[jira] [Updated] (RANGER-3682) Unify the ways that rangerkeystore to encapsulate zonekey
[ https://issues.apache.org/jira/browse/RANGER-3682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kirby zhou updated RANGER-3682: --- Description: Unify the ways that rangerkeystore to encapsulate zonekey Now we have 2 styles of MasterKeyProvider: # RangerMasterKey, RangerHSM, RangerSafenetKeySecure # RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider, RangerTencentKMSProvider Style 1 can get out master key string from provider, Style 2 can not. In old, I add a flag KeyVaultEnabled to distinguish them. KeyVaultEnabled=false means style1, true means style2 RangerKeyStore with style1 use SecretKeyEntry with SealedObject to store a key and do encryption / decryption by itself. RangerKeyStore with style2 use SecretKeyByteEntry to store a key and let MK provider to encryption / decryption. These logics are hard-coded in the class RangerKeyStore. These are ugly and hard to maintain. I refactor it by removing SecretKeyEntry, and let providers of style1 do encryption / decryption. Add a common base class of RangerMasterKey, RangerHSM andd RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common logic of encryptZoneKey and decryptZoneKey. AbstractRangerMasterKey encodes SealedObject into byte[]. So the new code does not change the actual storage format, and there is no problem in compatibility. = And, there is no unified method to initialize a master key provider. Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI classes. I made a new RangerKMSMKIFactory class to unify it. was: Unify the ways that rangerkeystore to encapsulate zonekey Now we have 2 styles of MasterKeyProvider: # RangerMasterKey, RangerHSM, RangerSafenetKeySecure # RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider, RangerTencentKMSProvider Style 1 can get out master key string from provider, Style 2 can not. In old, I add a flag KeyVaultEnabled to distinguish them. KeyVaultEnabled=false means style1, true means style2 RangerKeyStore with style1 use SecretKeyEntry with SealedObject to store a key and do encryption / decryption by itself. RangerKeyStore with style2 use SecretKeyByteEntry to store a key and let MK provider to encryption / decryption. These are ugly and hard to maintain. I refactor it by removing SecretKeyEntry, and let providers of style1 do encryption / decryption. Add a common base class of RangerMasterKey, RangerHSM andd RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common logic of encryptZoneKey and decryptZoneKey. AbstractRangerMasterKey encodes SealedObject into byte[]. So the new code does not change the actual storage format, and there is no problem in compatibility. = And, there is no unified method to initialize a master key provider. Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI classes. I made a new RangerKMSMKIFactory class to unify it. > Unify the ways that rangerkeystore to encapsulate zonekey > - > > Key: RANGER-3682 > URL: https://issues.apache.org/jira/browse/RANGER-3682 > Project: Ranger > Issue Type: Improvement > Components: kms >Affects Versions: 3.0.0, 2.3.0 >Reporter: kirby zhou >Assignee: kirby zhou >Priority: Major > > Unify the ways that rangerkeystore to encapsulate zonekey > Now we have 2 styles of MasterKeyProvider: > # RangerMasterKey, RangerHSM, RangerSafenetKeySecure > # RangerAzureKeyVaultKeyGenerator, RangerGoogleCloudHSMProvider, > RangerTencentKMSProvider > Style 1 can get out master key string from provider, Style 2 can not. > In old, I add a flag KeyVaultEnabled to distinguish them. > KeyVaultEnabled=false means style1, true means style2 > RangerKeyStore with style1 use SecretKeyEntry with SealedObject to store a > key and do encryption / decryption by itself. > RangerKeyStore with style2 use SecretKeyByteEntry to store a key and let MK > provider to encryption / decryption. > These logics are hard-coded in the class RangerKeyStore. These are ugly and > hard to maintain. I refactor it by removing SecretKeyEntry, and let providers > of style1 do encryption / decryption. > Add a common base class of RangerMasterKey, RangerHSM andd > RangerSafenetKeySecure, named AbstractRangerMasterKey. It provides the common > logic of encryptZoneKey and decryptZoneKey. AbstractRangerMasterKey encodes > SealedObject into byte[]. > So the new code does not change the actual storage format, and there is no > problem in compatibility. > = > > And, there is no unified method to initialize a master key provider. > Duplicate code is distributed in RangerKeyStoreProvider and a bunch of CLI > classes. > I made a new RangerKMSMKIFactory class to unify it. -- This message was sent by
