[jira] [Created] (RANGER-3149) Adding exisitng policy check for PatchForKafkaServiceDefUpdate_J10033
Dhaval B. SHAH created RANGER-3149: -- Summary: Adding exisitng policy check for PatchForKafkaServiceDefUpdate_J10033 Key: RANGER-3149 URL: https://issues.apache.org/jira/browse/RANGER-3149 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Java patch named PatchForKafkaServiceDefUpdate_J10033.java needs exisitng policy check before creating policy for Kafka. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17246718#comment-17246718 ] Dhaval B. SHAH edited comment on RANGER-3055 at 12/9/20, 5:49 PM: -- Apache Ranger Github commit link : [https://github.com/apache/ranger/commit/eb7aacfb1922c2d2c02a169f10da8a85b9a00240] was (Author: dhavalshah9131): Apache Github link : [https://github.com/apache/ranger/commit/eb7aacfb1922c2d2c02a169f10da8a85b9a00240] > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-3055.patch > > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17246718#comment-17246718 ] Dhaval B. SHAH commented on RANGER-3055: Apache Github link : [https://github.com/apache/ranger/commit/eb7aacfb1922c2d2c02a169f10da8a85b9a00240] > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-3055.patch > > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3103) Ranger KMS should log full UGI principal
Dhaval B. SHAH created RANGER-3103: -- Summary: Ranger KMS should log full UGI principal Key: RANGER-3103 URL: https://issues.apache.org/jira/browse/RANGER-3103 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Kms-audit log only logs the short username: {{OK[op=GENERATE_EEK, key=key1, user=hdfs, accessCount=4206, interval=10427ms]}} In this example, it's impossible to tell which NN(s) requested EDEKs when they are all lumped together. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-3055: --- Attachment: RANGER-3055.patch > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-3055.patch > > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-3055: --- Description: We need to check and make the following components FIPS compliant. 1.) Admin 2.) KMS 3.) UserSync 4.) TagSync was: We need to check and make the following components FIPS compliant. 1.) Admin 2.) KMS 3.) UserSync 4.) TagSync 5.) RMS > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3055) Make Ranger source code FIPS complaint
[ https://issues.apache.org/jira/browse/RANGER-3055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-3055: --- Summary: Make Ranger source code FIPS complaint (was: Make Ranger sorce code FIPS complaint) > Make Ranger source code FIPS complaint > -- > > Key: RANGER-3055 > URL: https://issues.apache.org/jira/browse/RANGER-3055 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > We need to check and make the following components FIPS compliant. > 1.) Admin > 2.) KMS > 3.) UserSync > 4.) TagSync > 5.) RMS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3055) Make Ranger sorce code FIPS complaint
Dhaval B. SHAH created RANGER-3055: -- Summary: Make Ranger sorce code FIPS complaint Key: RANGER-3055 URL: https://issues.apache.org/jira/browse/RANGER-3055 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH We need to check and make the following components FIPS compliant. 1.) Admin 2.) KMS 3.) UserSync 4.) TagSync 5.) RMS -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2978) Ranger upgrade fails due to missing DB function.
[ https://issues.apache.org/jira/browse/RANGER-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17200579#comment-17200579 ] Dhaval B. SHAH commented on RANGER-2978: Commit link : Master : [https://github.com/apache/ranger/commit/f754f832fefb2d04053b37dc02024ea251d052cf] Ranger 2.1 : [https://github.com/apache/ranger/commit/5ec9fbd0b78595084dc847f7fdc9da0506f6c482] > Ranger upgrade fails due to missing DB function. > > > Key: RANGER-2978 > URL: https://issues.apache.org/jira/browse/RANGER-2978 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0, 3.0.0 > > > Ranger upgrade fails with below error : > {code:java} > Error executing: call insert_statename_in_x_ranger_global_state(); > java.sql.SQLSyntaxErrorException: FUNCTION ranger.getXportalUIdByLoginId does > not exist > SQLException : SQL state: 42000 java.sql.SQLSyntaxErrorException: FUNCTION > ranger.getXportalUIdByLoginId does not exist ErrorCode: 1305{code} > > Issue : In patch 046-insert-statename-in-x-ranger-global-state.sql > Function _*getXportalUIdByLoginId()*_ is not define before invoking. > Affected DB Flavor : MySql, MS-SQL, Oracle, Postgres, SQL anywhere -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2998) API for Ranger KMS service status
[ https://issues.apache.org/jira/browse/RANGER-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2998: --- Fix Version/s: 2.2.0 > API for Ranger KMS service status > - > > Key: RANGER-2998 > URL: https://issues.apache.org/jira/browse/RANGER-2998 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.2.0 > > Attachments: RANGER-2998.patch > > > Need to construct the API which can be accessible without user credentials > for Ranger KMS service status. So when service Ranger KMS is successfully > started there should be status saying "Ranger KMS is up and running" when we > hit particular API. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2998) API for Ranger KMS service status
[ https://issues.apache.org/jira/browse/RANGER-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17199382#comment-17199382 ] Dhaval B. SHAH commented on RANGER-2998: Commit Link : Apache - Master [https://github.com/apache/ranger/commit/3f8df5d9bced7641e29f1469a52b5e8ab686e5d4] ranger-2.2: [https://github.com/apache/ranger/commit/72200f343f60254b75daf3d4f3eac0be804a6a64] > API for Ranger KMS service status > - > > Key: RANGER-2998 > URL: https://issues.apache.org/jira/browse/RANGER-2998 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2998.patch > > > Need to construct the API which can be accessible without user credentials > for Ranger KMS service status. So when service Ranger KMS is successfully > started there should be status saying "Ranger KMS is up and running" when we > hit particular API. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2998) API for Ranger KMS service status
[ https://issues.apache.org/jira/browse/RANGER-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2998: --- Attachment: RANGER-2998.patch > API for Ranger KMS service status > - > > Key: RANGER-2998 > URL: https://issues.apache.org/jira/browse/RANGER-2998 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2998.patch > > > Need to construct the API which can be accessible without user credentials > for Ranger KMS service status. So when service Ranger KMS is successfully > started there should be status saying "Ranger KMS is up and running" when we > hit particular API. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2998) API for Ranger KMS service status
Dhaval B. SHAH created RANGER-2998: -- Summary: API for Ranger KMS service status Key: RANGER-2998 URL: https://issues.apache.org/jira/browse/RANGER-2998 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Need to construct the API which can be accessible without user credentials for Ranger KMS service status. So when service Ranger KMS is successfully started there should be status saying "Ranger KMS is up and running" when we hit particular API. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2937) Refresh Ranger's Solr configs
[ https://issues.apache.org/jira/browse/RANGER-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2937: --- Fix Version/s: 2.1.1 2.2.0 > Refresh Ranger's Solr configs > -- > > Key: RANGER-2937 > URL: https://issues.apache.org/jira/browse/RANGER-2937 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.2.0, 2.1.1 > > > Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes > is required in solrconfig.xml > Also it uses references which are not needed by Ranger. It should be reviewed > and refreshed as needed. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2937) Refresh Ranger's Solr configs
