[jira] [Updated] (RANGER-2620) Create empty Role cache file when no roles are present in ranger yet.
[ https://issues.apache.org/jira/browse/RANGER-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani updated RANGER-2620: Attachment: 0001-RANGER-2620-Create-empty-Role-cache-file-when-no-rol.patch > Create empty Role cache file when no roles are present in ranger yet. > - > > Key: RANGER-2620 > URL: https://issues.apache.org/jira/browse/RANGER-2620 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2620-Create-empty-Role-cache-file-when-no-rol.patch > > > Create empty Role cache file when no roles are present in ranger yet. > This will avoid warning message when Plugin tries to read the role cache file > when it is not present. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2620) Create empty Role cache file when no roles are present in ranger yet.
[ https://issues.apache.org/jira/browse/RANGER-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-2620: --- Assignee: Ramesh Mani > Create empty Role cache file when no roles are present in ranger yet. > - > > Key: RANGER-2620 > URL: https://issues.apache.org/jira/browse/RANGER-2620 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2620-Create-empty-Role-cache-file-when-no-rol.patch > > > Create empty Role cache file when no roles are present in ranger yet. > This will avoid warning message when Plugin tries to read the role cache file > when it is not present. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 71609: RANGER-2620:Create empty Role cache file when no roles are present in ranger yet.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71609/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2620 https://issues.apache.org/jira/browse/RANGER-2620 Repository: ranger Description --- RANGER-2620:Create empty Role cache file when no roles are present in ranger yet. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesProvider.java 5ba3cca Diff: https://reviews.apache.org/r/71609/diff/1/ Testing --- - Testing done in local vm - Empty Role cache getting created when Ranger doesn't have roles yet. - Plugin loads it without issue. - Roles gets downloaded with roles are created. Thanks, Ramesh Mani
[jira] [Created] (RANGER-2620) Create empty Role cache file when no roles are present in ranger yet.
Ramesh Mani created RANGER-2620: --- Summary: Create empty Role cache file when no roles are present in ranger yet. Key: RANGER-2620 URL: https://issues.apache.org/jira/browse/RANGER-2620 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: master Reporter: Ramesh Mani Create empty Role cache file when no roles are present in ranger yet. This will avoid warning message when Plugin tries to read the role cache file when it is not present. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 71601: RANGER-2537 : Ranger KMS having wrong bit length and version in DB after after export / import within keystore file.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71601/ --- (Updated Oct. 11, 2019, 12:14 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-2537 https://issues.apache.org/jira/browse/RANGER-2537 Repository: ranger Description --- Hi, Consider below data in DB of Ranger KMS Key_NameBit_Lenght Version ezkey 128 1 ezkey@0 128 1 Export keys to keystore file. Delete keys from UI and make sure DB is empty. Import keys from keystore file. Now observe the DB Key_NameBit_Lenght Version ezkey 0 0 ezkey@0 128 1 Diffs - kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java f3d7c20 kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 1792bc4 Diff: https://reviews.apache.org/r/71601/diff/1/ Testing --- After Import / export of EZ keys to / from keystore file we have tested below scenario. 1.) Bit lenght and version is properly updated in DB. 2.) Successfully tested with different key size such as 128, 256. 3.) Successfully tested Rollover operation on keys after exporting keys from keystore file. Thanks, Dhaval Shah
[jira] [Updated] (RANGER-2589) Introduce Ranger API to return Ranger's JVM resource status metric
[ https://issues.apache.org/jira/browse/RANGER-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2589: - Fix Version/s: 2.1.0 > Introduce Ranger API to return Ranger's JVM resource status metric > -- > > Key: RANGER-2589 > URL: https://issues.apache.org/jira/browse/RANGER-2589 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Fatima Amjad Khan >Priority: Minor > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2589-v3.patch, 0001-RANGER-2589-v4.patch, > RANGER-2589-v1.patch, RANGER-2589-v2.patch > > > Important JVM attributes can be returned via Ranger REST API : > * heap memory usage > * GC time > * # of open threads > * # of open file descriptors -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2618) Restrict rolename change when a policy with that role exist
