[jira] [Updated] (RANGER-3401) Ranger Policy search based on policy guid match

[Pradeep Agrawal (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-3401:

Description: Ranger should provide a way to search a policy based on its 
guid, service and zone .  (was: Here we will import policies based on policy 
GUID

1. If Guid matched then we replace the whole policy as it is from source 
otherwise create new policy with same guid.
2. If there is another policy with same signature at Target we make that policy 
as disabled.
3. Add label to exported policy with cluster name from they are imported)

> Ranger Policy search based on policy guid match
> ---
>
> Key: RANGER-3401
> URL: https://issues.apache.org/jira/browse/RANGER-3401
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Dineshkumar Yadav
>Assignee: Pradeep Agrawal
>Priority: Major
>
> Ranger should provide a way to search a policy based on its guid, service and 
> zone .



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3401) Ranger Policy search based on policy guid match

[Pradeep Agrawal (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-3401:

Summary: Ranger Policy search based on policy guid match  (was: Ranger 
Policy import based on policy guid match)

> Ranger Policy search based on policy guid match
> ---
>
> Key: RANGER-3401
> URL: https://issues.apache.org/jira/browse/RANGER-3401
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Dineshkumar Yadav
>Assignee: Pradeep Agrawal
>Priority: Major
>
> Here we will import policies based on policy GUID
> 1. If Guid matched then we replace the whole policy as it is from source 
> otherwise create new policy with same guid.
> 2. If there is another policy with same signature at Target we make that 
> policy as disabled.
> 3. Add label to exported policy with cluster name from they are imported



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73724: RANGER-3522: Improve Tagsync authentication error reporting

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73724/#review223764
---


Ship it!




Ship It!

- Pradeep Agrawal


On Nov. 22, 2021, 7:51 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73724/
> ---
> 
> (Updated Nov. 22, 2021, 7:51 p.m.)
> 
> 
> Review request for ranger, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3522
> https://issues.apache.org/jira/browse/RANGER-3522
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> TagSync is expected to cause system exit if any kerberos authentication error 
> is encountered. There might be situations where it starts without reporting 
> any errors and hence no messages are processed. This needs to be investigated 
> and fixed.
> 
> The errors in validating the kerberos principal and keytab path were being 
> ignored. This patch corrects that.
> 
> 
> Diffs
> -
> 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java 
> c723b0f57 
> 
> 
> Diff: https://reviews.apache.org/r/73724/diff/1/
> 
> 
> Testing
> ---
> 
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Resolved] (RANGER-3515) Enhance Ranger Java client SSL config to be configured using serviceType and AppId

[Abhishek Kumar (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhishek Kumar resolved RANGER-3515.

Resolution: Fixed

[Commit|https://github.com/apache/ranger/commit/b56aa63a9e1b2020e208c170642a96f5d62cd892]

> Enhance Ranger Java client SSL config to be configured using serviceType and 
> AppId  
> 
>
> Key: RANGER-3515
> URL: https://issues.apache.org/jira/browse/RANGER-3515
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Abhishek Kumar
>Assignee: Abhishek Kumar
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73677: RANGER-3469: Off-By-One Error in XUser Syncing

[David Mollitor]

> On Nov. 22, 2021, 10:35 p.m., Abhishek  Kumar wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> > Lines 919 (patched)
> > 
> >
> > Why is max required here ?

Hello, I am not sure, but this was the behavior of the original code and I did 
not want to change behavior in this way for this particular issue.


- David


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73677/#review223761
---


On Nov. 22, 2021, 9:40 p.m., David Mollitor wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73677/
> ---
> 
> (Updated Nov. 22, 2021, 9:40 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3285: Off-By-One Error in XUser Syncing
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  60445043f 
> 
> 
> Diff: https://reviews.apache.org/r/73677/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> David Mollitor
> 
>

Re: Review Request 73724: RANGER-3522: Improve Tagsync authentication error reporting

[Ramesh Mani]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73724/#review223762
---


Ship it!




Ship It!

- Ramesh Mani


On Nov. 22, 2021, 7:51 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73724/
> ---
> 
> (Updated Nov. 22, 2021, 7:51 p.m.)
> 
> 
> Review request for ranger, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3522
> https://issues.apache.org/jira/browse/RANGER-3522
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> TagSync is expected to cause system exit if any kerberos authentication error 
> is encountered. There might be situations where it starts without reporting 
> any errors and hence no messages are processed. This needs to be investigated 
> and fixed.
> 
> The errors in validating the kerberos principal and keytab path were being 
> ignored. This patch corrects that.
> 
> 
> Diffs
> -
> 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java 
> c723b0f57 
> 
> 
> Diff: https://reviews.apache.org/r/73724/diff/1/
> 
> 
> Testing
> ---
> 
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 73677: RANGER-3469: Off-By-One Error in XUser Syncing

[Abhishek Kumar]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73677/#review223761
---



Also, I believe a similar change would be required for getGroups, getGroupUsers 
and updateUserRoles as well.


ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
Lines 919 (patched)


Why is max required here ?


- Abhishek  Kumar


On Nov. 22, 2021, 9:40 p.m., David Mollitor wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73677/
> ---
> 
> (Updated Nov. 22, 2021, 9:40 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3285: Off-By-One Error in XUser Syncing
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  60445043f 
> 
> 
> Diff: https://reviews.apache.org/r/73677/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> David Mollitor
> 
>

Re: Review Request 73677: RANGER-3469: Off-By-One Error in XUser Syncing

[David Mollitor]

> On Nov. 16, 2021, 5:28 a.m., Abhishek  Kumar wrote:
> > The jira number tagged in the review does not appear to be associated with 
> > the code change. 
> > Please open a new jira and tag the review with it.

Hello.  My appologies.  I have no idea how I managed to do that.  I have 
updated the JIRA to reflect the correct value: 
https://issues.apache.org/jira/browse/RANGER-3469


- David


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73677/#review223735
---


On Nov. 22, 2021, 9:40 p.m., David Mollitor wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73677/
> ---
> 
> (Updated Nov. 22, 2021, 9:40 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3285: Off-By-One Error in XUser Syncing
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  60445043f 
> 
> 
> Diff: https://reviews.apache.org/r/73677/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> David Mollitor
> 
>

Re: Review Request 73677: RANGER-3469: Off-By-One Error in XUser Syncing

[David Mollitor]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73677/
---

(Updated Nov. 22, 2021, 9:40 p.m.)


Review request for ranger.


Summary (updated)
-

RANGER-3469: Off-By-One Error in XUser Syncing


Repository: ranger


Description
---

RANGER-3285: Off-By-One Error in XUser Syncing


Diffs
-

  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 60445043f 


Diff: https://reviews.apache.org/r/73677/diff/1/


Testing
---


Thanks,

David Mollitor

[jira] [Resolved] (RANGER-3514) Fix updates to sync source post upgrades

[Abhishek Kumar (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3514?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhishek Kumar resolved RANGER-3514.

Resolution: Fixed

[Commit| 
https://github.com/apache/ranger/commit/5fb097fda8c51dc9fe671e4105e8b8a7fb5697cd]

> Fix updates to sync source post upgrades
> 
>
> Key: RANGER-3514
> URL: https://issues.apache.org/jira/browse/RANGER-3514
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Reporter: Abhishek Kumar
>Assignee: Abhishek Kumar
>Priority: Major
>   Original Estimate: 168h
>  Remaining Estimate: 168h
>
> Newly added field sync source needs to be updated with correct values from 
> otherAttributes after an upgrade.  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73716: RANGER-3514: Java patch to update sync source on upgrades

[Sailaja Polavarapu]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73716/#review223758
---


Ship it!




- Sailaja Polavarapu


On Nov. 19, 2021, 8:03 a.m., Abhishek  Kumar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73716/
> ---
> 
> (Updated Nov. 19, 2021, 8:03 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3514
> https://issues.apache.org/jira/browse/RANGER-3514
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch updates the sync source field in later releases to values obtained 
> from otherAttributes in previous releases in a upgrade so that sync source is 
> consistent.
> It also updates and marks users/groups as external if there the user/group 
> contains otherAttribues.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 
> 9e2892a1c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 65f9ad2f6 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> a5bcf488b 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  a48f2348c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> 5cbe6d5a7 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/73716/diff/1/
> 
> 
> Testing
> ---
> 
> Tested for upgrades on remote cluster.
> 
> 
> Thanks,
> 
> Abhishek  Kumar
> 
>

Review Request 73724: RANGER-3522: Improve Tagsync authentication error reporting

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73724/
---

Review request for ranger, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3522
https://issues.apache.org/jira/browse/RANGER-3522


Repository: ranger


Description
---

TagSync is expected to cause system exit if any kerberos authentication error 
is encountered. There might be situations where it starts without reporting any 
errors and hence no messages are processed. This needs to be investigated and 
fixed.

The errors in validating the kerberos principal and keytab path were being 
ignored. This patch corrects that.


Diffs
-

  tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java 
c723b0f57 


Diff: https://reviews.apache.org/r/73724/diff/1/


Testing
---

Ran all unit tests successfully.


