[jira] [Updated] (RANGER-1898) Simplify Knox plugin dependency management
[ https://issues.apache.org/jira/browse/RANGER-1898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1898: Description: This task is to simplify the dependency management for the Knox plugin for Ranger. Tested that the distribution ships the same jars as before. Also tested a use-case involving Ranger + Knox. was: This task is to simplify the dependency management for the Knox plugin for Ranger. In addition, the hadoop-hdfs jar is removed from the distribution, as it is not required. Tested that the distribution ships the same jars as before, apart from hadoop-hdfs. Also tested a use-case involving Ranger + Knox. > Simplify Knox plugin dependency management > -- > > Key: RANGER-1898 > URL: https://issues.apache.org/jira/browse/RANGER-1898 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1898-Simplify-Knox-plugin-dependency-manageme.patch > > > This task is to simplify the dependency management for the Knox plugin for > Ranger. > Tested that the distribution ships the same jars as before. Also tested a > use-case involving Ranger + Knox. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Attachment: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > > > This task is to simplify the Apache Storm dependencies for Ranger. We can > avoid explicitly listing some of the dependencies, as they get pulled in via > other dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Attachment: (was: 0001-RANGER-1895-Simplify-Storm-dependencies.patch) > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > > This task is to simplify the Apache Storm dependencies for Ranger. We can > avoid explicitly listing some of the dependencies, as they get pulled in via > other dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Description: This task is to simplify the Apache Storm dependencies for Ranger. We can avoid explicitly listing some of the dependencies, as they get pulled in via other dependencies. (was: This task is to simplify the Apache Storm dependencies for Ranger. We are shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid explicitly listing some of the dependencies, as they get pulled in via other dependencies.) > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > > This task is to simplify the Apache Storm dependencies for Ranger. We can > avoid explicitly listing some of the dependencies, as they get pulled in via > other dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 64057: RANGER-1907:The solr-solrj jar is not need for hive-agent. So it should be removed from the pom.xml file of the hive-agent
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64057/#review191886 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 24, 2017, 2:05 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64057/ > --- > > (Updated Nov. 24, 2017, 2:05 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1907 > https://issues.apache.org/jira/browse/RANGER-1907 > > > Repository: ranger > > > Description > --- > > The solr-solrj jar is not need for hive-agent. So it should be removed from > the pom.xml file of the hive-agent > > > Diffs > - > > hive-agent/pom.xml a2b4aa8 > > > Diff: https://reviews.apache.org/r/64057/diff/1/ > > > Testing > --- > > I had carefully tested the ranger + hive-agent after modified the issue. > > > Thanks, > > pengjianhua > >
[jira] [Commented] (RANGER-1908) Build (unit tests) failed in HBase Security Plugin
[ https://issues.apache.org/jira/browse/RANGER-1908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16266633#comment-16266633 ] Colm O hEigeartaigh commented on RANGER-1908: - Hi Nigel, Could you try applying this patch locally and see if you still see the test failure? https://issues.apache.org/jira/browse/RANGER-1893 The admin.disableTable is synchronous, and so the table should be disabled after the call returns, so this looks to me like a bug possibly in the old version of HBase we are using. > Build (unit tests) failed in HBase Security Plugin > -- > > Key: RANGER-1908 > URL: https://issues.apache.org/jira/browse/RANGER-1908 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Nigel Jones > Attachments: ranger-20171124a.log > > > MacOS > Java 1.8 (152, oracle) > Maven 3.5.0 > Build fails at > [INFO] HBase Security Plugin .. FAILURE [11:36 > min] > The failing test is: > [INFO] Running > org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest > Formatting using clusterid: testClusterID > [ERROR] Tests run: 20, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: > 689.962 s <<< FAILURE! - in > org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest > [ERROR] > testTagBasedTablePolicy(org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest) > Time elapsed: 611.879 s <<< ERROR! > org.apache.hadoop.hbase.exceptions.TimeoutIOException: > java.util.concurrent.TimeoutException: The procedure 18 is still running > at > org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.testTagBasedTablePolicy(HBaseRangerAuthorizationTest.java:780) > Caused by: java.util.concurrent.TimeoutException: The procedure 18 is still > running > at > org.apache.ranger.authorization.hbase.HBaseRangerAuthorizationTest.testTagBasedTablePolicy(HBaseRangerAuthorizationTest.java:780) > The next part of the test is ok: > [INFO] Running > org.apache.ranger.authorization.hbase.RangerAuthorizationFilterTest > [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.505 > s - in org.apache.ranger.authorization.hbase.RangerAuthorizationFilterTest -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 64051: RANGER-1906 - Simplify Atlas plugin dependency management
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64051/ --- Review request for ranger. Bugs: RANGER-1906 https://issues.apache.org/jira/browse/RANGER-1906 Repository: ranger Description --- This task is to simplify the dependency management for the Atlas plugin. In particular, the hadoop/solr dependencies should just be imported via the ranger-plugin-commons dependency. No changes are made to the resulting jars for the Atlas distribution. Diffs - plugin-atlas/pom.xml 957b4ce3 ranger-atlas-plugin-shim/pom.xml a207d16b src/main/assembly/plugin-atlas.xml fd988116 Diff: https://reviews.apache.org/r/64051/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1906) Simplify Atlas plugin dependency management
[ https://issues.apache.org/jira/browse/RANGER-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1906: Attachment: 0001-RANGER-1906-Simplify-Atlas-plugin-dependency-managem.patch > Simplify Atlas plugin dependency management > --- > > Key: RANGER-1906 > URL: https://issues.apache.org/jira/browse/RANGER-1906 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1906-Simplify-Atlas-plugin-dependency-managem.patch > > > This task is to simplify the dependency management for the Atlas plugin. In > particular, the hadoop/solr dependencies should just be imported via the > ranger-plugin-commons dependency. > No changes are made to the resulting jars for the Atlas distribution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1906) Simplify Atlas plugin dependency management
Colm O hEigeartaigh created RANGER-1906: --- Summary: Simplify Atlas plugin dependency management Key: RANGER-1906 URL: https://issues.apache.org/jira/browse/RANGER-1906 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Priority: Minor Fix For: 1.0.0 This task is to simplify the dependency management for the Atlas plugin. In particular, the hadoop/solr dependencies should just be imported via the ranger-plugin-commons dependency. No changes are made to the resulting jars for the Atlas distribution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Attachment: (was: 0001-RANGER-1895-Simplify-Storm-dependencies.patch) > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > > > This task is to simplify the Apache Storm dependencies for Ranger. We are > shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid > explicitly listing some of the dependencies, as they get pulled in via other > dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Attachment: 0001-RANGER-1895-Simplify-Storm-dependencies.patch Also removing unused deps from the shim > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > > > This task is to simplify the Apache Storm dependencies for Ranger. We are > shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid > explicitly listing some of the dependencies, as they get pulled in via other > dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63919: RANGER-1895 - Simplify Storm dependencies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63919/ --- (Updated Nov. 23, 2017, 12:02 p.m.) Review request for ranger. Bugs: RANGER-1895 https://issues.apache.org/jira/browse/RANGER-1895 Repository: ranger Description --- This task is to simplify the Apache Storm dependencies for Ranger. We are shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid explicitly listing some of the dependencies, as they get pulled in via other dependencies. Diffs (updated) - ranger-storm-plugin-shim/pom.xml de1972d4 src/main/assembly/storm-agent.xml 64224ec7 storm-agent/pom.xml 6e74e5b3 Diff: https://reviews.apache.org/r/63919/diff/2/ Changes: https://reviews.apache.org/r/63919/diff/1-2/ Testing --- Tested the plugin works OK with Apache Storm 1.1.1. The only change in the distribution is that it doesn't include the Hadoop HDFS jar. Thanks, Colm O hEigeartaigh
Re: Review Request 63987: RANGER-1905 : fix maven assembly creation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63987/#review191793 --- How can I reproduce the error as reported on the JIRA? I unzipped the Ranger admin + installed and started it without any errors in the logs. - Colm O hEigeartaigh On Nov. 22, 2017, 12:23 p.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63987/ > --- > > (Updated Nov. 22, 2017, 12:23 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1905 > https://issues.apache.org/jira/browse/RANGER-1905 > > > Repository: ranger > > > Description > --- > > As ranger-plugins-audit doesn't exclude guava from hadoop common, an older > guava > is leaked into embeddedwebserver classpath, which somehow filtered out by the > assembly plugin. > If we explicitly exclude the old guava, and include the new (17.0) guava in > ranger-plugins-audit module, the generated tar.gz/zip distributions will > contain the necessary guava-17.0.jar in ews/lib path. > > > Diffs > - > > agents-audit/pom.xml c8bd1d8f3 > src/main/assembly/plugin-atlas.xml fd988116d > > > Diff: https://reviews.apache.org/r/63987/diff/2/ > > > Testing > --- > > Tested with executing: > > mvn -DskipTests package assembly:assembly; > unzip -Z1 target/ranger-1.0.0-SNAPSHOT-admin.zip | sort > FILES.txt > > And comparing the results with different versions. With the patch, the guava > jar appears correctly. > > > Thanks, > > Zsombor Gegesy > >
Re: Review Request 63981: RANGER-1903:Simplify the maven dependency management of the Hdfs plugin for Ranger.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63981/#review191791 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 23, 2017, 3:19 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63981/ > --- > > (Updated Nov. 23, 2017, 3:19 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1903 > https://issues.apache.org/jira/browse/RANGER-1903 > > > Repository: ranger > > > Description > --- > > The hdfs-agent need not dependency the hbase-server ,hive-common and > hive-service jar. So they should be removed from the pom.xml file of the > hdfs-agent. > > > Diffs > - > > hdfs-agent/pom.xml 9f62060 > > > Diff: https://reviews.apache.org/r/63981/diff/2/ > > > Testing > --- > > I had carefully tested the hdfs plugin, hive plugin and hbase plugin after > modified the issue. > > > Thanks, > > pengjianhua > >
Re: Review Request 61062: RANGER-1707 : fix hdfs traverse check
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61062/#review191736 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 22, 2017, 12:39 p.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61062/ > --- > > (Updated Nov. 22, 2017, 12:39 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1707 > https://issues.apache.org/jira/browse/RANGER-1707 > > > Repository: ranger > > > Description > --- > > Fix hdfs traverse check, which problem was hidden before hdfs 2.8.0, where > the traverse checks are called > before reading and writing files, so if a policy is just about reading > /tmp/somedir/somefile > it means, that traverse should be allowed to get to that file. Adding > more tests to highlight the issue > > > Diffs > - > > hdfs-agent/pom.xml 9f6206013 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > af4d9b5c2 > > hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/61062/diff/3/ > > > Testing > --- > > Tested locally > https://travis-ci.org/gzsombor/ranger/builds/256331500 > > > Thanks, > > Zsombor Gegesy > >
Re: Review Request 61062: RANGER-1707 : fix hdfs traverse check
