Re: Review Request 74848: RANGER-4544 : Implement best coding practices for policy resources
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74848/#review226188 --- Ship it! Ship It! - Mehul Parikh On Jan. 30, 2024, 7 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74848/ > --- > > (Updated Jan. 30, 2024, 7 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Shah, Dineshkumar Yadav, > Mehul Parikh, Mugdha Varadkar, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4544 > https://issues.apache.org/jira/browse/RANGER-4544 > > > Repository: ranger > > > Description > --- > > Implement best coding practices for policy resources > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx > aa541bf72 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx > dafbc7371 > > > Diff: https://reviews.apache.org/r/74848/diff/1/ > > > Testing > --- > > Tested that Resources in masking policy and row level policy populate > properly. > Tested CRUD opration on Hive, Atlas, Tag, HDFS service policy. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 74817: RANGER-4612 Fix to use correct service for resource lookup API in security zone
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74817/#review226186 --- Ship it! Ship It! - Mehul Parikh On Jan. 4, 2024, 12:07 p.m., Mugdha Varadkar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74817/ > --- > > (Updated Jan. 4, 2024, 12:07 p.m.) > > > Review request for ranger, Brijesh Bhalala and Dhaval Rajpara. > > > Bugs: RANGER-4612 > https://issues.apache.org/jira/browse/RANGER-4612 > > > Repository: ranger > > > Description > --- > > Actual - > > Found a issue in security zone when a resource lookup for a particular > service is executed. It is not using the current service in case of multiple > services present with same service-def type. > > Expected - > > Need to use the correct service to trigger a resource lookup API in > security zone. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx > 90a257ae682a5be613f10810ae7b97bb35c1e286 > > > Diff: https://reviews.apache.org/r/74817/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with React JS code > base. > Verified the current selected service is used for resource lookup in security > zone form while adding resources. > > > Successful completion of build command : > mvn clean compile package > > > Thanks, > > Mugdha Varadkar > >
Re: Review Request 74838: RANGER-4656 Filtering the resources in the search filter options on the policy listing page based on policy type.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74838/#review226190 --- Ship it! Ship It! - Mehul Parikh On Jan. 29, 2024, 12:57 p.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74838/ > --- > > (Updated Jan. 29, 2024, 12:57 p.m.) > > > Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan > Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4656 > https://issues.apache.org/jira/browse/RANGER-4656 > > > Repository: ranger > > > Description > --- > > Filtering the resources in the search filter options on the policy listing > page based on policy type. > > Current Behaviour :- > > All the resources are displayed in search filter options on policy listing > page, > For masking and row level all resources are there in search filter option, > there is no filteration of resources on the basis of policy type. > > The resources should be filter on the basis of policy type in search filter > options in policy listing page. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListing.jsx > e7e38d38c > > > Diff: https://reviews.apache.org/r/74838/diff/1/ > > > Testing > --- > > Applied the patch on a cluster and tested the following UI scenarios :- > 1)Crud operation on policies. > 2)Search policies by entering resources in search filter of policy listing > table. > > > Thanks, > > Brijesh Bhalala > >
Re: Review Request 74843: RANGER-4659: Add eye icon for password visibility in Ranger Login Page
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74843/#review226189 --- Ship it! Ship It! - Mehul Parikh On Jan. 29, 2024, 12:59 p.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74843/ > --- > > (Updated Jan. 29, 2024, 12:59 p.m.) > > > Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan > Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4659 > https://issues.apache.org/jira/browse/RANGER-4659 > > > Repository: ranger > > > Description > --- > > Add eye icon for password visibility in Ranger Login Page > > Current Behaviour:- > 1)The Ranger login page doesn't have the password visibility functionality. > 2)Users can't check the entered password, in case of wrong password. > > User should able to view the entered password by clicking on eye icon on > password field in Ranger Login page. > > > Diffs > - > > security-admin/src/main/webapp/login.jsp ad82ea9eb > security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js a2eeccab6 > security-admin/src/main/webapp/styles/xa.css de8101174 > > > Diff: https://reviews.apache.org/r/74843/diff/3/ > > > Testing > --- > > Applied the patch on a cluster and tested the following UI scenarios :- > 1)Username and Password fields in Login Page. > 2)Hide and show functionality in password field. > > > Thanks, > > Brijesh Bhalala > >
Re: Review Request 74837: RANGER-4653: Add inline assertions for displayName length in service creation / update form
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74837/#review226187 --- Ship it! Ship It! - Mehul Parikh On Jan. 13, 2024, 5:06 p.m., Abhishek Patil wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74837/ > --- > > (Updated Jan. 13, 2024, 5:06 p.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, Mugdha Varadkar, and Ramesh Mani. > > > Bugs: RANGER-4653 > https://issues.apache.org/jira/browse/RANGER-4653 > > > Repository: ranger > > > Description > --- > > In the service create / update form, an inline assertion has to be added for > displayName validation (length and preventing use of special characters). > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx > abb98954f > > > Diff: https://reviews.apache.org/r/74837/diff/1/ > > > Testing > --- > > Applied the patch on a cluster and tested the following UI scenarios :- > 1. Creation of a service with empty displayName, creation succeeded (expected > as displayName is not a mandatory field). > 2. Creation of a service with displayName that adheres to the valid regex (no > invalid special characters and length less than 256 characters), service > creation succeeded. > 3. Creation of a service with displayName with invalid special characters, > form submission failed (as expected). > 4. Creation of a service with displayName length greater than 256 characters, > form submission failed (as expected). > 5. Edit a service by modifying the displayName with valid name, edit > succeeded. > 6. Edit a service by modifying the displayName with invalid special > characters, form submission failed (as expected). > 7. Edit a service by modifying the displayName with length greater than 256 > characters, form submission failed (as expected). > > > Thanks, > > Abhishek Patil > >
