[jira] [Commented] (RANGER-4394) Java patches to support GDS changes
[ https://issues.apache.org/jira/browse/RANGER-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17768127#comment-17768127 ] Monika kachhadiya commented on RANGER-4394: --- Link to review request [https://reviews.apache.org/r/74620/] Could not assign the Jira to myself > Java patches to support GDS changes > --- > > Key: RANGER-4394 > URL: https://issues.apache.org/jira/browse/RANGER-4394 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > We need java patches to support the changes in existing tables / addition of > new tables/columns in ranger DB. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74620: RANGER-4394 upgrade patches to support GDS database changes
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74620/ --- Review request for ranger, Anand Nadar, Madhan Neethiraj, Prashant Satam, and Subhrat Chaudhary. Bugs: RANGER-4394 https://issues.apache.org/jira/browse/RANGER-4394 Repository: ranger Description --- upgrade patches to support GDS database changes -- Tables added x_gds_dataset, x_gds_project, x_gds_data_share, x_gds_shared_resource, x_gds_data_share_in_dataset, x_gds_dataset_in_project -- Indexes added -- View added vx_principal -- Modification of x_service and x_service_version_info for GDS -- Perm added for Governed Data Sharing Diffs - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 424f38d9eef3e4f7780a9755d1a79d9441e873bc security-admin/db/mysql/patches/067-create-gds-tables.sql PRE-CREATION security-admin/db/mysql/patches/068-create-view-principal.sql PRE-CREATION security-admin/db/mysql/patches/069-add-gds-x-service.sql PRE-CREATION security-admin/db/mysql/patches/070-add-gds-perm.sql PRE-CREATION security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5ffa23f334e88ce82e64358ba9a16665db320d7e security-admin/db/postgres/patches/067-create-gds-tables.sql PRE-CREATION security-admin/db/postgres/patches/068-create-view-principal.sql PRE-CREATION security-admin/db/postgres/patches/069-add-gds-x-service.sql PRE-CREATION security-admin/db/postgres/patches/070-add-gds-perm.sql PRE-CREATION Diff: https://reviews.apache.org/r/74620/diff/1/ Testing --- Verified that the patches are executed successfully on upgrade Verified that GDS tables are created, view for principal is created, permission for GDS is added and changes for x_service table for gds Thanks, Monika Kachhadiya
[jira] [Resolved] (RANGER-4234) Eliminate need for splitting delimited strings into arrays in policy conditions
[
https://issues.apache.org/jira/browse/RANGER-4234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Madhan Neethiraj resolved RANGER-4234.
--
Fix Version/s: 3.0.0
Resolution: Fixed
[~barbara] - thank you for the enhancement.
{noformat}
commit 1438644b7f1f7f5fb9e62d0d855982d7e10e7fc6 (HEAD -> master, origin/master,
origin/HEAD)
Author: Eckman, Barbara
Date: Fri Sep 22 11:38:07 2023 -0400
RANGER-4234: simplify condition/row-filter expressions that deal with
delimited strings
Signed-off-by: Madhan Neethiraj
{noformat}
> Eliminate need for splitting delimited strings into arrays in policy
> conditions
> ---
>
> Key: RANGER-4234
> URL: https://issues.apache.org/jira/browse/RANGER-4234
> Project: Ranger
> Issue Type: Improvement
> Components: plugins, Ranger
>Reporter: Barbara Eckman
>Assignee: Barbara Eckman
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4234.patch
>
>
> RANGER-3940 created javascript polyfills to support set operations in policy
> conditions and row filters via includes() and intersects(). Since Ranger
> doesn't support arrays in tag or userStore attribute values, in order to do
> these set operations we need to convert a delimited string into an array via
> split(). This results in undesirably complex conditions, relatively hard to
> maintain and error-prone.
> I propose using the "[[...]]" syntax to indicate that an element is
> semantically an array. I've written a java method to replace the double
> brackets with the split() syntax before the script or row filter is executed.
> If no delimiter is explicitly given, "," is assumed.
