[jira] [Updated] (RANGER-2896) show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2896:
--
Component/s: admin

> show grant not display grant_time in hive plugin
> 
>
> Key: RANGER-2896
> URL: https://issues.apache.org/jira/browse/RANGER-2896
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2896.patch
>
>
> show grant can not display grant_time, because 
> [RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
> content of policy download.
> When using show grant, grant_time will always be 0.
> In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets 
> creationDate from policy.getCreateTime().
> {code:java}
> if (accessTypes.contains(aclName.toLowerCase()) && 
> (users.contains(hivePrincipal.getName()) || 
> groups.contains(hivePrincipal.getName( {
> creationDate = (policy.getCreateTime() == null) ? creationDate : (int) 
> (policy.getCreateTime().getTime()/1000);
> delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : 
> policyItem.getDelegateAdmin().booleanValue();
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Review Request 72647: RANGER-2896: show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72647/
---

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-2896
https://issues.apache.org/jira/browse/RANGER-2896


Repository: ranger


Description
---

show grant can not display grant_time, because RANGER-836 pruned the content of 
policy download.

When using show grant, grant_time will always be 0.

```bash
+---+++-+-+-++---+-+--+
| database  | table  | partition  | column  | principal_name  | principal_type  
| privilege  | grant_option  | grant_time  | grantor  |
+---+++-+-+-++---+-+--+
| default   | *  | [] | []  | hadoop  | USER
| ALTER  | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| CREATE | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| DROP   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| INDEX  | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| LOCK   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| READ   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| SELECT | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| UPDATE | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| WRITE  | true  | 0   | ranger   |
+---+++-+-+-++---+-+--+
```

In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets creationDate 
from policy.getCreateTime().

```java
if (accessTypes.contains(aclName.toLowerCase()) && 
(users.contains(hivePrincipal.getName()) || 
groups.contains(hivePrincipal.getName( {
creationDate = (policy.getCreateTime() == null) ? creationDate : (int) 
(policy.getCreateTime().getTime()/1000);
delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : 
policyItem.getDelegateAdmin().booleanValue();
}
```


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
 a09a35295 


Diff: https://reviews.apache.org/r/72647/diff/1/


Testing
---

show grant can display grant_time.
```bash
+---+++-+-+-++---++--+
| database  | table  | partition  | column  | principal_name  | principal_type  
| privilege  | grant_option  |   grant_time   | grantor  |
+---+++-+-+-++---++--+
| default   | *  | [] | []  | hadoop  | USER
| ALTER  | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| CREATE | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| DROP   | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| INDEX  | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| LOCK   | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| READ   | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| SELECT | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| UPDATE | true  | 1594004452000  | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| WRITE  | true  | 1594004452000  | ranger   |
+---+++-+-+-++---++--+
```


Thanks,

Jiayi Liu

[jira] [Updated] (RANGER-2896) show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2896:
--
Description: 
show grant can not display grant_time, because 
[RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
content of policy download.

When using show grant, grant_time will always be 0.

In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets creationDate 
from policy.getCreateTime().

{code:java}
if (accessTypes.contains(aclName.toLowerCase()) && 
(users.contains(hivePrincipal.getName()) || 
groups.contains(hivePrincipal.getName( {
creationDate = (policy.getCreateTime() == null) ? creationDate : (int) 
(policy.getCreateTime().getTime()/1000);
delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : 
policyItem.getDelegateAdmin().booleanValue();
}
{code}



  was:
show grant can not display grant_time, because 
[RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
content of policy download.

When using show grant, grant_time will always be 0.

In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets creationDate 
from policy.getCreateTime().

{code:java}
if (accessTypes.contains(aclName.toLowerCase()) && 
(users.contains(hivePrincipal.getName())
|| 
groups.contains(hivePrincipal.getName( {
creationDate = (policy.getCreateTime() == null) 
? creationDate : (int) (policy.getCreateTime().getTime()/1000);
delegateAdmin = (policyItem.getDelegateAdmin() 
== null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
}
{code}




> show grant not display grant_time in hive plugin
> 
>
> Key: RANGER-2896
> URL: https://issues.apache.org/jira/browse/RANGER-2896
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2896.patch
>
>
> show grant can not display grant_time, because 
> [RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
> content of policy download.
> When using show grant, grant_time will always be 0.
> In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets 
> creationDate from policy.getCreateTime().
> {code:java}
> if (accessTypes.contains(aclName.toLowerCase()) && 
> (users.contains(hivePrincipal.getName()) || 
> groups.contains(hivePrincipal.getName( {
> creationDate = (policy.getCreateTime() == null) ? creationDate : (int) 
> (policy.getCreateTime().getTime()/1000);
> delegateAdmin = (policyItem.getDelegateAdmin() == null) ? delegateAdmin : 
> policyItem.getDelegateAdmin().booleanValue();
> }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2896) show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2896:
--
Description: 
show grant can not display grant_time, because 
[RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
content of policy download.

