Re: Review Request 71616: RANGER-2660 : Option to create missing users/groups/roles while creating/updating/importing policies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71616/ --- (Updated Dec. 16, 2019, 6:38 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2660 https://issues.apache.org/jira/browse/RANGER-2660 Repository: ranger Description --- provide an option to create missing users/groups/roles which are not present in ranger admin while creating/updating/importing policies Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java beeb888e5 security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 3846d008c security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java e8b58d1fd Diff: https://reviews.apache.org/r/71616/diff/3/ Changes: https://reviews.apache.org/r/71616/diff/2-3/ Testing --- 1.Tested with create/update/import policies for user/group/roles. Thanks, Nikhil P
[jira] [Commented] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16997251#comment-16997251 ] Dhaval B. SHAH commented on RANGER-2668: Apache Commit Link: [https://github.com/apache/ranger/commit/6396e3a473fe8b2bc7282b402575299d9c09d8df] > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch, RANGER-2668-02.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Labels: patch (was: ) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Labels: patch > Fix For: 2.0.0 > > Attachments: RANGER-2676.patch > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Attachment: RANGER-2676.patch > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > Attachments: RANGER-2676.patch > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Description: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1) AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.db/solr/hdfs/... (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) was: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.db/solr/hdfs/... (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[
https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Haihui Xu updated RANGER-2676:
--
Description:
When after evalute policy and then process the auditlog,need to obtain
AuditHandler Object and AuthzAuditEvent object
(1)AuditHandler object obtained when init plugin according to the value of
xasecure.audit.destination.db/solr/hdfs/...
(2) So, obtaining AuthzAuditEvent should also according to the value of
xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or
dummyHandler, constructing AuthzAuditEvent object is useless which is very
frequently called and thus result in the performance decline of service(hdfs
namenode, kakfa broker,hiveserver2...)
was:
When after evalute policy and then process the auditlog,need to obtain
AuditHandler Object and AuthzAuditEvent object
(1)AuditHandler object obtained when init plugin according to the value of
xasecure.audit.destination.{db/solor...}
(2) So, obtaining AuthzAuditEvent should also according to the value of
xasecure.audit.destination.{db/solor...},or when AuditHandler is null or
dummyHandler, constructing AuthzAuditEvent object is useless which is very
frequently called and thus result in the performance decline of service(hdfs
namenode, kakfa broker,hiveserver2...)
> Before obtaining AuthzAuditEvent Object should check
> xasecure.audit.destination.xx value
>
>
> Key: RANGER-2676
> URL: https://issues.apache.org/jira/browse/RANGER-2676
> Project: Ranger
> Issue Type: Improvement
> Components: audit, plugins
>Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0
>Reporter: Haihui Xu
>Assignee: Haihui Xu
>Priority: Critical
> Fix For: 2.0.0
>
>
> When after evalute policy and then process the auditlog,need to obtain
> AuditHandler Object and AuthzAuditEvent object
> (1)AuditHandler object obtained when init plugin according to the value of
> xasecure.audit.destination.db/solr/hdfs/...
> (2) So, obtaining AuthzAuditEvent should also according to the value of
> xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or
> dummyHandler, constructing AuthzAuditEvent object is useless which is very
> frequently called and thus result in the performance decline of service(hdfs
> namenode, kakfa broker,hiveserver2...)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[
https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Haihui Xu updated RANGER-2676:
--
Description:
When after evalute policy and then process the auditlog,need to obtain
AuditHandler Object and AuthzAuditEvent object
(1)AuditHandler object obtained when init plugin according to the value of
xasecure.audit.destination.{db/solor...}
(2) So, obtaining AuthzAuditEvent should also according to the value of
xasecure.audit.destination.{db/solor...},or when AuditHandler is null or
dummyHandler, constructing AuthzAuditEvent object is useless which is very
frequently called and thus result in the performance decline of service(hdfs
namenode, kakfa broker,hiveserver2...)
was:
When after evalute policy and then process the auditlog,need to obtain
AuditHandler Object and AuthzAuditEvent object
(1)AuditHandler object obtained when init plugin according to the value of
xasecure.audit.destination.{db/solor...}
(2) So, obtaining AuthzAuditEvent should also according to the value of
xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or
dummyHandler, constructing AuthzAuditEvent object is useless which is very
frequently called and thus result in the performance decline of service(hdfs
namenode, kakfa broker,hiveserver2...)
> Before obtaining AuthzAuditEvent Object should check
> xasecure.audit.destination.xx value
>
>
> Key: RANGER-2676
> URL: https://issues.apache.org/jira/browse/RANGER-2676
> Project: Ranger
> Issue Type: Improvement
> Components: audit, plugins
>Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0
>Reporter: Haihui Xu
>Assignee: Haihui Xu
>Priority: Critical
> Fix For: 2.0.0
>
>
> When after evalute policy and then process the auditlog,need to obtain
> AuditHandler Object and AuthzAuditEvent object
> (1)AuditHandler object obtained when init plugin according to the value of
> xasecure.audit.destination.{db/solor...}
> (2) So, obtaining AuthzAuditEvent should also according to the value of
> xasecure.audit.destination.{db/solor...},or when AuditHandler is null or
> dummyHandler, constructing AuthzAuditEvent object is useless which is very
> frequently called and thus result in the performance decline of service(hdfs
> namenode, kakfa broker,hiveserver2...)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[
https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Haihui Xu updated RANGER-2676:
--
Summary: Before obtaining AuthzAuditEvent Object should check
xasecure.audit.destination.xx value (was: Before obtaining AuditHandler Object
should check xasecure.audit.destination.xx value)
> Before obtaining AuthzAuditEvent Object should check
> xasecure.audit.destination.xx value
>
>
> Key: RANGER-2676
> URL: https://issues.apache.org/jira/browse/RANGER-2676
> Project: Ranger
> Issue Type: Improvement
> Components: audit, plugins
>Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0
>Reporter: Haihui Xu
>Assignee: Haihui Xu
>Priority: Critical
> Fix For: 2.0.0
>
>
> When after evalute policy and then process the auditlog,need to obtain
> AuditHandler Object and AuthzAuditEvent object
> (1)AuditHandler object obtained when init plugin according to the value of
> xasecure.audit.destination.{db/solor...}
> (2) So, obtaining AuthzAuditEvent should also according to the value of
> xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or
> dummyHandler, constructing AuthzAuditEvent object is useless which is very
> frequently called and thus result in the performance decline of service(hdfs
> namenode, kakfa broker,hiveserver2...)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-2676) Before obtaining AuditHandler Object should check xasecure.audit.destination.xx value
Haihui Xu created RANGER-2676:
-
Summary: Before obtaining AuditHandler Object should check
xasecure.audit.destination.xx value
Key: RANGER-2676
URL: https://issues.apache.org/jira/browse/RANGER-2676
Project: Ranger
Issue Type: Improvement
Components: audit, plugins
Affects Versions: 1.2.0, 2.0.0, 1.1.0, 1.0.0
Reporter: Haihui Xu
Assignee: Haihui Xu
Fix For: 2.0.0
When after evalute policy and then process the auditlog,need to obtain
AuditHandler Object and AuthzAuditEvent object
(1)AuditHandler object obtained when init plugin according to the value of
xasecure.audit.destination.{db/solor...}
(2) So, obtaining AuthzAuditEvent should also according to the value of
xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or
dummyHandler, constructing AuthzAuditEvent object is useless which is very
frequently called and thus result in the performance decline of service(hdfs
namenode, kakfa broker,hiveserver2...)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