[ https://issues.apache.org/jira/browse/RANGER-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17193394#comment-17193394 ] Dhaval B. SHAH commented on RANGER-2937: Commit Link: [https://github.com/apache/ranger/commit/4706b1093da13eae77697ea5efce7b2fae357781#diff-8c6caf31e28c9ee89af601cd5048b599] [https://github.com/apache/ranger/commit/af56dcae6ac3703357d92747f1f39873c3da1cf6#diff-8c6caf31e28c9ee89af601cd5048b599] Thanks. > Refresh Ranger's Solr configs > -- > > Key: RANGER-2937 > URL: https://issues.apache.org/jira/browse/RANGER-2937 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes > is required in solrconfig.xml > Also it uses references which are not needed by Ranger. It should be reviewed > and refreshed as needed. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for kms
[ https://issues.apache.org/jira/browse/RANGER-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2983: --- Fix Version/s: 2.2.0 > Add hbase users with Decrypteek permission in default policy for kms > > > Key: RANGER-2983 > URL: https://issues.apache.org/jira/browse/RANGER-2983 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.2.0 > > > At present we have following user ⇔ permission mapping for default policies > on KMS > Hdfs ⇔ Get Metadata , Generate EEK > Hive ⇔ Get Metadata , Decrypt EEK > Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for kms
[ https://issues.apache.org/jira/browse/RANGER-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2983: --- Summary: Add hbase users with Decrypteek permission in default policy for kms (was: Add hbase users with Decrypteek permission in default policy for cm_kms repo) > Add hbase users with Decrypteek permission in default policy for kms > > > Key: RANGER-2983 > URL: https://issues.apache.org/jira/browse/RANGER-2983 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > At present we have following user ⇔ permission mapping for default policies > on KMS > Hdfs ⇔ Get Metadata , Generate EEK > Hive ⇔ Get Metadata , Decrypt EEK > Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for cm_kms repo
Dhaval B. SHAH created RANGER-2983: -- Summary: Add hbase users with Decrypteek permission in default policy for cm_kms repo Key: RANGER-2983 URL: https://issues.apache.org/jira/browse/RANGER-2983 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH At present we have following user ⇔ permission mapping for default policies on KMS Hdfs ⇔ Get Metadata , Generate EEK Hive ⇔ Get Metadata , Decrypt EEK Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2978) Ranger upgrade fails due to missing DB function.
[ https://issues.apache.org/jira/browse/RANGER-2978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2978: --- Fix Version/s: 2.1 > Ranger upgrade fails due to missing DB function. > > > Key: RANGER-2978 > URL: https://issues.apache.org/jira/browse/RANGER-2978 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1 > > > Ranger upgrade fails with below error : > {code:java} > Error executing: call insert_statename_in_x_ranger_global_state(); > java.sql.SQLSyntaxErrorException: FUNCTION ranger.getXportalUIdByLoginId does > not exist > SQLException : SQL state: 42000 java.sql.SQLSyntaxErrorException: FUNCTION > ranger.getXportalUIdByLoginId does not exist ErrorCode: 1305{code} > > Issue : In patch 046-insert-statename-in-x-ranger-global-state.sql > Function _*getXportalUIdByLoginId()*_ is not define before invoking. > Affected DB Flavor : MySql, MS-SQL, Oracle, Postgres, SQL anywhere -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2978) Ranger upgrade fails due to missing DB function.
Dhaval B. SHAH created RANGER-2978: -- Summary: Ranger upgrade fails due to missing DB function. Key: RANGER-2978 URL: https://issues.apache.org/jira/browse/RANGER-2978 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Ranger upgrade fails with below error : {code:java} Error executing: call insert_statename_in_x_ranger_global_state(); java.sql.SQLSyntaxErrorException: FUNCTION ranger.getXportalUIdByLoginId does not exist SQLException : SQL state: 42000 java.sql.SQLSyntaxErrorException: FUNCTION ranger.getXportalUIdByLoginId does not exist ErrorCode: 1305{code} Issue : In patch 046-insert-statename-in-x-ranger-global-state.sql Function _*getXportalUIdByLoginId()*_ is not define before invoking. Affected DB Flavor : MySql, MS-SQL, Oracle, Postgres, SQL anywhere -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2937) Refresh Ranger's Solr configs
[ https://issues.apache.org/jira/browse/RANGER-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2937: --- Attachment: (was: WIP-RANGER-2937.patch) > Refresh Ranger's Solr configs > -- > > Key: RANGER-2937 > URL: https://issues.apache.org/jira/browse/RANGER-2937 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes > is required in solrconfig.xml > Also it uses references which are not needed by Ranger. It should be reviewed > and refreshed as needed. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2937) Refresh Ranger's Solr configs
[ https://issues.apache.org/jira/browse/RANGER-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2937: --- Attachment: WIP-RANGER-2937.patch > Refresh Ranger's Solr configs > -- > > Key: RANGER-2937 > URL: https://issues.apache.org/jira/browse/RANGER-2937 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: WIP-RANGER-2937.patch > > > Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes > is required in solrconfig.xml > Also it uses references which are not needed by Ranger. It should be reviewed > and refreshed as needed. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2937) Refresh Ranger's Solr configs
[ https://issues.apache.org/jira/browse/RANGER-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2937: --- Description: Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes is required in solrconfig.xml Also it uses references which are not needed by Ranger. It should be reviewed and refreshed as needed. was: Ranger is using solr 6.6. We need to upgrade it to 8.4.1 for which changes is required in solrconfig.xml Also it uses references which are not needed by Ranger. It should be reviewed and refreshed as needed. > Refresh Ranger's Solr configs > -- > > Key: RANGER-2937 > URL: https://issues.apache.org/jira/browse/RANGER-2937 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Ranger is using solr 5.2.0. We need to upgrade it to 8.4.1 for which changes > is required in solrconfig.xml > Also it uses references which are not needed by Ranger. It should be reviewed > and refreshed as needed. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2937) Refresh Ranger's Solr configs
Dhaval B. SHAH created RANGER-2937: -- Summary: Refresh Ranger's Solr configs Key: RANGER-2937 URL: https://issues.apache.org/jira/browse/RANGER-2937 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Ranger is using solr 6.6. We need to upgrade it to 8.4.1 for which changes is required in solrconfig.xml Also it uses references which are not needed by Ranger. It should be reviewed and refreshed as needed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2920) Improvement in DB scripts for handling upgrade scenario for MS-SQL
[ https://issues.apache.org/jira/browse/RANGER-2920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2920: --- Attachment: RANGER-2920.patch > Improvement in DB scripts for handling upgrade scenario for MS-SQL > -- > > Key: RANGER-2920 > URL: https://issues.apache.org/jira/browse/RANGER-2920 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2920.patch > > > 1.) 046-insert-statename-in-x-ranger-global-state.sql > Need to change _*getXportalUIdByLoginId*_ to *_dbo.getXportalUIdByLoginId_* > 2.) 047-sortorder-column-size.sql > => Declare scalar variable _*stmt*_ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2920) Improvement in DB scripts for handling upgrade scenario for MS-SQL
Dhaval B. SHAH created RANGER-2920: -- Summary: Improvement in DB scripts for handling upgrade scenario for MS-SQL Key: RANGER-2920 URL: https://issues.apache.org/jira/browse/RANGER-2920 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH 1.) 046-insert-statename-in-x-ranger-global-state.sql Need to change _*getXportalUIdByLoginId*_ to *_dbo.getXportalUIdByLoginId_* 2.) 047-sortorder-column-size.sql => Declare scalar variable _*stmt*_ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2914) Invalid obj name in DB script for MS-SQL
