Re: Review Request 73667: RANGER-3332: script evaluator - added test cases for user/group attribute conditions

[bhavik patel]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73667/#review223677
---


Ship it!




Ship It!

- bhavik patel


On Oct. 25, 2021, 6:01 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73667/
> ---
> 
> (Updated Oct. 25, 2021, 6:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3332
> https://issues.apache.org/jira/browse/RANGER-3332
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> added test cases for conditions using attributes of users and groups
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
>  36504c7f7 
> 
> 
> Diff: https://reviews.apache.org/r/73667/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that unit tests pass successfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 73659: RANGER-3490:Make policy resource signature is unique in a service

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73659/#review223674
---


Ship it!




Ship It!

- Madhan Neethiraj


On Oct. 27, 2021, midnight, Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73659/
> ---
> 
> (Updated Oct. 27, 2021, midnight)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, Pradeep 
> Agrawal, Ramesh Mani, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-3490
> https://issues.apache.org/jira/browse/RANGER-3490
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There may be multiple policies with the same resource signature within a 
> service (at most one enabled policy and potentially any number of disabled 
> policies).  Therefore, the resource-signature uniqueness within a service 
> cannot be enforced at the database level.
> 
> The proposal is to encode GUID of a disabled policy within the resource 
> signature, thus making the resource signature unique within a service.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
>  312005e0f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
>  0ba1fb918 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
>  b02090b3c 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
>  bc9df31cc 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
>  f0e2d07d9 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java
>  6de590b0e 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> f13cef71d 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> ef0d3b4eb 
> 
> 
> Diff: https://reviews.apache.org/r/73659/diff/3/
> 
> 
> Testing
> ---
> 
> Compiled and ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73659: RANGER-3490:Make policy resource signature is unique in a service

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73659/
---

(Updated Oct. 27, 2021, midnight)


Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, Pradeep 
Agrawal, Ramesh Mani, and Sailaja Polavarapu.


Changes
---

Updated to address review comments.


Bugs: RANGER-3490
https://issues.apache.org/jira/browse/RANGER-3490


Repository: ranger


Description
---

There may be multiple policies with the same resource signature within a 
service (at most one enabled policy and potentially any number of disabled 
policies).  Therefore, the resource-signature uniqueness within a service 
cannot be enforced at the database level.

The proposal is to encode GUID of a disabled policy within the resource 
signature, thus making the resource signature unique within a service.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
 312005e0f 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
 0ba1fb918 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidator.java
 b02090b3c 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
 bc9df31cc 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
 f0e2d07d9 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerValidator.java
 6de590b0e 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
f13cef71d 
  security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
ef0d3b4eb 


Diff: https://reviews.apache.org/r/73659/diff/3/

Changes: https://reviews.apache.org/r/73659/diff/2-3/


Testing
---

Compiled and ran all unit tests successfully.


Thanks,

Abhay Kulkarni

Re: Review Request 73667: RANGER-3332: script evaluator - added test cases for user/group attribute conditions

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73667/#review223673
---


Ship it!




Ship It!

- Abhay Kulkarni


On Oct. 25, 2021, 6:01 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73667/
> ---
> 
> (Updated Oct. 25, 2021, 6:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay 
> Kulkarni, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3332
> https://issues.apache.org/jira/browse/RANGER-3332
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> added test cases for conditions using attributes of users and groups
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java
>  36504c7f7 
> 
> 
> Diff: https://reviews.apache.org/r/73667/diff/1/
> 
> 
> Testing
> ---
> 
> - verified that unit tests pass successfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: [VOTE] Release Apache Ranger version 2.2.0 - rc2

[Sailaja Polavarapu]

+1
Thanks Ramesh for putting Apache ranger 2.2.0 rc2.
- Verified pgp signature & hashes.
- Verified clean build with unit test and packaging
- Verified usersync and ranger admin started successfully

Thanks,
Sailaja.

