[jira] [Commented] (RANGER-3243) Build fails on JDK 8 and 11
[ https://issues.apache.org/jira/browse/RANGER-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436227#comment-17436227 ] Abhishek Kumar commented on RANGER-3243: Hi [~mgrigorov], Could you please close the review: [https://reviews.apache.org/r/73281/] Thanks! > Build fails on JDK 8 and 11 > --- > > Key: RANGER-3243 > URL: https://issues.apache.org/jira/browse/RANGER-3243 > Project: Ranger > Issue Type: Task > Components: build-infra >Affects Versions: 3.0.0, 2.2.0 >Reporter: Martin Tzvetanov Grigorov >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: 0001-RANGER-3243-Build-fails-on-JDK-8-and-11.patch > > Time Spent: 40m > Remaining Estimate: 0h > > The build of current master branch fails - > [https://travis-ci.com/github/apache/ranger/builds/223139469] > There are several issues: > [Issue 1|https://reviews.apache.org/r/73281/bugs/1/]) > org.apache.ranger.authorization.presto.authorizer.RangerSystemAccessControlFactory > was not able to import com.google.common.base.Throwables.throwIfUnchecked > because it was coming from an old copy of Guava's Throwables shaded in > hive-exec. > By replacing hive-exec with orc-core in agents-audit module all depending > modules use their preferred version of Guava (26.0-jre) > [Issue 2|https://reviews.apache.org/r/73281/bugs/2/]) > RangerSafenetKeySecure.java uses directly sun.security.pkcs11.SunPKCS11 - a > class that is not available in Java 9+ and this breaks the compilation. > This should use reflection to load SunPKCS11 class dynamically. > [Issue 3|https://reviews.apache.org/r/73281/bugs/3/]) JAXB is no more part of > JDK 11+ > [Issue 4|https://reviews.apache.org/r/73281/bugs/4/]) JUnit 4 > Assert.assertThat() is deprecated in favour of Hamcrest's > MatcherAssert.assertThat(). This fixes a compilation issue with JDK11. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3245) Use OpenJDK in TravisCI config instead of OracleJDK
[ https://issues.apache.org/jira/browse/RANGER-3245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436226#comment-17436226 ] Abhishek Kumar commented on RANGER-3245: Hi [~mgrigorov], Could you please close the review: [https://reviews.apache.org/r/73283/] Thanks! > Use OpenJDK in TravisCI config instead of OracleJDK > --- > > Key: RANGER-3245 > URL: https://issues.apache.org/jira/browse/RANGER-3245 > Project: Ranger > Issue Type: Task > Components: build-infra >Affects Versions: 3.0.0, 2.2.0 >Reporter: Martin Tzvetanov Grigorov >Priority: Minor > Fix For: 3.0.0, 2.2.0 > > > OpenJDK is recommended at TravisCI these days. > OracleJDK 8 is no more available for any version of Ubuntu there. > Manually install OpenJDK from Ubuntu repositories (i.e. apt install > openjdk-11-jdk) because the pre-installed one from TravisCI is too old, e.g. > JDK 11.0.2 instead of 11.0.10. > Add a job to build and test on ARM64 - a more complete version of > https://github.com/apache/ranger/pull/91. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3316) Plugin's audit excluded roles configuration doesn't work
[ https://issues.apache.org/jira/browse/RANGER-3316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436222#comment-17436222 ] Abhishek Kumar commented on RANGER-3316: Hi [~takezoe], Could you please close the review: [https://reviews.apache.org/r/73420] Thanks > Plugin's audit excluded roles configuration doesn't work > > > Key: RANGER-3316 > URL: https://issues.apache.org/jira/browse/RANGER-3316 > Project: Ranger > Issue Type: Bug > Components: audit >Affects Versions: 2.1.0 >Reporter: Naoki Takezoe >Priority: Major > Fix For: 2.2.0 > > Time Spent: 50m > Remaining Estimate: 0h > > https://github.com/apache/ranger/blob/4bd42903161404552bd5867b376c4fb081df290d/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java#L185 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3221) Improve logging in Presto plugin
[ https://issues.apache.org/jira/browse/RANGER-3221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436221#comment-17436221 ] Abhishek Kumar commented on RANGER-3221: Hi [~takezoe], The review [https://reviews.apache.org/r/73424] has been applied on master, could you please close the review. Thanks! > Improve logging in Presto plugin > > > Key: RANGER-3221 > URL: https://issues.apache.org/jira/browse/RANGER-3221 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Naoki Takezoe >Assignee: Ramesh Mani >Priority: Trivial > Time Spent: 20m > Remaining Estimate: 0h > > Fix typos and inaccurate log messages in Presto plugins. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3498) RANGER : Remove log4j1 dependencies.
[ https://issues.apache.org/jira/browse/RANGER-3498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mateen N Mansoori updated RANGER-3498: -- Attachment: 0001-RANGER-3498-Remove-log4j1-dependencies.patch > RANGER : Remove log4j1 dependencies. > > > Key: RANGER-3498 > URL: https://issues.apache.org/jira/browse/RANGER-3498 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Mateen N Mansoori >Priority: Major > Attachments: 0001-RANGER-3498-Remove-log4j1-dependencies.patch > > > Remove log4j1 dependencies. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3498) RANGER : Remove log4j1 dependencies.