[ https://issues.apache.org/jira/browse/RANGER-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2914: --- Description: Need to change obj name from _*getXportalUIdByLoginId*_ to *_dbo.getXportalUIdByLoginId_* while inserting value in table x_ranger_global_state (was: Need to change obj name from _*getXportalUIdByLoginId*_ to *_dbo.getXportalUIdByLoginId_ * while inserting value in table _x_ranger_global_state_) > Invalid obj name in DB script for MS-SQL > > > Key: RANGER-2914 > URL: https://issues.apache.org/jira/browse/RANGER-2914 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2914.patch > > > Need to change obj name from _*getXportalUIdByLoginId*_ to > *_dbo.getXportalUIdByLoginId_* while inserting value in table > x_ranger_global_state -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2914) Invalid obj name in DB script for MS-SQL
[ https://issues.apache.org/jira/browse/RANGER-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2914: --- Attachment: RANGER-2914.patch > Invalid obj name in DB script for MS-SQL > > > Key: RANGER-2914 > URL: https://issues.apache.org/jira/browse/RANGER-2914 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2914.patch > > > Need to change obj name from _*getXportalUIdByLoginId*_ to > *_dbo.getXportalUIdByLoginId_ * while inserting value in table > _x_ranger_global_state_ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2914) Invalid obj name in DB script for MS-SQL
Dhaval B. SHAH created RANGER-2914: -- Summary: Invalid obj name in DB script for MS-SQL Key: RANGER-2914 URL: https://issues.apache.org/jira/browse/RANGER-2914 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Need to change obj name from _*getXportalUIdByLoginId*_ to *_dbo.getXportalUIdByLoginId_ * while inserting value in table _x_ranger_global_state_ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
[ https://issues.apache.org/jira/browse/RANGER-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2868: --- Attachment: RANGER-2868.patch > RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs > --- > > Key: RANGER-2868 > URL: https://issues.apache.org/jira/browse/RANGER-2868 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2868.patch > > > Facing below type casting error in catalina.out when Ranger KMs is configure > to use Oracle 19. > {code:java} > [EL Warning]: 2020-06-17 > 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class > java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is > in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed > module of loader 'app')[EL Warning]: 2020-06-17 > 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class > java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is > in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed > module of loader 'app')[EL Warning]: 2020-06-17 > 10:15:57.508--UnitOfWork(629597660)--java.lang.ClassCastException: class > java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is > in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed > module of loader 'app')java.lang.ClassCastException: class java.lang.String > cannot be cast to class oracle.sql.CLOB (java.lang.String is in module > java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of > loader 'app') at > org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:184) > at > org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:92) > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:740) > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:655) > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558) > at > org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:77) > at > org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:188) > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:168) > at > org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:402) > at > org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165) > at > org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180) > at > org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489) > at > org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80) > at > org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90) > at > org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301) > at > org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58) > at > org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899) > at > org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798) > at > org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108) > at > org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85) > at > org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896) > at > org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804) > at > org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786) > at > org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737) > at > org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226) > at > org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:125) > at >
[jira] [Updated] (RANGER-2867) Update Spring Security framework for Ranger
[ https://issues.apache.org/jira/browse/RANGER-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2867: --- Attachment: RANGER-2867.patch > Update Spring Security framework for Ranger > --- > > Key: RANGER-2867 > URL: https://issues.apache.org/jira/browse/RANGER-2867 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2867.patch > > > We need to upgrade springframework security from _*4.2.13*_ to *_4.2.16_* as > part of security improvment. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2867) Update Spring Security framework for Ranger
[ https://issues.apache.org/jira/browse/RANGER-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2867: --- Summary: Update Spring Security framework for Ranger (was: Update Spring Security for Ranger) > Update Spring Security framework for Ranger > --- > > Key: RANGER-2867 > URL: https://issues.apache.org/jira/browse/RANGER-2867 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > We need to upgrade springframework security from _*4.2.13*_ to *_4.2.16_* as > part of security improvment. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
[ https://issues.apache.org/jira/browse/RANGER-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2868: --- Description: Facing below type casting error in catalina.out when Ranger KMs is configure to use Oracle 19. {code:java} [EL Warning]: 2020-06-17 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of loader 'app')[EL Warning]: 2020-06-17 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of loader 'app')[EL Warning]: 2020-06-17 10:15:57.508--UnitOfWork(629597660)--java.lang.ClassCastException: class java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of loader 'app')java.lang.ClassCastException: class java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of loader 'app') at org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:184) at org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:92) at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:740) at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:655) at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558) at org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:77) at org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:188) at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:168) at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:402) at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165) at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180) at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489) at org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80) at org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90) at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301) at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58) at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899) at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798) at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108) at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85) at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896) at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804) at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786) at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737) at org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226) at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:125) at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObjectsWithChangeSet(AbstractSession.java:4207) at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabase(UnitOfWorkImpl.java:1441) at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabaseWithPreBuiltChangeSet(UnitOfWorkImpl.java:1587) at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.writeChanges(RepeatableWriteUnitOfWork.java:452) at org.eclipse.persistence.internal.jpa.EntityManagerImpl.flush(EntityManagerImpl.java:863) at org.apache.ranger.kms.dao.BaseDao.commitTransaction(BaseDao.java:88) at org.apache.ranger.kms.dao.BaseDao.create(BaseDao.java:116) at