Re: Review Request 73977: RANGER-3749: Fix healthcheck in mysql docker compose
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73977/#review224416 --- Ship it! Ship It! - Madhan Neethiraj On May 6, 2022, 2:27 a.m., Abhishek Kumar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73977/ > --- > > (Updated May 6, 2022, 2:27 a.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-3749 > https://issues.apache.org/jira/browse/RANGER-3749 > > > Repository: ranger > > > Description > --- > > The current healthcheck command is run as root which results in the following > error message: > > ranger-mysql | 2022-05-06 0:26:58 120 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > ranger-mysql | 2022-05-06 0:27:08 121 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > ranger-mysql | 2022-05-06 0:27:18 122 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > > > Diffs > - > > dev-support/ranger-docker/docker-compose.ranger-mysql.yml 9c353d61b > > > Diff: https://reviews.apache.org/r/73977/diff/1/ > > > Testing > --- > > Tested locally. > > > Thanks, > > Abhishek Kumar > >
Re: Review Request 73976: RANGER-3748: Fix healthcheck command in postgres docker compose
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73976/#review224415 --- Ship it! Ship It! - Madhan Neethiraj On May 6, 2022, 1:26 a.m., Abhishek Kumar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73976/ > --- > > (Updated May 6, 2022, 1:26 a.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-3748 > https://issues.apache.org/jira/browse/RANGER-3748 > > > Repository: ranger > > > Description > --- > > The current command is run as root which results in the following error > message: > > ranger-postgres | 2022-05-05 23:13:11.729 UTC [279] FATAL: role "root" does > not exist > ranger-postgres | 2022-05-05 23:13:21.858 UTC [287] FATAL: role "root" does > not exist > ranger-postgres | 2022-05-05 23:13:31.944 UTC [297] FATAL: role "root" does > not exist > > The time interval matches the time interval present in healthcheck config. > > > Diffs > - > > dev-support/ranger-docker/docker-compose.ranger-postgres.yml 997365fad > > > Diff: https://reviews.apache.org/r/73976/diff/1/ > > > Testing > --- > > Tested locally. > > > Thanks, > > Abhishek Kumar > >
Re: Review Request 73977: RANGER-3749: Fix healthcheck in mysql docker compose
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73977/#review224414 --- Ship it! Ship It! - Abhay Kulkarni On May 6, 2022, 2:27 a.m., Abhishek Kumar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73977/ > --- > > (Updated May 6, 2022, 2:27 a.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-3749 > https://issues.apache.org/jira/browse/RANGER-3749 > > > Repository: ranger > > > Description > --- > > The current healthcheck command is run as root which results in the following > error message: > > ranger-mysql | 2022-05-06 0:26:58 120 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > ranger-mysql | 2022-05-06 0:27:08 121 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > ranger-mysql | 2022-05-06 0:27:18 122 [Warning] Access denied for user > 'root'@'localhost' (using password: NO) > > > Diffs > - > > dev-support/ranger-docker/docker-compose.ranger-mysql.yml 9c353d61b > > > Diff: https://reviews.apache.org/r/73977/diff/1/ > > > Testing > --- > > Tested locally. > > > Thanks, > > Abhishek Kumar > >
Re: Review Request 73976: RANGER-3748: Fix healthcheck command in postgres docker compose
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73976/#review224413 --- Ship it! Ship It! - Abhay Kulkarni On May 6, 2022, 1:26 a.m., Abhishek Kumar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73976/ > --- > > (Updated May 6, 2022, 1:26 a.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-3748 > https://issues.apache.org/jira/browse/RANGER-3748 > > > Repository: ranger > > > Description > --- > > The current command is run as root which results in the following error > message: > > ranger-postgres | 2022-05-05 23:13:11.729 UTC [279] FATAL: role "root" does > not exist > ranger-postgres | 2022-05-05 23:13:21.858 UTC [287] FATAL: role "root" does > not exist > ranger-postgres | 2022-05-05 23:13:31.944 UTC [297] FATAL: role "root" does > not exist > > The time interval matches the time interval present in healthcheck config. > > > Diffs > - > > dev-support/ranger-docker/docker-compose.ranger-postgres.yml 997365fad > > > Diff: https://reviews.apache.org/r/73976/diff/1/ > > > Testing > --- > > Tested locally. > > > Thanks, > > Abhishek Kumar > >