> On Nov. 21, 2017, 4 p.m., Colm O hEigeartaigh wrote: > > You could put some spaces into "for (int i=0;i<pathSegments.length;i++) {" > > There's also an indentation issue on line 201 of RangerHdfsAuthorizerTest. > > Other spacing issue here "ancestorIndex,plugin" > > > > > for (FsAction action : Arrays.asList(FsAction.EXECUTE, FsAction.READ, > > > FsAction.WRITE)) { > > > > I think the FsAction.EXECUTE is not necessary here, as we are checking > > EXECUTE already in "traverseOnlyCheck". > > Zsombor Gegesy wrote: > The trick is, that there are different inodes used for the checks: > > final AuthzStatus status = isAccessAllowed(nodeToCheck, nodeAttribs, > FsAction.EXECUTE, user, groups, plugin, auditHandler); > if (status == AuthzStatus.NOT_DETERMINED) { > return isAnyAccessAllowed(inode, inode, user, groups, plugin, > auditHandler); > } > > First, we use 'nodeToCheck', which can be a parent or ancestor node, and > in the loop, we use 'inode' which refers to the actual file. OK understood thanks. The indentation issue is still there, now on line 224 of RangerHdfsAuthorizerTest (single tab character indent) - Colm --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61062/#review191583 --- On Nov. 21, 2017, 4:34 p.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61062/ > --- > > (Updated Nov. 21, 2017, 4:34 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1707 > https://issues.apache.org/jira/browse/RANGER-1707 > > > Repository: ranger > > > Description > --- > > Fix hdfs traverse check, which problem was hidden before hdfs 2.8.0, where > the traverse checks are called > before reading and writing files, so if a policy is just about reading > /tmp/somedir/somefile > it means, that traverse should be allowed to get to that file. Adding > more tests to highlight the issue > > > Diffs > - > > hdfs-agent/pom.xml 9f6206013 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > af4d9b5c2 > > hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/61062/diff/2/ > > > Testing > --- > > Tested locally > https://travis-ci.org/gzsombor/ranger/builds/256331500 > > > Thanks, > > Zsombor Gegesy > >
Re: Build issues - inconsistent
I can't reproduce the test failures in Kafka, HBase or Hive. However, I can reproduce the build errors in security-admin. It's caused by this bug in Maven: https://issues.apache.org/jira/browse/MNG-6298 The solution is to use Apache Maven 3.5.0 instead of 3.5.2. Colm. On Tue, Nov 21, 2017 at 5:19 PM, Nigel Jones <nigel.l.jo...@gmail.com> wrote: > Consistent in failing, but it's unclear how repeatable any specific error > is... I'll try some more - this was the test from just 4 attempts so I > wanted to check I was doing things correct. > > My invocation in each case is > mvn -DskipTests=false clean compile package install assembly:assembly > > Maven versions were > a) 3.5.2 (local mac) > b) 3.5.0 (azure ubuntu 17.10) > c) 3.3.9 (cloudfoundry/openstack ubuntu 16.04) > > We hit funny maven issues in Atlas - jenkins is now at 3.5.0. I proposed a > validation check in ATLAS-2245 to persuade everyone to upgrade. > > I'm assuming lots of people here use macOS. Whilst my OS level is forward > I doubt that's the issue. Is everyone still building with java 1.7? And > what version of maven? Any other dependent components? > > Thanks > Nigel. > > On 2017-11-21 15:48, Colm O hEigeartaigh <cohei...@apache.org> wrote: > > What maven version are you using? Are the test failures consistent or > > sporadic? > > > > Colm. > > > > On Tue, Nov 21, 2017 at 3:09 PM, Nigel Jones <nigel.l.jo...@gmail.com> > > wrote: > > > > > I'm experiencing some issues getting the ranger build to work. > > > a) macOS (10.13.2 b4), oracle 8 *(152) > > > > > > [INFO] HBase Security Plugin .. FAILURE > [11:37 > > > min] > > > > > > [INFO] Running org.apache.ranger.authorization.hbase. > > > HBaseRangerAuthorizationTest > > > Formatting using clusterid: testClusterID > > > [ERROR] Tests run: 20, Failures: 0, Errors: 1, Skipped: 0, Time > elapsed: > > > 690.138 s <<< FAILURE! - in org.apache.ranger.authorization.hbase. > > > HBaseRangerAuthorizationTest > > > [ERROR] testTagBasedTablePolicy(org.apache.ranger.authorization.hbase. > HBaseRangerAuthorizationTest) > > > Time elapsed: 612.923 s <<< ERROR! > > > org.apache.hadoop.hbase.exceptions.TimeoutIOException: > > > java.util.concurrent.TimeoutException: The procedure 18 is still > running > > > at org.apache.ranger.authorization.hbase. > > > HBaseRangerAuthorizationTest.testTagBasedTablePolicy( > > > HBaseRangerAuthorizationTest.java:780) > > > Caused by: java.util.concurrent.TimeoutException: The procedure 18 is > > > still running > > > at org.apache.ranger.authorization.hbase. > > > HBaseRangerAuthorizationTest.testTagBasedTablePolicy( > > > HBaseRangerAuthorizationTest.java:780) > > > > > > > > > >> This looks like potentially a timeout, though at 690s maybe in > reality > > > a logical issue > > > > > > b) Ubuntu 17.10, MS Azure, openjdk 8 (151) > > > > > > [INFO] Hive Security Plugin ... FAILURE [ > > > 41.084 s] > > > ERROR StatusLogger No log4j2 configuration file found. Using default > > > configuration: logging only errors to the console. > > > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: > > > 30.286 s <<< FAILURE! - in org.apache.ranger.services. > > > hive.HIVERangerAuthorizerTest > > > [ERROR] org.apache.ranger.services.hive.HIVERangerAuthorizerTest Time > > > elapsed: 30.286 s <<< ERROR! > > > java.sql.SQLException: Could not open client transport with JDBC Uri: > > > jdbc:hive2://localhost:36781: java.net.ConnectException: Connection > refused > > > (Connection refused) > > > at org.apache.ranger.services.hive.HIVERangerAuthorizerTest. > setup( > > > HIVERangerAuthorizerTest.java:103) > > > Caused by: org.apache.thrift.transport.TTransportException: > > > java.net.ConnectException: Connection refused (Connection refused) > > > at org.apache.ranger.services.hive.HIVERangerAuthorizerTest. > setup( > > > HIVERangerAuthorizerTest.java:103) > > > Caused by: java.net.ConnectException: Connection refused (Connection > > > refused) > > > at org.apache.ranger.services.hive.HIVERangerAuthorizerTest. > setup( > > > HIVERangerAuthorizerTest.java:103) > > > > > > > > > >> This one is clearly a jdbc connection issue, perhaps hive didn't > start > >
Re: Review Request 63867: RANGER-1848:Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63867/#review191587 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 21, 2017, 3:33 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63867/ > --- > > (Updated Nov. 21, 2017, 3:33 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1848 > https://issues.apache.org/jira/browse/RANGER-1848 > > > Repository: ranger > > > Description > --- > > Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin. > It affects link and job resource lookup when creating sqoop policy in > RangerAdmin. > > > Diffs > - > > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > 640d5db > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobsResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinkResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinksResponse.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/63867/diff/3/ > > > Testing > --- > > Tested sqoop link and job resource lookup. > > > Thanks, > > Qiang Zhang > >
[jira] [Updated] (RANGER-1896) Remove deprecated extractedCommonCriterias call from the SearchUtil
[ https://issues.apache.org/jira/browse/RANGER-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1896: Fix Version/s: 1.0.0 > Remove deprecated extractedCommonCriterias call from the SearchUtil > > > Key: RANGER-1896 > URL: https://issues.apache.org/jira/browse/RANGER-1896 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.7.1 >Reporter: Zsombor Gegesy >Assignee: Zsombor Gegesy > Fix For: 1.0.0 > > Attachments: RANGER-1896.patch > > > There is a deprecated extractedCommonCriterias call in SearchUtil, which is > called from UserREST controller, which can be removed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (RANGER-1896) Remove deprecated extractedCommonCriterias call from the SearchUtil
[ https://issues.apache.org/jira/browse/RANGER-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1896. - Resolution: Fixed > Remove deprecated extractedCommonCriterias call from the SearchUtil > > > Key: RANGER-1896 > URL: https://issues.apache.org/jira/browse/RANGER-1896 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.7.1 >Reporter: Zsombor Gegesy >Assignee: Zsombor Gegesy > Fix For: 1.0.0 > > Attachments: RANGER-1896.patch > > > There is a deprecated extractedCommonCriterias call in SearchUtil, which is > called from UserREST controller, which can be removed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 61062: RANGER-1707 : fix hdfs traverse check
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61062/#review191583 --- You could put some spaces into "for (int i=0;i<pathSegments.length;i++) {" There's also an indentation issue on line 201 of RangerHdfsAuthorizerTest. Other spacing issue here "ancestorIndex,plugin" > for (FsAction action : Arrays.asList(FsAction.EXECUTE, FsAction.READ, > FsAction.WRITE)) { I think the FsAction.EXECUTE is not necessary here, as we are checking EXECUTE already in "traverseOnlyCheck". - Colm O hEigeartaigh On July 22, 2017, 10:31 a.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61062/ > --- > > (Updated July 22, 2017, 10:31 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1707 > https://issues.apache.org/jira/browse/RANGER-1707 > > > Repository: ranger > > > Description > --- > > Fix hdfs traverse check, which problem was hidden before hdfs 2.8.0, where > the traverse checks are called > before reading and writing files, so if a policy is just about reading > /tmp/somedir/somefile > it means, that traverse should be allowed to get to that file. Adding > more tests to highlight the issue > > > Diffs > - > > hdfs-agent/pom.xml 9f62060 > > hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java > d28685a > > hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/61062/diff/1/ > > > Testing > --- > > Tested locally > https://travis-ci.org/gzsombor/ranger/builds/256331500 > > > Thanks, > > Zsombor Gegesy > >
Re: Build issues - inconsistent
m2/repository/com/webcohesion/ > enunciate/enunciate-docs/2.8.0/enunciate-docs-2.8.0.jar!/ > com/webcohesion/enunciate/modules/docs/docs.fmt" in macro > "processResourceGroup" at line 556, column 11] > [ERROR] ~ Reached through: #nested [in template > "jar:file:/Users/jonesn/.m2/repository/com/webcohesion/ > enunciate/enunciate-docs/2.8.0/enunciate-docs-2.8.0.jar!/ > com/webcohesion/enunciate/modules/docs/docs.fmt" in macro "boilerplate" > at line 141, column 9] > [ERROR] ~ Reached through: @boilerplate title=(title + ": " + > re... [in template "jar:file:/Users/jonesn/.m2/ > repository/com/webcohesion/enunciate/enunciate-docs/2.8. > 0/enunciate-docs-2.8.0.jar!/com/webcohesion/enunciate/modules/docs/docs.fmt" > in macro "processResourceGroup" at line 518, column 5] > [ERROR] - Reached through: @file name=(resourceGroup.slug + > ".ht... [in template "jar:file:/Users/jonesn/.m2/ > repository/com/webcohesion/enunciate/enunciate-docs/2.8. > 0/enunciate-docs-2.8.0.jar!/com/webcohesion/enunciate/modules/docs/docs.fmt" > in macro "processResourceGroup" at line 517, column 3] > [ERROR] - Reached through: @processResourceGroup > resourceGroup=r... [in template "jar:file:/Users/jonesn/.m2/ > repository/com/webcohesion/enunciate/enunciate-docs/2.8. > 0/enunciate-docs-2.8.0.jar!/com/webcohesion/enunciate/modules/docs/docs.fmt" > at line 238, column 11] > [ERROR] ~ Reached through: #nested [in template > "jar:file:/Users/jonesn/.m2/repository/com/webcohesion/ > enunciate/enunciate-docs/2.8.0/enunciate-docs-2.8.0.jar!/ > com/webcohesion/enunciate/modules/docs/docs.fmt" in macro "boilerplate" > at line 141, column 9] > [ERROR] ~ Reached through: @boilerplate pagenav=pagenav [in > template "jar:file:/Users/jonesn/.m2/repository/com/webcohesion/ > enunciate/enunciate-docs/2.8.0/enunciate-docs-2.8.0.jar!/ > com/webcohesion/enunciate/modules/docs/docs.fmt" at line 192, column 3] > [ERROR] - Reached through: @file name=indexPageName [in template > "jar:file:/Users/jonesn/.m2/repository/com/webcohesion/ > enunciate/enunciate-docs/2.8.0/enunciate-docs-2.8.0.jar!/ > com/webcohesion/enunciate/modules/docs/docs.fmt" at line 181, column 1] > [ERROR] : InvocationTargetException: > javax/annotation/security/RolesAllowed: > javax.annotation.security.RolesAllowed > [ERROR] -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with the > -e switch. > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > [ERROR] > [ERROR] For more information about the errors and possible solutions, > please read the following articles: > [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ > MojoExecutionException > [ERROR] > [ERROR] After correcting the problems, you can resume the build with the > command > [ERROR] mvn -rf :security-admin-web > > > >> --- > > So that's 4 attempts, 4 different results. I could open JIRAs, but I'm > concerned at the lack of consistency. What do I need to check in my dev > environments? Are there additional prereqs not checked for in maven? > > My Atlas builds are more consistent (occasional timeout, but generally > sharing results with others) > > Many thanks > Nigel Jones > nigel.l.jo...@gmail.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Review Request 63949: RANGER-1898 - Simplify Knox plugin dependency management
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63949/ --- Review request for ranger. Bugs: RANGER-1898 https://issues.apache.org/jira/browse/RANGER-1898 Repository: ranger Description --- This task is to simplify the dependency management for the Knox plugin for Ranger. In addition, the hadoop-hdfs jar is removed from the distribution, as it is not required. Diffs - knox-agent/pom.xml 52f15cd0 src/main/assembly/knox-agent.xml 8357d498 Diff: https://reviews.apache.org/r/63949/diff/1/ Testing --- Tested that the distribution ships the same jars as before, apart from hadoop-hdfs. Also tested a use-case involving Ranger + Knox. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1898) Simplify Knox plugin dependency management
[ https://issues.apache.org/jira/browse/RANGER-1898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1898: Attachment: 0001-RANGER-1898-Simplify-Knox-plugin-dependency-manageme.patch > Simplify Knox plugin dependency management > -- > > Key: RANGER-1898 > URL: https://issues.apache.org/jira/browse/RANGER-1898 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1898-Simplify-Knox-plugin-dependency-manageme.patch > > > This task is to simplify the dependency management for the Knox plugin for > Ranger. In addition, the hadoop-hdfs jar is removed from the distribution, as > it is not required. > Tested that the distribution ships the same jars as before, apart from > hadoop-hdfs. Also tested a use-case involving Ranger + Knox. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1898) Simplify Knox plugin dependency management