Re: Review Request 74756: RANGER-4559: Migrate Ranger modules to junit5 - phase 1
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74756/#review226006 --- Ship it! Ship It! - Mehul Parikh On Nov. 25, 2023, 6:51 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74756/ > --- > > (Updated Nov. 25, 2023, 6:51 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan > Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4559 > https://issues.apache.org/jira/browse/RANGER-4559 > > > Repository: ranger > > > Description > --- > > This sub-task is responsible to migrate following maven sub-modules to junit5. > > 01. conditions-enrichers > 02. credentialsbuilder > 03. embeddedwebserver > 04. jisql > 05. ldapconfigcheck > 06. ranger-atlas-plugin > 07. ranger-atlas-plugin-shim > 08. ranger-authn > 09. ranger-common-ha > 10. ranger-elasticsearch-plugin > 11. ranger-elasticsearch-plugin-shim > 12. ranger-hive-plugin > 13. ranger-hive-plugin-shim > 14. ranger-intg > 15. ranger-kafka-plugin > 16. ranger-kafka-plugin-shim > > > Diffs > - > > credentialbuilder/pom.xml c18d5585c > > credentialbuilder/src/test/java/org/apache/ranger/credentialapi/TestCredentialReader.java > ff3ce843e > > credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java > c9fb54c00 > hive-agent/pom.xml 8a21ab81d > > hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java > 2f6f1d846 > > hive-agent/src/test/java/org/apache/ranger/services/hive/TestAllHiveOperationInRanger.java > d424bb4fb > intg/pom.xml 4654ef7f7 > intg/src/test/java/org/apache/ranger/TestRangerClient.java 7da6b18a5 > plugin-kafka/pom.xml 9fa913741 > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java > f33405a2f > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java > 90bd628f8 > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java > 9a7d5fe83 > > plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java > e48dd2535 > ranger-authn/pom.xml 4ee98f8a5 > ranger-common-ha/pom.xml 2faa243e4 > > ranger-common-ha/src/test/java/org/apache/ranger/ha/service/TestRangerServiceServerIdSelector.java > 0cd55a2a6 > ranger-examples/conditions-enrichers/pom.xml 70e9c6c74 > > ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java > 22e298df5 > > > Diff: https://reviews.apache.org/r/74756/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install > 2. mvn clean compile package install -Psecurity-admin-react > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74704: RANGER-4495: Upgrade netty to 4.1.100.Final
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74704/#review225904 --- Ship it! Ship It! - Mehul Parikh On Oct. 30, 2023, 5:56 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74704/ > --- > > (Updated Oct. 30, 2023, 5:56 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Harshal Chavan, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Sailaja > Polavarapu. > > > Bugs: RANGER-4495 > https://issues.apache.org/jira/browse/RANGER-4495 > > > Repository: ranger > > > Description > --- > > Upgrade netty to 4.1.100-final or higher > > > Diffs > - > > pom.xml 115580ada > > > Diff: https://reviews.apache.org/r/74704/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74616: RANGER-4422: Searching for users/groups with Sync source filter on the users/groups page leads to error on Oracle DB
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74616/#review225778 --- Ship it! Ship It! - Mehul Parikh On Sept. 20, 2023, 10:41 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74616/ > --- > > (Updated Sept. 20, 2023, 10:41 a.m.) > > > Review request for ranger, Abhishek Kumar, bhavik patel, Dhaval Shah, > Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4422 > https://issues.apache.org/jira/browse/RANGER-4422 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** While searching for users / groups using the "Sync > Source" filter on the Users/Groups page, it leads to an error page. This > issue is present only on Oracle DB > > ``Error Message:`` > 2023-09-19 17:10:19,701 ERROR org.apache.ranger.biz.XUserMgr: > [https-jsse-nio-6182-exec-9]: Error getting the exact match of group > =>javax.persistence.PersistenceException: Exception [EclipseLink-4002] > (Eclipse Persistence Services - 2.7.12.v20230209-e5c4074ef3): > org.eclipse.persistence.exceptions.DatabaseException > Internal Exception: java.sql.SQLSyntaxErrorException: ORA-00932: inconsistent > datatypes: expected - got CLOB > > Error Code: 932 > Call: SELECT COUNT(ID) FROM x_group WHERE (((? = ?) AND LOWER(GROUP_NAME) > LIKE ?) AND (LOWER(SYNC_SOURCE) = ?)) > bind => [4 parameters bound] > Query: ReportQuery(referenceClass=XXGroup sql="SELECT COUNT(ID) FROM x_group > WHERE (((? = ?) AND LOWER(GROUP_NAME) LIKE ?) AND (LOWER(SYNC_SOURCE) = ?))") > 2023-09-19 17:10:21,654 WARN org.apache.ranger.biz.XUserMgr: > [https-jsse-nio-6182-exec-5]: XUserMgr.searchXGroups: unexpected > searchCriteriaParam:name > > > **Proposed solution:** The above error is due to SYNC_SOURCE column being > used in where clause which is of clob type in oracle and can not be used > directly. According to oracle documents type casting need to be done but > since type casting functions are different in different db flavor using them > and customizing the code for each flavor seems messy. The other possible > approach is we can use 'partial search approach' (rather 'full') in the code > which shall be converted to like query as per underlying db flavor. like > clause shall take care of type casting as well. since 'sync_source' column > values are restricted to 4 distinct possible values, choosing one values in > the filter will not bring the result of another 'sync_source'. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/service/XGroupService.java > 650760304 > security-admin/src/main/java/org/apache/ranger/service/XUserService.java > d7c011ca3 > > > Diff: https://reviews.apache.org/r/74616/diff/1/ > > > Testing > --- > > Tried Ranger installation with the proposed patch and the behaviour is as per > the expectation. Search request with sync_source filter completed > successfully and page was loaded with records. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74588: RANGER-4401: Configurable Graalvm features
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74588/#review225759
---
Ship it!
