[jira] [Updated] (RANGER-4381) [Ranger React UI] Difference in user lookup API request in permissions module page between React UI and BackBone UI
[ https://issues.apache.org/jira/browse/RANGER-4381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4381: Attachment: 0004-RANGER-4381.patch > [Ranger React UI] Difference in user lookup API request in permissions module > page between React UI and BackBone UI > --- > > Key: RANGER-4381 > URL: https://issues.apache.org/jira/browse/RANGER-4381 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4381.patch, 0002-RANGER-4381.patch, > 0003-RANGER-4381.patch, 0004-RANGER-4381.patch > > > In Ranger backbone UI, when trying to add users to a particular permissions > module, > when typing the user name, the user lookup is done only for users who are > visible. > In React UI, the lookup is not being restricted to visible users. > Ideally, if a user is hidden, it would mean that the user is deleted from the > source, > and in such scenarios, the users must not be listed for user lookups. > This is a regression from the previous UI behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74584: RANGER-4381: Difference in user lookup API request in permissions module page between React UI and BackBone UI
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74584/ --- (Updated Sept. 15, 2023, 5:43 a.m.) Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. Bugs: RANGER-4381 https://issues.apache.org/jira/browse/RANGER-4381 Repository: ranger Description --- In Ranger backbone UI, when trying to add users to a particular permissions module, when typing the user name, the user lookup is done only for users who are visible. In React UI, the lookup is not being restricted to visible users. Ideally, if a user is hidden, it would mean that the user is deleted from the source, and in such scenarios, the users must not be listed for user lookups. This is a regression from the previous UI behaviour. Diffs (updated) - security-admin/src/main/webapp/react-webapp/src/styles/style.css aaa54a380 security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/EditPermission.jsx a3e55dfbd security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx 688831ea5 security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx c506ee0f8 security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx efddf8080 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx 2ba0ca068 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx 1890168e5 Diff: https://reviews.apache.org/r/74584/diff/4/ Changes: https://reviews.apache.org/r/74584/diff/3-4/ Testing --- Tested changes on a cluster setup with Ranger Admin build with React JS code base. Verfified the visibility functionality of users/groups listing tables, security zone form & permission module Successful completion of build command : mvn clean compile package -Psecurity-admin-react Thanks, Brijesh Bhalala
[jira] [Comment Edited] (RANGER-4404) Audit to hdfs for orc format feature stabilisation
[ https://issues.apache.org/jira/browse/RANGER-4404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17764835#comment-17764835 ] Ramesh Mani edited comment on RANGER-4404 at 9/14/23 3:57 PM: -- [~bpatel] Yes directly writing into ORC format and copying is what I was thinking of, but in this process we should not lose audit in case of failure. Json to ORC conversion tool looks promising an if we processes parallelly. Will check it out. Thanks. was (Author: rmani): [~bpatel] Yes directly writing into ORC format and copying is what I was thinking of, but in this process we should not loose audit it case of failure. Json to ORC conversion tool looks promising an if we processes parallelly. Will check it out. Thanks. > Audit to hdfs for orc format feature stabilisation > -- > > Key: RANGER-4404 > URL: https://issues.apache.org/jira/browse/RANGER-4404 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 3.0.0, 2.4.0 >Reporter: Bhavik Patel >Assignee: Bhavik Patel >Priority: Major > > Currently if we have 50GB audit log file in spool directory then it is taking > 4-5hr for the conversion and writing to HDFS. > Also, we are observing below error logs > {code:java} > ERROR [AuditFileQueueSpool_hdfs_destWriter] provider.BaseAuditHandler: Error > writing to log file. > java.lang.RuntimeException: Overflow of newLength. > smallBuffer.length=1073741824, nextElemLength=38 > at > org.apache.hadoop.hive.ql.exec.vector.BytesColumnVector.increaseBufferSpace(BytesColumnVector.java:311) > at > org.apache.hadoop.hive.ql.exec.vector.BytesColumnVector.setVal(BytesColumnVector.java:182) > at > org.apache.hadoop.hive.ql.exec.vector.BytesColumnVector.setVal(BytesColumnVector.java:207) > at org.apache.ranger.audit.utils.ORCFileUtil.log(ORCFileUtil.java:143) > at > org.apache.ranger.audit.utils.RangerORCAuditWriter$1.run(RangerORCAuditWriter.java:77) > at > org.apache.ranger.audit.utils.RangerORCAuditWriter$1.run(RangerORCAuditWriter.java:73) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1762) > at > org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:541) > at > org.apache.ranger.audit.utils.RangerORCAuditWriter.logAuditAsORC(RangerORCAuditWriter.java:73) > at > org.apache.ranger.audit.utils.RangerORCAuditWriter.logAsORC(RangerORCAuditWriter.java:159) > at > org.apache.ranger.audit.utils.RangerORCAuditWriter.log(RangerORCAuditWriter.java:112) > at > org.apache.ranger.audit.destination.HDFSAuditDestination.logJSON(HDFSAuditDestination.java:78) > at > org.apache.ranger.audit.destination.HDFSAuditDestination.log(HDFSAuditDestination.java:163) > at > org.apache.ranger.audit.queue.AuditFileQueueSpool.sendEvent(AuditFileQueueSpool.java:926) > at > org.apache.ranger.audit.queue.AuditFileQueueSpool.logEvent(AuditFileQueueSpool.java:913) > at > org.apache.ranger.audit.queue.AuditFileQueueSpool.runLogAudit(AuditFileQueueSpool.java:847) > at > org.apache.ranger.audit.queue.AuditFileQueueSpool.run(AuditFileQueueSpool.java:790) > {code} > hive-storage-api version upgrade(>=2.7.3) required to resolve the above error. > Current version is 2.7.2 > cc: [~rmani] [~fateh288] -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74584: RANGER-4381: Difference in user lookup API request in permissions module page between React UI and BackBone UI
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74584/ --- (Updated Sept. 14, 2023, 12:33 p.m.) Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. Bugs: RANGER-4381 https://issues.apache.org/jira/browse/RANGER-4381 Repository: ranger Description --- In Ranger backbone UI, when trying to add users to a particular permissions module, when typing the user name, the user lookup is done only for users who are visible. In React UI, the lookup is not being restricted to visible users. Ideally, if a user is hidden, it would mean that the user is deleted from the source, and in such scenarios, the users must not be listed for user lookups. This is a regression from the previous UI behaviour. Diffs (updated) - security-admin/src/main/webapp/react-webapp/src/styles/style.css aaa54a380 security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/EditPermission.jsx a3e55dfbd security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx 688831ea5 security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx c506ee0f8 security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx efddf8080 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx 2ba0ca068 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx 1890168e5 Diff: https://reviews.apache.org/r/74584/diff/3/ Changes: https://reviews.apache.org/r/74584/diff/2-3/ Testing --- Tested changes on a cluster setup with Ranger Admin build with React JS code base. Verfified the visibility functionality of users/groups listing tables, security zone form & permission module Successful completion of build command : mvn clean compile package -Psecurity-admin-react Thanks, Brijesh Bhalala
[jira] [Updated] (RANGER-4381) [Ranger React UI] Difference in user lookup API request in permissions module page between React UI and BackBone UI
[ https://issues.apache.org/jira/browse/RANGER-4381?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4381: Attachment: 0003-RANGER-4381.patch > [Ranger React UI] Difference in user lookup API request in permissions module > page between React UI and BackBone UI > --- > > Key: RANGER-4381 > URL: https://issues.apache.org/jira/browse/RANGER-4381 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4381.patch, 0002-RANGER-4381.patch, > 0003-RANGER-4381.patch > > > In Ranger backbone UI, when trying to add users to a particular permissions > module, > when typing the user name, the user lookup is done only for users who are > visible. > In React UI, the lookup is not being restricted to visible users. > Ideally, if a user is hidden, it would mean that the user is deleted from the > source, > and in such scenarios, the users must not be listed for user lookups. > This is a regression from the previous UI behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4373) Deleting a role which is already present in policy is giving incorrect message.
[ https://issues.apache.org/jira/browse/RANGER-4373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanket Shelar updated RANGER-4373: -- Attachment: 0001-RANGER-4373.patch > Deleting a role which is already present in policy is giving incorrect > message. > --- > > Key: RANGER-4373 > URL: https://issues.apache.org/jira/browse/RANGER-4373 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Sanket Shelar >Assignee: Sanket Shelar >Priority: Major > Attachments: 0001-RANGER-4373.patch > > > In case if a role is already present in policy and we try to delete the role > then we are getting message as "data not found" instead of "Role can not be > deleted as it is referenced in one or more policies" -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4373) Deleting a role which is already present in policy is giving incorrect message.
