > kms/config/kms-webapp/dbks-site.xml 05a1a13 > kms/pom.xml df46496 > kms/scripts/DBMKTOAZUREKEYVAULT.sh PRE-CREATION > kms/scripts/install.properties 798dd8c > kms/scripts/setup.sh c430ef9 > > kms/src/main/java/org/apache/hadoop/crypto/key/AzureKeyVaultClientAuthenticator.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/DBToAzureKeyVault.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java 5e394de > kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java f542364 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java 86f1a29 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > b280cbf > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java > PRE-CREATION > pom.xml 7cf134c > src/main/assembly/kms.xml 468bede > > > Diff: https://reviews.apache.org/r/71176/diff/3/ > > > Testing > --- > > 1.) Fresh installation of Ranger KMS with Azure Key Vault. > 2.) Export / Import of zone keys from / to keystore file. > 3.) Migration of Ranger KMS DB to Azure Key Vault. > > > Thanks, > > Dhaval Shah > >
[jira] [Updated] (RANGER-2396) Inconsistency in policy operations in a disabled Ranger service
[ https://issues.apache.org/jira/browse/RANGER-2396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2396: - Reporter: suja s (was: Abhay Kulkarni) > Inconsistency in policy operations in a disabled Ranger service > --- > > Key: RANGER-2396 > URL: https://issues.apache.org/jira/browse/RANGER-2396 > Project: Ranger > Issue Type: Bug > Components: admin, plugins >Affects Versions: master >Reporter: suja s >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 2.0.0 > > > Create or Delete Policy operations in a disabled Ranger service causes > policy-cache for the service to out of sync with the policy database. One > manifestation of this is as seen in this scenario. > * Disable a Ranger service > * Delete a policy in the service > Operation is shown as successful, however, the policy listing page still > lists deleted policy, and viewing the policy causes error: 'Policy does not > exist'. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2446) Suggestion - Include security zone details as part of admin audit for policy update
[ https://issues.apache.org/jira/browse/RANGER-2446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2446: - Reporter: suja s (was: Nitin Galave) > Suggestion - Include security zone details as part of admin audit for policy > update > --- > > Key: RANGER-2446 > URL: https://issues.apache.org/jira/browse/RANGER-2446 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: suja s >Assignee: Nitin Galave >Priority: Major > Fix For: 2.0.0 > > Attachments: > 0001-RANGER-2446-Suggestion-Include-security-zone-details.patch, > RANGER-2446.patch > > > If a policy which is part of security zone is edited, it will be good to > include the zonename also along with policyid and policyname in the popup > where admin audit details are displayed. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2555) Enhancements in Ranger plugins to support Ranger HA without load-balancer
[ https://issues.apache.org/jira/browse/RANGER-2555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mateen Mansoori updated RANGER-2555: Description: As a security/infra administrator, I need to be able to deploy Ranger in HA mode without requiring additional load balancer hardware or software. (was: As a security/infra administrator, I need to be able to deploy Ranger in HA mode without requiring additional load balancer hardware of software. ) > Enhancements in Ranger plugins to support Ranger HA without load-balancer > - > > Key: RANGER-2555 > URL: https://issues.apache.org/jira/browse/RANGER-2555 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Mehul Parikh >Assignee: Mateen Mansoori >Priority: Major > > As a security/infra administrator, I need to be able to deploy Ranger in HA > mode without requiring additional load balancer hardware or software. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2465) Create a PolicyCondition to apply if all given tags are present for the accessed resource
[ https://issues.apache.org/jira/browse/RANGER-2465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2465: - Reporter: suja s (was: Ramesh Mani) > Create a PolicyCondition to apply if all given tags are present for the > accessed resource > - > > Key: RANGER-2465 > URL: https://issues.apache.org/jira/browse/RANGER-2465 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: suja s >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2465-MULTITAG-sampleTagDef.patch, Screen Shot > 2019-06-13 at 1.28.07 PM.png > > > Create a PolicyCondition to apply if all given tags are present for the > accessed resource. > i.e All the Tags in the policy condition has to be present for the resource > when user access it, then only allow that resource to be accessed by that > user. > A built in Policy Condition has to be created for this, which can be defined > in the service definition of a service that needs this addition functionality. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2412) Policy Condition Evaluators existing and newly created should work in both policy level and policy item level