> Examples:
> |*As written in policy/row filter condition*|*As sent for evaluation*|
> |[[USER[TAG._type],"f"]].intersects([[TAG.value]])|USER[TAG._type].split("f").intersects(TAG.value.split(","))|
> |[["${\\\{USER.partners}}"]].includes(partner)|"${{{}USER.partners{}}}".split(",").includes(partner)|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: Review Request 74609: RANGER-4234
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74609/ --- (Updated Sept. 22, 2023, 5:46 p.m.) Review request for ranger and madhan. Repository: ranger Description --- RANGER-4234: Eliminate need for splitting delimited strings into arrays in policy conditions Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java d2b3e746b agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEdits.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/util/JavaScriptEditsTest.java PRE-CREATION Diff: https://reviews.apache.org/r/74609/diff/5/ Changes: https://reviews.apache.org/r/74609/diff/4-5/ Testing --- File Attachments (updated) 0001-RANGER-4234.patch https://reviews.apache.org/media/uploaded/files/2023/09/22/19380bc1-e7ad-4fab-880d-324e38783c05__0001-RANGER-4234.patch RANGER-4234.patch https://reviews.apache.org/media/uploaded/files/2023/09/22/0f300895-c3a6-4dbd-8bd3-23dc1d6e3b49__RANGER-4234.patch Thanks, Barbara Eckman
Re: Review Request 74609: RANGER-4234
> On Sept. 21, 2023, 4:06 p.m., Madhan Neethiraj wrote: > > Barbara - the recent update to the review doesn't include the changes. Can > > you please update again? > > Barbara Eckman wrote: > Yes, I apologize. I'm having trouble generating a new patch: > % git format-patch origin/master > 0001-doubleBracketsReplace-stuff.patch > 0002-added-replaceDoubleBrackets-to-RangerDefaultRowFilte.patch > Trying to upload 0002, I get this error: "The uploaded diff uses short > revisions, but Review Board requires full revisions. Please generate a new > diff using the --full-index parameter." > When I do this the result is the same: > % git format-patch --full-index origin/master > 0001-doubleBracketsReplace-stuff.patch > 0002-added-replaceDoubleBrackets-to-RangerDefaultRowFilte.patch > snd I get the same error on trying to upload. > > *** FINALLY, I ADDED THE 0002 FILE UNDER UPDATE DIFF-> ADD FILE. *** I > apologize for the inconvenience. new DIFF created and posted, to get rid of the confusion. - Barbara --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74609/#review225776 --- On Sept. 22, 2023, 3:43 p.m., Barbara Eckman wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74609/ > --- > > (Updated Sept. 22, 2023, 3:43 p.m.) > > > Review request for ranger and madhan. > > > Repository: ranger > > > Description > --- > > RANGER-4234: Eliminate need for splitting delimited strings into arrays in > policy conditions > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java > d2b3e746b > > agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEdits.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/74609/diff/4/ > > > Testing > --- > > > File Attachments > > > 0001-RANGER-4234.patch > > https://reviews.apache.org/media/uploaded/files/2023/09/22/19380bc1-e7ad-4fab-880d-324e38783c05__0001-RANGER-4234.patch > > > Thanks, > > Barbara Eckman > >
Re: Review Request 74609: RANGER-4234
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74609/ --- (Updated Sept. 22, 2023, 3:43 p.m.) Review request for ranger and madhan. Changes --- new diff produced to avoid confusion. Repository: ranger Description --- RANGER-4234: Eliminate need for splitting delimited strings into arrays in policy conditions Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java d2b3e746b agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEdits.java PRE-CREATION Diff: https://reviews.apache.org/r/74609/diff/4/ Changes: https://reviews.apache.org/r/74609/diff/3-4/ Testing --- File Attachments (updated) 0001-RANGER-4234.patch https://reviews.apache.org/media/uploaded/files/2023/09/22/19380bc1-e7ad-4fab-880d-324e38783c05__0001-RANGER-4234.patch Thanks, Barbara Eckman
[jira] [Updated] (RANGER-4234) Eliminate need for splitting delimited strings into arrays in policy conditions
[
https://issues.apache.org/jira/browse/RANGER-4234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Barbara Eckman updated RANGER-4234:
---
Attachment: 0001-RANGER-4234.patch
> Eliminate need for splitting delimited strings into arrays in policy
> conditions
> ---
>
> Key: RANGER-4234
> URL: https://issues.apache.org/jira/browse/RANGER-4234
> Project: Ranger
> Issue Type: Improvement
> Components: plugins, Ranger
>Reporter: Barbara Eckman
>Assignee: Barbara Eckman
>Priority: Major
> Attachments: 0001-RANGER-4234.patch
>
>
> RANGER-3940 created javascript polyfills to support set operations in policy
> conditions and row filters via includes() and intersects(). Since Ranger
> doesn't support arrays in tag or userStore attribute values, in order to do
> these set operations we need to convert a delimited string into an array via
> split(). This results in undesirably complex conditions, relatively hard to
> maintain and error-prone.
> I propose using the "[[...]]" syntax to indicate that an element is
> semantically an array. I've written a java method to replace the double
> brackets with the split() syntax before the script or row filter is executed.
> If no delimiter is explicitly given, "," is assumed.
