Review Request 74640: RANGER-4442 : Add loggedIn user as the admin in dataset/datshare ACL

2023-10-03 Thread Prashant Satam 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74640/
---

Review request for ranger, Anand Nadar, Madhan Neethiraj, and Subhrat Chaudhary.


Bugs: RANGER-4442
https://issues.apache.org/jira/browse/RANGER-4442


Repository: ranger


Description
---

Whenever as dataset/datashare is created, current logged in user should be 
added as the admin in ACL


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 05705cd92 


Diff: https://reviews.apache.org/r/74640/diff/1/


Testing
---

Add a Dataset/DataShare we will get the Creator as ADMIN in ACL


Thanks,

Prashant Satam

[jira] [Closed] (RANGER-4456) Dataset,DataShare creator should be Admin in ACL

2023-10-03 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam closed RANGER-4456.
--

Duplicate Jira https://issues.apache.org/jira/browse/RANGER-4442

> Dataset,DataShare creator should be Admin in ACL
> 
>
> Key: RANGER-4456
> URL: https://issues.apache.org/jira/browse/RANGER-4456
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Prashant Satam
>Assignee: Prashant Satam
>Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (RANGER-4456) Dataset,DataShare creator should be Admin in ACL

2023-10-03 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam resolved RANGER-4456.

Resolution: Duplicate

https://issues.apache.org/jira/browse/RANGER-4442

> Dataset,DataShare creator should be Admin in ACL
> 
>
> Key: RANGER-4456
> URL: https://issues.apache.org/jira/browse/RANGER-4456
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Prashant Satam
>Assignee: Prashant Satam
>Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4456) Dataset,DataShare creator should be Admin in ACL

2023-10-03 Thread Prashant Satam (Jira) 
Prashant Satam created RANGER-4456:
--

 Summary: Dataset,DataShare creator should be Admin in ACL
 Key: RANGER-4456
 URL: https://issues.apache.org/jira/browse/RANGER-4456
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Prashant Satam






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-4456) Dataset,DataShare creator should be Admin in ACL

2023-10-03 Thread Prashant Satam (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Prashant Satam reassigned RANGER-4456:
--

Assignee: Prashant Satam

> Dataset,DataShare creator should be Admin in ACL
> 
>
> Key: RANGER-4456
> URL: https://issues.apache.org/jira/browse/RANGER-4456
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Prashant Satam
>Assignee: Prashant Satam
>Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4455) Dataset with ACL for "public" group List permission are not listed if the user is not added to public

2023-10-03 Thread Subhrat Chaudhary (Jira) 
Subhrat Chaudhary created RANGER-4455:
-

 Summary: Dataset with ACL for "public" group List permission are 
not listed if the user is not added to public
 Key: RANGER-4455
 URL: https://issues.apache.org/jira/browse/RANGER-4455
 Project: Ranger
  Issue Type: Sub-task
  Components: admin
Reporter: Subhrat Chaudhary


Dataset with ACL for "public" group List permission are not listed, if the user 
is not added to public. In current ACL evaluation to get Dataset, public group 
is not considered.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Attachment: RANGER-4454-000.patch

> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg, Jira_HDFS_SM4.jpg, RANGER-4454-000.patch, 
> SM4_NotAvaliable.jpg
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
> algorithm, RangerKMS background will print "under Caused by: Java security. 
> NoSuchAlgorithmException: SM4 KeyGenerator not available"
>  
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771683#comment-17771683
 ] 

xiaojunxiang commented on RANGER-4454:
--

https://github.com/apache/ranger/pull/287

> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg, Jira_HDFS_SM4.jpg, SM4_NotAvaliable.jpg
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
> algorithm, RangerKMS background will print "under Caused by: Java security. 
> NoSuchAlgorithmException: SM4 KeyGenerator not available"
>  
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] RANGER-4454. KMS: adds support for the SM4 encryption algorithm. [ranger]

2023-10-03 Thread via GitHub 


xiaojunxiang2023 opened a new pull request, #287:
URL: https://github.com/apache/ranger/pull/287

 **SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
encryption**:
   1. Hadoop website: 
https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html
   
![HDFS_SM4](https://github.com/apache/ranger/assets/65019264/81ba2af8-4bd7-4412-acd0-45e403a736e7)
   3. Jira(HDFS supported SM4):   
https://issues.apache.org/jira/browse/HDFS-15098  
   
   
 When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
algorithm, RangerKMS background will print "under Caused by: Java security. 
**NoSuchAlgorithmException**: **SM4 KeyGenerator not available**"
   
![SM4_NotAvaliable](https://github.com/apache/ranger/assets/65019264/b139ca33-c7a7-4062-b47a-d227e386318c)
   