When using show grant, grant_time will always be 0.

In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets creationDate 
from policy.getCreateTime().

{code:java}
if (accessTypes.contains(aclName.toLowerCase()) && 
(users.contains(hivePrincipal.getName())
|| 
groups.contains(hivePrincipal.getName( {
creationDate = (policy.getCreateTime() == null) 
? creationDate : (int) (policy.getCreateTime().getTime()/1000);
delegateAdmin = (policyItem.getDelegateAdmin() 
== null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
}
{code}



  was:
show grant can not display grant_time, because 
[RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
content of policy download.

When using show grant, grant_time will always be 0.



> show grant not display grant_time in hive plugin
> 
>
> Key: RANGER-2896
> URL: https://issues.apache.org/jira/browse/RANGER-2896
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2896.patch
>
>
> show grant can not display grant_time, because 
> [RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
> content of policy download.
> When using show grant, grant_time will always be 0.
> In RangerHiveAuthorizer.createHivePrivilegeInfo function, it gets 
> creationDate from policy.getCreateTime().
> {code:java}
> if (accessTypes.contains(aclName.toLowerCase()) && 
> (users.contains(hivePrincipal.getName())
>   || 
> groups.contains(hivePrincipal.getName( {
>   creationDate = (policy.getCreateTime() == null) 
> ? creationDate : (int) (policy.getCreateTime().getTime()/1000);
>   delegateAdmin = (policyItem.getDelegateAdmin() 
> == null) ? delegateAdmin : policyItem.getDelegateAdmin().booleanValue();
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2896) show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2896:
--
Summary: show grant not display grant_time in hive plugin  (was: show grant 
not display grant_time)

> show grant not display grant_time in hive plugin
> 
>
> Key: RANGER-2896
> URL: https://issues.apache.org/jira/browse/RANGER-2896
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2896.patch
>
>
> show grant can not display grant_time, because 
> [RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
> content of policy download.
> When using show grant, grant_time will always be 0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2896) show grant not display grant_time in hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2896:
--
Attachment: 0001-RANGER-2896.patch

> show grant not display grant_time in hive plugin
> 
>
> Key: RANGER-2896
> URL: https://issues.apache.org/jira/browse/RANGER-2896
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2896.patch
>
>
> show grant can not display grant_time, because 
> [RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
> content of policy download.
> When using show grant, grant_time will always be 0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2891.
-
Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/0fa35a1d00de7899effa5a589713baf947cabd2b]

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-2896) show grant not display grant_time

2020-07-05 Thread Jiayi Liu (Jira) 
Jiayi Liu created RANGER-2896:
-

 Summary: show grant not display grant_time
 Key: RANGER-2896
 URL: https://issues.apache.org/jira/browse/RANGER-2896
 Project: Ranger
  Issue Type: Improvement
  Components: plugins
Affects Versions: 2.0.0
Reporter: Jiayi Liu
 Fix For: 2.1.0


show grant can not display grant_time, because 
[RANGER-836|https://issues.apache.org/jira/browse/RANGER-836] pruned the 
content of policy download.

When using show grant, grant_time will always be 0.




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Reopened] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reopened RANGER-2891:
-

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store

2020-07-05 Thread bhavik patel 


> On June 16, 2020, 5:31 a.m., Pradeep Agrawal wrote:
> > agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java
> > Lines 48 (patched)
> > 
> >
> > if any code is referred/copied from somewhere please mention that in RR 
> > description

This is the custom Utility class and getKerberosCredentials method I have 
referred from here: 
https://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html