[jira] [Created] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
Dhaval B. SHAH created RANGER-2868: -- Summary: RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs Key: RANGER-2868 URL: https://issues.apache.org/jira/browse/RANGER-2868 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Fix For: 2.1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2867) Update Spring Security for Ranger
[ https://issues.apache.org/jira/browse/RANGER-2867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2867: --- Description: We need to upgrade springframework security from _*4.2.13*_ to *_4.2.16_* as part of security improvment. (was: We need to upgrade springframework security from _*4.2.13*_ to** _*4.2.16*_ as part of security improvment.) > Update Spring Security for Ranger > - > > Key: RANGER-2867 > URL: https://issues.apache.org/jira/browse/RANGER-2867 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > We need to upgrade springframework security from _*4.2.13*_ to *_4.2.16_* as > part of security improvment. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2843) Privilege filteration is required for ranger lookup user for Nifi and Nifi Registry
Dhaval B. SHAH created RANGER-2843: -- Summary: Privilege filteration is required for ranger lookup user for Nifi and Nifi Registry Key: RANGER-2843 URL: https://issues.apache.org/jira/browse/RANGER-2843 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Fix For: 2.1.0 In case of Nifi and Nifi-Resgistry , default service and policy is not created. Hence no need to check for privileges of rangerlookup user. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
[ https://issues.apache.org/jira/browse/RANGER-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17098646#comment-17098646 ] Dhaval B. SHAH commented on RANGER-2811: Commit : [https://github.com/apache/ranger/commit/586c8562043def73ef371e2661c3fccf55a6c6ef] > Ranger should keep trying to create collection in solr until its successfully > created > - > > Key: RANGER-2811 > URL: https://issues.apache.org/jira/browse/RANGER-2811 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2811.patch, RANGER-2811_02.patch, > RANGER-2811_03.patch > > > At present No. of attemps Ranger will make to upload configs and create > collection in Solr will be the value set to prop > _*ranger.audit.solr.max.retry.*_ > By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep > trying to upload configs and create collection in Solr until its successfully > done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
[ https://issues.apache.org/jira/browse/RANGER-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2811: --- Attachment: RANGER-2811_03.patch > Ranger should keep trying to create collection in solr until its successfully > created > - > > Key: RANGER-2811 > URL: https://issues.apache.org/jira/browse/RANGER-2811 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2811.patch, RANGER-2811_02.patch, > RANGER-2811_03.patch > > > At present No. of attemps Ranger will make to upload configs and create > collection in Solr will be the value set to prop > _*ranger.audit.solr.max.retry.*_ > By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep > trying to upload configs and create collection in Solr until its successfully > done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
[ https://issues.apache.org/jira/browse/RANGER-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2811: --- Attachment: (was: RANGER-2811_01.patch) > Ranger should keep trying to create collection in solr until its successfully > created > - > > Key: RANGER-2811 > URL: https://issues.apache.org/jira/browse/RANGER-2811 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2811.patch, RANGER-2811_02.patch > > > At present No. of attemps Ranger will make to upload configs and create > collection in Solr will be the value set to prop > _*ranger.audit.solr.max.retry.*_ > By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep > trying to upload configs and create collection in Solr until its successfully > done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
[ https://issues.apache.org/jira/browse/RANGER-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2811: --- Attachment: RANGER-2811_02.patch > Ranger should keep trying to create collection in solr until its successfully > created > - > > Key: RANGER-2811 > URL: https://issues.apache.org/jira/browse/RANGER-2811 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2811.patch, RANGER-2811_02.patch > > > At present No. of attemps Ranger will make to upload configs and create > collection in Solr will be the value set to prop > _*ranger.audit.solr.max.retry.*_ > By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep > trying to upload configs and create collection in Solr until its successfully > done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
[ https://issues.apache.org/jira/browse/RANGER-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2811: --- Attachment: RANGER-2811_01.patch > Ranger should keep trying to create collection in solr until its successfully > created > - > > Key: RANGER-2811 > URL: https://issues.apache.org/jira/browse/RANGER-2811 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2811.patch, RANGER-2811_01.patch > > > At present No. of attemps Ranger will make to upload configs and create > collection in Solr will be the value set to prop > _*ranger.audit.solr.max.retry.*_ > By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep > trying to upload configs and create collection in Solr until its successfully > done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2811) Ranger should keep trying to create collection in solr until its successfully created
Dhaval B. SHAH created RANGER-2811: -- Summary: Ranger should keep trying to create collection in solr until its successfully created Key: RANGER-2811 URL: https://issues.apache.org/jira/browse/RANGER-2811 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH At present No. of attemps Ranger will make to upload configs and create collection in Solr will be the value set to prop _*ranger.audit.solr.max.retry.*_ By setting the value of above mentioned prop to _*"-1"*_ Ranger will keep trying to upload configs and create collection in Solr until its successfully done. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2712) Revisit privileges for rangerlookup user in default policies