[ https://issues.apache.org/jira/browse/RANGER-3498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mateen N Mansoori updated RANGER-3498: -- Attachment: (was: 0001-RANGER-3498.patch) > RANGER : Remove log4j1 dependencies. > > > Key: RANGER-3498 > URL: https://issues.apache.org/jira/browse/RANGER-3498 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Mateen N Mansoori >Priority: Major > Attachments: 0001-RANGER-3498-Remove-log4j1-dependencies.patch > > > Remove log4j1 dependencies. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 73673: RANGER-3502: Make GET zones API accessible to authorized users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73673/ --- Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-3502 https://issues.apache.org/jira/browse/RANGER-3502 Repository: ranger Description --- Currently get zones API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module. Steps to reproduce: Create a internal user name, test_user1 Remove the permission on Security Zone module for a user Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab Access the API using curl curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://:6182/service/zones/zones" Diffs - security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java fcf843370 security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java d6384a694 Diff: https://reviews.apache.org/r/73673/diff/1/ Testing --- 1. mvn clean compile package install verify 2. Verified UI login with admin user 3. Verified curl (GET zones API) with admin user 4. Verified UI login with non-admin user having access to zone module 5. Verified curl (GET zones API) with non-admin user having access to zone module 6. Verified UI login with non-admin user having NO access to zone module 7. Verified curl (GET zones API) with non-admin user having NO access to zone module 8. Created /Updated deleted services 9. Created /Updated deleted policies 10. Created /Updated deleted zones & associated attached them to services Thanks, Kishor Gollapalliwar
[jira] [Updated] (RANGER-3502) Make GET zones API accessible to authorized users only
[ https://issues.apache.org/jira/browse/RANGER-3502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-3502: - Summary: Make GET zones API accessible to authorized users only (was: Make get zones API accessible to authorized users) > Make GET zones API accessible to authorized users only > -- > > Key: RANGER-3502 > URL: https://issues.apache.org/jira/browse/RANGER-3502 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Currently get > [zones|https://ranger.apache.org/apidocs/resource_SecurityZoneREST.html#resource_SecurityZoneREST_getAllZones_GET] > API returns all zones even for users who are not authorized to zone modules. > Restrict this API to only users who are authorized to zone module. > Steps to reproduce: > # Create a internal user name, test_user1 > # Remove the permission on Security Zone module for a user > # Login as test_user1 user to Ranger Admin, user should not be able to see > Security Zone tab > # Access the API using curl > {code:java} > curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H > "Content-Type:application/json" > "https://:6182/service/zones/zones" > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3502) Make get zones API accessible to authorized users
Kishor Gollapalliwar created RANGER-3502: Summary: Make get zones API accessible to authorized users Key: RANGER-3502 URL: https://issues.apache.org/jira/browse/RANGER-3502 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Currently get [zones|https://ranger.apache.org/apidocs/resource_SecurityZoneREST.html#resource_SecurityZoneREST_getAllZones_GET] API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module. Steps to reproduce: # Create a internal user name, test_user1 # Remove the permission on Security Zone module for a user # Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab # Access the API using curl {code:java} curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://:6182/service/zones/zones" {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 73452: RANGER-3023: Permission tab takes longer time to load with large number of users and group_users data
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73452/#review223694 --- Ship it! Ship It! - Mehul Parikh On Oct. 26, 2021, 11:29 a.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73452/ > --- > > (Updated Oct. 26, 2021, 11:29 a.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul > Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3023 > https://issues.apache.org/jira/browse/RANGER-3023 > > > Repository: ranger > > > Description > --- > > GET API /service/xusers/permission takes longer time to load with following > number of users and group mappings in db. > > select count(*) from x_user; > 109040 > > select count(*) from x_portal_user; > 109038 > > select count(*) from x_group_users; > 689952 > > Current problem : For every ModuleDef, db call to fetch all XXUser, > XXPortalUser and creating a Map object using > xUserService.getXXPortalUserIdXXUserMap() is a costly operation. Similarly > for xGroupService.getXXGroupIdXXGroupMap(). > > Solution: > In the following patch, I have overriedden searchModuleDef function in > XModuleDefService which will fetch users and groups only once. > i.e. Map xXPortalUserIdXXUserMap = > xUserService.getXXPortalUserIdXXUserMap(); > Map xXGroupMap = xGroupService.getXXGroupIdXXGroupMap(); > > These two objects will be passed to an overloaded method populateViewBean() > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java 1bd59f8d2 > security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java 4c0f33ed9 > > security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java > 13d0a8fcb > security-admin/src/main/java/org/apache/ranger/service/XGroupService.java > d615d1775 > > security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java > d5ca38548 > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java > 47a1fadb7 > security-admin/src/main/java/org/apache/ranger/service/XUserService.java > 9647096fe > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 96dc0df8e > > > Diff: https://reviews.apache.org/r/73452/diff/3/ > > > Testing > --- > > xUserService.getXXPortalUserIdXXUserMap() takes approximately 2000 > milliseconds. > xGroupService.getXXGroupIdXXGroupMap() takes approximately 500 milliseconds. > > Before patch, XModuleDefServiceBase.searchModuleDef() took 30252 milliseconds. > After patch, XModuleDefService.searchModuleDef() took 13766 milliseconds. > > GET API /service/xusers/permission response improved by ~16 seconds for the > above mentioned dataset. > > > Thanks, > > Mahesh Bandal > >