- bhavik


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/#review221009
---


On July 6, 2020, 5:42 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72591/
> ---
> 
> (Updated July 6, 2020, 5:42 a.m.)
> 
> 
> Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don 
> Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, 
> Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2861
> https://issues.apache.org/jira/browse/RANGER-2861
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently, Ranger admin support only Basic Authentication for ES as an Audit 
> Store, also required to support username and keytab.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java
>  bda582a 
>   
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java
>  PRE-CREATION 
>   
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java
>  PRE-CREATION 
>   
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java
>  PRE-CREATION 
>   
> agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java
>  PRE-CREATION 
>   distro/src/main/assembly/admin-web.xml a632011 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
>  886091e 
>   
> security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java
>  a060877 
> 
> 
> Diff: https://reviews.apache.org/r/72591/diff/2/
> 
> 
> Testing
> ---
> 
> After setting the ES username and passowrd(keytab) in install.properties 
> ranger admin is able to read audit logs from ES also ranger plugins able to 
> write the logs to ES.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 72591: RANGER-2861 : Support username and keytab to authenticate ES service to use as an Ranger Audit Store

2020-07-05 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72591/
---

(Updated July 6, 2020, 5:42 a.m.)


Review request for ranger, Attila Bukor, Ankita Sinha, Bolke de Bruin, Don 
Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep Agrawal, 
Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2861
https://issues.apache.org/jira/browse/RANGER-2861


Repository: ranger


Description
---

Currently, Ranger admin support only Basic Authentication for ES as an Audit 
Store, also required to support username and keytab.


Diffs (updated)
-

  
agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java
 bda582a 
  
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/CredentialsProviderUtil.java
 PRE-CREATION 
  
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/AbstractJaasConf.java
 PRE-CREATION 
  
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KerberosCredentialsProvider.java
 PRE-CREATION 
  
agents-cred/src/main/java/org/apache/ranger/authorization/credutils/kerberos/KeytabJaasConf.java
 PRE-CREATION 
  distro/src/main/assembly/admin-web.xml a632011 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
 886091e 
  
security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java
 a060877 


Diff: https://reviews.apache.org/r/72591/diff/2/

Changes: https://reviews.apache.org/r/72591/diff/1-2/


Testing
---

After setting the ES username and passowrd(keytab) in install.properties ranger 
admin is able to read audit logs from ES also ranger plugins able to write the 
logs to ES.


Thanks,

bhavik patel

Re: Review Request 72633: RANGER-2867 : Update Spring Security framework for Ranger

2020-07-05 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72633/#review221130
---


Ship it!




Ship It!

- bhavik patel


On July 1, 2020, 8:55 a.m., Dhaval Shah wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72633/
> ---
> 
> (Updated July 1, 2020, 8:55 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Jayendra 
> Parab, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2867
> https://issues.apache.org/jira/browse/RANGER-2867
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We need to upgrade springframework security from 4.2.13 to 4.2.16  as part of 
> security improvment.
> 
> 
> Diffs
> -
> 
>   pom.xml 5bfd08df2 
> 
> 
> Diff: https://reviews.apache.org/r/72633/diff/1/
> 
> 
> Testing
> ---
> 
> Successfully performed the sanity test on Ranger.
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani resolved RANGER-2891.
-
Resolution: Fixed

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151750#comment-17151750
 ] 

Ramesh Mani commented on RANGER-2891:
-

+1 for the updated patch

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72639: RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72639/#review221129
---


Ship it!




- Ramesh Mani


On July 6, 2020, 4:05 a.m., ru jia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72639/
> ---
> 
> (Updated July 6, 2020, 4:05 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2891
> https://issues.apache.org/jira/browse/RANGER-2891
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, it 
> should be implemented.
> 
> 
> Diffs
> -
> 
>   
> plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
>  f4fc89d 
>   
> ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
>  4063870 
> 
> 
> Diff: https://reviews.apache.org/r/72639/diff/1/
> 
> 
> Testing
> ---
> 
> Compilation OK and already used in production environment
> 
> 
> File Attachments
> 
> 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>   
> https://reviews.apache.org/media/uploaded/files/2020/07/06/ac0b2472-9940-4627-9288-88175bb28d3e__0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
> 
> 
> Thanks,
> 
> ru jia
> 
>

Re: Review Request 72639: RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread ru jia 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72639/
---

(Updated 七月 6, 2020, 4:05 a.m.)


Review request for ranger.


Changes
---

Update log level


Bugs: RANGER-2891
https://issues.apache.org/jira/browse/RANGER-2891


Repository: ranger


Description
---

plugin-presto does not support 'checkCanShowColumnsMetadata' API now, it should 
be implemented.


Diffs
-

  
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 f4fc89d 
  
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 4063870 


Diff: https://reviews.apache.org/r/72639/diff/1/


Testing
---

Compilation OK and already used in production environment


File Attachments (updated)


0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
  
https://reviews.apache.org/media/uploaded/files/2020/07/06/ac0b2472-9940-4627-9288-88175bb28d3e__0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch


Thanks,

ru jia

[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151747#comment-17151747
 ] 

Ramesh Mani commented on RANGER-2891:
-

Please update the existing review with the new patch. Patch looks good! Please 
check this screenshot

!Screen Shot 2020-07-05 at 9.02.55 PM.png!

