Re: Review Request 71616: RANGER-2660 : Option to create missing users/groups/roles while creating/updating/importing policies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71616/ --- (Updated Dec. 16, 2019, 6:38 p.m.) Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2660 https://issues.apache.org/jira/browse/RANGER-2660 Repository: ranger Description --- provide an option to create missing users/groups/roles which are not present in ranger admin while creating/updating/importing policies Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerRoleValidator.java beeb888e5 security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 3846d008c security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java e8b58d1fd Diff: https://reviews.apache.org/r/71616/diff/3/ Changes: https://reviews.apache.org/r/71616/diff/2-3/ Testing --- 1.Tested with create/update/import policies for user/group/roles. Thanks, Nikhil P
[jira] [Commented] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16997251#comment-16997251 ] Dhaval B. SHAH commented on RANGER-2668: Apache Commit Link: [https://github.com/apache/ranger/commit/6396e3a473fe8b2bc7282b402575299d9c09d8df] > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch, RANGER-2668-02.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Labels: patch (was: ) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Labels: patch > Fix For: 2.0.0 > > Attachments: RANGER-2676.patch > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Attachment: RANGER-2676.patch > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > Attachments: RANGER-2676.patch > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Description: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1) AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.db/solr/hdfs/... (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) was: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.db/solr/hdfs/... (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1) AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Description: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.db/solr/hdfs/... (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) was: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.{db/solor...} (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.{db/solor...},or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1)AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.db/solr/hdfs/... > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.db/solr/hdfs/...,or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Description: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.{db/solor...} (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.{db/solor...},or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) was: When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.{db/solor...} (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1)AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.{db/solor...} > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.{db/solor...},or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2676) Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value
[ https://issues.apache.org/jira/browse/RANGER-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Haihui Xu updated RANGER-2676: -- Summary: Before obtaining AuthzAuditEvent Object should check xasecure.audit.destination.xx value (was: Before obtaining AuditHandler Object should check xasecure.audit.destination.xx value) > Before obtaining AuthzAuditEvent Object should check > xasecure.audit.destination.xx value > > > Key: RANGER-2676 > URL: https://issues.apache.org/jira/browse/RANGER-2676 > Project: Ranger > Issue Type: Improvement > Components: audit, plugins >Affects Versions: 1.0.0, 1.1.0, 2.0.0, 1.2.0 >Reporter: Haihui Xu >Assignee: Haihui Xu >Priority: Critical > Fix For: 2.0.0 > > > When after evalute policy and then process the auditlog,need to obtain > AuditHandler Object and AuthzAuditEvent object > (1)AuditHandler object obtained when init plugin according to the value of > xasecure.audit.destination.{db/solor...} > (2) So, obtaining AuthzAuditEvent should also according to the value of > xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or > dummyHandler, constructing AuthzAuditEvent object is useless which is very > frequently called and thus result in the performance decline of service(hdfs > namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2676) Before obtaining AuditHandler Object should check xasecure.audit.destination.xx value
Haihui Xu created RANGER-2676: - Summary: Before obtaining AuditHandler Object should check xasecure.audit.destination.xx value Key: RANGER-2676 URL: https://issues.apache.org/jira/browse/RANGER-2676 Project: Ranger Issue Type: Improvement Components: audit, plugins Affects Versions: 1.2.0, 2.0.0, 1.1.0, 1.0.0 Reporter: Haihui Xu Assignee: Haihui Xu Fix For: 2.0.0 When after evalute policy and then process the auditlog,need to obtain AuditHandler Object and AuthzAuditEvent object (1)AuditHandler object obtained when init plugin according to the value of xasecure.audit.destination.{db/solor...} (2) So, obtaining AuthzAuditEvent should also according to the value of xasecure.audit.destination.{db/solor...}, or when AuditHandler is null or dummyHandler, constructing AuthzAuditEvent object is useless which is very frequently called and thus result in the performance decline of service(hdfs namenode, kakfa broker,hiveserver2...) -- This message was sent by Atlassian Jira (v8.3.4#803005)