 **So RangerKMS should adapt to this.**
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] RangerKMS adds support for the SM4 encryption algorithm. [ranger]

2023-10-03 Thread via GitHub 


xiaojunxiang2023 closed pull request #286: RangerKMS adds support for the SM4 
encryption algorithm.
URL: https://github.com/apache/ranger/pull/286


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[PR] RangerKMS adds support for the SM4 encryption algorithm. [ranger]

2023-10-03 Thread via GitHub 


xiaojunxiang2023 opened a new pull request, #286:
URL: https://github.com/apache/ranger/pull/286

 **SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
encryption**:
   1. Hadoop website: 
https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html
   
![HDFS_SM4](https://github.com/apache/ranger/assets/65019264/81ba2af8-4bd7-4412-acd0-45e403a736e7)
   3. Jira(HDFS supported SM4):   
https://issues.apache.org/jira/browse/HDFS-15098  
   
   
 When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
algorithm, RangerKMS background will print "under Caused by: Java security. 
**NoSuchAlgorithmException**: **SM4 KeyGenerator not available**"
   
![SM4_NotAvaliable](https://github.com/apache/ranger/assets/65019264/b139ca33-c7a7-4062-b47a-d227e386318c)
   
 **So RangerKMS should adapt to this.**
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Attachment: SM4_NotAvaliable.jpg

> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg, Jira_HDFS_SM4.jpg, SM4_NotAvaliable.jpg
>
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
> algorithm, RangerKMS background will print "under Caused by: Java security. 
> NoSuchAlgorithmException: SM4 KeyGenerator not available"
>  
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Description: 
SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
encryption, 
So RangerKMS should adapt to this.

When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
algorithm, RangerKMS background will print "under Caused by: Java security. 
NoSuchAlgorithmException: SM4 KeyGenerator not available"

 

Hadoop website: 
[https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]

Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  

  was:
SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
encryption, 
So RangerKMS should adapt to this.

Hadoop website: 
[https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]

Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  


> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg, Jira_HDFS_SM4.jpg, SM4_NotAvaliable.jpg
>
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> When I add in the region of the Encryption key used "SM4 / CTR/NoPadding" 
> algorithm, RangerKMS background will print "under Caused by: Java security. 
> NoSuchAlgorithmException: SM4 KeyGenerator not available"
>  
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Attachment: Jira_HDFS_SM4.jpg

> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg, Jira_HDFS_SM4.jpg
>
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Description: 
SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
encryption, 
So RangerKMS should adapt to this.

Hadoop website: 
[https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]

Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  

  was:
SM4 is already supported in recent versions of hdfs transparent encryption, 
So RangerKMS should adapt to this.

Hadoop website:  
https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html


> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg
>
>
> SM4 is already supported in recent versions (3.4.0) of hdfs transparent 
> encryption, 
> So RangerKMS should adapt to this.
> Hadoop website: 
> [https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html]
> Jira(HDFS supported SM4):   https://issues.apache.org/jira/browse/HDFS-15098  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

xiaojunxiang updated RANGER-4454:
-
Attachment: HDFS_SM4.jpg

> RangerKMS adds support for the SM4 encryption algorithm.
> 
>
> Key: RANGER-4454
> URL: https://issues.apache.org/jira/browse/RANGER-4454
> Project: Ranger
>  Issue Type: New Feature
>  Components: kms, Ranger
>Affects Versions: 2.3.0
> Environment:  !image-2023-10-04-08-31-03-261.png! 
>Reporter: xiaojunxiang
>Priority: Major
> Attachments: HDFS_SM4.jpg
>
>
> SM4 is already supported in recent versions of hdfs transparent encryption, 
> So RangerKMS should adapt to this.
> Hadoop website:  
> https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4454) RangerKMS adds support for the SM4 encryption algorithm.

2023-10-03 Thread xiaojunxiang (Jira) 
xiaojunxiang created RANGER-4454:


 Summary: RangerKMS adds support for the SM4 encryption algorithm.
 Key: RANGER-4454
 URL: https://issues.apache.org/jira/browse/RANGER-4454
 Project: Ranger
  Issue Type: New Feature
  Components: kms, Ranger
Affects Versions: 2.3.0
 Environment:  !image-2023-10-04-08-31-03-261.png! 
Reporter: xiaojunxiang


SM4 is already supported in recent versions of hdfs transparent encryption, 
So RangerKMS should adapt to this.