[ https://issues.apache.org/jira/browse/RANGER-2412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2412: - Reporter: suja s (was: Ramesh Mani) > Policy Condition Evaluators existing and newly created should work in both > policy level and policy item level > - > > Key: RANGER-2412 > URL: https://issues.apache.org/jira/browse/RANGER-2412 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: suja s >Assignee: Ramesh Mani >Priority: Major > Fix For: 2.0.0 > > Attachments: > 0001-RANGER-2412-Policy-Condition-Evaluators-existing-and.patch > > > Policy Condition Evaluators existing and newly created should work in both > policy level and policy item level. > With the introduction of Policy Level condition in > https://issues.apache.org/jira/browse/RANGER-2354, now can set policy > conditions at Policy level also. But this needs a new variable > "policyCondition" to be referred if some one wants to created a new policy > level condition evaluator > (https://cwiki.apache.org/confluence/display/RANGER/Dynamic+Policy+Hooks+in+Ranger+-+Configure+and+Use) > . Existing policy level condition also needs to be duplicated to have this > new "policyCondition" to be referred. Instead on this its good to use the > same "condition" variable. This will allow anyone to use the existing policy > condition evaluator to be used in policy level or policy item level. Same is > the case with newly created custom policy condition evaluators -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2538) Ranger policy import calls via knox trusted proxy failing
[ https://issues.apache.org/jira/browse/RANGER-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2538: - Fix Version/s: 2.1.0 > Ranger policy import calls via knox trusted proxy failing > - > > Key: RANGER-2538 > URL: https://issues.apache.org/jira/browse/RANGER-2538 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: suja s >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2538-Ranger-policy-import-calls-via-knox-trus.patch > > > Posting large data through knox TP is causing the following exception in knox: > java.net.SocketException: Broken pipe (Write failed) > java.net.SocketException: Broken pipe (Write failed) at > java.net.SocketOutputStream.socketWrite0(Native Method) at > java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111) at > java.net.SocketOutputStream.write(SocketOutputStream.java:155) at > org.apache.http.impl.io.SessionOutputBufferImpl.streamWrite(SessionOutputBufferImpl.java:124) > at > org.apache.http.impl.io.SessionOutputBufferImpl.flushBuffer(SessionOutputBufferImpl.java:136) > at > org.apache.http.impl.io.SessionOutputBufferImpl.write(SessionOutputBufferImpl.java:167) > at > org.apache.http.impl.io.ChunkedOutputStream.flushCacheWithAppend(ChunkedOutputStream.java:122) > at > org.apache.http.impl.io.ChunkedOutputStream.write(ChunkedOutputStream.java:179) > at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2315) at > org.apache.commons.io.IOUtils.copy(IOUtils.java:2270) at > org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:2291) -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2549) There are two logic errors when installing the solr audit log module
[ https://issues.apache.org/jira/browse/RANGER-2549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] wu.kehua updated RANGER-2549: - Attachment: 0001-RANGER-2549-There-are-two-logic-errors-when-installi.patch > There are two logic errors when installing the solr audit log module > > > Key: RANGER-2549 > URL: https://issues.apache.org/jira/browse/RANGER-2549 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: wu.kehua >Assignee: wu.kehua >Priority: Major > Labels: patch > Attachments: > 0001-RANGER-2549-There-are-two-logic-errors-when-installi.patch > > > The install.sh will print 'Command not found' when installing the solr audit > log module, as follow: > {code:java} > [root@wkh001 solr_for_audit_setup]# ./setup.sh > ./setup.sh: line 29: log: Command not found > {code} > Then I analyse the install.sh, there is one error code, as follow: > {code:java} > if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file > while getting!!"; exit 1; fi > {code} > Because the function log is undefined, and in other places, we use echo to > print log, We need to be unified as 'echo'. > When I modify this bug, then execute setup.sh, it shows another error, as > follow: > {code:java} > setup.sh: line 68:[: Too many parameters > {code} > Then I find another logic bug, if you don't config JAVA_HOME in > install.properties, CONFIG_JAVA_HOME will get an error message and influence > subsequent processe. > {code:java} > CONFIG_JAVA_HOME=$(get_prop 'JAVA_HOME' $PROPFILE) > JAVA_HOME=${CONFIG_JAVA_HOME:-$JAVA_HOME} > {code} > So I modified two places, and test in three scenes, first is that JAVA_HOME > is nonexistent, second is that JAVA_HOME is not configured, like > 'JAVA_HOME=', third is that JAVA_HOME is configured. > Please check my patch, thanks. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2549) There are two logic errors when installing the solr audit log module