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2891:

Attachment: Screen Shot 2020-07-05 at 9.02.55 PM.png

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2891:

Attachment: (was: Screen Shot 2020-07-05 at 8.59.33 PM.png)

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2891:

Attachment: (was: Screen Shot 2020-07-05 at 8.59.33 PM.png)

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2891:

Attachment: Screen Shot 2020-07-05 at 8.59.33 PM.png

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 8.59.33 PM.png, Screen Shot 2020-07-05 at 8.59.33 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-2891:

Attachment: Screen Shot 2020-07-05 at 8.59.33 PM.png

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 8.59.33 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72645: RANGER-2895: Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and Eclipselink

2020-07-05 Thread Pradeep Agrawal 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72645/#review221128
---



I would like you to test this patch in all other db flavors ranger is 
supported. They are Mysql, oracle, postgres, sqlanywhere, microsoft sqlserver

- Pradeep Agrawal


On July 5, 2020, 7:15 p.m., Bill Ricky wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72645/
> ---
> 
> (Updated July 5, 2020, 7:15 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2895
> https://issues.apache.org/jira/browse/RANGER-2895
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We should replace c3p0 with 
> [HikariCP|https://github.com/brettwooldridge/HikariCP]. HikariCP is much 
> faster and less error prone. HikariCP is more popular with 13.2k+ stars on 
> its github. There were no more new commits since Nov 18, 2019 in 
> [c3p0|https://github.com/swaldman/c3p0/commits/master].
> 
> [MySQL connector|https://github.com/mysql/mysql-connector-j] and 
> [Eclipselink|https://github.com/eclipse-ee4j/eclipselink] should be upgraded 
> to the latest stable versions as well to include many essential bugfixes.
> 
> 
> Diffs
> -
> 
>   pom.xml 5bfd08df2 
>   security-admin/pom.xml 745dbfe8c 
>   security-admin/scripts/ranger-admin-site-template.xml 72ff66eaf 
>   security-admin/scripts/setup.sh 949c24244 
>   security-admin/scripts/upgrade_admin.py 10fa485bd 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> fcd4bd0ee 
>   security-admin/src/main/webapp/META-INF/applicationContext.xml b24f4d4ac 
> 
> 
> Diff: https://reviews.apache.org/r/72645/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Compilation OK
> 2.Already used in production environment
> 
> 
> Thanks,
> 
> Bill Ricky
> 
>

Re: Review Request 72639: RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread ru jia 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72639/
---

(Updated 七月 6, 2020, 3:47 a.m.)


Review request for ranger.


Changes
---

update


Bugs: RANGER-2891
https://issues.apache.org/jira/browse/RANGER-2891


Repository: ranger


Description
---

plugin-presto does not support 'checkCanShowColumnsMetadata' API now, it should 
be implemented.


Diffs
-

  
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 f4fc89d 
  
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 4063870 


Diff: https://reviews.apache.org/r/72639/diff/1/


Testing
---

Compilation OK and already used in production environment


File Attachments (updated)


0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
  
https://reviews.apache.org/media/uploaded/files/2020/07/06/d363d557-3c9c-47f5-a01d-3e44e9b93eeb__0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
  
https://reviews.apache.org/media/uploaded/files/2020/07/06/fadeddae-2c58-473a-9753-358bfc39632e__0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch


Thanks,

ru jia

[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread Ramesh Mani (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151739#comment-17151739
 ] 

Ramesh Mani commented on RANGER-2891:
-

[~rujia1019] looks like the review requests is not updated with this new patch. 
Please update.