Hadoop website:  
https://apache.github.io/hadoop/hadoop-project-dist/hadoop-hdfs/TransparentEncryption.html



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (RANGER-4435) Support cascading delete for datashare

2023-10-03 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary closed RANGER-4435.
-

> Support cascading delete for datashare
> --
>
> Key: RANGER-4435
> URL: https://issues.apache.org/jira/browse/RANGER-4435
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need to support cascading delete for datashare and delete following also:
> 1. delete related requests
> 2. delete related sharedResources



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (RANGER-4426) Add field approver in dataset request entities

2023-10-03 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary closed RANGER-4426.
-

> Add field approver in dataset request entities
> --
>
> Key: RANGER-4426
> URL: https://issues.apache.org/jira/browse/RANGER-4426
> Project: Ranger
>  Issue Type: Sub-task
>  Components: Ranger
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> To be able to record details of the approver of the requests i.e. request to 
> add datashare in dataset and request to add dataset in project. we need an 
> approver field in RangerDatashareInDataset and RangerDatasetInProject.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74639: RANGER-4447: Add GET API to get security-zone summary for current user

2023-10-03 Thread Subhrat Chaudhary via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74639/
---

Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4447

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4447


Repository: ranger


Description
---

We need a new API to get security-zone summary, to show zone details on 
dashboard.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
 47f8041b7 
  security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java 
a2c4e30ca 
  security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java 
7c1e01053 


Diff: https://reviews.apache.org/r/74639/diff/1/


Testing
---

Validated on lcoal with zones. API response for one SZ:
{
"id": 3,
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696354856720,
"updateTime": 1696354856725,
"name": "zone2",
"totalResourceCount": 3,
"adminCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"auditorCount": {
"ROLE": 0,
"GROUP": 0,
"USER": 4
},
"tagServices": [
"tag1"
],
"services": [
{
"id": 1,
"name": "hive1",
"type": "hive",
"resourceCount": 2
},
{
"id": 15740,
"name": "hive2",
"type": "hive",
"resourceCount": 1
}
]
}


Thanks,

Subhrat Chaudhary

[jira] [Assigned] (RANGER-4447) Need a new API to get security-zone summary

2023-10-03 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary reassigned RANGER-4447:
-

Assignee: Subhrat Chaudhary

> Need a new API to get security-zone summary
> ---
>
> Key: RANGER-4447
> URL: https://issues.apache.org/jira/browse/RANGER-4447
> Project: Ranger
>  Issue Type: Sub-task
>  Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
> We need a new API to get security-zone summary, to show zone details on 
> dashboard:
> {code:java}
> {
>     "startIndex": 0,
>     "pageSize": 2,
>     "totalCount": 2,
>     "resultSize": 2,
>     "sortType": "desc",
>     "sortBy": "createTime",
>     "list": [
>         {
>             "id": 3,
>             "isEnabled": true,
>             "createdBy": "Admin",
>             "updatedBy": "Admin",
>             "createTime": 1695710459000,
>             "updateTime": 1695710459000,
>             "name": "Test-Zone-2",
>             "Description": "This is DESCR",
>             "totalResourceCount": 3,
>             "adminusersCount": 1,
>             "AdminGroupsCount": 1,
>             "AdminRoles": 1,
>             "AuditorUsersCount": 1,
>             "AuditorGroupsCount": 1,
>             "AuditorRoles": 1,
>             "services": [
>                 {
>                     "id": 3,
>                     "name": "Resource_policy_Performance_test_gds",
>                     "type": "gds",
>                     "resourceCount": 2
>                 }
>             ],
>             "tagServices": [
>                 "tagService1",
>                 "tagService2"
>             ]
>         }
>     ],
>     "listSize": 2
> } {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[PR] RANGER-4400: Fixed ConcurrentModificationException in RangerKafkaAuditHandler.processResults(Collection results) [ranger]

2023-10-03 Thread via GitHub 


fateh288 opened a new pull request, #285:
URL: https://github.com/apache/ranger/pull/285

   ## What changes were proposed in this pull request?
   
   Previously added patch for RANGER-4400 used auditEventList in 
processResults() for the collection of requests and flushed them at a later 
stage in flushAudit(). This approach results in ConcurrentModificationException 
because auditEventList can get modified (more events added) while audit events 
getting flushed. 
   Instead of collecting these audit events in an array list, this patch 
flushes the audit events while they are being processed. This prevents the 
ConcurrentModificationException as no array list is used.
   
   ## How was this patch tested?
   
   system tests with kafka


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread Dineshkumar Yadav (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dineshkumar Yadav updated RANGER-4348:
--
Fix Version/s: 3.0.0

> Filter audits for cc_metric_reporter user on Kafka service repo
> ---
>
> Key: RANGER-4348
> URL: https://issues.apache.org/jira/browse/RANGER-4348
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Sanket Shelar
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4348.patch
>
>
> A lot of audits are generated for cc_metric_reporter user for the kafka 
> service repo for the resource "__CruiseControlMetrics".
> These audits will fill up the audit logs, and not much value is added by 
> these audits.
> Hence, it will be better to add a default audit filter to filter the audits 
> from cc_metric_reporter user on the kafka service repo.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4419) In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies flag false.