> Examples:
> |*As written in policy/row filter condition*|*As sent for evaluation*|
> |[[USER[TAG._type],"f"]].intersects([[TAG.value]])|USER[TAG._type].split("f").intersects(TAG.value.split(","))|
> |[["${\\\{USER.partners}}"]].includes(partner)|"${{{}USER.partners{}}}".split(",").includes(partner)|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4234) Eliminate need for splitting delimited strings into arrays in policy conditions
[
https://issues.apache.org/jira/browse/RANGER-4234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Barbara Eckman updated RANGER-4234:
---
Attachment: (was: 0001-doubleBracketsReplace-stuff.patch)
> Eliminate need for splitting delimited strings into arrays in policy
> conditions
> ---
>
> Key: RANGER-4234
> URL: https://issues.apache.org/jira/browse/RANGER-4234
> Project: Ranger
> Issue Type: Improvement
> Components: plugins, Ranger
>Reporter: Barbara Eckman
>Assignee: Barbara Eckman
>Priority: Major
>
> RANGER-3940 created javascript polyfills to support set operations in policy
> conditions and row filters via includes() and intersects(). Since Ranger
> doesn't support arrays in tag or userStore attribute values, in order to do
> these set operations we need to convert a delimited string into an array via
> split(). This results in undesirably complex conditions, relatively hard to
> maintain and error-prone.
> I propose using the "[[...]]" syntax to indicate that an element is
> semantically an array. I've written a java method to replace the double
> brackets with the split() syntax before the script or row filter is executed.
> If no delimiter is explicitly given, "," is assumed.
> Examples:
> |*As written in policy/row filter condition*|*As sent for evaluation*|
> |[[USER[TAG._type],"f"]].intersects([[TAG.value]])|USER[TAG._type].split("f").intersects(TAG.value.split(","))|
> |[["${\\\{USER.partners}}"]].includes(partner)|"${{{}USER.partners{}}}".split(",").includes(partner)|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mugdha Varadkar reassigned RANGER-4399:
---
Assignee: Dineshkumar Yadav (was: Mugdha Varadkar)
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Dineshkumar Yadav
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the
> Dashboard page to reduce server side API call for zone change operation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mugdha Varadkar updated RANGER-4399:
Description:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API for SecurityZoneHeaderInfo based on
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
{code}
Apart from above fixes, this jira is also handling one improvement on the
Dashboard page to reduce server side API call for zone change operation.
was:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API for SecurityZoneHeaderInfo based on
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
{code}
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
>
[jira] [Updated] (RANGER-4424) [Ranger React UI] Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4424: Component/s: admin > [Ranger React UI] Security zone: Should be able to create security zone > without any resource > > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > RANGER-4286 removed the restriction that a security zone must have at least > one service and one resource. UI should be updated to remove this validation, > to allow create/update of security zones with no service/resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) [Ranger React UI] Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4424: Summary: [Ranger React UI] Security zone: Should be able to create security zone without any resource (was: Security zone: Should be able to create security zone without any resource) > [Ranger React UI] Security zone: Should be able to create security zone > without any resource > > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > RANGER-4286 removed the restriction that a security zone must have at least > one service and one resource. UI should be updated to remove this validation, > to allow create/update of security zones with no service/resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4424: Description: RANGER-4286 removed the restriction that a security zone must have at least one service and one resource. UI should be updated to remove this validation, to allow create/update of security zones with no service/resource. (was: Due to RANGER-4286 we need to handle from UI also to crete security zone without any resource Steps 1.Create a zone without any resource 2.Click on edit zone button) > Security zone: Should be able to create security zone without any resource > -- > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > RANGER-4286 removed the restriction that a security zone must have at least > one service and one resource. UI should be updated to remove this validation, > to allow create/update of security zones with no service/resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Harshal Chavan updated RANGER-4424: --- Description: Due to RANGER-4286 we need to handle from UI also to crete security zone without any resource Steps 1.Create a zone without any resource 2.Click on edit zone button was:RANGER-4286 removed the restriction that a security zone must have at least one service and one resource. UI should be updated to remove this validation, to allow create/update of security zones with no service/resource. > Security zone: Should be able to create security zone without any resource > -- > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Due to RANGER-4286 we need to handle from UI also to crete security zone > without any resource > Steps > 1.Create a zone without any resource > 2.Click on edit zone button -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4424: Description: RANGER-4286 removed the restriction that a security zone must have at least one service and one resource. UI should be updated to remove this validation, to allow create/update of security zones with no service/resource. (was: Steps 1.Create a zone without any resource 2.Click on edit zone button) > Security zone: Should be able to create security zone without any resource > -- > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > RANGER-4286 removed the restriction that a security zone must have at least > one service and one resource. UI should be updated to remove this validation, > to allow create/update of security zones with no service/resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Harshal Chavan updated RANGER-4424: --- Summary: Security zone: Should be able to create security zone without any resource (was: Security zone: Should be able to create ) > Security zone: Should be able to create security zone without any resource > -- > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Steps > 1.Create a zone without any resource > 2.Click on edit zone button -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create security zone without any resource