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2893) show grant on database xxx will fail in ranger hive plugin

2020-07-05 Thread Jiayi Liu (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jiayi Liu updated RANGER-2893:
--
Attachment: 0002-RANGER-2893.patch

> show grant on database xxx will fail in ranger hive plugin
> --
>
> Key: RANGER-2893
> URL: https://issues.apache.org/jira/browse/RANGER-2893
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2893.patch, 0002-RANGER-2893.patch
>
>
> When we enable Ranger Hive plugin, show grant at the database level will 
> fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only 
> supports SHOW PRIVILEGES for Hive resources and not user level". Although we 
> are not showing grants at the user level, but at the database level.
> For example, 
> {code:sql}
> show grant on database default;
> {code}
> and the exception,
> {code:java}
> ERROR : FAILED: Execution Error, return code 1 from 
> org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges() 
> error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES 
> for Hive resources and not user level
> {code}
> The reason is that the parameter privObj.objectName passed to 
> RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase 
> level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports 
> SHOW PRIVILEGES for Hive resources and not user level" will be thrown when 
> objectName is null. The function is normal when the type of privObj is TABLE, 
> because the dbName is the db name and the objectName is the table name. 
> We should check whether the dbName is null instead of check the objectName. 
> We alse need to fix the objectName to "*" when it is null to represent all 
> tables in the db in HivePrivilegeInfo.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread rujia (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2891:
--
Attachment: 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES

2020-07-05 Thread rujia (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2892:
--
Attachment: (was: 
0001-ElasticSearch-plugin-NullPointException-fix.patch)

> NoClassDeFoundError occur when HDFS write audit to ES
> -
>
> Key: RANGER-2892
> URL: https://issues.apache.org/jira/browse/RANGER-2892
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: rujia
>Priority: Major
>
> When enable audit for es, HDFS will throw NoClassDeFoundError: 
> org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES

2020-07-05 Thread rujia (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2892:
--
Attachment: 0001-ElasticSearch-plugin-NullPointException-fix.patch

> NoClassDeFoundError occur when HDFS write audit to ES
> -
>
> Key: RANGER-2892
> URL: https://issues.apache.org/jira/browse/RANGER-2892
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: rujia
>Priority: Major
> Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch
>
>
> When enable audit for es, HDFS will throw NoClassDeFoundError: 
> org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (RANGER-2893) show grant on database xxx will fail in ranger hive plugin

2020-07-05 Thread Madhan Neethiraj (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj resolved RANGER-2893.
--
Resolution: Fixed

[~liujiayi771] - thanks for the patch!

> show grant on database xxx will fail in ranger hive plugin
> --
>
> Key: RANGER-2893
> URL: https://issues.apache.org/jira/browse/RANGER-2893
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Jiayi Liu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2893.patch
>
>
> When we enable Ranger Hive plugin, show grant at the database level will 
> fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only 
> supports SHOW PRIVILEGES for Hive resources and not user level". Although we 
> are not showing grants at the user level, but at the database level.
> For example, 
> {code:sql}
> show grant on database default;
> {code}
> and the exception,
> {code:java}
> ERROR : FAILED: Execution Error, return code 1 from 
> org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges() 
> error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES 
> for Hive resources and not user level
> {code}
> The reason is that the parameter privObj.objectName passed to 
> RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase 
> level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports 
> SHOW PRIVILEGES for Hive resources and not user level" will be thrown when 
> objectName is null. The function is normal when the type of privObj is TABLE, 
> because the dbName is the db name and the objectName is the table name. 
> We should check whether the dbName is null instead of check the objectName. 
> We alse need to fix the objectName to "*" when it is null to represent all 
> tables in the db in HivePrivilegeInfo.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72642: RANGER-2893: show grant on database xxx will fail in ranger hive plugin

2020-07-05 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72642/#review221127
---


Ship it!




Ship It!

- Madhan Neethiraj


On July 6, 2020, 2:21 a.m., Jiayi Liu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72642/
> ---
> 
> (Updated July 6, 2020, 2:21 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Pradeep 
> Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2893
> https://issues.apache.org/jira/browse/RANGER-2893
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When we enable Ranger Hive plugin, show grant at the database level will 
> fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only 
> supports SHOW PRIVILEGES for Hive resources and not user level". Although we 
> are not showing grants at the user level, but at the database level.
> 
> For example,
> ```sql
> show grant on database default;
> ```
> and the exception,
> ```bash
> ERROR : FAILED: Execution Error, return code 1 from 
> org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges() 
> error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES 
> for Hive resources and not user level
> ```
> 
> The reason is that the parameter privObj.objectName passed to 
> RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase 
> level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports 
> SHOW PRIVILEGES for Hive resources and not user level" will be thrown when 
> objectName is null. The function is normal when the type of privObj is TABLE, 
> because the dbName is the db name and the objectName is the table name.
> 
> We should check whether the dbName is null instead of check the objectName. 
> We alse need to fix the objectName to "*" when it is null to represent all 
> tables in the db in HivePrivilegeInfo.
> 
> 
> Diffs
> -
> 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
>  c8761108b 
> 
> 
> Diff: https://reviews.apache.org/r/72642/diff/2/
> 
> 
> Testing
> ---
> 
> show grant on database will correctly display privileges, and display '*' in 
> table column to represent all tables in a db.
> ```bash
> SHOW GRANT on database default;
> +---+++-+-+-++---+-+--+
> | database  | table  | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  | grant_time  | grantor  |
> +---+++-+-+-++---+-+--+
> | default   | *  | [] | []  | hadoop  | USER  
>   | ALTER  | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | CREATE | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | DROP   | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | INDEX  | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | LOCK   | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | READ   | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | SELECT | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | UPDATE | true  | 0   | ranger   |
> | default   | *  | [] | []  | hadoop  | USER  
>   | WRITE  | true  | 0   | ranger   |
> | default   | *  | [] | []  | hue | USER  
>   | SELECT | false | 0   | ranger   |
> +---+++-+-+-++---+-+--+
> ```
> 
> 
> Thanks,
> 
> Jiayi Liu
> 
>