2023-10-03 Thread Dineshkumar Yadav (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dineshkumar Yadav updated RANGER-4419:
--
Fix Version/s: 3.0.0

> In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item 
> is not showing services permissions which have 
> enableDenyAndExceptionsInPolicies flag false.
> 
>
> Key: RANGER-4419
> URL: https://issues.apache.org/jira/browse/RANGER-4419
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dhaval Rajpara
>Assignee: Dhaval Rajpara
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4419.patch
>
>
> Step to reproduce :
> 1) Click on  Create tag base policy button.
> 2) Go to  Allow conditions --> Component Permissions
> 3) Click on Component Permissions + icon 
> 4) In  Component Permissions modal Select component, it is not showing 
> component(services) which has flag "enableDenyAndExceptionsInPolicies = false"
> The following service components have the option 
> "enableDenyAndExceptionsInPolicies=false" in service definition.
> * elasticsearch
> * kylin
> * nifi-registry
> * nifi
> * sqoop
> However, these service components should be shown in the Allow condition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4419) In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies flag false

2023-10-03 Thread Dineshkumar Yadav (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-4419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771514#comment-17771514
 ] 

Dineshkumar Yadav commented on RANGER-4419:
---

Apache master : 
https://github.com/apache/ranger/commit/e23d09f49f7188b8333032445a6e7e292722eaad

> In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item 
> is not showing services permissions which have 
> enableDenyAndExceptionsInPolicies flag false.
> 
>
> Key: RANGER-4419
> URL: https://issues.apache.org/jira/browse/RANGER-4419
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dhaval Rajpara
>Assignee: Dhaval Rajpara
>Priority: Major
> Attachments: 0001-RANGER-4419.patch
>
>
> Step to reproduce :
> 1) Click on  Create tag base policy button.
> 2) Go to  Allow conditions --> Component Permissions
> 3) Click on Component Permissions + icon 
> 4) In  Component Permissions modal Select component, it is not showing 
> component(services) which has flag "enableDenyAndExceptionsInPolicies = false"
> The following service components have the option 
> "enableDenyAndExceptionsInPolicies=false" in service definition.
> * elasticsearch
> * kylin
> * nifi-registry
> * nifi
> * sqoop
> However, these service components should be shown in the Allow condition.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread Dineshkumar Yadav (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771506#comment-17771506
 ] 

Dineshkumar Yadav commented on RANGER-4348:
---

Apache commit : 
https://github.com/apache/ranger/commit/ee7bf6909d652054e36b36c1972791f5e44d6a2a

> Filter audits for cc_metric_reporter user on Kafka service repo
> ---
>
> Key: RANGER-4348
> URL: https://issues.apache.org/jira/browse/RANGER-4348
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Sanket Shelar
>Priority: Major
> Attachments: 0001-RANGER-4348.patch
>
>
> A lot of audits are generated for cc_metric_reporter user for the kafka 
> service repo for the resource "__CruiseControlMetrics".
> These audits will fill up the audit logs, and not much value is added by 
> these audits.
> Hence, it will be better to add a default audit filter to filter the audits 
> from cc_metric_reporter user on the kafka service repo.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4453) Exception while calling solr api when ranger authorisation is disabled for solr

2023-10-03 Thread Sanket Shelar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanket Shelar updated RANGER-4453:
--
Attachment: 0001-RANGER-4453.patch

> Exception while calling solr api when ranger authorisation is disabled for 
> solr
> ---
>
> Key: RANGER-4453
> URL: https://issues.apache.org/jira/browse/RANGER-4453
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Sanket Shelar
>Assignee: Sanket Shelar
>Priority: Major
> Attachments: 0001-RANGER-4453.patch
>
>
> Disable ranger authorisation for solr.
> kinit using systest user
> run curl -i -k --negotiate -u :  
> [https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'
> we get 500 server error



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74638: RANGER-4453: Exception while calling solr api when ranger authorisation is disabled for solr

2023-10-03 Thread sanket shelar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74638/
---

Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Bugs: RANGER-4453
https://issues.apache.org/jira/browse/RANGER-4453


Repository: ranger


Description
---

Disable ranger authorisation for solr.

kinit using systest user

run curl -i -k --negotiate -u :  
https://host:8995/solr/test_collection_01/select -d 'q=:'

we get 500 server error


Diffs
-

  
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 e9b053381 


Diff: https://reviews.apache.org/r/74638/diff/1/


Testing
---


Thanks,

sanket shelar

[jira] [Updated] (RANGER-4453) Exception while calling solr api when ranger authorisation is disabled for solr