On Tue, Oct 26, 2021 at 8:54 AM vishal suvagia
 wrote:

> Thank-you Ramesh for putting the Apache Ranger 2.2.0 release candidate #2.
>
> +1 for the Apache Ranger 2.2.0 release candidate #2.
> clean build Ranger from the source tar succeeded without any issues.
> verified hashes and signature matching the source file.
> verified that Ranger Admin portal came up fine.
>
>
> Thanks
> Vishal Suvagia.
> --
>
> On Tuesday, 26 October, 2021, 11:39:33 am IST, Mehul Parikh <
> xsme...@gmail.com> wrote:
>
>  +1 for Apache Ranger 2.2.0 rc2
>
>
>   - Verified signatures
>   - Built ranger-2.2-rc2 from sources successfully
>   - Started Ranger-admin successfully
>   - Verified policy download by hdfs / yarn / hbase / hive / kafka /
>   plugins.
>
>
> On Mon, Oct 25, 2021 at 3:34 AM Abhay Kulkarni  wrote:
>
> > +1
> >
> > - Verified pgp, sha signatures
> > - Built ranger-2.2-rc2 from sources successfully
> > - Started Ranger-admin successfully
> > - Verified that the changes to tag policies are downloaded to
> > hdfs/hbase/hive/kafka/yarn plugins
> >
> > Thanks!
> > -Abhay
> >
> > On Sat, Oct 23, 2021 at 5:31 PM Madhan Neethiraj 
> > wrote:
> > >
> > > +1 for Apache Ranger 2.2.0 rc2
> > >
> > >  - verified signature
> > >  - verified 2.2.0-rc2 builds successfully
> > >  - verified Ranger admin startup; created services/policies/security
> > zones
> > >  - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
> > >  - verified audit logs from plugins, audit-filters
> > >
> > > Thank you Ramesh for putting this release together.
> > >
> > > Thanks,
> > > Madhan
> > >
> > >
> > > On 10/23/21, 12:33 AM, "Ramesh Mani"  wrote:
> > >
> > >Dear Rangers,
> > >
> > >Apache Ranger 2.2.0 release candidate #2 is now available for a vote
> > within
> > >the dev community. Links to the release artifacts are given below.
> > Please
> > >review and vote.
> > >
> > >The vote will be open for at least 72 hours or until necessary votes
> > are
> > >reached.
> > >  [ ] +1 approve
> > >  [ ] +0 no opinion
> > >  [ ] -1 disapprove (and reason why)
> > >
> > >Thanks,
> > >Ramesh
> > >
> > >List of all the issues addressed in this release:
> > >https://issues.apache.org/jira/issues/?jql=project=RANGER AND
> > >status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC
> > >
> > >Git tag for the release:
> > >https://github.com/apache/ranger/tree/release-2.2.0-rc2
> > >
> > >Sources for the release:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz
> > >
> > >Source release verification:
> > >  PGP Signature:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc
> > >  SHA256 Hash:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256
> > >  SHA512 Hash:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512
> > >
> > >Keys to verify the signature of the release artifacts are available
> > at:
> > >https://dist.apache.org/repos/dist/release/ranger/KEYS
> > >
> > >New features/enhancements:
> > >
> > >
> > >-
> > >
> > >Schema changes to improve performance of chained plugin
> features.
> > >RANGER-3067
> > >
> > >
> > >-
> > >
> > >Support delegation-admin for specific permissions.RANGER-3122
> > >-
> > >
> > >Kafka Client improvement to use Kafka AdminClient API instead of
> > >Zookeeper. RANGER-3001
> > >-
> > >
> > >GET API service/xusers/users response time improvement.
> > RANGER-3027/
> > >RANGER-3024
> > >-
> > >
> > >Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130
> > >-
> > >
> > >Ranger UI Search by object name in page /reports/audit/admin.
> > RANGER-3052
> > >-
> > >
> > >Enhancement to trace additional information on resources.
> > RANGER-3065
> > >-
> > >
> > >Improve audit log for Role operations in Ranger Hive authorizer.
> > >RANGER-3170
> > >-
> > >
> > >Audit-filter feature implementation to help reduce volume of
> > audit logs
> > >generated.RANGER-3000
> > >-
> > >
> > >Need feature to make the access log file name configurable for
> > >user.RANGER-3242/RANGER-3241
> > >-
> > >
> > >Upgrade solr version in Ranger to Solr 8.6.3 for better
> > >performance.RANGER-3091
> > >-
> > >
> > >Enhance Ranger admin REST Client to use cookie for policy, tag
> > and role
> > >download.RANGER-3283
> > >-
> > >

Re: Review Request 73659: RANGER-3490:Make policy resource signature is unique in a service

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73659/#review223671
---




agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
Lines 544 (patched)


Consider moving 'action' value validations at #544 and #570, depending on 
presence of existing policy, to isValid() method at #109.



agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
Lines 559 (patched)


Wouldn't "!policy.getIsEnabled()" be same as 
"existingPolicy.getIsEnabled()" - given the 'if' at #548?



agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
Line 548 (original), 564 (patched)


if a policy update includes change in resources, the signatures would be 
different. In such case would #564 result in validation failure? Please review.