Re: Review Request 72639: RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread ru jia 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72639/
---

(Updated 七月 6, 2020, 2:43 a.m.)


Review request for ranger.


Bugs: RANGER-2891
https://issues.apache.org/jira/browse/RANGER-2891


Repository: ranger


Description
---

plugin-presto does not support 'checkCanShowColumnsMetadata' API now, it should 
be implemented.


Diffs
-

  
plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 f4fc89d 
  
ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 4063870 


Diff: https://reviews.apache.org/r/72639/diff/1/


Testing
---

Compilation OK and already used in production environment


File Attachments (updated)


0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
  
https://reviews.apache.org/media/uploaded/files/2020/07/06/d363d557-3c9c-47f5-a01d-3e44e9b93eeb__0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch


Thanks,

ru jia

Re: Review Request 72642: RANGER-2893: show grant on database xxx will fail in ranger hive plugin

2020-07-05 Thread Jiayi Liu 


> On 七月 3, 2020, 5:06 p.m., Madhan Neethiraj wrote:
> > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
> > Line 2551 (original), 2551 (patched)
> > 
> >
> > Please review if #2391 needs be updated to handle 'objectName==null', 
> > similar to #2551.
> >   2391: hivePrivilegeObject = new HivePrivilegeObject(objectType, 
> > dbName, objectName);
> 
> Jiayi Liu wrote:
> I think that in #2391, we do not need to consider the case of 
> objectName==null. Here, hivePrivilegeObject is to obtain the ACL 
> corresponding to the Resource. objectName == null will not affect the result 
> of obtaining the ACL. If objectName == null, dbName != null, it will 
> correctly obtain the ACL of dbName, we set objectName to * but it will affect 
> the correctness of the result, because the name of no table is *.
> 
> Setting objectName to * at #2551 is just for display. The privilegeObject 
> at #2551 is only used to create a new HivePrivilegeInfo, and the role of 
> HivePrivilegeInfo is only to display the result of ACL.
> 
> Jiayi Liu wrote:
> If we don’t set objectName to *, it’s OK, but the table column in the 
> result list will be empty, which looks a bit strange. But it is also 
> reasonable, what do you think?
> 
> +---+++-+-+-++---+-+--+
> | database  | table  | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  | grant_time  | grantor  |
> 
> +---+++-+-+-++---+-+--+
> | default   || [] | []  | hadoop  | USER  
>   | ALTER  | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | CREATE | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | DROP   | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | INDEX  | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | LOCK   | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | READ   | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | SELECT | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | UPDATE | true  | 0   | ranger   |
> | default   || [] | []  | hadoop  | USER  
>   | WRITE  | true  | 0   | ranger   |
> | default   || [] | []  | hue | USER  
>   | SELECT | false | 0   | ranger   |
> 
> +---+++-+-+-++---+-+--+

I checked Hive SQL standard based authorization, when we show grant at the 
database level, the table column is also displayed as empty. In order to 
maintain consistency, I don't think it is necessary to modify the display 
content to "*" to represent all tables in the database. I removed the code to 
modify objectName, pls review it again.


- Jiayi


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72642/#review221119
---


On 七月 6, 2020, 2:21 a.m., Jiayi Liu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72642/
> ---
> 
> (Updated 七月 6, 2020, 2:21 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Pradeep 
> Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2893
> https://issues.apache.org/jira/browse/RANGER-2893
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When we enable Ranger Hive plugin, show grant at the database level will 
> fail, and throw the exception "RangerHiveAuthorizer.showPrivileges() only 
> supports SHOW PRIVILEGES for Hive resources and not user level". Although we 
> are not showing grants at the user level, but at the database level.
> 
> For example,
> ```sql

Re: Review Request 72642: RANGER-2893: show grant on database xxx will fail in ranger hive plugin

2020-07-05 Thread Jiayi Liu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72642/
---

(Updated 七月 6, 2020, 2:21 a.m.)


Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Pradeep 
Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2893
https://issues.apache.org/jira/browse/RANGER-2893


Repository: ranger


Description
---

When we enable Ranger Hive plugin, show grant at the database level will fail, 
and throw the exception "RangerHiveAuthorizer.showPrivileges() only supports 
SHOW PRIVILEGES for Hive resources and not user level". Although we are not 
showing grants at the user level, but at the database level.

For example,
```sql
show grant on database default;
```
and the exception,
```bash
ERROR : FAILED: Execution Error, return code 1 from 
org.apache.hadoop.hive.ql.exec.DDLTask. RangerHiveAuthorizer.showPrivileges() 
error: RangerHiveAuthorizer.showPrivileges() only supports SHOW PRIVILEGES for 
Hive resources and not user level
```

The reason is that the parameter privObj.objectName passed to 
RangerHiveAuthorizer.showPrivileges is null when show grant at the datatabase 
level, and the exception "RangerHiveAuthorizer.showPrivileges() only supports 
SHOW PRIVILEGES for Hive resources and not user level" will be thrown when 
objectName is null. The function is normal when the type of privObj is TABLE, 
because the dbName is the db name and the objectName is the table name.

We should check whether the dbName is null instead of check the objectName. We 
alse need to fix the objectName to "*" when it is null to represent all tables 
in the db in HivePrivilegeInfo.


Diffs (updated)
-

  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 c8761108b 


Diff: https://reviews.apache.org/r/72642/diff/2/

Changes: https://reviews.apache.org/r/72642/diff/1-2/


Testing
---

show grant on database will correctly display privileges, and display '*' in 
table column to represent all tables in a db.
```bash
SHOW GRANT on database default;
+---+++-+-+-++---+-+--+
| database  | table  | partition  | column  | principal_name  | principal_type  
| privilege  | grant_option  | grant_time  | grantor  |
+---+++-+-+-++---+-+--+
| default   | *  | [] | []  | hadoop  | USER
| ALTER  | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| CREATE | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| DROP   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| INDEX  | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| LOCK   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| READ   | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| SELECT | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| UPDATE | true  | 0   | ranger   |
| default   | *  | [] | []  | hadoop  | USER
| WRITE  | true  | 0   | ranger   |
| default   | *  | [] | []  | hue | USER
| SELECT | false | 0   | ranger   |
+---+++-+-+-++---+-+--+
```


Thanks,

Jiayi Liu

[jira] [Commented] (RANGER-2895) Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and Eclipselink

2020-07-05 Thread RickyMa (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17151647#comment-17151647
 ] 

RickyMa commented on RANGER-2895:
-

[~pradeep] : The patch is ready, would you please review this at your 
convenience. Thanks a lot.

> Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and 
> Eclipselink
> -
>
> Key: RANGER-2895
> URL: https://issues.apache.org/jira/browse/RANGER-2895
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Reporter: RickyMa
>Priority: Major
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> We should replace c3p0 with 
> [HikariCP|[https://github.com/brettwooldridge/HikariCP]]. HikariCP is much 
> faster and less error prone. HikariCP is more popular with 13.2k+ stars on 
> its github. There were no more new commits since Nov 18, 2019 in 
> [c3p0|[https://github.com/swaldman/c3p0/commits/master]].
> [MySQL connector|[https://github.com/mysql/mysql-connector-j]] and 
> [Eclipselink|[https://github.com/eclipse-ee4j/eclipselink]] should be 
> upgraded to the latest stable versions as well to include many essential 
> bugfixes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Review Request 72645: RANGER-2895: Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and Eclipselink

2020-07-05 Thread Bill Ricky 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72645/
---

Review request for ranger.


Bugs: RANGER-2895
https://issues.apache.org/jira/browse/RANGER-2895


Repository: ranger


Description
---

We should replace c3p0 with 
[HikariCP|https://github.com/brettwooldridge/HikariCP]. HikariCP is much faster 
and less error prone. HikariCP is more popular with 13.2k+ stars on its github. 
There were no more new commits since Nov 18, 2019 in 
[c3p0|https://github.com/swaldman/c3p0/commits/master].