[ https://issues.apache.org/jira/browse/RANGER-2618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nikhil Purbhe reassigned RANGER-2618: - Assignee: Nikhil Purbhe > Restrict rolename change when a policy with that role exist > --- > > Key: RANGER-2618 > URL: https://issues.apache.org/jira/browse/RANGER-2618 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: suja s >Assignee: Nikhil Purbhe >Priority: Major > > When we try to delete a role associated with a ranger policy, the operation > is not allowed. Likewise, role edit for rolename change also should be > restricted. > Reason: > Rolename edit is allowed and the ranger policy still exists with old rolename > reference. Policy enforcement happens as per old policy. Rolename change is > not taken into consideration during policy download. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2617) Provide descriptive error message when role delete not allowed
[
https://issues.apache.org/jira/browse/RANGER-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nikhil Purbhe reassigned RANGER-2617:
-
Assignee: Nikhil Purbhe
> Provide descriptive error message when role delete not allowed
> --
>
> Key: RANGER-2617
> URL: https://issues.apache.org/jira/browse/RANGER-2617
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: suja s
>Assignee: Nikhil Purbhe
>Priority: Minor
>
> Scenario:
> Create a role r1
> Create a ranger policy for role r1
> Try to delete role
> Role delete is not allowed as a policy exists with the specified role
> Response:
> {noformat}
> {"statusCode":1,"msgDesc":"XXRole can't be
> deleted","messageList":[{"name":"OPER_NOT_ALLOWED_FOR_STATE","rbKey":"xa.error.oper_not_allowed_for_state","message":"Operation
> not allowed in current state","objectId":9}]}
> {noformat}
> Expected:
> Descriptive message with details on why the operation is not allowed
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2619) Admin Audit Details not displayed for edit role
[ https://issues.apache.org/jira/browse/RANGER-2619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] suja s updated RANGER-2619: --- Attachment: AdminAudits_EditRole.png > Admin Audit Details not displayed for edit role > --- > > Key: RANGER-2619 > URL: https://issues.apache.org/jira/browse/RANGER-2619 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: suja s >Priority: Major > Attachments: AdminAudits_EditRole.png > > > When an existing role is edited by adding a new group or role, the details > are not displayed in the admin access details popup -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2619) Admin Audit Details not displayed for edit role
suja s created RANGER-2619: -- Summary: Admin Audit Details not displayed for edit role Key: RANGER-2619 URL: https://issues.apache.org/jira/browse/RANGER-2619 Project: Ranger Issue Type: Bug Components: admin Reporter: suja s When an existing role is edited by adding a new group or role, the details are not displayed in the admin access details popup -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2618) Restrict rolename change when a policy with that role exist
suja s created RANGER-2618: -- Summary: Restrict rolename change when a policy with that role exist Key: RANGER-2618 URL: https://issues.apache.org/jira/browse/RANGER-2618 Project: Ranger Issue Type: Bug Components: admin Reporter: suja s When we try to delete a role associated with a ranger policy, the operation is not allowed. Likewise, role edit for rolename change also should be restricted. Reason: Rolename edit is allowed and the ranger policy still exists with old rolename reference. Policy enforcement happens as per old policy. Rolename change is not taken into consideration during policy download. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2617) Provide descriptive error message when role delete not allowed
suja s created RANGER-2617:
--
Summary: Provide descriptive error message when role delete not
allowed
Key: RANGER-2617
URL: https://issues.apache.org/jira/browse/RANGER-2617
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: suja s
Scenario:
Create a role r1
Create a ranger policy for role r1
Try to delete role
Role delete is not allowed as a policy exists with the specified role
Response:
{noformat}
{"statusCode":1,"msgDesc":"XXRole can't be
deleted","messageList":[{"name":"OPER_NOT_ALLOWED_FOR_STATE","rbKey":"xa.error.oper_not_allowed_for_state","message":"Operation
not allowed in current state","objectId":9}]}
{noformat}
Expected:
Descriptive message with details on why the operation is not allowed
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2589) Introduce Ranger API to return Ranger's JVM resource status metric
[ https://issues.apache.org/jira/browse/RANGER-2589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16949162#comment-16949162 ] Fatima Amjad Khan commented on RANGER-2589: --- Committed on master [https://github.com/apache/ranger/commit/3f468bab324b78de86e1efa38bb823c685c2b077] > Introduce Ranger API to return Ranger's JVM resource status metric > -- > > Key: RANGER-2589 > URL: https://issues.apache.org/jira/browse/RANGER-2589 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Fatima Amjad Khan >Priority: Minor > Attachments: 0001-RANGER-2589-v3.patch, 0001-RANGER-2589-v4.patch, > RANGER-2589-v1.patch, RANGER-2589-v2.patch > > > Important JVM attributes can be returned via Ranger REST API : > * heap memory usage > * GC time > * # of open threads > * # of open file descriptors -- This message was sent by Atlassian Jira (v8.3.4#803005)