[ https://issues.apache.org/jira/browse/RANGER-2549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] wu.kehua updated RANGER-2549: - Description: The install.sh will print 'Command not found' when installing the solr audit log module, as follow: {code:java} [root@wkh001 solr_for_audit_setup]# ./setup.sh ./setup.sh: line 29: log: Command not found {code} Then I analyse the install.sh, there is one error code, as follow: {code:java} if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting!!"; exit 1; fi {code} Because the function log is undefined, and in other places, we use echo to print log, We need to be unified as 'echo'. When I modify this bug, then execute setup.sh, it shows another error, as follow: {code:java} setup.sh: line 68:[: Too many parameters {code} Then I find another logic bug, if you don't config JAVA_HOME in install.properties, CONFIG_JAVA_HOME will get an error message and influence subsequent processe. {code:java} CONFIG_JAVA_HOME=$(get_prop 'JAVA_HOME' $PROPFILE) JAVA_HOME=${CONFIG_JAVA_HOME:-$JAVA_HOME} {code} So I modified two places, and test in three scenes, first is that JAVA_HOME is nonexistent, second is that JAVA_HOME is not configured, like 'JAVA_HOME=', third is that JAVA_HOME is configured. Please check my patch, thanks. was: The install.sh will print 'Command not found' when installing the solr audit log module, as follow: {code:java} [root@wkh001 solr_for_audit_setup]# ./setup.sh ./setup.sh: line 29: log: Command not found {code} Then I analyse the install.sh, there is one error code, as follow: {code:java} if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting!!"; exit 1; fi {code} Because the function log is undefined, and in other places, we use echo to print log, We need to be unified as 'echo'. When I modify this bug, then execute setup.sh, it shows another error, as follow: {code:java} setup.sh: line 68:[: Too many parameters {code} Then I find another logic bug, if you don't config JAVA_HOME in install.properties, CONFIG_JAVA_HOME will get an error message and influence subsequent processe. {code:java} CONFIG_JAVA_HOME=$(get_prop 'JAVA_HOME' $PROPFILE) JAVA_HOME=${CONFIG_JAVA_HOME:-$JAVA_HOME} {code} So I modified two places, and test in two scenes, one is that JAVA_HOME is not configured, another is JAVA_HOME is configured. Please check my patch, thanks. > There are two logic errors when installing the solr audit log module > > > Key: RANGER-2549 > URL: https://issues.apache.org/jira/browse/RANGER-2549 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: wu.kehua >Assignee: wu.kehua >Priority: Major > Labels: patch > Attachments: > 0001-RANGER-2549-There-are-two-logic-errors-when-installi.patch > > > The install.sh will print 'Command not found' when installing the solr audit > log module, as follow: > {code:java} > [root@wkh001 solr_for_audit_setup]# ./setup.sh > ./setup.sh: line 29: log: Command not found > {code} > Then I analyse the install.sh, there is one error code, as follow: > {code:java} > if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file > while getting!!"; exit 1; fi > {code} > Because the function log is undefined, and in other places, we use echo to > print log, We need to be unified as 'echo'. > When I modify this bug, then execute setup.sh, it shows another error, as > follow: > {code:java} > setup.sh: line 68:[: Too many parameters > {code} > Then I find another logic bug, if you don't config JAVA_HOME in > install.properties, CONFIG_JAVA_HOME will get an error message and influence > subsequent processe. > {code:java} > CONFIG_JAVA_HOME=$(get_prop 'JAVA_HOME' $PROPFILE) > JAVA_HOME=${CONFIG_JAVA_HOME:-$JAVA_HOME} > {code} > So I modified two places, and test in three scenes, first is that JAVA_HOME > is nonexistent, second is that JAVA_HOME is not configured, like > 'JAVA_HOME=', third is that JAVA_HOME is configured. > Please check my patch, thanks. -- This message was sent by Atlassian Jira (v8.3.2#803003)
Re: Review Request 71365: RANGER-2549 There are two logic errors when installing the solr audit log module
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71365/ --- (Updated 八月 29, 2019, 6:19 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, sam rome, Venkat Ranganathan, Velmurugan Periasamy, Qiang Zhang, and Zsombor Gegesy. Bugs: RANGER-2549 https://issues.apache.org/jira/browse/RANGER-2549 Repository: ranger Description (updated) --- The install.sh will print 'Command not found' when installing the solr audit log module, as follow: [root@wkh001 solr_for_audit_setup]# ./setup.sh ./setup.sh: line 29: log: Command not found Then I analyse the install.sh, there is one error code, as follow: if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting!!"; exit 1; fi Because the function log is undefined, and in other places, we use echo to print log, We need to be unified as 'echo'. When I modify this bug, then execute setup.sh, it shows another error, as follow: setup.sh: line 68:[: Too many parameters Then I find another logic bug, if you don't config JAVA_HOME in install.properties, CONFIG_JAVA_HOME will get an error message and influence subsequent processe. CONFIG_JAVA_HOME=$(get_prop 'JAVA_HOME' $PROPFILE) JAVA_HOME=${CONFIG_JAVA_HOME:-$JAVA_HOME} So I modified two places, and test in three scenes, first is that JAVA_HOME is nonexistent, second is that JAVA_HOME is not configured, like 'JAVA_HOME=', third is that JAVA_HOME is configured. Please check my patch, thanks. Diffs (updated) - security-admin/contrib/solr_for_audit_setup/setup.sh f059c03 Diff: https://reviews.apache.org/r/71365/diff/2/ Changes: https://reviews.apache.org/r/71365/diff/1-2/ Testing --- File Attachments (updated) 0001-RANGER-2549-There-are-two-logic-errors-when-installi.patch https://reviews.apache.org/media/uploaded/files/2019/08/29/d40e5b4b-71e5-45e0-a8de-de43e3fd8f0f__0001-RANGER-2549-There-are-two-logic-errors-when-installi.patch Thanks, Kehua Wu