Ship It!
- Mehul Parikh
On Sept. 13, 2023, 9:50 a.m., Kishor Gollapalliwar wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74588/
> ---
>
> (Updated Sept. 13, 2023, 9:50 a.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan
> Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan
> Periasamy.
>
>
> Bugs: RANGER-4401
> https://issues.apache.org/jira/browse/RANGER-4401
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Currently the only way of enabling GraalVm features/ options is by passing
> JVM options. Which might not be feasible always. Hence we need a plugin
> config, which will make GraalVm feature enabling configurable.
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
> 10c2de6b3
>
>
> Diff: https://reviews.apache.org/r/74588/diff/3/
>
>
> Testing
> ---
>
> 1. mvn clean compile package install
> 2. Verified following policy conditions scenarios for hive plugin
> 2.1 ctx.getAttributeValue("kg_tag", "name").equals("hivetag");
> 2.2 ctx.getUser().equals("kgtest");
> 2.3 ctx.getUserGroups().size() > 0;
> 2.4 ctx.getClientIPAddress().equals("xxx.xx.xxx.xx");
> 2.5 _ctx.request.accessType == 'select';
> 2.6 _ctx.request.user == 'kgtest';
> 2.7 _ctx.request.userGroups.length > 0;
> 2.8 Object.keys(_ctx.request.userAttributes).length > 0;
> 2.9 Object.keys(_ctx.request.userGroupAttributes).length > 0;
> 2.10 Object.keys(_ctx.tags).length > 0;
>
>
> Thanks,
>
> Kishor Gollapalliwar
>
>
Re: Review Request 74554: RANGER-4371: Ranger authn - add doAs support for JWT authentication
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74554/#review225709 --- Ship it! Ship It! - Mehul Parikh On Aug. 21, 2023, 4:21 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74554/ > --- > > (Updated Aug. 21, 2023, 4:21 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-4371 > https://issues.apache.org/jira/browse/RANGER-4371 > > > Repository: ranger > > > Description > --- > > add doAs support for JWT based authentication > > > Diffs > - > > > ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerDefaultJwtAuthHandler.java > c0d5b8d9a > > ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerJwtAuthHandler.java > 0973b42de > > > Diff: https://reviews.apache.org/r/74554/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install > 2. User JWT authentication without doAs > 3. User JWT authentication with doAs > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74575: RANGER-4285: Ranger Java Patch for adding uiHint in policy condition for upgrade scenario
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74575/#review225708 --- Ship it! Ship It! - Mehul Parikh On Aug. 29, 2023, 12:03 p.m., sanket shelar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74575/ > --- > > (Updated Aug. 29, 2023, 12:03 p.m.) > > > Review request for ranger, dinesh akhand, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4285 > https://issues.apache.org/jira/browse/RANGER-4285 > > > Repository: ranger > > > Description > --- > > Ranger Java Patch for adding uiHint in policy condition for upgrade scenario > > > Diffs > - > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > a3b05d851 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 91ec963ed > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 97eeea6ff > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > cbae01f82 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 583464890 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefForPolicyConditionUpdate_J10057.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/74575/diff/1/ > > > Testing > --- > > Tested upgrade scenarios for all DB flavours. > > > Thanks, > > sanket shelar > >
Re: Review Request 74573: RANGER-4290: Adding uiHint attribute in policy condition
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74573/#review225706 --- Ship it! Ship It! - Mehul Parikh On Aug. 29, 2023, 10:57 a.m., sanket shelar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74573/ > --- > > (Updated Aug. 29, 2023, 10:57 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4290 > https://issues.apache.org/jira/browse/RANGER-4290 > > > Repository: ranger > > > Description > --- > > RANGER-4157 introduced addition of Policy conditions to all service-defs. > However, this update does not include uiHint attribute in policy condition. > This needs to be fixed so that uiHint attribute will be available in all > service-defs. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java > 91d5f26bc > > > Diff: https://reviews.apache.org/r/74573/diff/1/ > > > Testing > --- > > Tested for service-defs and UiHint attribute is present in policy condition. > > > Thanks, > > sanket shelar > >
Re: Review Request 74574: RANGER-4343: Atlas default policy is showing 2 "admin" users in policy items
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74574/#review225705 --- Ship it! Ship It! - Mehul Parikh On Aug. 29, 2023, 11:59 a.m., sanket shelar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74574/ > --- > > (Updated Aug. 29, 2023, 11:59 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4343 > https://issues.apache.org/jira/browse/RANGER-4343 > > > Repository: ranger > > > Description > --- > > If a new atlas servcice is created with admin as username then the Atlas > default policies created will show 2 "admin" users in policy items. > > > Diffs > - > > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > 626862698 > > > Diff: https://reviews.apache.org/r/74574/diff/1/ > > > Testing > --- > > Tested by creating new Atlas service with admin as username, unable to see > the issue. > > > Thanks, > > sanket shelar > >
Re: Review Request 74550: RANGER-4356: Ranger CSV Report extract may fail with Null pointer exception
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74550/#review225698
---
Ship it!
Ship It!
- Mehul Parikh
On Aug. 17, 2023, 10:09 a.m., Pradeep Agrawal wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74550/
> ---
>
> (Updated Aug. 17, 2023, 10:09 a.m.)