Thanks,

Abhay Kulkarni

[jira] [Created] (RANGER-3522) Improve Tagsync authentication error reporting

[Abhay Kulkarni (Jira)]

Abhay Kulkarni created RANGER-3522:
--

 Summary: Improve Tagsync authentication error reporting
 Key: RANGER-3522
 URL: https://issues.apache.org/jira/browse/RANGER-3522
 Project: Ranger
  Issue Type: Bug
  Components: tagsync
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni


TagSync is expected to cause system exit if any kerberos authentication error 
is encountered. There might be situations where it starts without reporting any 
errors and hence no messages are processed. This needs to be investigated and 
fixed.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73695: RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73695/#review223757
---


Ship it!




Ship It!

- Abhay Kulkarni


On Nov. 15, 2021, 7:46 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73695/
> ---
> 
> (Updated Nov. 15, 2021, 7:46 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
> Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3507
> https://issues.apache.org/jira/browse/RANGER-3507
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-3507:Handle trailing slash in the ranger Hive URL policy authorization
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerURLResourceMatcher.java
>  880e4851f 
>   agents-common/src/test/resources/policyengine/test_policyengine_hive.json 
> 70d7e648b 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
>  a3d575c86 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
>  ddc0982a6 
> 
> 
> Diff: https://reviews.apache.org/r/73695/diff/2/
> 
> 
> Testing
> ---
> 
> - Verified in local vm HIVE commmand with URL in them.
> - Verified in Unit test.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

[jira] [Created] (RANGER-3521) Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797

[Dhaval Shah (Jira)]

Dhaval Shah created RANGER-3521:
---

 Summary: Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY 
RFC 6797
 Key: RANGER-3521
 URL: https://issues.apache.org/jira/browse/RANGER-3521
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Dhaval Shah
Assignee: Dhaval Shah


We found the vulnerability related to ranger KMS on SSL port.

Ranger KMS is not enforcing HSTS on SSL port defined by RFC 6797.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mallika Gogoi updated RANGER-3520:
--
Attachment: (was: mvn_dependency-1.txt)

> Upgrade Netty version 
> --
>
> Key: RANGER-3520
> URL: https://issues.apache.org/jira/browse/RANGER-3520
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mallika Gogoi
>Assignee: Mallika Gogoi
>Priority: Minor
> Attachments: mvn_dependency.txt
>
>
> For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447331#comment-17447331
 ] 

Mallika Gogoi commented on RANGER-3520:
---

mvn dependency:tree file is attached  [^mvn_dependency.txt] 

> Upgrade Netty version 
> --
>
> Key: RANGER-3520
> URL: https://issues.apache.org/jira/browse/RANGER-3520
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mallika Gogoi
>Assignee: Mallika Gogoi
>Priority: Minor
> Attachments: mvn_dependency.txt
>
>
> For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mallika Gogoi updated RANGER-3520:
--
Attachment: mvn_dependency-1.txt

> Upgrade Netty version 
> --
>
> Key: RANGER-3520
> URL: https://issues.apache.org/jira/browse/RANGER-3520
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mallika Gogoi
>Assignee: Mallika Gogoi
>Priority: Minor
> Attachments: mvn_dependency.txt
>
>
> For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mallika Gogoi updated RANGER-3520:
--
Attachment: mvn_dependency.txt

> Upgrade Netty version 
> --
>
> Key: RANGER-3520
> URL: https://issues.apache.org/jira/browse/RANGER-3520
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mallika Gogoi
>Assignee: Mallika Gogoi
>Priority: Minor
> Attachments: mvn_dependency.txt
>
>
> For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447327#comment-17447327
 ] 

Mallika Gogoi commented on RANGER-3520:
---

Apache RR raised: https://reviews.apache.org/r/73723/

> Upgrade Netty version 
> --
>
> Key: RANGER-3520
> URL: https://issues.apache.org/jira/browse/RANGER-3520
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Mallika Gogoi
>Assignee: Mallika Gogoi
>Priority: Minor
>
> For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3439) Add rest api to get or delete ranger policy based on guid

[Pradeep Agrawal (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-3439:

Attachment: 0002-RANGER-3439-Add-rest-api-to-get-or-delete-ranger-pol.patch

> Add rest api to get or delete ranger policy based on guid
> -
>
> Key: RANGER-3439
> URL: https://issues.apache.org/jira/browse/RANGER-3439
> Project: Ranger
>  Issue Type: Sub-task
>  Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0001-RANGER-3439-REST-api-to-get-or-delete-ranger-policy-.patch, 
> 0002-RANGER-3439-Add-rest-api-to-get-or-delete-ranger-pol.patch
>
>
> Ranger should allow to get or delete ranger policy based on policy guid.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Review Request 73720: RANGER-3439: REST api to get or delete ranger policy based on guid, service name and zone name

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73720/
---

Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3439
https://issues.apache.org/jira/browse/RANGER-3439


Repository: ranger


Description
---

**Problem statement:** This RR is modification of the work done in RANGER-3439 
(https://reviews.apache.org/r/73601/) which is already committed, changes are 
needed for the changes proposed in https://reviews.apache.org/r/73719/