2023-10-03 Thread Sanket Shelar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanket Shelar updated RANGER-4453:
--
Description: 
Disable ranger authorisation for solr.

kinit using systest user

run curl -i -k --negotiate -u :  
[https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'

 

we get 500 server error

> Exception while calling solr api when ranger authorisation is disabled for 
> solr
> ---
>
> Key: RANGER-4453
> URL: https://issues.apache.org/jira/browse/RANGER-4453
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Sanket Shelar
>Assignee: Sanket Shelar
>Priority: Major
>
> Disable ranger authorisation for solr.
> kinit using systest user
> run curl -i -k --negotiate -u :  
> [https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'
>  
> we get 500 server error



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4453) Exception while calling solr api when ranger authorisation is disabled for solr

2023-10-03 Thread Sanket Shelar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanket Shelar updated RANGER-4453:
--
Description: 
Disable ranger authorisation for solr.

kinit using systest user

run curl -i -k --negotiate -u :  
[https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'

we get 500 server error

  was:
Disable ranger authorisation for solr.

kinit using systest user

run curl -i -k --negotiate -u :  
[https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'

 

we get 500 server error


> Exception while calling solr api when ranger authorisation is disabled for 
> solr
> ---
>
> Key: RANGER-4453
> URL: https://issues.apache.org/jira/browse/RANGER-4453
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Sanket Shelar
>Assignee: Sanket Shelar
>Priority: Major
>
> Disable ranger authorisation for solr.
> kinit using systest user
> run curl -i -k --negotiate -u :  
> [https://host:8995/solr/test_collection_01/select] -d 'q={*}:{*}'
> we get 500 server error



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4453) Exception while calling solr api when ranger authorisation is disabled for solr

2023-10-03 Thread Sanket Shelar (Jira) 
Sanket Shelar created RANGER-4453:
-

 Summary: Exception while calling solr api when ranger 
authorisation is disabled for solr
 Key: RANGER-4453
 URL: https://issues.apache.org/jira/browse/RANGER-4453
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Sanket Shelar
Assignee: Sanket Shelar






--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4452) Audit action details not logged for some kerberos login session

2023-10-03 Thread suja s (Jira) 
suja s created RANGER-4452:
--

 Summary: Audit action details not logged for some kerberos login 
session
 Key: RANGER-4452
 URL: https://issues.apache.org/jira/browse/RANGER-4452
 Project: Ranger
  Issue Type: Bug
  Components: admin
Reporter: suja s


STEPS TO REPRODUCE:
Login to Ranger Admin UI as admin user
Navigate to Audits page
Select "Login Sessions" tab
Choose LoginType as "Kerberos" and Login Id as "kafka" in the search filters
Large no of audit entries get listed.
Click on any one session id
Click on "Show actions" link
The displayed page doesn't list any details

CURRENT BEHAVIOUR:
There are large no of sessions getting established only for kafka user loginid
Audit action details not logged for Kafka kerberos login session

EXPECTED BEHAVIOUR:
Audit action details should be logged for Kafka kerberos login session



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-4451) RANGER-4286 allows security-zone to exist without any services/resources assigned yet, so when the last service is removed from zone, the zone should not get deleted

2023-10-03 Thread Mugdha Varadkar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mugdha Varadkar reassigned RANGER-4451:
---

Assignee: Madhan Neethiraj

> RANGER-4286 allows security-zone to exist without any services/resources 
> assigned yet, so when the last service is removed from zone, the zone should 
> not get deleted
> -
>
> Key: RANGER-4451
> URL: https://issues.apache.org/jira/browse/RANGER-4451
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Reporter: suja s
>Assignee: Madhan Neethiraj
>Priority: Major
>
> STEPS TO REPRODUCE:
> Create a service (cm_test)
> Create a security zone z1 with cm_test service added
> z1 is created successfully
> Delete cm_test
> CURRENT BEHAVIOUR:
> Zone z1 also gets deleted
> EXPECTED BEHAVIOUR:
> Zone z1 should not be deleted



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4451) RANGER-4286 allows security-zone to exist without any services/resources assigned yet, so when the last service is removed from zone, the zone should not get deleted

2023-10-03 Thread suja s (Jira) 
suja s created RANGER-4451:
--

 Summary: RANGER-4286 allows security-zone to exist without any 
services/resources assigned yet, so when the last service is removed from zone, 
the zone should not get deleted
 Key: RANGER-4451
 URL: https://issues.apache.org/jira/browse/RANGER-4451
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Reporter: suja s


STEPS TO REPRODUCE:
Create a service (cm_test)
Create a security zone z1 with cm_test service added
z1 is created successfully
Delete cm_test


CURRENT BEHAVIOUR:
Zone z1 also gets deleted

EXPECTED BEHAVIOUR:
Zone z1 should not be deleted



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74637: RANGER-4348: Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread Dineshkumar Yadav 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74637/#review225814
---


Ship it!