[ https://issues.apache.org/jira/browse/RANGER-4373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanket Shelar updated RANGER-4373: -- Attachment: (was: 0001-RANGER-4373.patch) > Deleting a role which is already present in policy is giving incorrect > message. > --- > > Key: RANGER-4373 > URL: https://issues.apache.org/jira/browse/RANGER-4373 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Sanket Shelar >Assignee: Sanket Shelar >Priority: Major > > In case if a role is already present in policy and we try to delete the role > then we are getting message as "data not found" instead of "Role can not be > deleted as it is referenced in one or more policies" -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74603: RANGER-4373: Deleting a role which is already present in policy is giving incorrect message.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74603/ --- Review request for ranger, dinesh akhand, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-4373 https://issues.apache.org/jira/browse/RANGER-4373 Repository: ranger Description --- In case if a role is already present in policy and we try to delete the role then we are getting message as "data not found" instead of "Role can not be deleted as it is referenced in one or more policies Diffs - security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4bfaa862c security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java 2da72a1ea Diff: https://reviews.apache.org/r/74603/diff/1/ Testing --- Tested for role delete scenarios. Thanks, sanket shelar
[jira] [Created] (RANGER-4411) Authorization error Ozone plugin
Anatoly created RANGER-4411: --- Summary: Authorization error Ozone plugin Key: RANGER-4411 URL: https://issues.apache.org/jira/browse/RANGER-4411 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.3.0 Reporter: Anatoly When setting up a connection to Ozone from Ranger 2.3.0, I receive a message in the UI Connection Failed. {code:java} Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info. java.lang.NoClassDefFoundError: org/apache/hadoop/shaded/com/google/protobuf/ServiceException. org.apache.hadoop.shaded.com.google.protobuf.ServiceException. {code} Error in Ranger Admin logs {code:java} 2023-09-14 09:37:31,798 [timed-executor-pool-0] INFO [Base Client.java:126] Init Login: security not enabled, using username 2023-09-14 09:37:31,857 [http-nio-6080-exec-9] ERROR [ServiceMgr.java:198] ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: java.lang.NoClassDefFoundError: org/apache/hadoop/shaded/com/google/protobuf/ServiceException{code} The directory for the Ozone plugin had to be created manually in {code:java} ews/webapp/WEB-INF/classes/ranger-plugins/ozone{code} because it was not there by default and copied jars Ozone there after creation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4412) Authorization error Ozone plugin
Anatoly created RANGER-4412: --- Summary: Authorization error Ozone plugin Key: RANGER-4412 URL: https://issues.apache.org/jira/browse/RANGER-4412 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.3.0 Reporter: Anatoly When setting up a connection to Ozone from Ranger 2.3.0, I receive a message in the UI Connection Failed. {code:java} Unable to retrieve any files using given parameters, You can still save the repository and start creating policies, but you would not be able to use autocomplete for resource names. Check ranger_admin.log for more info. java.lang.NoClassDefFoundError: org/apache/hadoop/shaded/com/google/protobuf/ServiceException. org.apache.hadoop.shaded.com.google.protobuf.ServiceException. {code} Error in Ranger Admin logs {code:java} 2023-09-14 09:37:31,798 [timed-executor-pool-0] INFO [Base Client.java:126] Init Login: security not enabled, using username 2023-09-14 09:37:31,857 [http-nio-6080-exec-9] ERROR [ServiceMgr.java:198] ==> ServiceMgr.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: java.lang.NoClassDefFoundError: org/apache/hadoop/shaded/com/google/protobuf/ServiceException{code} The directory for the Ozone plugin had to be created manually in {code:java} ews/webapp/WEB-INF/classes/ranger-plugins/ozone{code} because it was not there by default and copied jars Ozone there after creation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4410) Need additional filters in GET Datahsare API
[ https://issues.apache.org/jira/browse/RANGER-4410?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Subhrat Chaudhary reassigned RANGER-4410: - Assignee: Prashant Satam (was: Subhrat Chaudhary) > Need additional filters in GET Datahsare API > > > Key: RANGER-4410 > URL: https://issues.apache.org/jira/browse/RANGER-4410 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > We need additional filters in GET Datahsare API, to filter list based on > zoneName, serviceName. This will be needed in Datashare listing page to > search based on zone and service. -- This message was sent by Atlassian Jira (v8.20.10#820010)