>
>
> Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj,
> Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja
> Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4356
> https://issues.apache.org/jira/browse/RANGER-4356
>
>
> Repository: ranger
>
>
> Description
> ---
>
> **Problem Statement:** User updated a policy with a null entry in the group
> list of policy item, during csv export parsing of policy item for null group
> failed with null pointer exception
>
> **Proposed Solution:** Changes proposed
> 1) Add null user/group/role validations during policy create/update and fail
> the request if it has null user/group/role
> 2) Skip null user/group/role while parsing the policy items for exportCSV
> request
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
> 85c42bcc8
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
> e1b5fe8f1
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> ed1ea0376
>
>
> Diff: https://reviews.apache.org/r/74550/diff/1/
>
>
> Testing
> ---
>
> After reproducing the issue
> Built ranger with proposed patch and provided same db configs which was used
> earlier.
>
> Tried to update a policy with null entry in the user and group list:
>
> curl -ivk -u admin:Admin123 -H "Accept: application/json" -H "Content-Type:
> application/json" -X PUT http://localhost:6080/service/plugins/policies/12 -d
> '{"id":12,"guid":"85107138-2a55-4baa-bcc3-08767cdd9ca4","isEnabled":true,"createdBy":"Admin","updatedBy":"Admin","createTime":1692169569000,"updateTime":1692169569000,"version":1,"service":"service_hive","name":"all
> - database","policyType":0,"policyPriority":"0","description":"Policy for
> all -
> database","resourceSignature":"319fd63cad4bb7c8ed17fda910b636dc2e0f6b0112e28487d9e44e8a5c846314","isAuditEnabled":true,"resources":{"database":{"isExcludes":false,"isRecursive":false,"values":["*"]}},"policyItems":[{"delegateAdmin":true,"accesses":[{"type":"select","isAllowed":true},{"type":"update","isAllowed":true},{"type":"create","isAllowed":true},{"type":"drop","isAllowed":true},{"type":"alter","isAllowed":true},{"type":"index","isAllowed":true},{"type":"lock","isAllowed":true},{"type":"all","isAllowed":true},{"type":"read","isAllowed"
:true},{"type":"write","isAllowed":true},{"type":"repladmin","isAllowed":true},{"type":"serviceadmin","isAllowed":true},{"type":"tempudfadmin","isAllowed":true},{"type":"refresh","isAllowed":true},{"type":"rwstorage","isAllowed":true}],"users":["hive","beacon","dpprofiler","hue","admin","impala"]},{"delegateAdmin":false,"accesses":[{"type":"read","isAllowed":true},{"type":"select","isAllowed":true}],"users":["rangerlookup"]},{"delegateAdmin":false,"accesses":[{"type":"create","isAllowed":true}],"groups":["public",null]},{"delegateAdmin":true,"accesses":[{"type":"all","isAllowed":true}],"users":["{OWNER}",null]}],"denyPolicyItems":[],"allowExceptions":[],"denyExceptions":[],"dataMaskPolicyItems":[],"rowFilterPolicyItems":[],"serviceType":"hive","options":{},"validitySchedules":[],"policyLabels":[],"zoneName":"","isDenyAllElse":false,"conditions":[]}'
>
> Expected output: Policy update should fail.
>
> Actual output: Policy update failed with below error messages:
>
> {"statusCode":1,"msgDesc":"(0) Validation failure: error code[3055],
> reason[policy items group was null], field[policy item groups],
> subfield[null], type[missing] (1) Validation failure: error code[3054],
> reason[policy items user was null], field[policy item users], subfield[null],
> type[missing] "}
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 74548: RANGER-4354: Improve ChangePassword utility for multiple default password change request
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74548/#review225697 --- Ship it! Ship It! - Mehul Parikh On Aug. 16, 2023, 5:56 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74548/ > --- > > (Updated Aug. 16, 2023, 5:56 a.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4354 > https://issues.apache.org/jira/browse/RANGER-4354 > > > Repository: ranger > > > Description > --- > > Currently single user password change request has different implementation > while multiple password change request is slightly different than single > password change implementation. With this patch i am trying to keep the same > implementation for both type of request. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java > 2087cb50f > > > Diff: https://reviews.apache.org/r/74548/diff/1/ > > > Testing > --- > > Tested by using commandline utility > > java -cp > /opt/ranger-admin/ews/webapp/WEB-INF/classes/conf:/opt/ranger-admin/ews/webapp/WEB-INF/classes/lib/*:/opt/ranger-admin/ews/webapp/WEB-INF/:/opt/ranger-admin/ews/webapp/META-INF/:/opt/ranger-admin/ews/webapp/WEB-INF/lib/*:/opt/ranger-admin/ews/webapp/WEB-INF/classes/:/opt/ranger-admin/ews/webapp/WEB-INF/classes/META-INF:/usr/share/java/postgresql-connector-java.jar > org.apache.ranger.patch.cliutil.ChangePasswordUtil admin admin > RangerPassword@123 rangertagsync rangertagsync RangerPassword@123 > rangerusersync rangerusersync RangerPassword@123 keyadmin keyadmin > RangerPassword@123 -default > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74565: RANGER-4319: Restricting policy name character to configurable length