Dhaval B. SHAH created RANGER-2712: -- Summary: Revisit privileges for rangerlookup user in default policies Key: RANGER-2712 URL: https://issues.apache.org/jira/browse/RANGER-2712 Project: Ranger Issue Type: Task Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Currently rangerlookup user has expansive list of privileges. This Jira is to restrict that to minimum level without impacting the test connection/resource lookup functionality. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2701) Improve Logging mechanism for Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2701: --- Attachment: RANGER-2701-01.patch > Improve Logging mechanism for Ranger KMS > > > Key: RANGER-2701 > URL: https://issues.apache.org/jira/browse/RANGER-2701 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2701-01.patch > > > Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. > E.G. > {code:java} > // code placeholder > 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. > 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} > This logs are useful while debugging the issue. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2701) Improve Logging mechanism for Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2701: --- Attachment: (was: RANGER-2701.patch) > Improve Logging mechanism for Ranger KMS > > > Key: RANGER-2701 > URL: https://issues.apache.org/jira/browse/RANGER-2701 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. > E.G. > {code:java} > // code placeholder > 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. > 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} > This logs are useful while debugging the issue. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2701) Improve Logging mechanism for Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2701: --- Description: Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. E.G. {code:java} // code placeholder 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} This logs are useful while debugging the issue. was: Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. E.G. {code:java} // code placeholder 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} This logs are useful while debugging the issue. > Improve Logging mechanism for Ranger KMS > > > Key: RANGER-2701 > URL: https://issues.apache.org/jira/browse/RANGER-2701 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2701.patch > > > Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. > E.G. > {code:java} > // code placeholder > 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. > 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} > This logs are useful while debugging the issue. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2701) Improve Logging mechanism for Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2701: --- Attachment: RANGER-2701.patch > Improve Logging mechanism for Ranger KMS > > > Key: RANGER-2701 > URL: https://issues.apache.org/jira/browse/RANGER-2701 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2701.patch > > > > > Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. > E.G. > {code:java} > // code placeholder > 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. > 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} > This logs are useful while debugging the issue. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2701) Improve Logging mechanism for Ranger KMS
Dhaval B. SHAH created RANGER-2701: -- Summary: Improve Logging mechanism for Ranger KMS Key: RANGER-2701 URL: https://issues.apache.org/jira/browse/RANGER-2701 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Change the logging level from INFO to DEBUG of certain logs in Ranger KMS. E.G. {code:java} // code placeholder 2019-12-13 14:45:25,844 INFO KMS - Entering decryptEncryptedKey method. 2019-12-13 14:45:25,866 INFO KMS - Exiting handleEncryptedKeyOp method.{code} This logs are useful while debugging the issue. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2674) Allow service admins to manage tag policies
[ https://issues.apache.org/jira/browse/RANGER-2674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17002259#comment-17002259 ] Dhaval B. SHAH commented on RANGER-2674: Apache commit link: [https://github.com/apache/ranger/commit/1c488dc64acfa850da2426c3ed5ffc03397f224c] > Allow service admins to manage tag policies > --- > > Key: RANGER-2674 > URL: https://issues.apache.org/jira/browse/RANGER-2674 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2674.patch > > > User is able to manage tab based policies once they are marked as service > admin in tag service _but only after that particular user is given permission > of tab "Tag based policies"._ > As part of this Jira we will extend the functionality in such a way like, > _Once any particular user is marked as service admin while creating / > updating tag based service then we need to provide permission of tab "Tag > based policies" to that user._ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2674) Allow service admins to manage tag policies
[ https://issues.apache.org/jira/browse/RANGER-2674?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2674: --- Attachment: RANGER-2674.patch > Allow service admins to manage tag policies > --- > > Key: RANGER-2674 > URL: https://issues.apache.org/jira/browse/RANGER-2674 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2674.patch > > > User is able to manage tab based policies once they are marked as service > admin in tag service _but only after that particular user is given permission > of tab "Tag based policies"._ > As part of this Jira we will extend the functionality in such a way like, > _Once any particular user is marked as service admin while creating / > updating tag based service then we need to provide permission of tab "Tag > based policies" to that user._ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16997251#comment-16997251 ] Dhaval B. SHAH commented on RANGER-2668: Apache Commit Link: [https://github.com/apache/ranger/commit/6396e3a473fe8b2bc7282b402575299d9c09d8df] > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch, RANGER-2668-02.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2668: --- Attachment: RANGER-2668-02.patch > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch, RANGER-2668-02.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2668: --- Description: Ranger KMS shouldn't be having Tag based service hence with regards to this jira. 1.) No Tag based service will be associated with RangerKMS default service. was: Ranger KMS shouldn't be having Tag based service hence with regards to this jira. 1.) No Tag based service will be associated with RangerKMS default service. 2.) User should not be able to associate tag service while creating and updating RangerKMS service . > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch, RANGER-2668-02.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2674) Allow service admins to manage tag policies
Dhaval B. SHAH created RANGER-2674: -- Summary: Allow service admins to manage tag policies Key: RANGER-2674 URL: https://issues.apache.org/jira/browse/RANGER-2674 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH User is able to manage tab based policies once they are marked as service admin in tag service _but only after that particular user is given permission of tab "Tag based policies"._ As part of this Jira we will extend the functionality in such a way like, _Once any particular user is marked as service admin while creating / updating tag based service then we need to provide permission of tab "Tag based policies" to that user._ -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2668: --- Attachment: RANGER-2668-01.patch > Remove tag service linking for any service created in Ranger KMS > > > Key: RANGER-2668 > URL: https://issues.apache.org/jira/browse/RANGER-2668 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2668-01.patch > > > Ranger KMS shouldn't be having Tag based service hence with regards to this > jira. > 1.) No Tag based service will be associated with RangerKMS default service. > 2.) User should not be able to associate tag service while creating and > updating RangerKMS service . -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2668) Remove tag service linking for any service created in Ranger KMS
Dhaval B. SHAH created RANGER-2668: -- Summary: Remove tag service linking for any service created in Ranger KMS Key: RANGER-2668 URL: https://issues.apache.org/jira/browse/RANGER-2668 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Ranger KMS shouldn't be having Tag based service hence with regards to this jira. 1.) No Tag based service will be associated with RangerKMS default service. 2.) User should not be able to associate tag service while creating and updating RangerKMS service . -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2650) Public group should not be given access to all kafka resources in default ranger policies
[ https://issues.apache.org/jira/browse/RANGER-2650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH resolved RANGER-2650. Resolution: Fixed > Public group should not be given access to all kafka resources in default > ranger policies > - > > Key: RANGER-2650 > URL: https://issues.apache.org/jira/browse/RANGER-2650 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > > If authentication type is simple, we do add public group to default policy > item. Any user setting up Ranger in simple mode and after that enabling > Kerberos on that cluster will have this extra policy providing public group > all permissions on Kafka. > We shouldn't be adding public group to default policies neither in simple > mode nor in kerberos. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2650) Public group should not be given access to all kafka resources in default ranger policies