Colm O hEigeartaigh created RANGER-1898: --- Summary: Simplify Knox plugin dependency management Key: RANGER-1898 URL: https://issues.apache.org/jira/browse/RANGER-1898 Project: Ranger Issue Type: Bug Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Priority: Minor Fix For: 1.0.0 This task is to simplify the dependency management for the Knox plugin for Ranger. In addition, the hadoop-hdfs jar is removed from the distribution, as it is not required. Tested that the distribution ships the same jars as before, apart from hadoop-hdfs. Also tested a use-case involving Ranger + Knox. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63867: RANGER-1848:Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63867/#review191495 --- In SqoopClient, I think it would be better to return Collections.emptyList() instead of null. - Colm O hEigeartaigh On Nov. 20, 2017, 8:13 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63867/ > --- > > (Updated Nov. 20, 2017, 8:13 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1848 > https://issues.apache.org/jira/browse/RANGER-1848 > > > Repository: ranger > > > Description > --- > > Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin. > It affects link and job resource lookup when creating sqoop policy in > RangerAdmin. > > > Diffs > - > > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > 640d5db > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobsResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinkResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinksResponse.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/63867/diff/2/ > > > Testing > --- > > Tested sqoop link and job resource lookup. > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63870: RANGER-1861:There are errors when the "ranger-kms start" command was executed.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63870/#review191494 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 16, 2017, 10:03 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63870/ > --- > > (Updated Nov. 16, 2017, 10:03 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1861 > https://issues.apache.org/jira/browse/RANGER-1861 > > > Repository: ranger > > > Description > --- > > There are errors when the "ranger-kms start" command was executed. > > 2017-10-28 23:23:33,339 ERROR XMLUtils - Error loading : > java.lang.IllegalArgumentException: InputStream cannot be null > at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:117) > at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:64) > at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:48) > at > org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:77) > at > org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:69) > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 40eed861 > > > Diff: https://reviews.apache.org/r/63870/diff/1/ > > > Testing > --- > > > Thanks, > > pengjianhua > >
Re: Review Request 63921: RANGER-1896 : Remove deprecated extractedCommonCriterias call from the SearchUtil and fix the UserREST controller
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63921/#review191490 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 17, 2017, 4:48 p.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63921/ > --- > > (Updated Nov. 17, 2017, 4:48 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1896 > https://issues.apache.org/jira/browse/RANGER-1896 > > > Repository: ranger > > > Description > --- > > Deprecated code removed, and the newer extractCommonCriterias method is used > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java > ad307339a > security-admin/src/main/java/org/apache/ranger/rest/UserREST.java 4bf18991a > security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java > 373b6f348 > > > Diff: https://reviews.apache.org/r/63921/diff/1/ > > > Testing > --- > > Tested with calling : > http://rangerhost/service/users?sortBy=userId > http://rangerhost/service/users?sortBy=loginId > http://rangerhost/service/users?sortBy=emailAddress > http://rangerhost/service/users?sortBy=firstName > http://rangerhost/service/users?sortBy=lastName > > > Thanks, > > Zsombor Gegesy > >
Re: Review Request 63867: RANGER-1848:Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63867/#review191359 --- I think the Commons Collections 4 dependency should be avoided as it is not really required. - Colm O hEigeartaigh On Nov. 16, 2017, 7:13 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63867/ > --- > > (Updated Nov. 16, 2017, 7:13 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1848 > https://issues.apache.org/jira/browse/RANGER-1848 > > > Repository: ranger > > > Description > --- > > Implement getLinkList/getJobList in SqoopClient for Ranger Sqoop2 plugin. > It affects link and job resource lookup when creating sqoop policy in > RangerAdmin. > > > Diffs > - > > plugin-sqoop/pom.xml 58d10a4 > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > 640d5db > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopJobsResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinkResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopLinksResponse.java > PRE-CREATION > pom.xml 589cd6a > src/main/assembly/admin-web.xml aa37426 > > > Diff: https://reviews.apache.org/r/63867/diff/1/ > > > Testing > --- > > Tested sqoop link and job resource lookup. > > > Thanks, > > Qiang Zhang > >
Review Request 63919: RANGER-1895 - Simplify Storm dependencies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63919/ --- Review request for ranger. Bugs: RANGER-1895 https://issues.apache.org/jira/browse/RANGER-1895 Repository: ranger Description --- This task is to simplify the Apache Storm dependencies for Ranger. We are shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid explicitly listing some of the dependencies, as they get pulled in via other dependencies. Diffs - src/main/assembly/storm-agent.xml 64224ec7 storm-agent/pom.xml 6e74e5b3 Diff: https://reviews.apache.org/r/63919/diff/1/ Testing --- Tested the plugin works OK with Apache Storm 1.1.1. The only change in the distribution is that it doesn't include the Hadoop HDFS jar. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1895) Simplify Storm dependencies
[ https://issues.apache.org/jira/browse/RANGER-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1895: Attachment: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > Simplify Storm dependencies > --- > > Key: RANGER-1895 > URL: https://issues.apache.org/jira/browse/RANGER-1895 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1895-Simplify-Storm-dependencies.patch > > > This task is to simplify the Apache Storm dependencies for Ranger. We are > shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid > explicitly listing some of the dependencies, as they get pulled in via other > dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1895) Simplify Storm dependencies
Colm O hEigeartaigh created RANGER-1895: --- Summary: Simplify Storm dependencies Key: RANGER-1895 URL: https://issues.apache.org/jira/browse/RANGER-1895 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Priority: Minor Fix For: 1.0.0 This task is to simplify the Apache Storm dependencies for Ranger. We are shipping the hadoop-hdfs jar, which is not required. Secondly, we can avoid explicitly listing some of the dependencies, as they get pulled in via other dependencies. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1894) Fix HDFS tests to work with Hadoop 3.0.0
[ https://issues.apache.org/jira/browse/RANGER-1894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1894: Attachment: 0001-RANGER-1894-Fix-HDFS-tests-to-work-with-Hadoop-3.0.0.patch > Fix HDFS tests to work with Hadoop 3.0.0 > > > Key: RANGER-1894 > URL: https://issues.apache.org/jira/browse/RANGER-1894 > Project: Ranger > Issue Type: Test > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1894-Fix-HDFS-tests-to-work-with-Hadoop-3.0.0.patch > > > The HDFS tests fail when run with Hadoop 3.0.0. This is due to a change in > permissions in Hadoop 3.0.0 - all operations (e.g. read/write) must also now > have an "execute" permission for all path components, apart from the last one. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 63908: RANGER-1894 - Fix HDFS tests to work with Hadoop 3.0.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63908/ --- Review request for ranger. Bugs: RANGER-1894 https://issues.apache.org/jira/browse/RANGER-1894 Repository: ranger Description --- The HDFS tests fail when run with Hadoop 3.0.0. This is due to a change in permissions in Hadoop 3.0.0 - all operations (e.g. read/write) must also now have an "execute" permission for all path components, apart from the last one. Diffs - hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/HDFSRangerTest.java a7215ce9 hdfs-agent/src/test/resources/hdfs-policies.json 056231fc Diff: https://reviews.apache.org/r/63908/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Created] (RANGER-1894) Fix HDFS tests to work with Hadoop 3.0.0
Colm O hEigeartaigh created RANGER-1894: --- Summary: Fix HDFS tests to work with Hadoop 3.0.0 Key: RANGER-1894 URL: https://issues.apache.org/jira/browse/RANGER-1894 Project: Ranger Issue Type: Test Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.0.0 The HDFS tests fail when run with Hadoop 3.0.0. This is due to a change in permissions in Hadoop 3.0.0 - all operations (e.g. read/write) must also now have an "execute" permission for all path components, apart from the last one. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63789: RANGER-1887:serviceDef.getResources().get(0).getName(); case IndexOutOfBoundsException in RangerServiceTag.class And print error in RangerServiceStorm
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63789/#review191312 --- The "String tagResourceName = null" definition could be moved into the if statement, e.g. String tagResourceName = serviceDef.getResources().get(0).getName(); - Colm O hEigeartaigh On Nov. 17, 2017, 6:16 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63789/ > --- > > (Updated Nov. 17, 2017, 6:16 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1887 > https://issues.apache.org/jira/browse/RANGER-1887 > > > Repository: ranger > > > Description > --- > > String tagResourceName = serviceDef.getResources().get(0).getName(); case > java.lang.IndexOutOfBoundsException in RangerServiceTag.class > And print log error for RangerServiceStorm.class > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java > ce6002b > > storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java > d4dbd7b > > > Diff: https://reviews.apache.org/r/63789/diff/3/ > > > Testing > --- > > Tested it > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63182: RANGER-1849 - Remove PasswordGenerator and FileStoreUtil
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63182/ --- (Updated Nov. 16, 2017, 12:18 p.m.) Review request for ranger. Bugs: RANGER-1849 https://issues.apache.org/jira/browse/RANGER-1849 Repository: ranger Description --- PasswordGenerator is not used in any of the scripts and should be removed. Same goes for FileStoreUtil. Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/store/file/FileStoreUtil.java 3f408d76 agents-installer/src/main/java/org/apache/ranger/utils/install/PasswordGenerator.java a829957a Diff: https://reviews.apache.org/r/63182/diff/2/ Changes: https://reviews.apache.org/r/63182/diff/1-2/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1849) Remove PasswordGenerator and FileStoreUtil
[ https://issues.apache.org/jira/browse/RANGER-1849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1849: Attachment: 0001-RANGER-1849-Remove-PasswordGenerator-and-FileStoreUt.patch > Remove PasswordGenerator and FileStoreUtil > -- > > Key: RANGER-1849 > URL: https://issues.apache.org/jira/browse/RANGER-1849 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Trivial > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1849-Remove-PasswordGenerator-and-FileStoreUt.patch > > > PasswordGenerator is not used in any of the scripts and should be removed. > Same goes for FileStoreUtil. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63182: RANGER-1849 - Remove PasswordGenerator and FileStoreUtil
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63182/ --- (Updated Nov. 16, 2017, 12:11 p.m.) Review request for ranger. Summary (updated) - RANGER-1849 - Remove PasswordGenerator and FileStoreUtil Bugs: RANGER-1849 https://issues.apache.org/jira/browse/RANGER-1849 Repository: ranger Description (updated) --- PasswordGenerator is not used in any of the scripts and should be removed. Same goes for FileStoreUtil. Diffs - agents-installer/src/main/java/org/apache/ranger/utils/install/PasswordGenerator.java a829957a Diff: https://reviews.apache.org/r/63182/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1849) Remove PasswordGenerator and FileStoreUtil
[ https://issues.apache.org/jira/browse/RANGER-1849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1849: Description: PasswordGenerator is not used in any of the scripts and should be removed. Same goes for FileStoreUtil. (was: PasswordGenerator is not used in any of the scripts and should be removed.) > Remove PasswordGenerator and FileStoreUtil > -- > > Key: RANGER-1849 > URL: https://issues.apache.org/jira/browse/RANGER-1849 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Trivial > Fix For: 1.0.0 > > > PasswordGenerator is not used in any of the scripts and should be removed. > Same goes for FileStoreUtil. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1849) Remove PasswordGenerator and FileStoreUtil