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74565/#review225684 --- Ship it! Ship It! - Mehul Parikh On Aug. 25, 2023, 1:13 p.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74565/ > --- > > (Updated Aug. 25, 2023, 1:13 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4319 > https://issues.apache.org/jira/browse/RANGER-4319 > > > Repository: ranger > > > Description > --- > > while creating a policy, policy-name should not be greater than 255 > characters(by default), > > > it can be configured using below param. > > > ranger.policyname.maxlength > > This will be flag base implementation (for backward compatibility) and by > default flag will be enabled. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > a307293eb > > > Diff: https://reviews.apache.org/r/74565/diff/1/ > > > Testing > --- > > Tested while creating a policy, policy-name should not be allowed more than > 255 characters(by default). > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74527: RANGER-4331: Fixes for search filter on Audits tabs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74527/#review225619 --- Ship it! Ship It! - Mehul Parikh On July 26, 2023, 7:38 a.m., Mugdha Varadkar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74527/ > --- > > (Updated July 26, 2023, 7:38 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, and Nikunj Pansuriya. > > > Bugs: RANGER-4331 > https://issues.apache.org/jira/browse/RANGER-4331 > > > Repository: ranger > > > Description > --- > > Issues : > > 1) On Access Tab "Exclude Service Users" option is not getting saved when > user comes again on that tab. > 2) Mismatch in the url search param for search filters having options. > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js > 30fc4225be18bda54f4cb0de730196507ca4218a > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx > b30c6f32f841ee683721d7921b6b79f07e2c7068 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AuditLayout.jsx > a51b7ac2fe799b2f8a6c5be4f92798ba1ec071f9 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginStatusLogs.jsx > b1bcca65622ee4285a4f7707d63cf475586fd790 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginsLog.jsx > 37ae4e1c89c21f001aaacab98eae78b59bac2372 > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx > db2710bb9642e50a6efb130e5b61abf063cdb91f > > > Diff: https://reviews.apache.org/r/74527/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with React JS code > base. > > Successful completion of build command : > mvn clean compile package -Psecurity-admin-react > > > Thanks, > > Mugdha Varadkar > >
Re: Review Request 74525: RANGER-4317: Error message displayed when resource lookup fails is not formatted properly
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74525/#review225618 --- Ship it! Ship It! - Mehul Parikh On July 26, 2023, 7:01 a.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74525/ > --- > > (Updated July 26, 2023, 7:01 a.m.) > > > Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan > Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4317 > https://issues.apache.org/jira/browse/RANGER-4317 > > > Repository: ranger > > > Description > --- > > When a resource lookup fails on the new UI due to some config issue, > the error message is not displayed properly > But on backbone JS, it is displayed properly. > The error message on react js must be formatted properly > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/styles/style.css 8b86453a4 > > > Diff: https://reviews.apache.org/r/74525/diff/1/ > > > Testing > --- > > 1)Build and Verified Ranger Admin setup with this changes. > 2)The error message are formatted and displaying properly. > > > Thanks, > > Brijesh Bhalala > >
Re: Review Request 74524: RANGER-4293: Addendum change for Long User/group/role name overflowing from delete confirmation dialog box
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74524/#review225617 --- Ship it! Ship It! - Mehul Parikh On July 26, 2023, 6:44 a.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74524/ > --- > > (Updated July 26, 2023, 6:44 a.m.) > > > Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan > Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4293 > https://issues.apache.org/jira/browse/RANGER-4293 > > > Repository: ranger > > > Description > --- > > When tried to delete a single user/group/role from UI. Inside the delete > confirmation prompt the name of the entity is overflowing if the name is very > large. > > Steps to reproduce: > > 1. create a user with very large username like > "some_uresrnasjdsadjsadjksadjasdakdsakdsayrfytrtydtrdrtsrtdtrdtrdtrdrtdrtdtrdtrdrtdfggt4gfefgfdvfdgfdgfdgfdgfdgfd" > 2. Then try to delete it from the UI. > 3. The name of the user flow out of the confirmation prompt. > > Current behaviour: > The username is flowing out of the confirmation prompt. > > Expected behaviour: > The username should be inside the confirmation prompt. If required there may > be a scroll. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx > 991e27ea9 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleListing.jsx > e6293877c > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx > 95a21664d > > > Diff: https://reviews.apache.org/r/74524/diff/1/ > > > Testing > --- > > 1)Build and Verified Ranger Admin setup with this changes. > 2)Tested the User/Group/Role delete modules. > > > Thanks, > > Brijesh Bhalala > >
Re: Review Request 74465: RANGER-4151 : Create HA support for tagSync
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74465/#review225569
---
Ship it!
Ship It!
- Mehul Parikh
On June 6, 2023, 1:26 p.m., Dineshkumar Yadav wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74465/
> ---
>
> (Updated June 6, 2023, 1:26 p.m.)
>
>
> Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Madhan
> Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and
> Velmurugan Periasamy.
>
>
> Bugs: RANGER-4151
> https://issues.apache.org/jira/browse/RANGER-4151
>
>
> Repository: ranger
>
>
> Description
> ---
>
> This enhancement will provide High Availability support for TagSync
> application
> Steps to make TagSync Application HA
> Decide the number of nodes on which you want to have TagSync up and running.
> Deploy the TagSync on all the nodes decided on Step 1.
> go to TagSync conf/ directory (which will be created after running setup.sh
> in step 2) and open ranger-tagsync-site.xml
> update below configuration and restart the TagSync.
> 1. ranger-tagsync.server.ha.enabled= true
> 2. ranger-tagsync.server.ha.zookeeper.connect={add zookeeper host:port comma
> separated}
> 3. ranger-tagsync.server.ha.ids={add ids for number of hosts you have for
> tagsync ex. if you have 2 nodes add id1,id2 }
> 4. ranger-tagsync.server.ha.address.id1={host:port of tagsync node1}
> 5. ranger-tagsync.server.ha.address.id2={host:port of tagsync node2}
> 6. ranger-tagsync.server.ha.zookeeper.auth={auth:} if you want to provide acl
> auth otherwise keep blank
> 7. Perform 3, 4 & 5 to all the TagSync nodes.