[MySQL connector|https://github.com/mysql/mysql-connector-j] and 
[Eclipselink|https://github.com/eclipse-ee4j/eclipselink] should be upgraded to 
the latest stable versions as well to include many essential bugfixes.


Diffs
-

  pom.xml 5bfd08df2 
  security-admin/pom.xml 745dbfe8c 
  security-admin/scripts/ranger-admin-site-template.xml 72ff66eaf 
  security-admin/scripts/setup.sh 949c24244 
  security-admin/scripts/upgrade_admin.py 10fa485bd 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
fcd4bd0ee 
  security-admin/src/main/webapp/META-INF/applicationContext.xml b24f4d4ac 


Diff: https://reviews.apache.org/r/72645/diff/1/


Testing
---

1.Compilation OK
2.Already used in production environment


Thanks,

Bill Ricky

[GitHub] [ranger] rickyma opened a new pull request #68: RANGER-2895: Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and Eclipselink

2020-07-05 Thread GitBox 


rickyma opened a new pull request #68:
URL: https://github.com/apache/ranger/pull/68


   We should replace c3p0 with 
[HikariCP|https://github.com/brettwooldridge/HikariCP]. HikariCP is much faster 
and less error prone. HikariCP is more popular with 13.2k+ stars on its github. 
There were no more new commits since Nov 18, 2019 in 
[c3p0|https://github.com/swaldman/c3p0/commits/master].
   
   [MySQL connector|https://github.com/mysql/mysql-connector-j] and 
[Eclipselink|https://github.com/eclipse-ee4j/eclipselink] should be upgraded to 
the latest stable versions as well to include many essential bugfixes.



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Created] (RANGER-2895) Replace c3p0 connection pool with HikariCP, upgrading MySQL connector and Eclipselink

2020-07-05 Thread RickyMa (Jira) 
RickyMa created RANGER-2895:
---

 Summary: Replace c3p0 connection pool with HikariCP, upgrading 
MySQL connector and Eclipselink
 Key: RANGER-2895
 URL: https://issues.apache.org/jira/browse/RANGER-2895
 Project: Ranger
  Issue Type: Improvement
  Components: admin, Ranger
Reporter: RickyMa


We should replace c3p0 with 
[HikariCP|[https://github.com/brettwooldridge/HikariCP]]. HikariCP is much 
faster and less error prone. HikariCP is more popular with 13.2k+ stars on its 
github. There were no more new commits since Nov 18, 2019 in 
[c3p0|[https://github.com/swaldman/c3p0/commits/master]].

[MySQL connector|[https://github.com/mysql/mysql-connector-j]] and 
[Eclipselink|[https://github.com/eclipse-ee4j/eclipselink]] should be upgraded 
to the latest stable versions as well to include many essential bugfixes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[GitHub] [ranger] rickyma closed pull request #67: RANGER-2885: Add missing PermType Java codes for new versions of Kafka

2020-07-05 Thread GitBox 


rickyma closed pull request #67:
URL: https://github.com/apache/ranger/pull/67


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [ranger] rickyma commented on pull request #67: RANGER-2885: Add missing PermType Java codes for new versions of Kafka

2020-07-05 Thread GitBox 


rickyma commented on pull request #67:
URL: https://github.com/apache/ranger/pull/67#issuecomment-653887348


   Patch committed : 
https://github.com/apache/ranger/commit/a15ec3c1028b01b292e257a1a50d83fcd8d91149



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Resolved] (RANGER-2885) Add missing PermType Java codes for new versions of Kafka

2020-07-05 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2885.
-
Fix Version/s: (was: master)
   2.1.0
   Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/a15ec3c1028b01b292e257a1a50d83fcd8d91149]

> Add missing PermType Java codes for new versions of Kafka
> -
>
> Key: RANGER-2885
> URL: https://issues.apache.org/jira/browse/RANGER-2885
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: RANGER-2885.patch
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> There are codes missing for:
> https://issues.apache.org/jira/browse/RANGER-2117
> https://issues.apache.org/jira/browse/RANGER-2692
> When calling 
> 'http://10.1.0.44:6080/service/public/api/policy?repositoryName=tdw_kafka\&repositoryType=kafka\&isEnabled=false',
>  it will return 'Unknown' value in permMapList.permList field, which is not 
> appropriate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (RANGER-2890) Add missing log4j properties for audit log

2020-07-05 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2890.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

Patch committed :  
[https://github.com/apache/ranger/commit/197b27683b5271836a8add2d783ee2889b47d153]

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)