[ https://issues.apache.org/jira/browse/RANGER-1849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1849: Summary: Remove PasswordGenerator and FileStoreUtil (was: Remove PasswordGenerator) > Remove PasswordGenerator and FileStoreUtil > -- > > Key: RANGER-1849 > URL: https://issues.apache.org/jira/browse/RANGER-1849 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Trivial > Fix For: 1.0.0 > > > PasswordGenerator is not used in any of the scripts and should be removed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
[ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16255203#comment-16255203 ] Colm O hEigeartaigh commented on RANGER-1738: - The problem with switching Ranger to Hadoop 3.0.0, is that a lot of the components rely on Hadoop 2.7.x, and it ends up breaking a lot of the tests (HBase, Hive, etc.), as we end up having different Hadoop versions on the classpath. Perhaps we should wait to update to Hadoop 3.0.0 until more of the components release new major versions depending on Hadoop 3.0.0? Until then I could just add a new plugin for Yarn 3.0.0 so we can claim to support Hadoop 3.0.0. WDYT? > RangerYarnAuthorizer not compatible with Hadoop-3.0.0 > - > > Key: RANGER-1738 > URL: https://issues.apache.org/jira/browse/RANGER-1738 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.1 >Reporter: Hong Shen >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch > > > In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed. > The new YarnAuthorizationProvider.java has change the methods checkPermission > and setPermission, > {code:title=YarnAuthorizationProvider.java|borderStyle=solid} > /** >* Check if user has the permission to access the target object. >* >* @param accessRequest >* the request object which contains all the access context info. >* @return true if user can access the object, otherwise false. >*/ > public abstract boolean checkPermission(AccessRequest accessRequest); > /** >* Set permissions for the target object. >* >* @param permissions >*A list of permissions on the target object. >* @param ugi User who sets the permissions. >*/ > public abstract void setPermission(List permissions, > UserGroupInformation ugi); > {code} > But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement > the old method. > {code:title=RangerYarnAuthorizer.java|borderStyle=solid} > @Override > public void setPermission(PrivilegedEntity entity, Map<AccessType, > AccessControlList> permission, UserGroupInformation ugi) { >... > @Override > public boolean checkPermission(AccessType accessType, PrivilegedEntity > entity, UserGroupInformation ugi) { > {code} > I think yarn plugin should also impletement the new method. I will add a > patch for it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63870: RANGER-1861:There are errors when the "ranger-kms start" command was executed.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63870/#review191172 --- How does your change prevent the error? From what I can see the change is that it doesn't load the DEFAULT_CONFIG_FILENAME if an argument is specified. - Colm O hEigeartaigh On Nov. 16, 2017, 10:03 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63870/ > --- > > (Updated Nov. 16, 2017, 10:03 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1861 > https://issues.apache.org/jira/browse/RANGER-1861 > > > Repository: ranger > > > Description > --- > > There are errors when the "ranger-kms start" command was executed. > > 2017-10-28 23:23:33,339 ERROR XMLUtils - Error loading : > java.lang.IllegalArgumentException: InputStream cannot be null > at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:117) > at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:64) > at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:48) > at > org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:77) > at > org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:69) > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 40eed861 > > > Diff: https://reviews.apache.org/r/63870/diff/1/ > > > Testing > --- > > > Thanks, > > pengjianhua > >
Re: Review Request 63789: RANGER-1887:serviceDef.getResources().get(0).getName(); case IndexOutOfBoundsException in RangerServiceTag.class And print error in RangerServiceStorm
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63789/#review191170 --- The indentation of the for loop needs to be shifted to the right due to the new if statement. - Colm O hEigeartaigh On Nov. 14, 2017, 11:09 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63789/ > --- > > (Updated Nov. 14, 2017, 11:09 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1887 > https://issues.apache.org/jira/browse/RANGER-1887 > > > Repository: ranger > > > Description > --- > > String tagResourceName = serviceDef.getResources().get(0).getName(); case > java.lang.IndexOutOfBoundsException in RangerServiceTag.class > And print log error for RangerServiceStorm.class > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java > ce6002b > > storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java > d4dbd7b > > > Diff: https://reviews.apache.org/r/63789/diff/2/ > > > Testing > --- > > Tested it > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63834: RANGER-1893 - Update HBase dependency to 1.2.6
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63834/ --- (Updated Nov. 15, 2017, 3:14 p.m.) Review request for ranger. Changes --- Also removing some unused properties Bugs: RANGER-1893 https://issues.apache.org/jira/browse/RANGER-1893 Repository: ranger Description --- We currently rely on an old HBase dependency (1.1.3). This task is to upgrade it to 1.2.6. The plugin works correctly with no changes since 1.1.x. Diffs (updated) - pom.xml 589cd6ac Diff: https://reviews.apache.org/r/63834/diff/2/ Changes: https://reviews.apache.org/r/63834/diff/1-2/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1893) Update HBase dependency to 1.2.6
[ https://issues.apache.org/jira/browse/RANGER-1893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1893: Attachment: (was: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch) > Update HBase dependency to 1.2.6 > > > Key: RANGER-1893 > URL: https://issues.apache.org/jira/browse/RANGER-1893 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch > > > We currently rely on an old HBase dependency (1.1.3). This task is to upgrade > it to 1.2.6. The plugin works correctly with no changes since 1.1.x. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1893) Update HBase dependency to 1.2.6
[ https://issues.apache.org/jira/browse/RANGER-1893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1893: Attachment: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch Also removing some unused properties > Update HBase dependency to 1.2.6 > > > Key: RANGER-1893 > URL: https://issues.apache.org/jira/browse/RANGER-1893 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch > > > We currently rely on an old HBase dependency (1.1.3). This task is to upgrade > it to 1.2.6. The plugin works correctly with no changes since 1.1.x. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 63834: RANGER-1893 - Update HBase dependency to 1.2.6
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63834/ --- Review request for ranger. Bugs: RANGER-1893 https://issues.apache.org/jira/browse/RANGER-1893 Repository: ranger Description --- We currently rely on an old HBase dependency (1.1.3). This task is to upgrade it to 1.2.6. The plugin works correctly with no changes since 1.1.x. Diffs - pom.xml 589cd6ac Diff: https://reviews.apache.org/r/63834/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1893) Update HBase dependency to 1.2.6
[ https://issues.apache.org/jira/browse/RANGER-1893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1893: Attachment: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch > Update HBase dependency to 1.2.6 > > > Key: RANGER-1893 > URL: https://issues.apache.org/jira/browse/RANGER-1893 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1893-Update-HBase-dependency-to-1.2.6.patch > > > We currently rely on an old HBase dependency (1.1.3). This task is to upgrade > it to 1.2.6. The plugin works correctly with no changes since 1.1.x. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1893) Update HBase dependency to 1.2.6
Colm O hEigeartaigh created RANGER-1893: --- Summary: Update HBase dependency to 1.2.6 Key: RANGER-1893 URL: https://issues.apache.org/jira/browse/RANGER-1893 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.0.0 We currently rely on an old HBase dependency (1.1.3). This task is to upgrade it to 1.2.6. The plugin works correctly with no changes since 1.1.x. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
[ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16253284#comment-16253284 ] Colm O hEigeartaigh commented on RANGER-1738: - [~rmani], [~vperiasamy], OK so what you are suggesting here is to drop the Hadoop 2.7.x dependency from Ranger altogether? This could work, but 3.0.0 is currently a "beta" - I'm not sure when the plans are to ship a final 3.0.0 version. Would we be happy to release Ranger 1.0.0 off a beta Hadoop version? It might be less risky just to leave the dependency on Hadoop 2.7.x, but add some exclusions in the Yarn 3.0.0 plugin to exclude 2.7.x jars. The distribution for the new plugin doesn't include any Hadoop jars in the "lib" directory. [~vperiasamy], It's not possible to have RangerYarnAuthorizer work with multiple versions, as with Hadoop 3.0.0 you have to implement methods that take arguments that are only available in Hadoop 3.0.0. > RangerYarnAuthorizer not compatible with Hadoop-3.0.0 > - > > Key: RANGER-1738 > URL: https://issues.apache.org/jira/browse/RANGER-1738 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.1 > Reporter: Hong Shen >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch > > > In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed. > The new YarnAuthorizationProvider.java has change the methods checkPermission > and setPermission, > {code:title=YarnAuthorizationProvider.java|borderStyle=solid} > /** >* Check if user has the permission to access the target object. >* >* @param accessRequest >* the request object which contains all the access context info. >* @return true if user can access the object, otherwise false. >*/ > public abstract boolean checkPermission(AccessRequest accessRequest); > /** >* Set permissions for the target object. >* >* @param permissions >*A list of permissions on the target object. >* @param ugi User who sets the permissions. >*/ > public abstract void setPermission(List permissions, > UserGroupInformation ugi); > {code} > But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement > the old method. > {code:title=RangerYarnAuthorizer.java|borderStyle=solid} > @Override > public void setPermission(PrivilegedEntity entity, Map<AccessType, > AccessControlList> permission, UserGroupInformation ugi) { >... > @Override > public boolean checkPermission(AccessType accessType, PrivilegedEntity > entity, UserGroupInformation ugi) { > {code} > I think yarn plugin should also impletement the new method. I will add a > patch for it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63789: RANGER-1887:serviceDef.getResources().get(0).getName(); case IndexOutOfBoundsException in RangerServiceTag.class And print error in RangerServiceStorm
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63789/#review190928 --- It's better to write "!serviceDef.getResources().isEmpty()" than "serviceDef.getResources().size() > 0". What happens if tagResourceName is null. Will "defaultPolicy.getResources().get(tagResourceName)" throw a NPE? - Colm O hEigeartaigh On Nov. 14, 2017, 8:15 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63789/ > --- > > (Updated Nov. 14, 2017, 8:15 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1887 > https://issues.apache.org/jira/browse/RANGER-1887 > > > Repository: ranger > > > Description > --- > > String tagResourceName = serviceDef.getResources().get(0).getName(); case > java.lang.IndexOutOfBoundsException in RangerServiceTag.class > And print log error for RangerServiceStorm.class > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java > ce6002b > > storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java > d4dbd7b > > > Diff: https://reviews.apache.org/r/63789/diff/1/ > > > Testing > --- > > Tested it > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63700: [RANGER-1881] Reduce code duplication in kms, where the console handling code is repeated 4 times.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63700/#review190819 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 9, 2017, 1:45 p.m., Zsombor Gegesy wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63700/ > --- > > (Updated Nov. 9, 2017, 1:45 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1881 > https://issues.apache.org/jira/browse/RANGER-1881 > > > Repository: ranger > > > Description > --- > > Move the password handling functionality into a common method > > > Diffs > - > > kms/src/main/java/org/apache/hadoop/crypto/key/ConsoleUtil.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/DB2HSMMKUtil.java edbb299aa > kms/src/main/java/org/apache/hadoop/crypto/key/HSM2DBMKUtil.java 427e09857 > kms/src/main/java/org/apache/hadoop/crypto/key/JKS2RangerUtil.java > 22dce0f5f > kms/src/main/java/org/apache/hadoop/crypto/key/Ranger2JKSUtil.java > 1abbf8e3c > > > Diff: https://reviews.apache.org/r/63700/diff/1/ > > > Testing > --- > > Run the command line tools. > > Travis tests: > https://travis-ci.org/gzsombor/ranger/builds/299618293 > > > Thanks, > > Zsombor Gegesy > >