[ https://issues.apache.org/jira/browse/RANGER-2650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16987553#comment-16987553 ] Dhaval B. SHAH commented on RANGER-2650: Reason of adding _*{{public}}*_ user group on all policies items created for authorizing Kafka access over non-secure channel are as follows: * Kafka can’t assert the identity of client user over a non-secure channel. Thus, Kafka treats all users for such access as an anonymous user (a special user literally named {{ANONYMOUS}}). * Ranger's {{public}} user group is a means to model all users which, of course, includes this anonymous user ({{ANONYMOUS}}). [[https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin#KafkaPlugin-WhydowehavetospecifypublicusergrouponallpoliciesitemscreatedforauthorizingKafkaaccessovernon-securechannel?|http://example.com]/] We need to add the documentation of removing the public group from default policies of kafka after upgrading the cluster from simple to kerberoze. Thanks. > Public group should not be given access to all kafka resources in default > ranger policies > - > > Key: RANGER-2650 > URL: https://issues.apache.org/jira/browse/RANGER-2650 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > > If authentication type is simple, we do add public group to default policy > item. Any user setting up Ranger in simple mode and after that enabling > Kerberos on that cluster will have this extra policy providing public group > all permissions on Kafka. > We shouldn't be adding public group to default policies neither in simple > mode nor in kerberos. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2649) Unix user doesn't get 'Admin' role when set through assignment rules
[ https://issues.apache.org/jira/browse/RANGER-2649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2649: --- Attachment: RANGER-2649.patch > Unix user doesn't get 'Admin' role when set through assignment rules > > > Key: RANGER-2649 > URL: https://issues.apache.org/jira/browse/RANGER-2649 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2649.patch > > > h3. Reproduction > h4. Preconditions > * User sync source is set to Unix (ranger.usersync.source.impl.class set to > org.apache.ranger.unixusersync.process.UnixUserGroupBuilder) > * user2 is a unix user, and user2 is deleted in Ranger > h4. Steps > # Set ranger.usersync.group.based.role.assignment.rules to > ROLE_SYS_ADMIN:u:user2 > # Restart Ranger > # In ranger admin page go to Settings -> Users/Groups. Look for user2, and > observe it has the role 'User' > # Restart Ranger again > # Repeat step 3. but this time observe that user2 has the role 'Admin' > h3. Expected behaviour > user2 should get 'Admin' role right after the first restart. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2650) Public group should not be given access to all kafka resources in default ranger policies
[ https://issues.apache.org/jira/browse/RANGER-2650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2650: --- Description: If authentication type is simple, we do add public group to default policy item. Any user setting up Ranger in simple mode and after that enabling Kerberos on that cluster will have this extra policy providing public group all permissions on Kafka. We shouldn't be adding public group to default policies neither in simple mode nor in kerberos. was: If authentication type is simple, we do add public group to default policy item. Any user setting up Ranger in simple mode and after that enabling Kerberos on that cluster will have this extra policy providing public group all permissions on Kafka. We shouldn't be adding public group to default policies neither is simple mode nor in kerberos. > Public group should not be given access to all kafka resources in default > ranger policies > - > > Key: RANGER-2650 > URL: https://issues.apache.org/jira/browse/RANGER-2650 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > If authentication type is simple, we do add public group to default policy > item. Any user setting up Ranger in simple mode and after that enabling > Kerberos on that cluster will have this extra policy providing public group > all permissions on Kafka. > We shouldn't be adding public group to default policies neither in simple > mode nor in kerberos. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2650) Public group should not be given access to all kafka resources in default ranger policies
Dhaval B. SHAH created RANGER-2650: -- Summary: Public group should not be given access to all kafka resources in default ranger policies Key: RANGER-2650 URL: https://issues.apache.org/jira/browse/RANGER-2650 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH If authentication type is simple, we do add public group to default policy item. Any user setting up Ranger in simple mode and after that enabling Kerberos on that cluster will have this extra policy providing public group all permissions on Kafka. We should be adding public group to default policies neither is simple mode nor in kerberos. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2649) Unix user doesn't get 'Admin' role when set through assignment rules
Dhaval B. SHAH created RANGER-2649: -- Summary: Unix user doesn't get 'Admin' role when set through assignment rules Key: RANGER-2649 URL: https://issues.apache.org/jira/browse/RANGER-2649 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH h3. Reproduction h4. Preconditions * User sync source is set to Unix (ranger.usersync.source.impl.class set to org.apache.ranger.unixusersync.process.UnixUserGroupBuilder) * user2 is a unix user, and user2 is deleted in Ranger h4. Steps # Set ranger.usersync.group.based.role.assignment.rules to ROLE_SYS_ADMIN:u:user2 # Restart Ranger # In ranger admin page go to Settings -> Users/Groups. Look for user2, and observe it has the role 'User' # Restart Ranger again # Repeat step 3. but this time observe that user2 has the role 'Admin' h3. Expected behaviour user2 should get 'Admin' role right after the first restart. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2378) KeySecure HSM Integration is not compatible with Java9
[ https://issues.apache.org/jira/browse/RANGER-2378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16963939#comment-16963939 ] Dhaval B. SHAH commented on RANGER-2378: Apache commit Link: [https://github.com/apache/ranger/commit/1a6b97e2c948347383ae2c279721e1c3ea7eaff5] > KeySecure HSM Integration is not compatible with Java9 > -- > > Key: RANGER-2378 > URL: https://issues.apache.org/jira/browse/RANGER-2378 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Zsombor Gegesy >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2378.patch, RANGER-2378_01.patch > > > The patch introduced in RANGER-2331 relies on internal > sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between > Java 8 and 9, so the code no longer compiles on Java9+. > The Java8 way of doing (documented > [here|https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html] > ) is: > {code} > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > {code} > However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor > with a String parameter, and the documentation > [suggests|https://docs.oracle.com/javase/9/security/pkcs11-reference-guide1.htm] > suggest to use: > {code} > Provider p = Security.getProvider("SunPKCS11"); > p = p.configure(configName); > Security.addProvider(p); > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2378) KeySecure HSM Integration is not compatible with Java9