Ship It!

- Dineshkumar Yadav


On Oct. 3, 2023, 10:24 a.m., sanket shelar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74637/
> ---
> 
> (Updated Oct. 3, 2023, 10:24 a.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4348
> https://issues.apache.org/jira/browse/RANGER-4348
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> A lot of audits are generated for cc_metric_reporter user for the kafka 
> service repo for the resource "__CruiseControlMetrics".
> These audits will fill up the audit logs, and not much value is added by 
> these audits.
> Hence, it will be better to add a default audit filter to filter the audits 
> from cc_metric_reporter user on the kafka service repo.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
> b169c6ba9 
> 
> 
> Diff: https://reviews.apache.org/r/74637/diff/1/
> 
> 
> Testing
> ---
> 
> Testing done for fresh install.
> 
> 
> Thanks,
> 
> sanket shelar
> 
>

[jira] [Created] (RANGER-4450) Inconsistencies in API (service/plugins/definitions) response when user has insufficient permissions.

2023-10-03 Thread Dhaval Rajpara (Jira) 
Dhaval Rajpara created RANGER-4450:
--

 Summary: Inconsistencies in API (service/plugins/definitions) 
response when user has insufficient permissions.
 Key: RANGER-4450
 URL: https://issues.apache.org/jira/browse/RANGER-4450
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Affects Versions: 3.0.0
Reporter: Dhaval Rajpara


API : *service/plugins/definitions*

This API provides extensive information on service definitions(Resource base 
Policies module and tag base Policies module) in JSON format.

Case 1 :
1)  Remove user permission from the resources base module and only allow tag 
base module permission to that user.
2) Login with that user. This API retunes 403 forbidden for that user.
3) However the same user can get resource base policy definition information 
through Name and ID
 For example: service/plugins/definitions/name/hdfs, 
service/plugins/definitions/name/hbase

Any reason why we restrict this API (service/plugins/definitions) for user 
roles?

We want this API open for optimization performance in Ranger React UI.

CC : [~madhan] / [~abhay] / [~pradeep] / [~dineshkumar-yadav] /[~mehul]





--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74622: RANGER-4419 : In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies fla

2023-10-03 Thread Brijesh Bhalala 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74622/#review225813
---


Ship it!




Ship It!

- Brijesh Bhalala


On Oct. 3, 2023, 11:50 a.m., Dhaval Rajpara wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74622/
> ---
> 
> (Updated Oct. 3, 2023, 11:50 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, 
> Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nitin 
> Galave, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4419
> https://issues.apache.org/jira/browse/RANGER-4419
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Step to reproduce :
> 1) Click on Create tag base policy button.
> 2) Go to Allow conditions --> Component Permissions
> 3) Click on Component Permissions + icon
> 4) In Component Permissions modal Select component, it is not showing 
> component(services) which has flag "enableDenyAndExceptionsInPolicies = false"
> 
> The following service components have the option 
> "enableDenyAndExceptionsInPolicies=false" in service definition.
> 
>   -> elasticsearch
>   -> kylin
>   -> nifi-registry
>   -> nifi
>   -> sqoop
> However, these service components should be shown in the Allow condition.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyPermissionItem.jsx
>  821d39370 
>   
> security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx
>  5cd2aa6ca 
>   
> security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx
>  97e6d3b62 
> 
> 
> Diff: https://reviews.apache.org/r/74622/diff/1/
> 
> 
> Testing
> ---
> 
> Tested changes on a cluster setup with Ranger Admin build with React JS code 
> base.
> 
> 
> Verfied these service components should be shown in the Allow condition
> 
> 
> Successful completion of build command :
> mvn clean compile package -Psecurity-admin-react
> 
> 
> Thanks,
> 
> Dhaval Rajpara
> 
>

Re: Review Request 74622: RANGER-4419 : In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies fla

2023-10-03 Thread Dhaval Rajpara 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74622/
---

(Updated Oct. 3, 2023, 11:50 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, 
Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nitin 
Galave, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-4419
https://issues.apache.org/jira/browse/RANGER-4419


Repository: ranger


Description
---

Step to reproduce :
1) Click on Create tag base policy button.
2) Go to Allow conditions --> Component Permissions
3) Click on Component Permissions + icon
4) In Component Permissions modal Select component, it is not showing 
component(services) which has flag "enableDenyAndExceptionsInPolicies = false"

The following service components have the option 
"enableDenyAndExceptionsInPolicies=false" in service definition.