[jira] [Updated] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
[ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1738: Attachment: 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch A patch for this issue. I introduced a new plugin for Yarn with Hadoop 3.0.0, which simply extends the 2.x plugin with the new methods. A new plugin shim is also included. > RangerYarnAuthorizer not compatible with Hadoop-3.0.0 > - > > Key: RANGER-1738 > URL: https://issues.apache.org/jira/browse/RANGER-1738 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.1 >Reporter: Hong Shen >Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1738-RangerYarnAuthorizer-not-compatible-with.patch > > > In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed. > The new YarnAuthorizationProvider.java has change the methods checkPermission > and setPermission, > {code:title=YarnAuthorizationProvider.java|borderStyle=solid} > /** >* Check if user has the permission to access the target object. >* >* @param accessRequest >* the request object which contains all the access context info. >* @return true if user can access the object, otherwise false. >*/ > public abstract boolean checkPermission(AccessRequest accessRequest); > /** >* Set permissions for the target object. >* >* @param permissions >*A list of permissions on the target object. >* @param ugi User who sets the permissions. >*/ > public abstract void setPermission(List permissions, > UserGroupInformation ugi); > {code} > But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement > the old method. > {code:title=RangerYarnAuthorizer.java|borderStyle=solid} > @Override > public void setPermission(PrivilegedEntity entity, Map<AccessType, > AccessControlList> permission, UserGroupInformation ugi) { >... > @Override > public boolean checkPermission(AccessType accessType, PrivilegedEntity > entity, UserGroupInformation ugi) { > {code} > I think yarn plugin should also impletement the new method. I will add a > patch for it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Feedback request for https://reviews.apache.org/r/56094/
Hi Madhan, Just a follow up on this issue. I was thinking the easiest way to solve it is to follow your first suggestion to remove the implied grant. However, the problem is that this implied grant exists in Yarn itself. So if "alice" is granted the "administer queue" permission only, she can still submit applications. I'm thinking now that we might be better off just to leave the existing logic, that "administer queue" implies "submit application". If a user is "denied" "administer queue", then this just overrides any "positive" "submit application" permission. WDYT? Colm. On Wed, Nov 8, 2017 at 8:18 PM, Don Bosco Durai <bo...@apache.org> wrote: > @madhan or @ramesh or @abhay are the right folks. > > Thanks > > Bosco > > > On 11/8/17, 4:52 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: > > Hi, > > A user logged an issue with Yarn that I finally got around to looking > at. > The proposed patch submitted by the user is here: > > https://reviews.apache.org/r/56094/ > > The problem is that a user "alice" can have the "submit-app" > permission, > but be denied the "admin-queue" permission. This should work in > theory, but > it doesn't. "admin-queue" implies "submit-app", but the Ranger policy > logic > seems to interpret this implication incorrectly, in that a "negative" > admin-queue policy overrides a "positive" submit-app policy. > > As the change is in the core policy logic I'd like an experienced > reviewer > to take a look. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Resolved] (RANGER-1339) DENY and ALLOW EXCLUSION do not work with YARN
[ https://issues.apache.org/jira/browse/RANGER-1339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1339. - Resolution: Won't Fix See https://issues.apache.org/jira/browse/RANGER-1885 instead. > DENY and ALLOW EXCLUSION do not work with YARN > -- > > Key: RANGER-1339 > URL: https://issues.apache.org/jira/browse/RANGER-1339 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.6.0, 0.7.0, 0.6.2 >Reporter: Yan >Assignee: Colm O hEigeartaigh > > When a user is denied, or excluded from allowed, the use of "admin-queue", > but is allowed the "submit-app", he is actually unable to submit Yarn jobs at > all. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 56094: Ranger-1339: DENY and ALLOW EXCLUSION do not work with YARN
> On Nov. 10, 2017, 7:43 a.m., Madhan Neethiraj wrote: > > I think the special handling of implied grants of "ALL", in deny and > > allow-exceptions, would be confusing. Currently Ranger policy model treats > > all access-types the same - there is no special treatment for "ALL". Also, > > the special handling introduced in this patch would break existing policies > > that use "ALL" in deny and allow-exceptions. > > > > I would suggest couple of options to address the usecase: > > - update the service-def to remove implied-grant for 'admin-queue'. This > > would require explicit grant of 'submit-app' where needed i.e. > > 'admin-queue' access would not implicitly allow 'submit-app' access as well > > - other option is to have 'impliedGrants' interpretted only by UI and have > > policy engine ignore it. In this case, when 'admin-queue' is selected in > > the UI, 'submit-app' will automatically be selected - but the user will be > > able to de-select 'submit-app' when necessary. Thanks for the review Madhan. I think the simplest way of handling it is your first suggestion - to remove the implied grant. I will create a separate JIRA and submit a patch for it. - Colm --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56094/#review190683 --- On Jan. 30, 2017, 7:47 p.m., Yan Zhou wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56094/ > --- > > (Updated Jan. 30, 2017, 7:47 p.m.) > > > Review request for ranger. > > > Repository: ranger > > > Description > --- > > When a user is denied, or excluded from "allowed", the use of "admin-queue", > but is allowed the "submit-app", he is actually unable to submit Yarn jobs at > all. > > The reason is found to be that the "implied grants" are indiscriminately > incorporated into allow/deny/allow-exception/deny-exception lists. Actually > we need to differentiate two types of implications. The first implication is > "equivalent implication". The second is "unequivalent implication". For the > "ALL" permission, it is equivalent, meaning that "ALL" implies the all > implied permissions together, and vice versa. So DENY "ALL" will rid of any > and all other permissions from a user. For YARN's implication from > "queue-admin" to "submit-app", it's not equivalent. While "queue-admin" > implies "submit-app", it is not the other way around; namely that deny > "admin-queue" to a user should not deny his "submit-app" permission. Thus the > "implied grants" should not be incorporated from the allow-exception/deny > lists if they do not carry the "all" semantics. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > ffb9523 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > b0d103e > agents-common/src/test/resources/policyengine/test_policyengine_yarn.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/56094/diff/1/ > > > Testing > --- > > Regression, manual, and newly added automated tests. > > > Thanks, > > Yan Zhou > >
Re: Plugin Shim question
OK thanks Ramesh. I think having a super-shim is probably a bit overkill at this stage, as the user can easily just choose which version of Hadoop they want to use. We can always revisit that at a later stage. Colm. On Thu, Nov 9, 2017 at 7:02 PM, Ramesh Mani <rm...@hortonworks.com> wrote: > > Colm, > > Yes look like we need to have multiple shims. > > To support multiple version of Hadoop, we may need a super shim which will > find which version of Hadoop ( based on method signature) is used and then > instantiate the corresponding sub shim RangerYarnAuthorizer. > > This may be the case for HDFS plugin also in there is a different > behaviors or signature change in authorization hook. > > Thanks, > Ramesh > > > On 11/9/17, 4:22 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: > > >Hi all, > > > >I'm working on adding support for Hadoop 3.0.0 to the Yarn component > >(RANGER-1738). > > > >YarnAuthorizationProvider has some updated methods in Hadoop 3.0.0. It's > >easy to work around this in the RangerYarnAuthorizer though, so that it > >supports both Hadoop 2.7.x, 2.8.x and 3.0.0. > > > >The problem is in the plugin shim code for RangerYarnAuthorizer. It > >delegates the calls to the underlying YarnAuthorizationProvider instance. > >This means it's not possible to support both 2.7.x and 3.0.0 as it is in > >the plugin version of RangerYarnAuthorizer. > > > >Any ideas on this? The only way I can think of supporting it is to have > >separate plugin shims for Hadoop 2 + 3. > > > >Colm. > > > > > >-- > >Colm O hEigeartaigh > > > >Talend Community Coder > >http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: Review Request 63699: RANGER-1882 - Compilation error in kms module with Hadoop 2.8.x
> On Nov. 9, 2017, 6:22 p.m., Alejandro Fernandez wrote: > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java > > Line 74 (original), 73 (patched) > > <https://reviews.apache.org/r/63699/diff/1/?file=1886105#file1886105line74> > > > > Which other versions of Hadoop are supported? Right now, only Hadoop 2.7.x. With this change both Hadoop 2.8.x and 2.7.x will be supported. - Colm --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63699/#review190623 ------- On Nov. 9, 2017, 1:17 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63699/ > --- > > (Updated Nov. 9, 2017, 1:17 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1882 > https://issues.apache.org/jira/browse/RANGER-1882 > > > Repository: ranger > > > Description > --- > > There is a compilation failure in the KMS module when compiled with Hadoop > 2.8.x. The fix is just to use a constant String which works with both Hadoop > 2.7.x, 2.8.x. > > > Diffs > - > > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java > ada9a56f > > > Diff: https://reviews.apache.org/r/63699/diff/1/ > > > Testing > --- > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Updated] (RANGER-1882) Compilation error in kms module with Hadoop 2.8.x
[ https://issues.apache.org/jira/browse/RANGER-1882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1882: Attachment: 0001-RANGER-1882-Compilation-error-in-kms-module-with-Had.patch > Compilation error in kms module with Hadoop 2.8.x > - > > Key: RANGER-1882 > URL: https://issues.apache.org/jira/browse/RANGER-1882 > Project: Ranger > Issue Type: Improvement > Components: kms > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1882-Compilation-error-in-kms-module-with-Had.patch > > > There is a compilation failure in the KMS module when compiled with Hadoop > 2.8.x. The fix is just to use a constant String which works with both Hadoop > 2.7.x, 2.8.x. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 63699: RANGER-1882 - Compilation error in kms module with Hadoop 2.8.x
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63699/ --- Review request for ranger. Bugs: RANGER-1882 https://issues.apache.org/jira/browse/RANGER-1882 Repository: ranger Description --- There is a compilation failure in the KMS module when compiled with Hadoop 2.8.x. The fix is just to use a constant String which works with both Hadoop 2.7.x, 2.8.x. Diffs - kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java ada9a56f Diff: https://reviews.apache.org/r/63699/diff/1/ Testing --- Thanks, Colm O hEigeartaigh
Plugin Shim question
Hi all, I'm working on adding support for Hadoop 3.0.0 to the Yarn component (RANGER-1738). YarnAuthorizationProvider has some updated methods in Hadoop 3.0.0. It's easy to work around this in the RangerYarnAuthorizer though, so that it supports both Hadoop 2.7.x, 2.8.x and 3.0.0. The problem is in the plugin shim code for RangerYarnAuthorizer. It delegates the calls to the underlying YarnAuthorizationProvider instance. This means it's not possible to support both 2.7.x and 3.0.0 as it is in the plugin version of RangerYarnAuthorizer. Any ideas on this? The only way I can think of supporting it is to have separate plugin shims for Hadoop 2 + 3. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Commented] (RANGER-1203) Ranger YARN Plugin supports Fair Scheduler
[ https://issues.apache.org/jira/browse/RANGER-1203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245540#comment-16245540 ] Colm O hEigeartaigh commented on RANGER-1203: - This issue can be marked as resolved. I've tested a local copy of Ranger, with the changes applied for Hadoop 3.0.0, and authorization works as expected with the Fair Scheduler. > Ranger YARN Plugin supports Fair Scheduler > -- > > Key: RANGER-1203 > URL: https://issues.apache.org/jira/browse/RANGER-1203 > Project: Ranger > Issue Type: New Feature > Components: plugins >Affects Versions: 0.6.1 >Reporter: Qiang Zhang >Assignee: Qiang Zhang > Labels: patch > > Currently,hadoop yarn Capacity Scheduler provides a YarnAuthorizationProvider > interface.Ranger yarn-plug-in can implement this interface. > Also Ranger supports the json packet parsing of Capacity Scheduler. > However,ranger does not support Fair Scheduler. > Increased functionality: > Ranger supports the json packet parsing of fair scheduler. > Hadoop yarn Fair Scheduler will also provide a YarnAuthorizationProvider > interface. > Ranger Yarn plugin adds authority control by fair scheduler, it relies on the > fair scheduler pluggable licensing feature patch that hadoop yarn supports. > Improvement issue of hadoop > yarn:https://issues.apache.org/jira/browse/YARN-4997 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (RANGER-1738) RangerYarnAuthorizer not compatible with Hadoop-3.0.0