[jira] [Assigned] (RANGER-3750) RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'
[ https://issues.apache.org/jira/browse/RANGER-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3750: --- Fix Version/s: 3.0.0 2.3.0 Assignee: Mateen Mansoori Resolution: Fixed Commit link : [https://github.com/apache/ranger/commit/a8c4b57abd11ca2742a390e4292905e34b2543bc] https://github.com/apache/ranger/commit/67584c17cee063a91ee5d4cba009c8f8463f7f99 > RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate > key value violates unique constraint' > - > > Key: RANGER-3750 > URL: https://issues.apache.org/jira/browse/RANGER-3750 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > Fix For: 3.0.0, 2.3.0 > > > Steps > 1.Keep the existing default policy as it is > 2. create a policy with resource > collection - test, * > 3.Perform upgrade > 4.The upgrade fails for java patch 55 > {code:java} > 2022-05-05 17:31:40,644 [I] java patch > PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied.. > javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse > Persistence Services - 2.7.7.v20200504-69f2c2b80d): > org.eclipse.persistence.exceptions.DatabaseException > Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key > value violates unique constraint "x_policy_uk_service_signature" > Detail: Key (service, resource_signature)=(11, > 217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already > exists. > Error Code: 0 > Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, > is_audit_enabled, is_enabled, name, policy_options, policy_priority, > policy_text, policy_type, resource_signature, service, UPDATE_TIME, > UPD_BY_ID, version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, > ?, ?, ?, ?, ?) > bind => [18 parameters bound] {code} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (RANGER-3182) Prestosql is renamed to Trino
[ https://issues.apache.org/jira/browse/RANGER-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17532786#comment-17532786 ] Aakash Nand commented on RANGER-3182: - [~rmani] I have updated the patch files in the review link as well as this issue. Please review them. > Prestosql is renamed to Trino > - > > Key: RANGER-3182 > URL: https://issues.apache.org/jira/browse/RANGER-3182 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Viacheslav Kriuchkov >Priority: Blocker > Attachments: 0001-RANGER-3182-Rename-Prestosql-to-Trino-master.patch, > 0001-RANGER-3182-Rename-Prestosql-to-Trino-ranger-2.3.patch, > ranger-commons-lang3-master.patch > > Time Spent: 2h 40m > Remaining Estimate: 0h > > All "prestosql" classes are "trino" now and Presto plugin can't integrate > with Trino because of that. It means all Presto deployments that use Ranger > are stuck on version 350 and can't upgrade further. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3182) Prestosql is renamed to Trino
[ https://issues.apache.org/jira/browse/RANGER-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aakash Nand updated RANGER-3182: Attachment: 0001-RANGER-3182-Rename-Prestosql-to-Trino-master.patch 0001-RANGER-3182-Rename-Prestosql-to-Trino-ranger-2.3.patch > Prestosql is renamed to Trino > - > > Key: RANGER-3182 > URL: https://issues.apache.org/jira/browse/RANGER-3182 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Viacheslav Kriuchkov >Priority: Blocker > Attachments: 0001-RANGER-3182-Rename-Prestosql-to-Trino-master.patch, > 0001-RANGER-3182-Rename-Prestosql-to-Trino-ranger-2.3.patch, > ranger-commons-lang3-master.patch > > Time Spent: 2h 40m > Remaining Estimate: 0h > > All "prestosql" classes are "trino" now and Presto plugin can't integrate > with Trino because of that. It means all Presto deployments that use Ranger > are stuck on version 350 and can't upgrade further. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3182) Prestosql is renamed to Trino
[ https://issues.apache.org/jira/browse/RANGER-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Aakash Nand updated RANGER-3182: Attachment: (was: 0001-RANGER-3182-Rename-Prestosql-to-Trino.patch) > Prestosql is renamed to Trino > - > > Key: RANGER-3182 > URL: https://issues.apache.org/jira/browse/RANGER-3182 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Viacheslav Kriuchkov >Priority: Blocker > Attachments: ranger-commons-lang3-master.patch > > Time Spent: 2h 40m > Remaining Estimate: 0h > > All "prestosql" classes are "trino" now and Presto plugin can't integrate > with Trino because of that. It means all Presto deployments that use Ranger > are stuck on version 350 and can't upgrade further. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3750) RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'