  -> elasticsearch
  -> kylin
  -> nifi-registry
  -> nifi
  -> sqoop
However, these service components should be shown in the Allow condition.


Diffs
-

  
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyPermissionItem.jsx
 821d39370 
  
security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx
 5cd2aa6ca 
  
security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx
 97e6d3b62 


Diff: https://reviews.apache.org/r/74622/diff/1/


Testing (updated)
---

Tested changes on a cluster setup with Ranger Admin build with React JS code 
base.


Verfied these service components should be shown in the Allow condition


Successful completion of build command :
mvn clean compile package -Psecurity-admin-react


Thanks,

Dhaval Rajpara

[jira] [Updated] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread Sanket Shelar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanket Shelar updated RANGER-4348:
--
Attachment: 0001-RANGER-4348.patch

> Filter audits for cc_metric_reporter user on Kafka service repo
> ---
>
> Key: RANGER-4348
> URL: https://issues.apache.org/jira/browse/RANGER-4348
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Sanket Shelar
>Priority: Major
> Attachments: 0001-RANGER-4348.patch
>
>
> A lot of audits are generated for cc_metric_reporter user for the kafka 
> service repo for the resource "__CruiseControlMetrics".
> These audits will fill up the audit logs, and not much value is added by 
> these audits.
> Hence, it will be better to add a default audit filter to filter the audits 
> from cc_metric_reporter user on the kafka service repo.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread Sanket Shelar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sanket Shelar updated RANGER-4348:
--
Attachment: (was: 0001-RANGER-4348.patch)

> Filter audits for cc_metric_reporter user on Kafka service repo
> ---
>
> Key: RANGER-4348
> URL: https://issues.apache.org/jira/browse/RANGER-4348
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Abhishek
>Assignee: Sanket Shelar
>Priority: Major
> Attachments: 0001-RANGER-4348.patch
>
>
> A lot of audits are generated for cc_metric_reporter user for the kafka 
> service repo for the resource "__CruiseControlMetrics".
> These audits will fill up the audit logs, and not much value is added by 
> these audits.
> Hence, it will be better to add a default audit filter to filter the audits 
> from cc_metric_reporter user on the kafka service repo.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74637: RANGER-4348: Filter audits for cc_metric_reporter user on Kafka service repo

2023-10-03 Thread sanket shelar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74637/
---

Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Bugs: RANGER-4348
https://issues.apache.org/jira/browse/RANGER-4348


Repository: ranger


Description
---

A lot of audits are generated for cc_metric_reporter user for the kafka service 
repo for the resource "__CruiseControlMetrics".
These audits will fill up the audit logs, and not much value is added by these 
audits.
Hence, it will be better to add a default audit filter to filter the audits 
from cc_metric_reporter user on the kafka service repo.


Diffs
-

  agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
b169c6ba9 


Diff: https://reviews.apache.org/r/74637/diff/1/


Testing
---

Testing done for fresh install.


Thanks,

sanket shelar

Re: Review Request 74634: RANGER-4446: Need an API to return dataset summary

2023-10-03 Thread Subhrat Chaudhary via Review Board 


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 480 (patched)
> > 
> >
> > Consider using GdsPermission for permissionForCaller, instead of String.

Using GdsPermission for permissionForCaller


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 540 (patched)
> > 
> >
> > Field id is present in base class RangerBaseModelObject. Please review 
> > and remove from DataShareInDatasetSummary.

Removed id from DataShareInDatasetSummary.


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java
> > Lines 547 (patched)
> > 
> >
> > Consider using GdsShareStatus for shareStatus, instead of String.

Using GdsShareStatus for shareStatus


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
> > Line 135 (original), 143 (patched)
> > 
> >
> > getDatasetHeaders() => getDatasetSummary()

Updated logs for the method getDatasetSummary


> On Oct. 3, 2023, 12:09 a.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
> > Line 251 (original), 251 (patched)
> > 
> >
> > resource-count in a dataShare shouldn't vary across datasets it is 
> > associated to. If yes, does this method need datasetId parameter?

removed datasetId from signature and renamed method to 
getResourceCountForDataShare