>
>
> Diffs
> -
>
> distro/src/main/assembly/tagsync.xml 44a8233cc
> tagsync/conf/templates/ranger-tagsync-template.xml 40bd3dbe6
> tagsync/pom.xml 1005a6d1c
>
> tagsync/src/main/java/org/apache/ranger/tagsync/ha/TagSyncHAInitializerImpl.java
> PRE-CREATION
>
> tagsync/src/main/java/org/apache/ranger/tagsync/model/AbstractTagSource.java
> 09f3292e7
> tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncConfig.java
> 590426cd0
>
> tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSyncMetricsProducer.java
> a3b5d03e1
>
> tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java
> 55cc0a8aa
>
> tagsync/src/main/java/org/apache/ranger/tagsync/sink/tagadmin/TagAdminRESTSink.java
> db76a678f
>
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasTagSource.java
> 34a39f73c
>
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlasrest/AtlasRESTTagSource.java
> 9063b03f5
>
> tagsync/src/main/java/org/apache/ranger/tagsync/source/file/FileTagSource.java
> 8af15f95a
> tagsync/src/main/resources/ranger-tagsync-site.xml e17bdb213
>
>
> Diff: https://reviews.apache.org/r/74465/diff/1/
>
>
> Testing
> ---
>
> Testing is done on local cluster.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
[jira] [Resolved] (RANGER-3947) Thread leak because of retry loop in SolrCollectionBootstrapper
[
https://issues.apache.org/jira/browse/RANGER-3947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mehul Parikh resolved RANGER-3947.
--
Resolution: Fixed
Thanks for the patch [~sandeep.sai]
> Thread leak because of retry loop in SolrCollectionBootstrapper
> ---
>
> Key: RANGER-3947
> URL: https://issues.apache.org/jira/browse/RANGER-3947
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: 2.3.0
>Reporter: Sai Sandeep
>Priority: Major
>
> SolrCollectionBootstrapper Tries to connect to solr cloud and tries upload
> ranger_audits config and create ranger_audits collection in a loop. We found
> that in our case uploadConfiguration keeps on failing and because of that is
> stuck in retry loop.
> but because of that it calls connect in a loop which creates new solr cloud
> client every time. but this solr cloud client is never closed so related
> connection pools and zk connections are also never closed. because of this
> number of threads keeps increasing until it crashes.
> Related code:
> {code:java}
> while (!is_completed && (max_retry == TRY_UNTIL_SUCCESS || retry_counter <
> max_retry)) {
> try {
> if (connect(zookeeperHosts)) {
> if (solr_cloud_mode) {
> if (uploadConfiguration() && createCollection()
> ) {
> is_completed = true;
> break;
> } else {
> logErrorMessageAndWait(
> "Error while performing operations on solr. ",
> null);
> }
> } } else {
> logErrorMessageAndWait(
> "Cannot connect to solr kindly check the solr related
> configs. ",
> null);
> }
> } catch (Exception ex) {
> logErrorMessageAndWait("Error while configuring solr. ", ex);
> }
> }{code}
> {code:java}
> private boolean connect(List zookeeperHosts) {
> try {
> logger.info("Solr is in Cloud mode");
> if (isKERBEROS) {
> setHttpClientBuilderForKrb();
> }
> solrCloudClient = new CloudSolrClient.Builder(zookeeperHosts,
> Optional.empty()).build();
> solrCloudClient.setDefaultCollection(solr_collection_name);
> solrCloudClient.connect();
> zkClient = solrCloudClient.getZkStateReader().getZkClient();
> solrClient = solrCloudClient;
> solr_cloud_mode = true; return true;
> } catch (Exception ex) {
> logger.severe("Can't connect to Solr server. ZooKeepers="
> + zookeeperHosts + ", collection=" + solr_collection_name
> + ex);
> return false;
> }
> } {code}
> I think if we close the solrCloudClient in the loop then it should fix the
> bug
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: Review Request 74170: RANGER-3947 fix thread leak in SolrCollectionBootstrapper
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74170/#review225488 --- Ship it! Ship It! - Mehul Parikh On May 18, 2023, 6:38 a.m., Sai Sandeep Rangisetti wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74170/ > --- > > (Updated May 18, 2023, 6:38 a.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3947 > https://issues.apache.org/jira/browse/RANGER-3947 > > > Repository: ranger > > > Description > --- > > Closing the solr cloud client in SolrCollectionBootstrapper's retry loop of > creating solr config and collection. Without this new solr cloud client is > created in every loop and new connection pools which will not be cleaned up > and create large number of threads > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > fe4006f76 > > > Diff: https://reviews.apache.org/r/74170/diff/2/ > > > Testing > --- > > Ran ranger-admin without ranger_audit config in zk and no > contrib/solr_for_audit_setup/conf file which leads to retry loop and verified > that threads aren't increasinng > > > Thanks, > > Sai Sandeep Rangisetti > >
Re: Review Request 74451: RANGER-4063 Editable Search Filter (tokenizer) in Ranger React
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74451/#review225487 --- Ship it! Ship It! - Mehul Parikh On May 23, 2023, 7:43 a.m., Mugdha Varadkar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74451/ > --- > > (Updated May 23, 2023, 7:43 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, and Nikunj Pansuriya. > > > Bugs: RANGER-4063 > https://issues.apache.org/jira/browse/RANGER-4063 > > > Repository: ranger > > > Description > --- > > Make the search filter user-editable in ranger react. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/components/CommonComponents.jsx > 147ff7e05f2d56600a97a30aaf827e76dd02f0da > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/calendar.js > 308c59feb4aa0dbb2621beb85cbbbab95160e00c > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/date_input.js > 0fcdb90894ad6ff690117983ad0cc6946db70bb6 > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/datepicker.js > 8a87fde2418eefe623dc9a13379d7d3b78ee01d4 > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/tokenizer/index.js > 55eaad582d17d7a263db0177152f293f0b940b59 > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/tokenizer/token.js > 247ac66c448f9aedcbf986aabc1c55b351b8724e > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/typeahead/index.js > 4941faf35a95a85bfbc9555640c5a238550e2957 > security-admin/src/main/webapp/react-webapp/src/styles/style.css > d2aecb12048d4539d6cc6518057a9ef3509647fa > security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js > 4ff2732d6ba5c63df99ddbeedc533aa24280c0c2 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx > f8d1f8e9253bf4105d7260ca2161b66c0599e8a3 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogsTable.jsx > 7e4392a3c8198f9000613b6e6941810f17a360e7 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs.jsx > 4cb5062ce20167cb3efa2e496e67bd751cab3e44 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/LoginSessionsLogs.jsx > 9e2ba988274a34c91762f37ee1cc2f391e2c74fb > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginStatusLogs.jsx > 72a5272eb99ef1372334038c35fb5077eb7e6c71 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginsLog.jsx > 2b706bd81f9f6d7af6eee7b1ba21e4eb7bfc93d9 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/UserSync.jsx > 48346a83bc919d5b5d5b747b2dfbf7417045dbdb > > security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyManager.jsx > d9083a2a77fd627377b73652617a9e1b6dd32d09 > > security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/Permissions.jsx > 9523d17d0724a85e069c42a1bb502db93c9751f9 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListing.jsx > 3818e096874eb75ba82abde45b2b0c2d46ec3865 > > security-admin/src/main/webapp/react-webapp/src/views/Reports/SearchPolicyTable.jsx > 55dd1879b83b133c9ef54ac20f1d41e827f723cb > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx > c5b11fb0afa4730f873b72607446d8258ea8bff4 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleForm.jsx > e724050a8b7c49ad028f742dbcae099cec0d2b6f > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleListing.jsx > 6031eb27bc8c3d0b03b6eadcb81997e4f324fd31 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx > 6bdc7ba67363e2d3ed03f671f6734158ec1624ea > > > Diff: https://reviews.apache.org/r/74451/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with react code > base. > Verfied search filter user editable use cases on the cluster setup. > > Successful completion of build command : > mvn clean compile package -Psecurity-admin-react > > > Thanks, > > Mugdha Varadkar > >
Re: Review Request 74443: RANGER-4103 : Fix for improving logout mechanism in Ranger react code base.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74443/#review225479 --- Ship it! Ship It! - Mehul Parikh On May 17, 2023, 1:30 p.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74443/ > --- > > (Updated May 17, 2023, 1:30 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4103 > https://issues.apache.org/jira/browse/RANGER-4103 > > > Repository: ranger > > > Description > --- > > While logout to react UI "Something went wrong" Page appear and than login > page come > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/App.jsx 19c04056a > > security-admin/src/main/webapp/react-webapp/src/components/XATableLayout.jsx > ff0a6f959 > security-admin/src/main/webapp/react-webapp/src/hooks/usePrompt.js > 7840c4826 > security-admin/src/main/webapp/react-webapp/src/utils/XAEnums.js 75a59ebff > security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js bd57c53c4 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyLogs.jsx > c49f0bda2 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/SecurityZonelogs.jsx > 739e32aac > security-admin/src/main/webapp/react-webapp/src/views/ErrorPage.jsx > 0a71c5fb6 > security-admin/src/main/webapp/react-webapp/src/views/Header.jsx 9582ab6a3 > security-admin/src/main/webapp/react-webapp/src/views/Layout.jsx 135ed35c9 > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinition.jsx > ba7e7417b > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx > c161572c1 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx > 71eee23c4 > > > Diff: https://reviews.apache.org/r/74443/diff/1/ > > > Testing > --- > > Performed below Testing: > 1) Performed manual logout. > 2) Checked Session Inactive scenario with automatic time out scenario and > manual logout scenario > 3) Checked Knox logout scenario. > 4) Also verified all scenarios with slow network. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 74435: RANGER-4232: Upgrade Spring Security to 5.7.8
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74435/#review225453 --- Ship it! Ship It! - Mehul Parikh On May 15, 2023, 5:05 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74435/ > --- > > (Updated May 15, 2023, 5:05 a.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4232 > https://issues.apache.org/jira/browse/RANGER-4232 > > > Repository: ranger > > > Description > --- > > Here I am proposing to Upgrade Spring Security version to 5.7.8 > > > Diffs > - > > pom.xml 32d19d42c > > > Diff: https://reviews.apache.org/r/74435/diff/1/ > > > Testing > --- > > Tested ranger admin installation, password change, CRUD operation on Ranger > service, policy, users and group. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74425: RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74425/#review225452 --- Ship it! Ship It! - Mehul Parikh On May 8, 2023, 8:06 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74425/ > --- > > (Updated May 8, 2023, 8:06 a.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4226 > https://issues.apache.org/jira/browse/RANGER-4226 > > > Repository: ranger > > > Description > --- > > Here I am proposing to upgrade Nimbus-JOSE-JWT version to 9.31 and > bouncycastle to 1.70 > > > Diffs > - > > distro/src/main/assembly/admin-web.xml b29b83347 > plugin-ozone/pom.xml b832bd9a5 > pom.xml 32d19d42c > ranger-ozone-plugin-shim/pom.xml 303e7de51 > > > Diff: https://reviews.apache.org/r/74425/diff/1/ > > > Testing > --- > > Tested ranger admin installation, password change, CRUD operation on Ranger > service, policy, users and group. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74382: RANGER-4150 : Create HA support for UserSync
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74382/#review225425
---
Ship it!
Ship It!
- Mehul Parikh
On April 10, 2023, 1:57 p.m., Dineshkumar Yadav wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74382/
> ---
>
> (Updated April 10, 2023, 1:57 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, and Ramesh Mani.