[ https://issues.apache.org/jira/browse/RANGER-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mateen N Mansoori updated RANGER-3750: -- Affects Version/s: 3.0.0 2.3.0 > RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate > key value violates unique constraint' > - > > Key: RANGER-3750 > URL: https://issues.apache.org/jira/browse/RANGER-3750 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 >Reporter: Mateen N Mansoori >Priority: Major > > Steps > 1.Keep the existing default policy as it is > 2. create a policy with resource > collection - test, * > 3.Perform upgrade > 4.The upgrade fails for java patch 55 > {code:java} > 2022-05-05 17:31:40,644 [I] java patch > PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied.. > javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse > Persistence Services - 2.7.7.v20200504-69f2c2b80d): > org.eclipse.persistence.exceptions.DatabaseException > Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key > value violates unique constraint "x_policy_uk_service_signature" > Detail: Key (service, resource_signature)=(11, > 217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already > exists. > Error Code: 0 > Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, > is_audit_enabled, is_enabled, name, policy_options, policy_priority, > policy_text, policy_type, resource_signature, service, UPDATE_TIME, > UPD_BY_ID, version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, > ?, ?, ?, ?, ?) > bind => [18 parameters bound] {code} -- This message was sent by Atlassian Jira (v8.20.7#820007)
Review Request 73979: RANGER-3750 : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73979/ --- Review request for ranger, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-3750 https://issues.apache.org/jira/browse/RANGER-3750 Repository: ranger Description --- Steps to reproduce. 1.Keep the existing default policy as it is 2. create a policy with resource collection - test, * 3.Perform upgrade 4.The upgrade fails for java patch 55 2022-05-05 17:31:40,644 [I] java patch PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied.. javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.7.v20200504-69f2c2b80d): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "x_policy_uk_service_signature" Detail: Key (service, resource_signature)=(11, 217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already exists. Error Code: 0 Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, is_audit_enabled, is_enabled, name, policy_options, policy_priority, policy_text, policy_type, resource_signature, service, UPDATE_TIME, UPD_BY_ID, version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) bind => [18 parameters bound] The reason of failure is - we already have a policy(default) with resource as collections and value as *, So during upgrade based on some conditions we are creating additional three policies with different resources - admin -> * - schema -> * - confing -> * So let say someone created another policy with 'colletions -> some_res_name, *' then during upgrade - As per current code it will try to create another policies with similar resources as mentioned above and it will fail as ranger admin doesn't allow policy creation with duplicate resource. Removed hardcoded resource from the code and using original resource only which are coming from existing policies. Diffs - security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java dacfab696 Diff: https://reviews.apache.org/r/73979/diff/1/ Testing --- Tested on local VM. Thanks, Mateen Mansoori
[jira] [Updated] (RANGER-3750) RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint'
[ https://issues.apache.org/jira/browse/RANGER-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mateen N Mansoori updated RANGER-3750: -- Summary: RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate key value violates unique constraint' (was: RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 will fail if we have resource like - res_name,*) > RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with 'duplicate > key value violates unique constraint' > - > > Key: RANGER-3750 > URL: https://issues.apache.org/jira/browse/RANGER-3750 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Mateen N Mansoori >Priority: Major > > Steps > 1.Keep the existing default policy as it is > 2. create a policy with resource > collection - test, * > 3.Perform upgrade > 4.The upgrade fails for java patch 55 > {code:java} > 2022-05-05 17:31:40,644 [I] java patch > PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied.. > javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse > Persistence Services - 2.7.7.v20200504-69f2c2b80d): > org.eclipse.persistence.exceptions.DatabaseException > Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key > value violates unique constraint "x_policy_uk_service_signature" > Detail: Key (service, resource_signature)=(11, > 217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already > exists. > Error Code: 0 > Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, > is_audit_enabled, is_enabled, name, policy_options, policy_priority, > policy_text, policy_type, resource_signature, service, UPDATE_TIME, > UPD_BY_ID, version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, > ?, ?, ?, ?, ?) > bind => [18 parameters bound] {code} -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (RANGER-3737) Usersync is broken due to NullPointerException
[ https://issues.apache.org/jira/browse/RANGER-3737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17532682#comment-17532682 ] Bhavik Patel commented on RANGER-3737: -- for sessionMgr obj or authentication obj? > Usersync is broken due to NullPointerException > --- > > Key: RANGER-3737 > URL: https://issues.apache.org/jira/browse/RANGER-3737 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 >Reporter: Bhavik Patel >Assignee: Bhavik Patel >Priority: Blocker > Attachments: > 0001-RANGER-3737-Usersync-is-broken-due-to-NullPointerExc.patch > > > 2022-04-28 08:38:41,306 [sl73tskrapd107.visa.com-startStop-1] INFO > apache.ranger.security.web.filter.RangerCSRFPreventionFilter > (RangerCSRFPreventionFilter.java:82) - Adding cross-site request forgery > (CSRF) protection > java.lang.NullPointerException > at > org.apache.ranger.security.handler.RangerAuthenticationProvider.authenticate(RangerAuthenticationProvider.java:151) > at > org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:297) > at > org.apache.ranger.security.web.filter.RangerKrbFilter.doFilter(RangerKrbFilter.java:494) > at > org.apache.ranger.security.web.filter.RangerKRBAuthenticationFilter.doFilter(RangerKRBAuthenticationFilter.java:393) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3740) Create Ranger Admin API to refresh tag cache
[ https://issues.apache.org/jira/browse/RANGER-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-3740: - Fix Version/s: 3.0.0 > Create Ranger Admin API to refresh tag cache > > > Key: RANGER-3740 > URL: https://issues.apache.org/jira/browse/RANGER-3740 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3739) Add JWT filter in Ranger Admin
[ https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-3739: - Fix Version/s: 3.0.0 > Add JWT filter in Ranger Admin > -- > > Key: RANGER-3739 > URL: https://issues.apache.org/jira/browse/RANGER-3739 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Add JWT auth filter in Ranger Admin, which authenticates browser & > non-browser JWT requests without altering existing authentication filters. > The existing authorization process must be alter to incorporate following > cases > |*Token*|*SSO Enabled*|*First Authorizer / Filter*| > |Present|Yes|RangerSSOAuthenticationFilter| > |Absent|Yes|RangerSSOAuthenticationFilter| > |Present|No|RangerJwtAuthFilter ({*}NEW{*})| > |Absent|No|RangerJwtAuthFilter ({*}NEW{*})| -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: Review Request 73965: RANGER-3739: Add JWT filter in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73965/#review224411 --- Ship it! Ship It! - Vishal Suvagia On May 2, 2022, 11:53 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73965/ > --- > > (Updated May 2, 2022, 11:53 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3739 > https://issues.apache.org/jira/browse/RANGER-3739 > > > Repository: ranger > > > Description > --- > > Add JWT auth filter in Ranger Admin, which authenticates browser & > non-browser JWT requests without altering existing authentication filters. > > The existing authorization process must be alter to incorporate following > cases > > Token SSO Enabled First Authorizer / Filter > Present Yes RangerSSOAuthenticationFilter > AbsentYes RangerSSOAuthenticationFilter > Present No RangerJwtAuthFilter (NEW) > AbsentNo RangerJwtAuthFilter (NEW) > > > Diffs > - > > security-admin/pom.xml eaa8db1c1 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthFilter.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthWrapper.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73965/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Login ModHeader (chrome plugin): invalid JWT > 3. Login ModHeader (chrome plugin): expired JWT > 4. Login ModHeader (chrome plugin): tampered JWT > 5. Login ModHeader (chrome plugin): valid JWT > 6. Curl Access API: invalid JWT > 7. Curl Access API: expired JWT > 8. Curl Access API: tampered JWT > 9. Curl Access API: valid JWT > > > Thanks, > > Kishor Gollapalliwar > >