[ https://issues.apache.org/jira/browse/RANGER-1738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reassigned RANGER-1738: --- Assignee: Colm O hEigeartaigh > RangerYarnAuthorizer not compatible with Hadoop-3.0.0 > - > > Key: RANGER-1738 > URL: https://issues.apache.org/jira/browse/RANGER-1738 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.7.1 >Reporter: Hong Shen >Assignee: Colm O hEigeartaigh > > In the newest hadoop version 3.0.0, YarnAuthorizationProvider has changed. > The new YarnAuthorizationProvider.java has change the methods checkPermission > and setPermission, > {code:title=YarnAuthorizationProvider.java|borderStyle=solid} > /** >* Check if user has the permission to access the target object. >* >* @param accessRequest >* the request object which contains all the access context info. >* @return true if user can access the object, otherwise false. >*/ > public abstract boolean checkPermission(AccessRequest accessRequest); > /** >* Set permissions for the target object. >* >* @param permissions >*A list of permissions on the target object. >* @param ugi User who sets the permissions. >*/ > public abstract void setPermission(List permissions, > UserGroupInformation ugi); > {code} > But the RangerYarnAuthorizer extends YarnAuthorizationProvider impletement > the old method. > {code:title=RangerYarnAuthorizer.java|borderStyle=solid} > @Override > public void setPermission(PrivilegedEntity entity, Map<AccessType, > AccessControlList> permission, UserGroupInformation ugi) { >... > @Override > public boolean checkPermission(AccessType accessType, PrivilegedEntity > entity, UserGroupInformation ugi) { > {code} > I think yarn plugin should also impletement the new method. I will add a > patch for it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (RANGER-1236) RangerYarnAuthorizer should be updated since YarnAuthorizationProvider modified in YARN-4571
[ https://issues.apache.org/jira/browse/RANGER-1236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1236. - Resolution: Duplicate > RangerYarnAuthorizer should be updated since YarnAuthorizationProvider > modified in YARN-4571 > > > Key: RANGER-1236 > URL: https://issues.apache.org/jira/browse/RANGER-1236 > Project: Ranger > Issue Type: Bug >Reporter: Tao Jie >Assignee: Qiang Zhang > > Today Ranger Yarn Plugin supports authorization for Yarn by implements > interface YarnAuthorizationProvider which is based on Hadoop-2.7.0. > Since interface YarnAuthorizationProvider has been modified in YARN-4571, > RangerYarnAuthorizer should be updated accordingly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Feedback request for https://reviews.apache.org/r/56094/
Hi, A user logged an issue with Yarn that I finally got around to looking at. The proposed patch submitted by the user is here: https://reviews.apache.org/r/56094/ The problem is that a user "alice" can have the "submit-app" permission, but be denied the "admin-queue" permission. This should work in theory, but it doesn't. "admin-queue" implies "submit-app", but the Ranger policy logic seems to interpret this implication incorrectly, in that a "negative" admin-queue policy overrides a "positive" submit-app policy. As the change is in the core policy logic I'd like an experienced reviewer to take a look. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: Review Request 56094: Ranger-1339: DENY and ALLOW EXCLUSION do not work with YARN
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56094/#review190442 --- + preprocessPolicyItems(policy.getDataMaskPolicyItems(), impliedAccessGrants, + RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW); + preprocessPolicyItems(policy.getRowFilterPolicyItems(), impliedAccessGrants, + RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW); These do not have the correct RangerPolicyItemEvaluator int. - Colm O hEigeartaigh On Jan. 30, 2017, 7:47 p.m., Yan Zhou wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56094/ > --- > > (Updated Jan. 30, 2017, 7:47 p.m.) > > > Review request for ranger. > > > Repository: ranger > > > Description > --- > > When a user is denied, or excluded from "allowed", the use of "admin-queue", > but is allowed the "submit-app", he is actually unable to submit Yarn jobs at > all. > > The reason is found to be that the "implied grants" are indiscriminately > incorporated into allow/deny/allow-exception/deny-exception lists. Actually > we need to differentiate two types of implications. The first implication is > "equivalent implication". The second is "unequivalent implication". For the > "ALL" permission, it is equivalent, meaning that "ALL" implies the all > implied permissions together, and vice versa. So DENY "ALL" will rid of any > and all other permissions from a user. For YARN's implication from > "queue-admin" to "submit-app", it's not equivalent. While "queue-admin" > implies "submit-app", it is not the other way around; namely that deny > "admin-queue" to a user should not deny his "submit-app" permission. Thus the > "implied grants" should not be incorporated from the allow-exception/deny > lists if they do not carry the "all" semantics. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > ffb9523 > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > b0d103e > agents-common/src/test/resources/policyengine/test_policyengine_yarn.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/56094/diff/1/ > > > Testing > --- > > Regression, manual, and newly added automated tests. > > > Thanks, > > Yan Zhou > >
Review Request 63663: RANGER-1879 - Yarn disable plugin script doesn't work
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63663/ --- Review request for ranger. Bugs: RANGER-1879 https://issues.apache.org/jira/browse/RANGER-1879 Repository: ranger Description --- The Yarn disable plugin script doesn't work. Diffs - plugin-yarn/disable-conf/yarn-site-changes.cfg PRE-CREATION Diff: https://reviews.apache.org/r/63663/diff/1/ Testing --- Tested authorization is disabled after the script is run. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1879) Yarn disable plugin script doesn't work
[ https://issues.apache.org/jira/browse/RANGER-1879?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1879: Attachment: 0001-RANGER-1879-Yarn-disable-plugin-script-doesn-t-work.patch > Yarn disable plugin script doesn't work > --- > > Key: RANGER-1879 > URL: https://issues.apache.org/jira/browse/RANGER-1879 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1879-Yarn-disable-plugin-script-doesn-t-work.patch > > > The Yarn disable plugin script doesn't work. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1879) Yarn disable plugin script doesn't work
Colm O hEigeartaigh created RANGER-1879: --- Summary: Yarn disable plugin script doesn't work Key: RANGER-1879 URL: https://issues.apache.org/jira/browse/RANGER-1879 Project: Ranger Issue Type: Bug Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.0.0 The Yarn disable plugin script doesn't work. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (RANGER-1874) ranger README.txt should be add tar and sqoop-plugin desc
[ https://issues.apache.org/jira/browse/RANGER-1874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1874. - Resolution: Fixed > ranger README.txt should be add tar and sqoop-plugin desc > - > > Key: RANGER-1874 > URL: https://issues.apache.org/jira/browse/RANGER-1874 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: WangYuan >Assignee: WangYuan >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1874-ranger-README.txt-should-be-add-tar-and-.patch > > > ranger README.txt should be add tar and sqoop-plugin desc > ==add tar desc: >ranger--atlas-plugin.tar.gz >ranger--ranger-tools.tar.gz >ranger--sqoop-plugin.tar.gz >ranger--tagsync.tar.gz > ==add pulgin desc: > (h) Sqoop plugin needs to be installed on Sqoop2 hosts -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1874) ranger README.txt should be add tar and sqoop-plugin desc
[ https://issues.apache.org/jira/browse/RANGER-1874?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1874: Fix Version/s: 1.0.0 > ranger README.txt should be add tar and sqoop-plugin desc > - > > Key: RANGER-1874 > URL: https://issues.apache.org/jira/browse/RANGER-1874 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: WangYuan >Assignee: WangYuan >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1874-ranger-README.txt-should-be-add-tar-and-.patch > > > ranger README.txt should be add tar and sqoop-plugin desc > ==add tar desc: >ranger--atlas-plugin.tar.gz >ranger--ranger-tools.tar.gz >ranger--sqoop-plugin.tar.gz >ranger--tagsync.tar.gz > ==add pulgin desc: > (h) Sqoop plugin needs to be installed on Sqoop2 hosts -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63578: anger README.txt should be add tar and sqoop-plugin desc
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63578/#review190320 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 7, 2017, 11:01 a.m., wang yuan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63578/ > --- > > (Updated Nov. 7, 2017, 11:01 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1874 > https://issues.apache.org/jira/browse/RANGER-1874 > > > Repository: ranger > > > Description > --- > > ranger README.txt should be add tar and sqoop-plugin desc > ==add tar desc: > ranger--atlas-plugin.tar.gz > ranger--ranger-tools.tar.gz > ranger--sqoop-plugin.tar.gz > ranger--tagsync.tar.gz > ==add pulgin desc: > SQOOP plugin need to be installed on SQOOP2 Resource Manager hosts > > > Diffs > - > > README.txt 536d3986 > > > Diff: https://reviews.apache.org/r/63578/diff/3/ > > > Testing > --- > > > Thanks, > > wang yuan > >
Review Request 63627: RANGER-1876 - Incorrect conf dir location for Yarn install script
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63627/ --- Review request for ranger. Bugs: RANGER-1876 https://issues.apache.org/jira/browse/RANGER-1876 Repository: ranger Description --- The conf dir location is not handled correctly for the Yarn plugin. Diffs - agents-common/scripts/enable-agent.sh f105f548 Diff: https://reviews.apache.org/r/63627/diff/1/ Testing --- Tested the plugin installs correctly. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1876) Incorrect conf dir location for Yarn install script
[ https://issues.apache.org/jira/browse/RANGER-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1876: Attachment: 0001-RANGER-1876-Incorrect-conf-dir-location-for-Yarn-ins.patch > Incorrect conf dir location for Yarn install script > --- > > Key: RANGER-1876 > URL: https://issues.apache.org/jira/browse/RANGER-1876 > Project: Ranger > Issue Type: Bug > Components: plugins > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1876-Incorrect-conf-dir-location-for-Yarn-ins.patch > > > The conf dir location is not handled correctly for the Yarn plugin. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1876) Incorrect conf dir location for Yarn install script
Colm O hEigeartaigh created RANGER-1876: --- Summary: Incorrect conf dir location for Yarn install script Key: RANGER-1876 URL: https://issues.apache.org/jira/browse/RANGER-1876 Project: Ranger Issue Type: Bug Components: plugins Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.0.0 The conf dir location is not handled correctly for the Yarn plugin. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63608: RANGER-1830:Write unit test for RANGER-1810 sqoop plugin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63608/#review190284 --- Looks good to me. Just a few trivial changes: a) In getRandomLinkName and getRandomJobName there is no need to store the variable - just return it directly, e.g. return RandomStringUtils.randomAlphanumeric(10) + "-link"; b) Change new ArrayList() to new ArrayList<>() - Colm O hEigeartaigh On Nov. 7, 2017, 6:56 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63608/ > --- > > (Updated Nov. 7, 2017, 6:56 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1830 > https://issues.apache.org/jira/browse/RANGER-1830 > > > Repository: ranger > > > Description > --- > > Write unit test for RANGER-1810 sqoop plugin > > > Diffs > - > > plugin-sqoop/pom.xml 0c52e66 > > plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java > PRE-CREATION > > plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizerTest.java > PRE-CREATION > plugin-sqoop/src/test/resources/log4j.properties PRE-CREATION > plugin-sqoop/src/test/resources/ranger-sqoop-security.xml PRE-CREATION > plugin-sqoop/src/test/resources/sqoop-policies.json PRE-CREATION > plugin-sqoop/src/test/resources/sqoop.properties PRE-CREATION > plugin-sqoop/src/test/resources/sqoop_bootstrap.properties PRE-CREATION > > > Diff: https://reviews.apache.org/r/63608/diff/1/ > > > Testing > --- > > Tested > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63578: anger README.txt should be add tar and sqoop-plugin desc
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63578/#review190281 --- Please remove the tab character before (h) and replace it with spaces - Colm O hEigeartaigh On Nov. 7, 2017, 1:26 a.m., wang yuan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63578/ > --- > > (Updated Nov. 7, 2017, 1:26 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1874 > https://issues.apache.org/jira/browse/RANGER-1874 > > > Repository: ranger > > > Description > --- > > ranger README.txt should be add tar and sqoop-plugin desc > ==add tar desc: > ranger--atlas-plugin.tar.gz > ranger--ranger-tools.tar.gz > ranger--sqoop-plugin.tar.gz > ranger--tagsync.tar.gz > ==add pulgin desc: > SQOOP plugin need to be installed on SQOOP2 Resource Manager hosts > > > Diffs > - > > README.txt 536d3986 > > > Diff: https://reviews.apache.org/r/63578/diff/2/ > > > Testing > --- > > > Thanks, > > wang yuan > >
Re: Review Request 63578: anger README.txt should be add tar and sqoop-plugin desc