**Proposed solution:** API getPolicyByGUIDAndServiceName and 
deletePolicyByGUIDAndServiceName can be modified to address the requirement 
which shall accept the guid service name and zone name as request parameters 
input and provide the get policy or delete policy option.
API:
a) getPolicyByGUIDAndServiceNameAndZoneName(guid, service, zone): reads the 
input values and returns the policy object.
b) deletePolicyByGUIDAndServiceNameAndZoneName(guid, service, zone) : reads the 
input values and deletes the respective policy object.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
f13cef71d 
  security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java 41ca8b2a6 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
6ab3d52a0 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
3ba29653b 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 85cadbbd5 


Diff: https://reviews.apache.org/r/73720/diff/1/


Testing
---

Tested getPolicyByGUIDAndServiceNameAndZoneName() API and was able to recieve 
the matching policy object.
Tested deletePolicyByGUIDAndServiceNameAndZoneName() API and was able to delete 
the respective policy object.

**Sample curl requests:**

curl -u admin:Ranger1234 -H "Accept: application/json" -H "Content-Type: 
application/json" -X GET 
'http://localhost:6080/service/plugins/policies/guid/0be7457b-35c7-4ca9-bd08-938d98a3e724?serviceName=cm_hive'

curl -u admin:Ranger1234 -H "Accept: application/json" -H "Content-Type: 
application/json" -X GET 
'http://localhost:6080/service/plugins/policies/guid/ad88dd6f-1d85-4a67-8e84-813809c83da0?serviceName=cm_hive=zone1'


curl -u admin:Ranger1234 -H "Accept: application/json" -H "Content-Type: 
application/json" -X DELETE 
'http://localhost:6080/service/plugins/policies/guid/0be7457b-35c7-4ca9-bd08-938d98a3e724?serviceName=cm_hive'

curl -u admin:Ranger1234 -H "Accept: application/json" -H "Content-Type: 
application/json" -X DELETE 
'http://localhost:6080/service/plugins/policies/guid/ad88dd6f-1d85-4a67-8e84-813809c83da0?serviceName=cm_hive=zone1'


Thanks,

Pradeep Agrawal

[jira] [Created] (RANGER-3520) Upgrade Netty version

[Mallika Gogoi (Jira)]

Mallika Gogoi created RANGER-3520:
-

 Summary: Upgrade Netty version 
 Key: RANGER-3520
 URL: https://issues.apache.org/jira/browse/RANGER-3520
 Project: Ranger
  Issue Type: Task
  Components: Ranger
Reporter: Mallika Gogoi
Assignee: Mallika Gogoi


For best practices, upgrade netty version used in Ranger



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Review Request 73719: RANGER-3435: Add unique index on guid, service and zone_id column of x_policy table

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73719/
---

Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3435
https://issues.apache.org/jira/browse/RANGER-3435


Repository: ranger


Description
---

**Problem Statement:** After first commit of RANGER-3435 
https://reviews.apache.org/r/73594/  x_policy table have unique constraint on 
guid and service column. if there are more than one zone and policies exported 
from one zone is imported in the other zone then policy guid will remain same. 
since guid are same for both the policies, we need to restrict 1 entry only for 
the same guid under a specific service and zone.

**Proposed Solution:**
it will be better to include zone_id also with guid and service column for the 
unique key creation so that the same restriction can be enforced from db end.


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9e2892a1c 
  
security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 357b7efe3 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
65f9ad2f6 
  
security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 580841c6b 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
a5bcf488b 
  
security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 81718aae4 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
a48f2348c 
  
security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 16ad476e4 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
5cbe6d5a7 
  
security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
 3037988e2 


Diff: https://reviews.apache.org/r/73719/diff/1/


Testing
---

Tested the patch for MySQL, Oracle, Postgres and MSSQL.
unique constraint is being created in x_policy table for a fresh installation 
and upgrade case as well.


Thanks,

Pradeep Agrawal

[jira] [Updated] (RANGER-3435) Add unique index on guid, service and zone_id column of x_policy table

[Pradeep Agrawal (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-3435:

Attachment: 0001-RANGER-3435-Add-unique-index-on-guid-service-and-zon.patch

> Add unique index on guid, service and zone_id column of x_policy table
> --
>
> Key: RANGER-3435
> URL: https://issues.apache.org/jira/browse/RANGER-3435
> Project: Ranger
>  Issue Type: Sub-task
>  Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 
> 0001-RANGER-3435-Add-unique-index-on-guid-and-service-id-.patch, 
> 0001-RANGER-3435-Add-unique-index-on-guid-service-and-zon.patch
>
>
> Add unique index on guid and service id column of x_policy table.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)