[jira] [Created] (RANGER-3750) RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 will fail if we have resource like - res_name,*
Mateen N Mansoori created RANGER-3750: - Summary: RANGER : PatchForSolrSvcDefAndPoliciesUpdate_J10055 will fail if we have resource like - res_name,* Key: RANGER-3750 URL: https://issues.apache.org/jira/browse/RANGER-3750 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Mateen N Mansoori Steps 1.Keep the existing default policy as it is 2. create a policy with resource collection - test, * 3.Perform upgrade 4.The upgrade fails for java patch 55 {code:java} 2022-05-05 17:31:40,644 [I] java patch PatchForSolrSvcDefAndPoliciesUpdate_J10055 is being applied.. javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.7.7.v20200504-69f2c2b80d): org.eclipse.persistence.exceptions.DatabaseException Internal Exception: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "x_policy_uk_service_signature" Detail: Key (service, resource_signature)=(11, 217ea0f3a46f347e055088a9418291595af70c473ad18d4d70dfe555d9243c33) already exists. Error Code: 0 Call: INSERT INTO x_policy (id, ADDED_BY_ID, CREATE_TIME, description, guid, is_audit_enabled, is_enabled, name, policy_options, policy_priority, policy_text, policy_type, resource_signature, service, UPDATE_TIME, UPD_BY_ID, version, zone_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) bind => [18 parameters bound] {code} -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: Review Request 73965: RANGER-3739: Add JWT filter in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73965/#review224410 --- Ship it! Ship It! - Mehul Parikh On May 2, 2022, 11:53 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73965/ > --- > > (Updated May 2, 2022, 11:53 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3739 > https://issues.apache.org/jira/browse/RANGER-3739 > > > Repository: ranger > > > Description > --- > > Add JWT auth filter in Ranger Admin, which authenticates browser & > non-browser JWT requests without altering existing authentication filters. > > The existing authorization process must be alter to incorporate following > cases > > Token SSO Enabled First Authorizer / Filter > Present Yes RangerSSOAuthenticationFilter > AbsentYes RangerSSOAuthenticationFilter > Present No RangerJwtAuthFilter (NEW) > AbsentNo RangerJwtAuthFilter (NEW) > > > Diffs > - > > security-admin/pom.xml eaa8db1c1 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthFilter.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthWrapper.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73965/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Login ModHeader (chrome plugin): invalid JWT > 3. Login ModHeader (chrome plugin): expired JWT > 4. Login ModHeader (chrome plugin): tampered JWT > 5. Login ModHeader (chrome plugin): valid JWT > 6. Curl Access API: invalid JWT > 7. Curl Access API: expired JWT > 8. Curl Access API: tampered JWT > 9. Curl Access API: valid JWT > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73973: RANGER-3740: Create Ranger Admin API to refresh tag cache
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73973/#review224409 --- Ship it! Ship It! - Vishal Suvagia On May 5, 2022, 8:43 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73973/ > --- > > (Updated May 5, 2022, 8:43 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3740 > https://issues.apache.org/jira/browse/RANGER-3740 > > > Repository: ranger > > > Description > --- > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java > e99b38b4a > > security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java > 93c283fbc > security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b0baf904 > > > Diff: https://reviews.apache.org/r/73973/diff/2/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Hit API with empty service name > (http://localhost:6182/service/tags/tags/cache/reset) > 3. Hit API with valid service name > (http://localhost:6182/service/tags/tags/cache/reset?serviceName=test_hdfs) > 4. Hit API with invalid service name > (http://localhost:6182/service/tags/tags/cache/reset?serviceName=invalid_service) > > > Thanks, > > Kishor Gollapalliwar > >