- Madhan Neethiraj


On Oct. 26, 2021, 5:47 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73659/
> ---
> 
> (Updated Oct. 26, 2021, 5:47 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, Pradeep 
> Agrawal, Ramesh Mani, and Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-3490
> https://issues.apache.org/jira/browse/RANGER-3490
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There may be multiple policies with the same resource signature within a 
> service (at most one enabled policy and potentially any number of disabled 
> policies).  Therefore, the resource-signature uniqueness within a service 
> cannot be enforced at the database level.
> 
> The proposal is to encode GUID of a disabled policy within the resource 
> signature, thus making the resource signature unique within a service.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
>  312005e0f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
>  0ba1fb918 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
>  bc9df31cc 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
>  f0e2d07d9 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> f13cef71d 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> ef0d3b4eb 
> 
> 
> Diff: https://reviews.apache.org/r/73659/diff/2/
> 
> 
> Testing
> ---
> 
> Compiled and ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Updated] (RANGER-3498) RANGER : Remove log4j1 dependencies.

[Mateen N Mansoori (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mateen N Mansoori updated RANGER-3498:
--
Attachment: 0001-RANGER-3498-RANGER-Remove-log4j1-dependencies.patch

> RANGER : Remove log4j1 dependencies.
> 
>
> Key: RANGER-3498
> URL: https://issues.apache.org/jira/browse/RANGER-3498
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mateen N Mansoori
>Priority: Major
> Attachments: 0001-RANGER-3498-RANGER-Remove-log4j1-dependencies.patch
>
>
> Remove log4j1 dependencies.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3498) RANGER : Remove log4j1 dependencies.

[Mateen N Mansoori (Jira)]

Mateen N Mansoori created RANGER-3498:
-

 Summary: RANGER : Remove log4j1 dependencies.
 Key: RANGER-3498
 URL: https://issues.apache.org/jira/browse/RANGER-3498
 Project: Ranger
  Issue Type: Task
  Components: Ranger
Reporter: Mateen N Mansoori


Remove log4j1 dependencies.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Ranger components

[Pierre Smits]

Thanks.
Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer


On Tue, Oct 26, 2021 at 6:44 PM Velmurugan Periasamy  wrote:

> I have removed it. Thanks for pointing this out.
>
>
>
> On Tue, Oct 26, 2021 at 6:56 AM Pierre Smits 
> wrote:
> Hi all,
>
> Currently, there is a 2.2.0 component listed under components (see [1]). It
> seems to me that this is misleading and should be corrected.
>
> [1]
>
> https://issues.apache.org/jira/projects/RANGER?selectedItem=com.atlassian.jira.jira-projects-plugin:components-page
> <
> https://issues.apache.org/jira/projects/RANGER?selectedItem=com.atlassian.jira.jira-projects-plugin:components-page
> >
>
> Met vriendelijke groet,
>
> Pierre Smits
> *Proud* *contributor** of* Apache OFBiz  https://ofbiz.apache.org/>> since
> 2008 (without privileges)
>
> *Apache Directory  https://directory.apache.org/>>, PMC Member*
> Apache Incubator  https://incubator.apache.org/>>, committer
> Apache Steve >,
> committer
>
>
>

Re: Review Request 73659: RANGER-3490:Make policy resource signature is unique in a service

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73659/
---

(Updated Oct. 26, 2021, 5:47 p.m.)


Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, Pradeep 
Agrawal, Ramesh Mani, and Sailaja Polavarapu.


Changes
---

Updated RangerPolicyValidator to handle signature of disabled policy


Bugs: RANGER-3490
https://issues.apache.org/jira/browse/RANGER-3490


Repository: ranger


Description
---

There may be multiple policies with the same resource signature within a 
service (at most one enabled policy and potentially any number of disabled 
policies).  Therefore, the resource-signature uniqueness within a service 
cannot be enforced at the database level.

The proposal is to encode GUID of a disabled policy within the resource 
signature, thus making the resource signature unique within a service.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyResourceSignature.java
 312005e0f 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
 0ba1fb918 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/TestRangerPolicyResourceSignature.java
 bc9df31cc 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
 f0e2d07d9 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
f13cef71d 
  security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
ef0d3b4eb 


Diff: https://reviews.apache.org/r/73659/diff/2/

Changes: https://reviews.apache.org/r/73659/diff/1-2/


Testing
---

Compiled and ran all unit tests successfully.