- Subhrat


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/#review225806
---


On Oct. 3, 2023, 2:40 p.m., Subhrat Chaudhary wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74634/
> ---
> 
> (Updated Oct. 3, 2023, 2:40 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-4446
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We need additional details in the response for DatasetHeaderInfo like summary 
> for DataShare included int he dataset.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
> fd27f54a9 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 05705cd92 
>   security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java f827c754d 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  b22208773 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
>  eadbb9228 
> 
> 
> Diff: https://reviews.apache.org/r/74634/diff/2/
> 
> 
> Testing
> ---
> 
> Updated dataset summary details:
> {
> "id": 1,
> "guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696075254523,
> "updateTime": 1696075254534,
> "version": 1,
> "name": "DS1",
> "principalsCountByType": {
> "USER": 2,
> "GROUP": 0,
> "ROLE": 0
> },
> "projectsCount": 0,
> "permissionForCaller": "ADMIN",
> "totalResourceCount": 2,
> "dataShares": [
> {
> "id": 3,
> "guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1696073077134,
> "updateTime": 1696073077136,
> "version": 1,
> "name": "datashare3",
> "serviceId": 1,
> "serviceName": "hive1",
> "zoneId": 2,
> "zoneName": "zone1",
> "resourceCount": 1,
> "shareStatus": "REQUESTED"
> },
> {
> "id": 4,
> "guid":

Re: Review Request 74634: RANGER-4446: Need an API to return dataset summary

2023-10-03 Thread Subhrat Chaudhary via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74634/
---

(Updated Oct. 3, 2023, 2:40 p.m.)


Review request for ranger and Madhan Neethiraj.


Bugs: https://issues.apache.org/jira/browse/RANGER-4446

https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4446


Repository: ranger


Description
---

We need additional details in the response for DatasetHeaderInfo like summary 
for DataShare included int he dataset.


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerGds.java 
fd27f54a9 
  security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 05705cd92 
  security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java f827c754d 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 b22208773 
  
security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java
 eadbb9228 


Diff: https://reviews.apache.org/r/74634/diff/2/

Changes: https://reviews.apache.org/r/74634/diff/1-2/


Testing
---

Updated dataset summary details:
{
"id": 1,
"guid": "35081b85-7c1e-48b7-aca4-f7c7b9aa7b18",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696075254523,
"updateTime": 1696075254534,
"version": 1,
"name": "DS1",
"principalsCountByType": {
"USER": 2,
"GROUP": 0,
"ROLE": 0
},
"projectsCount": 0,
"permissionForCaller": "ADMIN",
"totalResourceCount": 2,
"dataShares": [
{
"id": 3,
"guid": "b2c938ac-8da7-4861-a29a-cfed5bdb62c8",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696073077134,
"updateTime": 1696073077136,
"version": 1,
"name": "datashare3",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
},
{
"id": 4,
"guid": "bf92da3b-3a4b-445f-8fa0-11f5a02306f3",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1696146862432,
"updateTime": 1696146862447,
"version": 1,
"name": "datashare4",
"serviceId": 1,
"serviceName": "hive1",
"zoneId": 2,
"zoneName": "zone1",
"resourceCount": 1,
"shareStatus": "REQUESTED"
}
]
}


Thanks,

Subhrat Chaudhary

[jira] [Updated] (RANGER-4424) [Ranger React UI] Security zone: Should be able to create security zone without any resource

2023-10-03 Thread Brijesh Bhalala (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brijesh Bhalala updated RANGER-4424:

Attachment: 0001-RANGER-4424.patch

> [Ranger React UI] Security zone: Should be able to create security zone 
> without any resource
> 
>
> Key: RANGER-4424
> URL: https://issues.apache.org/jira/browse/RANGER-4424
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Reporter: Harshal Chavan
>Assignee: Brijesh Bhalala
>Priority: Major
>  Labels: ranger-react
> Attachments: 0001-RANGER-4424.patch
>
>
> RANGER-4286 removed the restriction that a security zone must have at least 
> one service and one resource. UI should be updated to remove this validation, 
> to allow create/update of security zones with no service/resource.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74636: RANGER-4424: Security zone: Should be able to create security zone without any resource

2023-10-03 Thread Brijesh Bhalala 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74636/
---

Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan Neethiraj, 
Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave.


Bugs: RANGER-4424
https://issues.apache.org/jira/browse/RANGER-4424


Repository: ranger


Description
---

RANGER-4286 removed the restriction that a security zone must have at least one 
service and one resource. UI should be updated to remove this validation, to 
allow create/update of security zones with no service/resource.


Diffs
-

  security-admin/src/main/webapp/react-webapp/src/images/no-service.svg 
PRE-CREATION 
  
security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/SecurityZonelogs.jsx
 c6ab380b7 
  
security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx
 97e6d3b62 
  
security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/ZoneDisplay.jsx
 db1fa0622 
  
security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx
 aeb88161b 


Diff: https://reviews.apache.org/r/74636/diff/1/


Testing
---

Tested changes on a cluster setup with Ranger Admin build with React JS code 
base.

Verified the Security Zone form, Audit logs and Service Manager Module.


Thanks,

Brijesh Bhalala