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63578/#review190167 --- Change (i) to (h). Also it should be "needs" and not "need" (also change this for the Yarn plugin). - Colm O hEigeartaigh On Nov. 6, 2017, 12:11 p.m., wang yuan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63578/ > --- > > (Updated Nov. 6, 2017, 12:11 p.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1874 > https://issues.apache.org/jira/browse/RANGER-1874 > > > Repository: ranger > > > Description > --- > > ranger README.txt should be add tar and sqoop-plugin desc > ==add tar desc: > ranger--atlas-plugin.tar.gz > ranger--ranger-tools.tar.gz > ranger--sqoop-plugin.tar.gz > ranger--tagsync.tar.gz > ==add pulgin desc: > SQOOP plugin need to be installed on SQOOP2 Resource Manager hosts > > > Diffs > - > > README.txt 536d3986 > > > Diff: https://reviews.apache.org/r/63578/diff/1/ > > > Testing > --- > > > Thanks, > > wang yuan > >
Re: Review Request 63534: RANGER-1870:Modify the logic for buildUnixUserList and parseMembers method in UnixUserGroupBuilder class
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63534/#review190018 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 3, 2017, 8:36 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63534/ > --- > > (Updated Nov. 3, 2017, 8:36 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1870 > https://issues.apache.org/jira/browse/RANGER-1870 > > > Repository: ranger > > > Description > --- > > Modify the logic for buildUnixUserList and parseMembers method in > UnixUserGroupBuilder class > 1.In the buildUnixUserList method: > int len = tokens.length; > if (len = 3) groupId = tokens [3]; case ArrayIndexOutOfBoundsException. > Solution: change from "if (len < 3) {" to "if (len < 4) {" > > 2.Another similar error in the parseMembers method: > String[] tokens = line.split(":"); > if (tokens.length = 2) String groupId = tokens [2]; case > ArrayIndexOutOfBoundsException. > Solution:change from “if (tokens.length < 2)” to “if (tokens.length < 3)” > > > Diffs > - > > > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java > 045fe3f > > > Diff: https://reviews.apache.org/r/63534/diff/1/ > > > Testing > --- > > tested it. > > > Thanks, > > Qiang Zhang > >
[jira] [Resolved] (RANGER-1142) Sqoop import error
[ https://issues.apache.org/jira/browse/RANGER-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1142. - Resolution: Not A Problem Did you mean to file this JIRA at the Sqoop project? > Sqoop import error > -- > > Key: RANGER-1142 > URL: https://issues.apache.org/jira/browse/RANGER-1142 > Project: Ranger > Issue Type: Improvement >Reporter: anusha >Priority: Major > > Trying to import data in Sqoop from MS SQL Server database which has Windows > Authentication. > Trying to run the following command on the hive command prompt. > sqoop import --driver="com.microsoft.jdbc.sqlserver.SQLServerDriver" > --connect="jdbc:microsoft:sqlserver://**.**.**.** :1433/DB_Schema;Integrated > Security=TRUE" > --table dbo.TABLE_NAME > Error Received : > Error 1: > --driver is set to an explicit driver however appropriate connection manager > is not being set (via --connection-manager). Sqoop is going to fall back to > org.apache.sqoop.manager.GenericJdbcManager. Please specify explicitly which > connection manager should be used next time. > Error 2 : > Got exception running Sqoop: java.lang.RuntimeException: Could not load db > driver class: com.microsoft.jdbc.sqlserver.SQLServerDriver > java.lang.RuntimeException: Could not load db driver class: > com.microsoft.jdbc.sqlserver.SQLServerDriver > Could some one guide me . > versions : > Sqoop 1.4.6 > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (RANGER-1142) Sqoop import error
[ https://issues.apache.org/jira/browse/RANGER-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed RANGER-1142. --- > Sqoop import error > -- > > Key: RANGER-1142 > URL: https://issues.apache.org/jira/browse/RANGER-1142 > Project: Ranger > Issue Type: Improvement >Reporter: anusha >Priority: Major > > Trying to import data in Sqoop from MS SQL Server database which has Windows > Authentication. > Trying to run the following command on the hive command prompt. > sqoop import --driver="com.microsoft.jdbc.sqlserver.SQLServerDriver" > --connect="jdbc:microsoft:sqlserver://**.**.**.** :1433/DB_Schema;Integrated > Security=TRUE" > --table dbo.TABLE_NAME > Error Received : > Error 1: > --driver is set to an explicit driver however appropriate connection manager > is not being set (via --connection-manager). Sqoop is going to fall back to > org.apache.sqoop.manager.GenericJdbcManager. Please specify explicitly which > connection manager should be used next time. > Error 2 : > Got exception running Sqoop: java.lang.RuntimeException: Could not load db > driver class: com.microsoft.jdbc.sqlserver.SQLServerDriver > java.lang.RuntimeException: Could not load db driver class: > com.microsoft.jdbc.sqlserver.SQLServerDriver > Could some one guide me . > versions : > Sqoop 1.4.6 > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (RANGER-1140) sqoop import
[ https://issues.apache.org/jira/browse/RANGER-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh closed RANGER-1140. --- > sqoop import > -- > > Key: RANGER-1140 > URL: https://issues.apache.org/jira/browse/RANGER-1140 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: anusha >Priority: Major > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (RANGER-1140) sqoop import
[ https://issues.apache.org/jira/browse/RANGER-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved RANGER-1140. - Resolution: Not A Problem > sqoop import > -- > > Key: RANGER-1140 > URL: https://issues.apache.org/jira/browse/RANGER-1140 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: anusha >Priority: Major > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1830) Write unit test for RANGER-1810
[ https://issues.apache.org/jira/browse/RANGER-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16236194#comment-16236194 ] Colm O hEigeartaigh commented on RANGER-1830: - I can take this issue if you have not already started it? > Write unit test for RANGER-1810 > --- > > Key: RANGER-1830 > URL: https://issues.apache.org/jira/browse/RANGER-1830 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Affects Versions: 1.0.0, master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Labels: newbie, patch > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63403: RANGER-1862:generalName.get(1) cause IndexOutOfBoundsException in NiFiClient
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63403/#review189789 --- Ship it! Ship It! - Colm O hEigeartaigh On Nov. 1, 2017, 8:12 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63403/ > --- > > (Updated Nov. 1, 2017, 8:12 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1862 > https://issues.apache.org/jira/browse/RANGER-1862 > > > Repository: ranger > > > Description > --- > > when generalName.size() <=1 , generalName.get(1) cause > IndexOutOfBoundsException in NiFiClient.java > > > Diffs > - > > > plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiClient.java > c03bc12 > > > Diff: https://reviews.apache.org/r/63403/diff/3/ > > > Testing > --- > > tested it > > > Thanks, > > Qiang Zhang > >
Review Request 63439: RANGER-1867 - Update nimbus-jose-jwt to 4.41.2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63439/ --- Review request for ranger. Bugs: RANGER-1867 https://issues.apache.org/jira/browse/RANGER-1867 Repository: ranger Description --- We need to upgrade our dependency on nimbus to the latest release. This mirrors KNOX-1076 (https://issues.apache.org/jira/browse/KNOX-1076) Diffs - security-admin/pom.xml c7dc8708 Diff: https://reviews.apache.org/r/63439/diff/1/ Testing --- Tested with Knox 0.14-SNAPSHOT. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1867) Update nimbus-jose-jwt to 4.41.2
[ https://issues.apache.org/jira/browse/RANGER-1867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1867: Attachment: 0001-RANGER-1867-Update-nimbus-jose-jwt-to-4.41.2.patch > Update nimbus-jose-jwt to 4.41.2 > > > Key: RANGER-1867 > URL: https://issues.apache.org/jira/browse/RANGER-1867 > Project: Ranger > Issue Type: Improvement > Components: admin > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: 0001-RANGER-1867-Update-nimbus-jose-jwt-to-4.41.2.patch > > > We need to upgrade our dependency on nimbus to the latest release. This > mirrors KNOX-1076 (https://issues.apache.org/jira/browse/KNOX-1076) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1867) Update nimbus-jose-jwt to 4.41.2
Colm O hEigeartaigh created RANGER-1867: --- Summary: Update nimbus-jose-jwt to 4.41.2 Key: RANGER-1867 URL: https://issues.apache.org/jira/browse/RANGER-1867 Project: Ranger Issue Type: Improvement Components: admin Reporter: Colm O hEigeartaigh Assignee: Colm O hEigeartaigh Fix For: 1.0.0 We need to upgrade our dependency on nimbus to the latest release. This mirrors KNOX-1076 (https://issues.apache.org/jira/browse/KNOX-1076) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63404: RANGER-1863:Optimize the code and keep the code style consistent, remove the invalid code in the RemoteUnixLoginModule class
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63404/#review189706 --- Ship it! Ship It! - Colm O hEigeartaigh On Oct. 30, 2017, 6:03 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63404/ > --- > > (Updated Oct. 30, 2017, 6:03 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1863 > https://issues.apache.org/jira/browse/RANGER-1863 > > > Repository: ranger > > > Description > --- > > Optimize the code and keep the code style consistent, remove the invalid code > in the LoginModule class > 1.Change from "serverCertValidation = (! (certValidationFlag != null && > ("false".equalsIgnoreCase(certValidationFlag.trim().toLowerCase();" > to "serverCertValidation = (! (certValidationFlag != null && > ("false".equalsIgnoreCase(certValidationFlag.trim().;" > 2.Change from "System.err.println("Skipping RemoteLogin - [" + > JAAS_ENABLED_PARAM + "] => [" + val + "]");" > to "log("Skipping RemoteLogin - [" + JAAS_ENABLED_PARAM + "] => [" + val + > "]");" > 3.remove invalid code /* > Properties config = null; > String val = (String) > options.get(REMOTE_UNIX_AUTHENICATION_CONFIG_FILE_PARAM); > log("Remote Unix Auth Configuration file [" + val + "]"); > if (val != null) > { XMLUtils.loadConfig(val, config); } > if (config == null) > { logError("Remote Unix Auth Configuration is being loaded from XML > configuration - not Properties"); config = new Properties(); > config.putAll(options); } > */ > > > Diffs > - > > > unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java > ff296b4 > > > Diff: https://reviews.apache.org/r/63404/diff/1/ > > > Testing > --- > > tested it! > > > Thanks, > > pengjianhua > >
Re: Review Request 63403: RANGER-1862:generalName.get(1) cause IndexOutOfBoundsException in NiFiClient
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63403/#review189705 --- Please put the comment above the if statement. - Colm O hEigeartaigh On Oct. 30, 2017, 3:22 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63403/ > --- > > (Updated Oct. 30, 2017, 3:22 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1862 > https://issues.apache.org/jira/browse/RANGER-1862 > > > Repository: ranger > > > Description > --- > > when generalName.size() <=1 , generalName.get(1) cause > IndexOutOfBoundsException in NiFiClient.java > > > Diffs > - > > > plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiClient.java > c03bc12 > > > Diff: https://reviews.apache.org/r/63403/diff/2/ > > > Testing > --- > > tested it > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63351: RANGER-1859:Fix new findBugs in HdfsClient.java
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63351/#review189408 --- Ship it! Ship It! - Colm O hEigeartaigh On Oct. 27, 2017, 9:12 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63351/ > --- > > (Updated Oct. 27, 2017, 9:12 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1859 > https://issues.apache.org/jira/browse/RANGER-1859 > > > Repository: ranger > > > Description > --- > > Fix new findBugs in HdfsClient.java > > There is FindBugs: Performance (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) in > org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(Map<String, > String>) > {code} > if (fsDefaultNameElements != null && fsDefaultNameElements.length >= 2) { > String cluster = ""; > StringBuffer clusters = new StringBuffer(); > configs.put("dfs.nameservices", "hdfscluster"); > configs.put("fs.default.name", "hdfs://" + > configs.get("dfs.nameservices")); > configs.put("dfs.client.failover.proxy.provider." + > configs.get("dfs.nameservices"), > > "org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"); > for (int i = 0; i < fsDefaultNameElements.length; i++) { > cluster = "namenode" + (i + 1); > configs.put("dfs.namenode.rpc-address." + > configs.get("dfs.nameservices") + "." + cluster, > fsDefaultNameElements[i]); > if (i == (fsDefaultNameElements.length - 1)) { > clusters.append(cluster); > } else { > clusters.append(cluster).append(","); > } > } > configs.put("dfs.ha.namenodes." + configs.get("dfs.nameservices"), > clusters.toString()); > } > {code} > > To view the defects in Coverity Scan visit, > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroU5mWNsNiM7OVRdsl6DJR5LTUChq42fVbU-2Fr1jlwSSZ3yR3k4ycwZTS0QkKayVUGYhpHjV8vMdPHJwfZIZjeDvW59RoGHYuxr3UvsJzGHNk6gAvr6OuaH0vx6ZtLRw-2F0NLST5sMrn2kXHvdALOtTEjnQ-3D-3D > > > Diffs > - > > > hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java > 39fb9e8 > > > Diff: https://reviews.apache.org/r/63351/diff/2/ > > > Testing > --- > > Tested > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63351: RANGER-1859:Fix new findBugs in HdfsClient.java