Thanks,

Abhay Kulkarni

Re: Request to add me as a contributor in Ranger

[Velmurugan Periasamy]

Hi Mallika - I have added you as a contributor. 

Welcome to Apache Ranger community. 

Thanks for your interest in contributing. 

On Tue, Oct 26, 2021 at 2:10 AM Mallika Gogoi  wrote:
Hi Team,
I would request to add me as a contributor in  Apache Ranger. My
credentials are:

My github username is: mallikagogoi7
And my email id is mallikagog...@gmail.com 

--
Regards
Mallika

Re: Ranger components

[Velmurugan Periasamy]

I have removed it. Thanks for pointing this out. 



On Tue, Oct 26, 2021 at 6:56 AM Pierre Smits  wrote:
Hi all,

Currently, there is a 2.2.0 component listed under components (see [1]). It
seems to me that this is misleading and should be corrected.

[1]
https://issues.apache.org/jira/projects/RANGER?selectedItem=com.atlassian.jira.jira-projects-plugin:components-page
 


Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz > since
2008 (without privileges)

*Apache Directory >, PMC Member*
Apache Incubator >, committer
Apache Steve >, committer

[jira] [Updated] (RANGER-3318) Ranger webui main page has a paging limit for services

[Velmurugan Periasamy (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-3318:
-
Component/s: (was: 2.2.0)

> Ranger webui main page has a paging limit for services
> --
>
> Key: RANGER-3318
> URL: https://issues.apache.org/jira/browse/RANGER-3318
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: 2.0.0, 2.1.0, 2.0.1, 2.2.0, 2.1.1
>Reporter: Konstantin Tsypin
>Priority: Major
>
> Hi!
> It's a bug with webui. We have 100+++ services on our Ranger production, but 
> webui show only first 100 added. 
> It's the paging limit without option to list pages. Nice to have - update UI 
> and implement page numbers.
>  
> Temprorary workaround i find:
>  Inside the file 
>  {{ranger_admin_directory/ews/webapp/scripts}}/{{Main.min.js}}
>  all substrings:
>  “{{this.services.setPageSize(100)}}”
>  modify just in case for
>  “{{this.services.setPageSize(200)}}”
>   
>  As Idea - you can make this PageSize as ranger option.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-3319) Ranger usersync cookie default duration for sync

[Velmurugan Periasamy (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-3319:
-
Component/s: (was: 2.2.0)

> Ranger usersync cookie default duration for sync
> 
>
> Key: RANGER-3319
> URL: https://issues.apache.org/jira/browse/RANGER-3319
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 2.1.0, 2.0.1, 2.2.0, 2.1.1
>Reporter: Konstantin Tsypin
>Priority: Major
>
> Hi!
> At this moment we cant initial sync out of the box our LDAP with 10k+ users & 
> groups.
> It's because sync works as three steps:
> 1) Sync groups
> 2) Sync users
> 3) Map users as one request and send it to rangeradmin
> From time to time our third step on initial sync generate this single request 
> for a long time
> It can be easily three or four hours.
> Acrossing this timegate we have an error with timeout usersync cookie (that 
> by default is 60 minutes) and failed 3rd step.
>  
> The workaround - is 
> ranger_admin_directory/ews/webapp/WEB-INF/web.xml
> change 
> default 
> 60 
> to just in case
> 1440
> BUT im was really frustrated with this behavior whan faced it first time, and 
> i want to have a mechanism to split mapping step for a smaller part, and 
> update cookie from time to time. 
>  
> Thank you.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-3383) Internationalization

[Velmurugan Periasamy (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-3383:
-
Component/s: (was: 2.2.0)

> Internationalization
> 
>
> Key: RANGER-3383
> URL: https://issues.apache.org/jira/browse/RANGER-3383
> Project: Ranger
>  Issue Type: Wish
>  Components: Ranger
>Reporter: Egor
>Priority: Minor
>
> Hello, my name is Egor
> I’m from Russia and I provide support services for your application
> My clients are interested in translation of GUI, so I thought that I can help 
> you with i18n and translate UI into Russian language
> Is there any rules or thoughts how your community is going to 
> internationalize?
> Or is there any person in community with whom I can discuss this Issue?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: [VOTE] Release Apache Ranger version 2.2.0 - rc2

[vishal suvagia]

Thank-you Ramesh for putting the Apache Ranger 2.2.0 release candidate #2.