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Harshal Chavan updated RANGER-4424: --- Issue Type: Improvement (was: Bug) > Security zone: Should be able to create security zone without any resource > -- > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Steps > 1.Create a zone without any resource > 2.Click on edit zone button -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4424) Security zone: Should be able to create
[ https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Harshal Chavan updated RANGER-4424: --- Summary: Security zone: Should be able to create (was: 'Something went wrong' page is displayed when zone edit button is clicked having no resource) > Security zone: Should be able to create > > > Key: RANGER-4424 > URL: https://issues.apache.org/jira/browse/RANGER-4424 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Steps > 1.Create a zone without any resource > 2.Click on edit zone button -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4424) 'Something went wrong' page is displayed when zone edit button is clicked having no resource
Harshal Chavan created RANGER-4424: -- Summary: 'Something went wrong' page is displayed when zone edit button is clicked having no resource Key: RANGER-4424 URL: https://issues.apache.org/jira/browse/RANGER-4424 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Harshal Chavan Assignee: Brijesh Bhalala Steps 1.Create a zone without any resource 2.Click on edit zone button -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-3942) HA for HDFS service with active-standby namenodes works wrong
[ https://issues.apache.org/jira/browse/RANGER-3942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Erplus resolved RANGER-3942. Resolution: Workaround > HA for HDFS service with active-standby namenodes works wrong > - > > Key: RANGER-3942 > URL: https://issues.apache.org/jira/browse/RANGER-3942 > Project: Ranger > Issue Type: Bug > Components: admin, Ranger >Affects Versions: 2.3.0 >Reporter: Erplus >Priority: Minor > > When i create HDFS service in ranger admin based on Hadoop cluster with 2 > namenodes (1 active, 1 standby - not secondary!) and i select the second > option (HA): [https://ibb.co/XC41DHc] then i have got an error: > [https://ibb.co/qjfJzd4] > For me it's a bug. I fill addres same as it is written in help description. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3942) HA for HDFS service with active-standby namenodes works wrong
[
https://issues.apache.org/jira/browse/RANGER-3942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17767893#comment-17767893
]
Erplus commented on RANGER-3942:
I found a working solution on cloduera forum:
[https://community.cloudera.com/t5/Support-Questions/Ranger-HDFS-plug-in-error-No-common-protection-layer-between/m-p/159668/highlight/true#M122057]
??For HA configuration to work, need to add the below properties in repo config
(I.e. additional entries in the advanced section). They can be copied from
hdfs-site.xml.??
{code:java}
dfs.nameservices =
dfs.ha.namenodes. =
dfs.namenode.rpc-address. =
dfs.namenode.rpc-address. =
dfs.client.failover.proxy.provider. =
org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider{code}
> HA for HDFS service with active-standby namenodes works wrong
> -
>
> Key: RANGER-3942
> URL: https://issues.apache.org/jira/browse/RANGER-3942
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: 2.3.0
>Reporter: Erplus
>Priority: Minor
>
> When i create HDFS service in ranger admin based on Hadoop cluster with 2
> namenodes (1 active, 1 standby - not secondary!) and i select the second
> option (HA): [https://ibb.co/XC41DHc] then i have got an error:
> [https://ibb.co/qjfJzd4]
> For me it's a bug. I fill addres same as it is written in help description.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4323) GDS: Need new api to get details of dataset listing page.
[ https://issues.apache.org/jira/browse/RANGER-4323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4323: -- Assignee: Subhrat Chaudhary (was: Prashant Satam) > GDS: Need new api to get details of dataset listing page. > - > > Key: RANGER-4323 > URL: https://issues.apache.org/jira/browse/RANGER-4323 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Anand Nadar >Assignee: Subhrat Chaudhary >Priority: Major > > Need an api which gives the below details: > * dataset id > * dataset name > * created time > * updated time > * count of datashares active and pending in dataset > * count of users/groups/roles/projects with whom dataset is shared. > This api should filter out the list of datasets according to the permission > available for the logged in user. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4421) Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
[
https://issues.apache.org/jira/browse/RANGER-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-4421:
Fix Version/s: 3.0.0
> Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
> --
>
> Key: RANGER-4421
> URL: https://issues.apache.org/jira/browse/RANGER-4421
> Project: Ranger
> Issue Type: Task
> Components: Ranger
>Reporter: Sanket Shelar
>Assignee: Sanket Shelar
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4421.patch
>
>
> URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM
> authentication feature Apache Tomcat.This issue affects Apache Tomcat: from
> 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1
> through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to
> the ROOT (default) web application.