[ https://issues.apache.org/jira/browse/RANGER-2378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2378: --- Attachment: RANGER-2378_01.patch > KeySecure HSM Integration is not compatible with Java9 > -- > > Key: RANGER-2378 > URL: https://issues.apache.org/jira/browse/RANGER-2378 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Zsombor Gegesy >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2378.patch, RANGER-2378_01.patch > > > The patch introduced in RANGER-2331 relies on internal > sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between > Java 8 and 9, so the code no longer compiles on Java9+. > The Java8 way of doing (documented > [here|https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html] > ) is: > {code} > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > {code} > However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor > with a String parameter, and the documentation > [suggests|https://docs.oracle.com/javase/9/security/pkcs11-reference-guide1.htm] > suggest to use: > {code} > Provider p = Security.getProvider("SunPKCS11"); > p = p.configure(configName); > Security.addProvider(p); > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
[ https://issues.apache.org/jira/browse/RANGER-2537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16952663#comment-16952663 ] Dhaval B. SHAH commented on RANGER-2537: [https://github.com/apache/ranger/commit/50d8f2fa8ce564cea522c95b97a17421edb7fcd9] > Ranger KMS having wrong bit length and version in DB after after export / > import within keystore file > - > > Key: RANGER-2537 > URL: https://issues.apache.org/jira/browse/RANGER-2537 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2537.patch, RANGER-2537_01.patch > > > Hi, > Consider below data in DB of Ranger KMS > ||Key Name||Bit Lenght||Version|| > |ezkey|128|1| > |ezkey@0|128|1| > Export keys to keystore file. > Delete keys from UI and make sure DB is empty. > Import keys from keystore file. > Now observe the DB > ||Key Name||Bit Lenght||Version|| > |ezkey|0|0| > |ezkey@0|128|1| -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
[ https://issues.apache.org/jira/browse/RANGER-2537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2537: --- Attachment: RANGER-2537.patch RANGER-2537_01.patch > Ranger KMS having wrong bit length and version in DB after after export / > import within keystore file > - > > Key: RANGER-2537 > URL: https://issues.apache.org/jira/browse/RANGER-2537 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2537.patch, RANGER-2537_01.patch > > > Hi, > Consider below data in DB of Ranger KMS > ||Key Name||Bit Lenght||Version|| > |ezkey|128|1| > |ezkey@0|128|1| > Export keys to keystore file. > Delete keys from UI and make sure DB is empty. > Import keys from keystore file. > Now observe the DB > ||Key Name||Bit Lenght||Version|| > |ezkey|0|0| > |ezkey@0|128|1| -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
[ https://issues.apache.org/jira/browse/RANGER-2537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2537: --- Attachment: (was: WIP-RANGER-2537.patch) > Ranger KMS having wrong bit length and version in DB after after export / > import within keystore file > - > > Key: RANGER-2537 > URL: https://issues.apache.org/jira/browse/RANGER-2537 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Hi, > Consider below data in DB of Ranger KMS > ||Key Name||Bit Lenght||Version|| > |ezkey|128|1| > |ezkey@0|128|1| > Export keys to keystore file. > Delete keys from UI and make sure DB is empty. > Import keys from keystore file. > Now observe the DB > ||Key Name||Bit Lenght||Version|| > |ezkey|0|0| > |ezkey@0|128|1| -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2571) Need to add Knox proxy configuration support in Ranger plugins
[ https://issues.apache.org/jira/browse/RANGER-2571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2571: --- Attachment: RANGER-2571_01.patch > Need to add Knox proxy configuration support in Ranger plugins > -- > > Key: RANGER-2571 > URL: https://issues.apache.org/jira/browse/RANGER-2571 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2571.patch, RANGER-2571_01.patch > > > Need to add support for below property in the {{ranger--security.xml}} > * {{ranger.plugin..use.x-forwarded-for.ipaddress=true}} > * {{ranger.plugin..trusted.proxy.ipaddress}} which should be > set to IP addresses of Knox hosts . > The Plugin services which require to support the configurations are HDFS, > Hive, HBase, Yarn, and probably Solr. For now Kafka and Knox will not require > to support proxy feature. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2571) Need to add Knox proxy configuration support in Ranger plugins
[ https://issues.apache.org/jira/browse/RANGER-2571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2571: --- Attachment: RANGER-2571.patch > Need to add Knox proxy configuration support in Ranger plugins > -- > > Key: RANGER-2571 > URL: https://issues.apache.org/jira/browse/RANGER-2571 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2571.patch > > > Need to add support for below property in the {{ranger--security.xml}} > * {{ranger.plugin..use.x-forwarded-for.ipaddress=true}} > * {{ranger.plugin..trusted.proxy.ipaddress}} which should be > set to IP addresses of Knox hosts . > The Plugin services which require to support the configurations are HDFS, > Hive, HBase, Yarn, and probably Solr. For now Kafka and Knox will not require > to support proxy feature. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2571) Need to add Knox proxy configuration support in Ranger plugins
Dhaval B. SHAH created RANGER-2571: -- Summary: Need to add Knox proxy configuration support in Ranger plugins Key: RANGER-2571 URL: https://issues.apache.org/jira/browse/RANGER-2571 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Need to add support for below property in the {{ranger--security.xml}} * {{ranger.plugin..use.x-forwarded-for.ipaddress=true}} * {{ranger.plugin..trusted.proxy.ipaddress}} which should be set to IP addresses of Knox hosts . The Plugin services which require to support the configurations are HDFS, Hive, HBase, Yarn, and probably Solr. For now Kafka and Knox will not require to support proxy feature. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2378) KeySecure HSM Integration is not compatible with Java9
[ https://issues.apache.org/jira/browse/RANGER-2378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2378: --- Attachment: RANGER-2378.patch > KeySecure HSM Integration is not compatible with Java9 > -- > > Key: RANGER-2378 > URL: https://issues.apache.org/jira/browse/RANGER-2378 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Zsombor Gegesy >Assignee: bhavik patel >Priority: Major > Attachments: RANGER-2378.patch > > > The patch introduced in RANGER-2331 relies on internal > sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between > Java 8 and 9, so the code no longer compiles on Java9+. > The Java8 way of doing (documented > [here|https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html] > ) is: > {code} > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > {code} > However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor > with a String parameter, and the documentation > [suggests|https://docs.oracle.com/javase/9/security/pkcs11-reference-guide1.htm] > suggest to use: > {code} > Provider p = Security.getProvider("SunPKCS11"); > p = p.configure(configName); > Security.addProvider(p); > {code} > -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Assigned] (RANGER-2378) KeySecure HSM Integration is not compatible with Java9
[ https://issues.apache.org/jira/browse/RANGER-2378?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH reassigned RANGER-2378: -- Assignee: Dhaval B. SHAH (was: bhavik patel) > KeySecure HSM Integration is not compatible with Java9 > -- > > Key: RANGER-2378 > URL: https://issues.apache.org/jira/browse/RANGER-2378 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Zsombor Gegesy >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2378.patch > > > The patch introduced in RANGER-2331 relies on internal > sun.security.pkcs11.SunPKCS11 class, unfortunately this class changed between > Java 8 and 9, so the code no longer compiles on Java9+. > The Java8 way of doing (documented > [here|https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html] > ) is: > {code} > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > {code} > However, in Java 9, sun.security.pkcs11.SunPKCS11 doesn't have a constructor > with a String parameter, and the documentation > [suggests|https://docs.oracle.com/javase/9/security/pkcs11-reference-guide1.htm] > suggest to use: > {code} > Provider p = Security.getProvider("SunPKCS11"); > p = p.configure(configName); > Security.addProvider(p); > {code} > -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