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63351/#review189404 --- The correct fix here is to leave the original code but to use StringBuilder instead of StringBuffer. - Colm O hEigeartaigh On Oct. 27, 2017, 7:09 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63351/ > --- > > (Updated Oct. 27, 2017, 7:09 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1859 > https://issues.apache.org/jira/browse/RANGER-1859 > > > Repository: ranger > > > Description > --- > > Fix new findBugs in HdfsClient.java > > There is FindBugs: Performance (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) in > org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(Map<String, > String>) > {code} > if (fsDefaultNameElements != null && fsDefaultNameElements.length >= 2) { > String cluster = ""; > StringBuffer clusters = new StringBuffer(); > configs.put("dfs.nameservices", "hdfscluster"); > configs.put("fs.default.name", "hdfs://" + > configs.get("dfs.nameservices")); > configs.put("dfs.client.failover.proxy.provider." + > configs.get("dfs.nameservices"), > > "org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider"); > for (int i = 0; i < fsDefaultNameElements.length; i++) { > cluster = "namenode" + (i + 1); > configs.put("dfs.namenode.rpc-address." + > configs.get("dfs.nameservices") + "." + cluster, > fsDefaultNameElements[i]); > if (i == (fsDefaultNameElements.length - 1)) { > clusters.append(cluster); > } else { > clusters.append(cluster).append(","); > } > } > configs.put("dfs.ha.namenodes." + configs.get("dfs.nameservices"), > clusters.toString()); > } > {code} > > To view the defects in Coverity Scan visit, > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroU5mWNsNiM7OVRdsl6DJR5LTUChq42fVbU-2Fr1jlwSSZ3yR3k4ycwZTS0QkKayVUGYhpHjV8vMdPHJwfZIZjeDvW59RoGHYuxr3UvsJzGHNk6gAvr6OuaH0vx6ZtLRw-2F0NLST5sMrn2kXHvdALOtTEjnQ-3D-3D > > > Diffs > - > > > hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java > 39fb9e8 > > > Diff: https://reviews.apache.org/r/63351/diff/1/ > > > Testing > --- > > Tested > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63352: RANGER-1860:Provide a new service interface prompt function framework to resolved the defect of the current service interface, increase the flexibility of the function, impro
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63352/#review189403 --- Might as well change "TextFiledWithIcon" to "TextFieldWithIcon" when making this change. - Colm O hEigeartaigh On Oct. 27, 2017, 7:46 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63352/ > --- > > (Updated Oct. 27, 2017, 7:46 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, > Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and > Velmurugan Periasamy. > > > Bugs: RANGER-1860 > https://issues.apache.org/jira/browse/RANGER-1860 > > > Repository: ranger > > > Description > --- > > The ranger used the hard-coded way to achieve the service interface prompt > function, the result is that the codes have worse maintainability. > if(!isPolicyForm) { > if(v.name == 'yarn.url'){ > formObj.type = 'TextFiledWithIcon'; > formObj.errorMsg = localization.tt("hintMsg.yarnRestUrl"); > }else if(v.name == 'sqoop.url'){ > formObj.type = 'TextFiledWithIcon'; > formObj.errorMsg = localization.tt("hintMsg.sqoopRestUrl"); > }else if(v.name == 'jdbc.url'){ > formObj.type = 'TextFiledWithIcon'; > formObj.errorMsg = localization.tt("hintMsg.hiveJDBCUrl"); > }else if(v.name == 'fs.default.name'){ > formObj.type = 'TextFiledWithIcon'; > formObj.errorMsg = localization.tt("hintMsg.hdfsNameNodeUrl"); > }else{ > formObj.type = 'Text'; > } > break; > } > Using the new issue we can directly modify the configuration file to meet the > requirements of the new prompt function. Such as we can modify the following > configuration to meet following requirements: > the configuration in the ranger-servicedef-yarn.json is as follows? > "configs": > [ > { > "itemId": 3, > "name": "yarn.url", > "type": "string", > "mandatory": true, > "defaultValue": "", > "validationRegEx":"", > "validationMessage": "", > "uiHint":"{\"TextFiledWithIcon\":true, \"info\": \"1.For one > url, eg.'http or https://ipaddr:8088'2.For multiple urls (use > , or ; delimiter), > eg.'http://ipaddr1:8088,http://ipaddr2:8088'\"}", > "label": "YARN REST URL" > } > ] > requirements: > adding text field with an icon( i.e information) on service form page,we > should add unified configuration management functions in the service > definition. > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json > 519d6a8 > agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json > 5456e2b > agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json > 3f269fb > agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json > 53f9e18 > security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js > 3d62e31 > > > Diff: https://reviews.apache.org/r/63352/diff/1/ > > > Testing > --- > > tested > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63145/#review189299 --- Ship it! Ship It! - Colm O hEigeartaigh On Oct. 24, 2017, 8:39 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63145/ > --- > > (Updated Oct. 24, 2017, 8:39 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1846 > https://issues.apache.org/jira/browse/RANGER-1846 > > > Repository: ranger > > > Description > --- > > The java version must be equal to or more than 1.8 when we set db_ssl_enabled > equal to true. > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. > > > Diffs > - > > security-admin/scripts/setup.sh 468e8a0b > > > Diff: https://reviews.apache.org/r/63145/diff/4/ > > > Testing > --- > > > Thanks, > > pengjianhua > >
[jira] [Commented] (RANGER-1855) Importing and translating policies from Apache Sentry
[ https://issues.apache.org/jira/browse/RANGER-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16218361#comment-16218361 ] Colm O hEigeartaigh commented on RANGER-1855: - I could imagine a service like the tagsync service for Atlas in Ranger, that would query the Sentry DB periodically and obtain the policies, and then translate them into Ranger policies and upload to the Ranger Admin. Sentry maps users to groups, and then groups to roles, where roles contain the relevant permission Strings. It should be possible to map this to Ranger, although it'll take a little work. > Importing and translating policies from Apache Sentry > -- > > Key: RANGER-1855 > URL: https://issues.apache.org/jira/browse/RANGER-1855 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Srikanth Venkat >Priority: Critical > > As an enterprise security admin, I would like to be able to translate or bulk > import RBAC based access control polices from Apache Sentry so that I can > enhance my access control and authorization entitlements as ABAC based > policies within Ranger with dynamic policy conditions. > Implementation considerations: > # Given an Apache Sentry policy repository be able to translate authz > policies from either Sentry policy store DB or using the policy export tool > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61309948 . > # If Sentry has REST APIs to support exporting from its policy store, perhaps > some of our community members can comment on whether there is a better way to > provide the policy translation and import into Ranger policy store. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63145/#review189181 --- Have you tested the awk statement works with Java 9? It uses a different version String... - Colm O hEigeartaigh On Oct. 24, 2017, 8:39 a.m., pengjianhua wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63145/ > --- > > (Updated Oct. 24, 2017, 8:39 a.m.) > > > Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan > Neethiraj, Velmurugan Periasamy, and Qiang Zhang. > > > Bugs: RANGER-1846 > https://issues.apache.org/jira/browse/RANGER-1846 > > > Repository: ranger > > > Description > --- > > The java version must be equal to or more than 1.8 when we set db_ssl_enabled > equal to true. > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. > > > Diffs > - > > security-admin/scripts/setup.sh 468e8a0b > > > Diff: https://reviews.apache.org/r/63145/diff/4/ > > > Testing > --- > > > Thanks, > > pengjianhua > >
Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2
> On Oct. 24, 2017, 10:24 a.m., Nitin Galave wrote: > > security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js > > Lines 85 (patched) > > <https://reviews.apache.org/r/62710/diff/5/?file=1866284#file1866284line85> > > > > I think adding individual conditions for the components to add text > > field with an icon( i.e information) on service form page instead we should > > provide text field with icon option itself in the service definition. > > For example : > > "configs": > > [ > > { > > "itemId": 2, > > "name": "sqoop.url", > > "type": "string", > > "mandatory": true, > > "defaultValue": "", > > "validationRegEx":"", > > "validationMessage": "", > > "uiHint":"{ \"infoIcon\":true , \"info\": > > \"Enter information about configuration param\"}", > > "label": "Sqoop URL" > > } > > ] It looks like your comment was missed Nitin, could you create a separate JIRA for it? - Colm --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62710/#review189038 --- On Oct. 24, 2017, 9:02 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62710/ > --- > > (Updated Oct. 24, 2017, 9:02 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1810 > https://issues.apache.org/jira/browse/RANGER-1810 > > > Repository: ranger > > > Description > --- > > Apache Sqoop is a tool designed for efficiently transferring bulk data > between Apache Hadoop and structured datastores such as relational databases. > You can use Sqoop to import data from external structured datastores into > Hadoop Distributed File System or related systems like Hive and HBase. > Conversely, Sqoop can be used to extract data from Hadoop and export it to > external structured datastores such as relational databases and enterprise > data warehouses.It successfully graduated from the Incubator in March of 2012 > and is now a Top-Level Apache project. > The Ranger will further expand the influence in the hadoop ecosystem if it > supports sqoop authorization. So we should develop sqoop plugin to enable, > monitor and manage apache Sqoop2. > > Our test specialists have rigorously tested this feature. > > > Diffs > - > > agents-common/scripts/enable-agent.sh d31a264 > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 9463ab8 > agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json > PRE-CREATION > plugin-sqoop/.gitignore PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION > plugin-sqoop/pom.xml PRE-CREATION > plugin-sqoop/scripts/install.properties PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/
Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62710/#review188931 --- Ship it! Ship It! - Colm O hEigeartaigh On Oct. 23, 2017, 9 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62710/ > --- > > (Updated Oct. 23, 2017, 9 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1810 > https://issues.apache.org/jira/browse/RANGER-1810 > > > Repository: ranger > > > Description > --- > > Apache Sqoop is a tool designed for efficiently transferring bulk data > between Apache Hadoop and structured datastores such as relational databases. > You can use Sqoop to import data from external structured datastores into > Hadoop Distributed File System or related systems like Hive and HBase. > Conversely, Sqoop can be used to extract data from Hadoop and export it to > external structured datastores such as relational databases and enterprise > data warehouses.It successfully graduated from the Incubator in March of 2012 > and is now a Top-Level Apache project. > The Ranger will further expand the influence in the hadoop ecosystem if it > supports sqoop authorization. So we should develop sqoop plugin to enable, > monitor and manage apache Sqoop2. > > Our test specialists have rigorously tested this feature. > > > Diffs > - > > agents-common/scripts/enable-agent.sh d31a264 > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 9463ab8 > agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json > PRE-CREATION > plugin-sqoop/.gitignore PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION > plugin-sqoop/pom.xml PRE-CREATION > plugin-sqoop/scripts/install.properties PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java > PRE-CREATION > pom.xml 3958014 > ranger-sqoop-plugin-shim/.gitignore PRE-CREATION > ranger-sqoop-plugin-shim/pom.xml PRE-CREATION > > ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java > PRE-CREATION > security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js > 3f8697e > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > 811db0c > src/main/assembly/admin-web.xml 4dc52fd > src/main/assembly/plugin-sqoop.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/62710/diff/4/ > > > Testing > --- > > Our test specialists have rigorously tested this feature. > > > Thanks, > > Qiang Zhang > >
[jira] [Commented] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.
[ https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214974#comment-16214974 ] Colm O hEigeartaigh commented on RANGER-1846: - We should change the logic so that only an error is thrown if the JDK version is less than the required version. > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. > > > Key: RANGER-1846 > URL: https://issues.apache.org/jira/browse/RANGER-1846 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.0.0, master >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: patch > Fix For: 1.0.0, master > > Attachments: > 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch > > > The java version must be equal to or more than 1.8 when we set db_ssl_enabled > equal to true. > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. -- This message was sent by Atlassian JIRA (v6.4.14#64029)