> CVSSv3 Score:- 6.1(Medium)
> [https://nvd.nist.gov/vuln/detail/CVE-2023-41080]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4421) Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
[
https://issues.apache.org/jira/browse/RANGER-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-4421.
-
Resolution: Fixed
https://github.com/apache/ranger/commit/0b8eb1c15338de978adc5b80e92b39eb410d37d2
> Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
> --
>
> Key: RANGER-4421
> URL: https://issues.apache.org/jira/browse/RANGER-4421
> Project: Ranger
> Issue Type: Task
> Components: Ranger
>Reporter: Sanket Shelar
>Assignee: Sanket Shelar
>Priority: Major
> Attachments: 0001-RANGER-4421.patch
>
>
> URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM
> authentication feature Apache Tomcat.This issue affects Apache Tomcat: from
> 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1
> through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to
> the ROOT (default) web application.
> CVSSv3 Score:- 6.1(Medium)
> [https://nvd.nist.gov/vuln/detail/CVE-2023-41080]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4416) Need a new API to get datashares to be dispalyed on pop up for Add Request
[
https://issues.apache.org/jira/browse/RANGER-4416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary resolved RANGER-4416.
---
Resolution: Duplicate
Duplicate of https://issues.apache.org/jira/browse/RANGER-4397
> Need a new API to get datashares to be dispalyed on pop up for Add Request
> --
>
> Key: RANGER-4416
> URL: https://issues.apache.org/jira/browse/RANGER-4416
> Project: Ranger
> Issue Type: Sub-task
> Components: admin
>Reporter: Subhrat Chaudhary
>Priority: Major
>
> In Dataset Details >> DataShare >> Request Datashares >> We need to display
> all the datashares with LIST access (based on ACL) for the Dataset admin.
>
> {color:#00}We need to exclude existing one for which request is in
> GRANTED, ACTIVE, REQUESTED states. Response: id, Name, Descrption Filter:
> partial search on datashare name{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4321) RangerMDCFilter is not working as defined in RANGER-4024
[ https://issues.apache.org/jira/browse/RANGER-4321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam resolved RANGER-4321. Resolution: Resolved > RangerMDCFilter is not working as defined in RANGER-4024 > - > > Key: RANGER-4321 > URL: https://issues.apache.org/jira/browse/RANGER-4321 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > Fix For: 3.0.0 > > > As mentioned in RANGER-4024, the expected behavior is: > when request-id is added in log pattern and RangerMDCFilter is enabled via > property, > when the request header contains request-id, request-id should be available > in all the ranger admin logs. I tried to enable RangerMDCFilter by adding in > web.xml, but it did not work. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4395) Need to stop addition of Duplicate Resources to SharedResource Table
[ https://issues.apache.org/jira/browse/RANGER-4395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam resolved RANGER-4395. Resolution: Resolved > Need to stop addition of Duplicate Resources to SharedResource Table > > > Key: RANGER-4395 > URL: https://issues.apache.org/jira/browse/RANGER-4395 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > Currently we are not validating SharedResource Objects resources field if > they are already present in the database ,we need to add that validation -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4397) API to get DataShare id,name List
[ https://issues.apache.org/jira/browse/RANGER-4397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4397: --- Description: Dataset Details >> Add a Datashare >> List Datashares pop up > API to get DataShare id,name List > - > > Key: RANGER-4397 > URL: https://issues.apache.org/jira/browse/RANGER-4397 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > Dataset Details >> Add a Datashare >> List Datashares pop up -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74521: RANGER-4324:Implementing Acl for RangerDataSet
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74521/ --- (Updated Sept. 22, 2023, 6:33 a.m.) Review request for ranger, Madhan Neethiraj and Subhrat Chaudhary. Bugs: RANGER-4324 https://issues.apache.org/jira/browse/RANGER-4324 Repository: ranger Description --- Validating Access for RangerDataSet by checking if Requesting User is Present in RangerGdsObjectACL i.e in users,groups,roles Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 1991a3dca security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java 88fc64c98 Diff: https://reviews.apache.org/r/74521/diff/5/ Testing --- Done Testing by Adding the Logged in User to Admins in RangerDataSet and also adding the Logged in User to Acl of RangerDataSet Thanks, Prashant Satam