+1 for the Apache Ranger 2.2.0 release candidate #2.
clean build Ranger from the source tar succeeded without any issues.
verified hashes and signature matching the source file.
verified that Ranger Admin portal came up fine.


Thanks
Vishal Suvagia.
--

On Tuesday, 26 October, 2021, 11:39:33 am IST, Mehul Parikh 
 wrote:  
 
 +1 for Apache Ranger 2.2.0 rc2


  - Verified signatures
  - Built ranger-2.2-rc2 from sources successfully
  - Started Ranger-admin successfully
  - Verified policy download by hdfs / yarn / hbase / hive / kafka /
  plugins.


On Mon, Oct 25, 2021 at 3:34 AM Abhay Kulkarni  wrote:

> +1
>
> - Verified pgp, sha signatures
> - Built ranger-2.2-rc2 from sources successfully
> - Started Ranger-admin successfully
> - Verified that the changes to tag policies are downloaded to
> hdfs/hbase/hive/kafka/yarn plugins
>
> Thanks!
> -Abhay
>
> On Sat, Oct 23, 2021 at 5:31 PM Madhan Neethiraj 
> wrote:
> >
> > +1 for Apache Ranger 2.2.0 rc2
> >
> >  - verified signature
> >  - verified 2.2.0-rc2 builds successfully
> >  - verified Ranger admin startup; created services/policies/security
> zones
> >  - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
> >  - verified audit logs from plugins, audit-filters
> >
> > Thank you Ramesh for putting this release together.
> >
> > Thanks,
> > Madhan
> >
> >
> > On 10/23/21, 12:33 AM, "Ramesh Mani"  wrote:
> >
> >    Dear Rangers,
> >
> >    Apache Ranger 2.2.0 release candidate #2 is now available for a vote
> within
> >    the dev community. Links to the release artifacts are given below.
> Please
> >    review and vote.
> >
> >    The vote will be open for at least 72 hours or until necessary votes
> are
> >    reached.
> >      [ ] +1 approve
> >      [ ] +0 no opinion
> >      [ ] -1 disapprove (and reason why)
> >
> >    Thanks,
> >    Ramesh
> >
> >    List of all the issues addressed in this release:
> >    https://issues.apache.org/jira/issues/?jql=project=RANGER AND
> >    status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC
> >
> >    Git tag for the release:
> >    https://github.com/apache/ranger/tree/release-2.2.0-rc2
> >
> >    Sources for the release:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz
> >
> >    Source release verification:
> >      PGP Signature:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc
> >      SHA256 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256
> >      SHA512 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512
> >
> >    Keys to verify the signature of the release artifacts are available
> at:
> >    https://dist.apache.org/repos/dist/release/ranger/KEYS
> >
> >    New features/enhancements:
> >
> >
> >        -
> >
> >        Schema changes to improve performance of chained plugin features.
> >        RANGER-3067
> >
> >
> >        -
> >
> >        Support delegation-admin for specific permissions.RANGER-3122
> >        -
> >
> >        Kafka Client improvement to use Kafka AdminClient API instead of
> >        Zookeeper. RANGER-3001
> >        -
> >
> >        GET API service/xusers/users response time improvement.
> RANGER-3027/
> >        RANGER-3024
> >        -
> >
> >        Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130
> >        -
> >
> >        Ranger UI Search by object name in page /reports/audit/admin.
> RANGER-3052
> >        -
> >
> >        Enhancement to trace additional information on resources.
> RANGER-3065
> >        -
> >
> >        Improve audit log for Role operations in Ranger Hive authorizer.
> >        RANGER-3170
> >        -
> >
> >        Audit-filter feature implementation to help reduce volume of
> audit logs
> >        generated.RANGER-3000
> >        -
> >
> >        Need feature to make the access log file name configurable for
> >        user.RANGER-3242/RANGER-3241
> >        -
> >
> >        Upgrade solr version in Ranger to Solr 8.6.3 for better
> >        performance.RANGER-3091
> >        -
> >
> >        Enhance Ranger admin REST Client to use cookie for policy, tag
> and role
> >        download.RANGER-3283
> >        -
> >
> >        Audit Filter default policies for reducing verbosity in auditing.
> >        RANGER-3260/RANGER-3283
> >        -
> >
> >        Auditing for HDFS chmod and chown operations.RANGER-3148
> >        -
> >
> >        Ranger HiveAuthorizer improvements to handle uncharted hive
> >        commands.RANGER-3368
> >        -
> >
> >        Ranger Access audit page improvement. RANGER-3109
> >        -
> >
> >        Dockerfile to support building from local repository.RANGER-3012
> >        -
> >
> >        Performance improvement for Ranger usersync. RANGER-2986
> >
> >
>