[ https://issues.apache.org/jira/browse/RANGER-2537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2537: --- Attachment: WIP-RANGER-2537.patch > Ranger KMS having wrong bit length and version in DB after after export / > import within keystore file > - > > Key: RANGER-2537 > URL: https://issues.apache.org/jira/browse/RANGER-2537 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: WIP-RANGER-2537.patch > > > Hi, > Consider below data in DB of Ranger KMS > ||Key Name||Bit Lenght||Version|| > |ezkey|128|1| > |ezkey@0|128|1| > Export keys to keystore file. > Delete keys from UI and make sure DB is empty. > Import keys from keystore file. > Now observe the DB > ||Key Name||Bit Lenght||Version|| > |ezkey|0|0| > |ezkey@0|128|1| -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Commented] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
[ https://issues.apache.org/jira/browse/RANGER-2537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16908865#comment-16908865 ] Dhaval B. SHAH commented on RANGER-2537: I have attached the WIP patch for this jira. This patch needs to be committed only after RANGER-2497 > Ranger KMS having wrong bit length and version in DB after after export / > import within keystore file > - > > Key: RANGER-2537 > URL: https://issues.apache.org/jira/browse/RANGER-2537 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > Hi, > Consider below data in DB of Ranger KMS > ||Key Name||Bit Lenght||Version|| > |ezkey|128|1| > |ezkey@0|128|1| > Export keys to keystore file. > Delete keys from UI and make sure DB is empty. > Import keys from keystore file. > Now observe the DB > ||Key Name||Bit Lenght||Version|| > |ezkey|0|0| > |ezkey@0|128|1| -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Created] (RANGER-2537) Ranger KMS having wrong bit length and version in DB after after export / import within keystore file
Dhaval B. SHAH created RANGER-2537: -- Summary: Ranger KMS having wrong bit length and version in DB after after export / import within keystore file Key: RANGER-2537 URL: https://issues.apache.org/jira/browse/RANGER-2537 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH Hi, Consider below data in DB of Ranger KMS ||Key Name||Bit Lenght||Version|| |ezkey|128|1| |ezkey@0|128|1| Export keys to keystore file. Delete keys from UI and make sure DB is empty. Import keys from keystore file. Now observe the DB ||Key Name||Bit Lenght||Version|| |ezkey|0|0| |ezkey@0|128|1| -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (RANGER-2497) Support Azure Key Vault for storing master keys of Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2497: --- Attachment: RANGER-2497_02.patch > Support Azure Key Vault for storing master keys of Ranger KMS > -- > > Key: RANGER-2497 > URL: https://issues.apache.org/jira/browse/RANGER-2497 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: bhavik patel >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2497.patch, RANGER-2497_02.patch > > > h2. Description > User story: As a security admin, I want to escrow and manage master > encryption keys for securing my Hadoop cluster EZs in Ranger KMS service with > Azure Key Vault service. > For Microsoft Azure Key Vault overview refer to: > [https://docs.microsoft.com/en-us/azure/key-vault/] > For REST API guide refer to: > [https://docs.microsoft.com/en-us/rest/api/keyvault/] > Acceptance Criteria: > * Ranger KMS has ability to configure AKV service to be used for master key > offload > * Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using AKV -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (RANGER-2497) Support Azure Key Vault for storing master keys of Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2497: --- Attachment: RANGER-2497.patch > Support Azure Key Vault for storing master keys of Ranger KMS > -- > > Key: RANGER-2497 > URL: https://issues.apache.org/jira/browse/RANGER-2497 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: bhavik patel >Assignee: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2497.patch > > > h2. Description > User story: As a security admin, I want to escrow and manage master > encryption keys for securing my Hadoop cluster EZs in Ranger KMS service with > Azure Key Vault service. > For Microsoft Azure Key Vault overview refer to: > [https://docs.microsoft.com/en-us/azure/key-vault/] > For REST API guide refer to: > [https://docs.microsoft.com/en-us/rest/api/keyvault/] > Acceptance Criteria: > * Ranger KMS has ability to configure AKV service to be used for master key > offload > * Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using AKV -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Assigned] (RANGER-2497) Support Azure Key Vault for storing master keys of Ranger KMS
[ https://issues.apache.org/jira/browse/RANGER-2497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH reassigned RANGER-2497: -- Assignee: Dhaval B. SHAH (was: bhavik patel) > Support Azure Key Vault for storing master keys of Ranger KMS > -- > > Key: RANGER-2497 > URL: https://issues.apache.org/jira/browse/RANGER-2497 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: bhavik patel >Assignee: Dhaval B. SHAH >Priority: Major > > h2. Description > User story: As a security admin, I want to escrow and manage master > encryption keys for securing my Hadoop cluster EZs in Ranger KMS service with > Azure Key Vault service. > For Microsoft Azure Key Vault overview refer to: > [https://docs.microsoft.com/en-us/azure/key-vault/] > For REST API guide refer to: > [https://docs.microsoft.com/en-us/rest/api/keyvault/] > Acceptance Criteria: > * Ranger KMS has ability to configure AKV service to be used for master key > offload > * Ranger KMS provides ability to provide key management functions (create > keys, manage keys, retrieve keys, rollover) using AKV -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Attachment: RANGER-2408-04.patch > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Dhaval B. SHAH >Assignee: bhavik patel >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2408-04.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Attachment: (was: RANGER-2408-03.patch) > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Dhaval B. SHAH >Assignee: bhavik patel >Priority: Major > Fix For: 2.0.0 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Attachment: (was: RANGER-2408) > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Dhaval B. SHAH >Assignee: bhavik patel >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2408-03.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Attachment: RANGER-2408-03.patch > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Dhaval B. SHAH >Assignee: bhavik patel >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2408-03.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Affects Version/s: 2.0.0 > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Dhaval B. SHAH >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2408 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Fix Version/s: 2.0.0 > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Priority: Major > Fix For: 2.0.0 > > Attachments: RANGER-2408 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2408) Restrict Ranger User's capabilities according to their role
[ https://issues.apache.org/jira/browse/RANGER-2408?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2408: --- Attachment: RANGER-2408 > Restrict Ranger User's capabilities according to their role > --- > > Key: RANGER-2408 > URL: https://issues.apache.org/jira/browse/RANGER-2408 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Priority: Major > Attachments: RANGER-2408 > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2408) Restrict Ranger User's capabilities according to their role
Dhaval B. SHAH created RANGER-2408: -- Summary: Restrict Ranger User's capabilities according to their role Key: RANGER-2408 URL: https://issues.apache.org/jira/browse/RANGER-2408 Project: Ranger Issue Type: Sub-task Components: Ranger Reporter: Dhaval B. SHAH -- This message was sent by Atlassian JIRA (v7.6.3#76005)