-- 

Thanks and 

Re: Review Request 73452: RANGER-3023: Permission tab takes longer time to load with large number of users and group_users data

[Mahesh Bandal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73452/
---

(Updated Oct. 26, 2021, 11:29 a.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
---

Addressing review comments.


Bugs: RANGER-3023
https://issues.apache.org/jira/browse/RANGER-3023


Repository: ranger


Description
---

GET API /service/xusers/permission takes longer time to load with following 
number of users and group mappings in db.

select count(*) from x_user;
109040

select count(*) from x_portal_user;
109038

select count(*) from x_group_users;
689952

Current problem : For every ModuleDef, db call to fetch all XXUser, 
XXPortalUser and creating a Map object using 
xUserService.getXXPortalUserIdXXUserMap() is a costly operation. Similarly for 
xGroupService.getXXGroupIdXXGroupMap().

Solution:
In the following patch, I have overriedden searchModuleDef function in 
XModuleDefService which will fetch users and groups only once. 
i.e. Map xXPortalUserIdXXUserMap = 
xUserService.getXXPortalUserIdXXUserMap();
 Map xXGroupMap = xGroupService.getXXGroupIdXXGroupMap();

These two objects will be passed to an overloaded method populateViewBean()


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java 1bd59f8d2 
  security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java 4c0f33ed9 
  
security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
 13d0a8fcb 
  security-admin/src/main/java/org/apache/ranger/service/XGroupService.java 
d615d1775 
  security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java 
d5ca38548 
  
security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
 47a1fadb7 
  security-admin/src/main/java/org/apache/ranger/service/XUserService.java 
9647096fe 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 96dc0df8e 


Diff: https://reviews.apache.org/r/73452/diff/3/

Changes: https://reviews.apache.org/r/73452/diff/2-3/


Testing
---

xUserService.getXXPortalUserIdXXUserMap() takes approximately 2000 milliseconds.
xGroupService.getXXGroupIdXXGroupMap() takes approximately 500 milliseconds.

Before patch, XModuleDefServiceBase.searchModuleDef() took 30252 milliseconds.
After patch, XModuleDefService.searchModuleDef() took 13766 milliseconds.

GET API /service/xusers/permission response improved by ~16 seconds for the 
above mentioned dataset.


Thanks,

Mahesh Bandal

[jira] [Commented] (RANGER-3318) Ranger webui main page has a paging limit for services

[Pierre Smits (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434272#comment-17434272
 ] 

Pierre Smits commented on RANGER-3318:
--

Hi [~fullhouse],

 You have listed '2.2.0' as one of the components in the header of this ticket. 
It seems to me that this is incorrect (as a version should not be listed 
there). Can you please correct this?

> Ranger webui main page has a paging limit for services
> --
>
> Key: RANGER-3318
> URL: https://issues.apache.org/jira/browse/RANGER-3318
> Project: Ranger
>  Issue Type: Bug
>  Components: 2.2.0, admin, Ranger
>Affects Versions: 2.0.0, 2.1.0, 2.0.1, 2.2.0, 2.1.1
>Reporter: Konstantin Tsypin
>Priority: Major
>
> Hi!
> It's a bug with webui. We have 100+++ services on our Ranger production, but 
> webui show only first 100 added. 
> It's the paging limit without option to list pages. Nice to have - update UI 
> and implement page numbers.
>  
> Temprorary workaround i find:
>  Inside the file 
>  {{ranger_admin_directory/ews/webapp/scripts}}/{{Main.min.js}}
>  all substrings:
>  “{{this.services.setPageSize(100)}}”
>  modify just in case for
>  “{{this.services.setPageSize(200)}}”
>   
>  As Idea - you can make this PageSize as ranger option.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-3319) Ranger usersync cookie default duration for sync

[Pierre Smits (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434271#comment-17434271
 ] 

Pierre Smits commented on RANGER-3319:
--

HI [~fullhouse],

You have listed '2.2.0' as one of the components in the header of this ticket. 
It seems to me that this is incorrect (as a version should not be listed 
there). Can you please correct this?

> Ranger usersync cookie default duration for sync
> 
>
> Key: RANGER-3319
> URL: https://issues.apache.org/jira/browse/RANGER-3319
> Project: Ranger
>  Issue Type: Bug
>  Components: 2.2.0, usersync
>Affects Versions: 2.1.0, 2.0.1, 2.2.0, 2.1.1
>Reporter: Konstantin Tsypin
>Priority: Major
>
> Hi!
> At this moment we cant initial sync out of the box our LDAP with 10k+ users & 
> groups.
> It's because sync works as three steps:
> 1) Sync groups
> 2) Sync users
> 3) Map users as one request and send it to rangeradmin
> From time to time our third step on initial sync generate this single request 
> for a long time
> It can be easily three or four hours.
> Acrossing this timegate we have an error with timeout usersync cookie (that 
> by default is 60 minutes) and failed 3rd step.
>  
> The workaround - is 
> ranger_admin_directory/ews/webapp/WEB-INF/web.xml
> change 
> default 
> 60 
> to just in case
> 1440
> BUT im was really frustrated with this behavior whan faced it first time, and 
> i want to have a mechanism to split mapping step for a smaller part, and 
> update cookie from time to time. 
>  
> Thank you.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-3383) Internationalization

[Pierre Smits (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434270#comment-17434270
 ] 

Pierre Smits commented on RANGER-3383:
--

Hi [~rizh42],

 

You have listed '2.2.0' as one of the components in the header of this ticket. 
It seems to me that this is incorrect (as a version should not be listed 
there). Can you please correct this?

> Internationalization
> 
>
> Key: RANGER-3383
> URL: https://issues.apache.org/jira/browse/RANGER-3383
> Project: Ranger
>  Issue Type: Wish
>  Components: 2.2.0, Ranger
>Reporter: Egor
>Priority: Minor
>
> Hello, my name is Egor
> I’m from Russia and I provide support services for your application
> My clients are interested in translation of GUI, so I thought that I can help 
> you with i18n and translate UI into Russian language
> Is there any rules or thoughts how your community is going to 
> internationalize?
> Or is there any person in community with whom I can discuss this Issue?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Ranger components

[Pierre Smits]

Hi all,

Currently, there is a 2.2.0 component listed under components (see [1]). It
seems to me that this is misleading and should be corrected.

[1]
https://issues.apache.org/jira/projects/RANGER?selectedItem=com.atlassian.jira.jira-projects-plugin:components-page

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer

[jira] [Created] (RANGER-3497) Have a installation page for release 2.1.0

[Pierre Smits (Jira)]

Pierre Smits created RANGER-3497:


 Summary: Have a installation page for release 2.1.0
 Key: RANGER-3497
 URL: https://issues.apache.org/jira/browse/RANGER-3497
 Project: Ranger
  Issue Type: Improvement
  Components: documentation
Affects Versions: 2.1.0
Reporter: Pierre Smits


The index page  of the wiki has a link for the installation guide. This 
currently points to the 9.5 release.  The latest release available is 2.1.0, 
but there is no up-to-date installation guide for this.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Permissions

[Pierre Smits]

Hi all,

I want to contribute. Please provide me with permissions to the wiki.

Met vriendelijke groet,

Pierre Smits
*Proud* *contributor** of* Apache OFBiz  since
2008 (without privileges)

*Apache Directory , PMC Member*
Apache Incubator , committer
Apache Steve , committer

[jira] [Assigned] (RANGER-3475) Promote TagRest endpoints to /public/v2

[Madhan Neethiraj (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj reassigned RANGER-3475:


Assignee: Madhan Neethiraj

> Promote TagRest endpoints to /public/v2
> ---
>
> Key: RANGER-3475
> URL: https://issues.apache.org/jira/browse/RANGER-3475
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Charles Schultz
>Assignee: Madhan Neethiraj
>Priority: Major
>
> Nike is using the tag endpoints to create and manage the lifecycle of tags 
> programmatically.
> [https://ranger.apache.org/apidocs/ui/index.html#/TagREST]
> To make sure these endpoints are preserved and maintain backwards 
> compatibility it would be great to promote them to be public/v2 endpoints.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Request to add me as a contributor in Ranger

[Mallika Gogoi]

Hi Team,
I would request to add me as a contributor in  Apache Ranger. My
credentials are:

My github username is: mallikagogoi7
And my email id is mallikagog...@gmail.com

-- 
Regards
Mallika

Re: [VOTE] Release Apache Ranger version 2.2.0 - rc2

[Mehul Parikh]

+1 for Apache Ranger 2.2.0 rc2


   - Verified signatures
   - Built ranger-2.2-rc2 from sources successfully
   - Started Ranger-admin successfully
   - Verified policy download by hdfs / yarn / hbase / hive / kafka /
   plugins.


On Mon, Oct 25, 2021 at 3:34 AM Abhay Kulkarni  wrote:

> +1
>
> - Verified pgp, sha signatures
> - Built ranger-2.2-rc2 from sources successfully
> - Started Ranger-admin successfully
> - Verified that the changes to tag policies are downloaded to
> hdfs/hbase/hive/kafka/yarn plugins
>
> Thanks!
> -Abhay
>
> On Sat, Oct 23, 2021 at 5:31 PM Madhan Neethiraj 
> wrote:
> >
> > +1 for Apache Ranger 2.2.0 rc2
> >
> >   - verified signature
> >   - verified 2.2.0-rc2 builds successfully
> >   - verified Ranger admin startup; created services/policies/security
> zones
> >   - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
> >   - verified audit logs from plugins, audit-filters
> >
> > Thank you Ramesh for putting this release together.
> >
> > Thanks,
> > Madhan
> >
> >
> > On 10/23/21, 12:33 AM, "Ramesh Mani"  wrote:
> >
> > Dear Rangers,
> >
> > Apache Ranger 2.2.0 release candidate #2 is now available for a vote
> within
> > the dev community. Links to the release artifacts are given below.
> Please
> > review and vote.
> >
> > The vote will be open for at least 72 hours or until necessary votes
> are
> > reached.
> >   [ ] +1 approve
> >   [ ] +0 no opinion
> >   [ ] -1 disapprove (and reason why)
> >
> > Thanks,
> > Ramesh
> >
> > List of all the issues addressed in this release:
> > https://issues.apache.org/jira/issues/?jql=project=RANGER AND
> > status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC
> >
> > Git tag for the release:
> > https://github.com/apache/ranger/tree/release-2.2.0-rc2
> >
> > Sources for the release:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz
> >
> > Source release verification:
> >   PGP Signature:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc
> >   SHA256 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256
> >   SHA512 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512
> >
> > Keys to verify the signature of the release artifacts are available
> at:
> > https://dist.apache.org/repos/dist/release/ranger/KEYS
> >
> > New features/enhancements:
> >
> >
> >-
> >
> >Schema changes to improve performance of chained plugin features.
> >RANGER-3067
> >
> >
> >-
> >
> >Support delegation-admin for specific permissions.RANGER-3122
> >-
> >
> >Kafka Client improvement to use Kafka AdminClient API instead of
> >Zookeeper. RANGER-3001
> >-
> >
> >GET API service/xusers/users response time improvement.
> RANGER-3027/
> >RANGER-3024
> >-
> >
> >Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130
> >-
> >
> >Ranger UI Search by object name in page /reports/audit/admin.
> RANGER-3052
> >-
> >
> >Enhancement to trace additional information on resources.
> RANGER-3065
> >-
> >
> >Improve audit log for Role operations in Ranger Hive authorizer.
> >RANGER-3170
> >-
> >
> >Audit-filter feature implementation to help reduce volume of
> audit logs
> >generated.RANGER-3000
> >-
> >
> >Need feature to make the access log file name configurable for
> >user.RANGER-3242/RANGER-3241
> >-
> >
> >Upgrade solr version in Ranger to Solr 8.6.3 for better
> >performance.RANGER-3091
> >-
> >
> >Enhance Ranger admin REST Client to use cookie for policy, tag
> and role
> >download.RANGER-3283
> >-
> >
> >Audit Filter default policies for reducing verbosity in auditing.
> >RANGER-3260/RANGER-3283
> >-
> >
> >Auditing for HDFS chmod and chown operations.RANGER-3148
> >-
> >
> >Ranger HiveAuthorizer improvements to handle uncharted hive
> >commands.RANGER-3368
> >-
> >
> >Ranger Access audit page improvement. RANGER-3109
> >-
> >
> >Dockerfile to support building from local repository.RANGER-3012
> >-
> >
> >Performance improvement for Ranger usersync. RANGER-2986
> >
> >
>


-- 

Thanks and regards,
Mehul Parikh

M: +91 98191 54446
E: xsme...@gmail.com