>
>
> Bugs: RANGER-4150
> https://issues.apache.org/jira/browse/RANGER-4150
>
>
> Repository: ranger
>
>
> Description
> ---
>
> This Patch eanbles Usersync to support HA. This patch is dependent on
> RANGER-4149
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerMetricsUtil.java
> d85009d18
> distro/src/main/assembly/usersync.xml 187d535e4
> ugsync/pom.xml 62e6b41ce
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
> ad440f257
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/ha/UserSyncHAInitializerImpl.java
> PRE-CREATION
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> 27e48202e
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
> 575042620
>
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserSyncMetricsProducer.java
> 9846a1bf5
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0ae76eb55
>
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
> d03f45087
>
>
> Diff: https://reviews.apache.org/r/74382/diff/1/
>
>
> Testing
> ---
>
> Below steps are perfomed for testing
>
> 1. Steps to make UserSync Application HA
> 2. Decide the number of nodes on which you want to have UserSync up and
> running.
> 3. Deploy the Usersync on all the nodes decided on Step 1.
> 4. SSH to node on which userSync is deployed.
> 5. go to usersync conf/ directory and open ranger-ugsync-site.xml
> 6. update below configuration and restart the UserSync.
>a. ranger-ugsync.server.ha.enabled= true
>b. ranger-ugsync.server.ha.zookeeper.connect={add zookeeper host:port
> comma separated}
>c. ranger-ugsync.server.ha.ids={add ids for number of host you have
> for usersync ex. if you have 2 node add id1,id2 }
>d. ranger-ugsync.server.ha.address.id1={host:port of usersync node1}
>e. ranger-ugsync.server.ha.address.id2={host:port of usersync node2}
>f. ranger-ugsync.server.ha.zookeeper.auth={auth:} if you want to
> provide acl auth otherwise keep blank
> 7. Perform 3, 4 & 5 to all the UserSync nodes.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
Re: Review Request 74409: RANGER-4183 Updating services fetch call in Zone Display component
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74409/#review225422 --- Ship it! Ship It! - Mehul Parikh On April 21, 2023, 9:33 a.m., Mugdha Varadkar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74409/ > --- > > (Updated April 21, 2023, 9:33 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Mehul Parikh, and > Nikunj Pansuriya. > > > Bugs: RANGER-4183 > https://issues.apache.org/jira/browse/RANGER-4183 > > > Repository: ranger > > > Description > --- > > Upon creating a zone, in zone details of respective zone under Service > section table, Service Type column value loads after some millisecond. > > Steps: > Create zone for service say HDFS. > As soon as we click save, zone detail for newly created zone would load, > check the Service Type column. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/ZoneDisplay.jsx > eac90ca3c6e832c72f9f9c2b521ab56daf0c > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/ZoneListing.jsx > 80fa3ea01758979b4e7426870841fb5a400f2bcc > > > Diff: https://reviews.apache.org/r/74409/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with react code > base. > > Successful completion of build command : > mvn clean compile package -Psecurity-admin-react > > > Thanks, > > Mugdha Varadkar > >
Re: Review Request 74403: RANGER-4194 For Hive service def resources not supporting exclude and recursive are showing this option in service view detail
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74403/#review225421 --- Ship it! Ship It! - Mehul Parikh On April 18, 2023, 7:35 p.m., Mugdha Varadkar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74403/ > --- > > (Updated April 18, 2023, 7:35 p.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, and Nikunj Pansuriya. > > > Bugs: RANGER-4194 > https://issues.apache.org/jira/browse/RANGER-4194 > > > Repository: ranger > > > Description > --- > > In this review request, updating code logic to not show exclude / recursive > option for resource if not supported in service view page. > > Also fixing below changes : > - Showing warning message when user select UDF resource in Hive. > - Removing dev console.log lines from code. > - Handling console warning shown for unique key props. > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/utils/XAMessages.js > 6570fb7f9b4fa47d3188bc36eba90b29819f629c > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs/PolicyViewDetails.jsx > cfa838a10ce38d9b7c0485c1b53ad286d45aaed7 > security-admin/src/main/webapp/react-webapp/src/views/CustomBreadcrumb.jsx > 123d7e0861fda062bf87ceecfd32fe2368b97cf6 > security-admin/src/main/webapp/react-webapp/src/views/Header.jsx > 5d3f26ae8035820826e22a6c35ebdc82b20b3905 > security-admin/src/main/webapp/react-webapp/src/views/Layout.jsx > 833f958113406714568990dea6ac7521db7f6271 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx > b5b2779e0a52fe28c3a2c4cf98220fd0f8cf9fb6 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyConditionsComp.jsx > fc81caecbad44f4f3a46427416fea126b3df9555 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListing.jsx > 462c5cf210c4a0adead1db760bdc9d9dee6691da > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyValidityPeriodComp.jsx > 22ba0fd20549a11058024123c436e1ada1bd54de > > security-admin/src/main/webapp/react-webapp/src/views/Resources/ResourceComp.jsx > 8e17fb57ea72474d4a073277fa91a41fe568cecf > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx > 5620780bc53f1b582689a41f937589a14d5cefd6 > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx > 47ee3f387cbb35bfa843f5c5bdb1bc01d6d79969 > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx > 28a98e5c61f567e99d36d3bfa9ea40a37a377993 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupForm.jsx > 24fe45675dedd2a4d5c2fec6eee3315a624ae451 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleForm.jsx > 7d22116c96e79d19d5943eac6906eeb7e35f1674 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserFormComp.jsx > 5b60fa6873d96117a563d3b1bb2714306acf8169 > security-admin/src/main/webapp/react-webapp/src/views/UserProfile.jsx > a1250175408f9477a4ada27512aac2d04eb87d73 > > > Diff: https://reviews.apache.org/r/74403/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with react code > base. > > Successful completion of build command : > mvn clean compile package -Psecurity-admin-react > > > Thanks, > > Mugdha Varadkar > >
Re: Review Request 74417: RANGER-4197 : Encryption Tab's key manager table show blank data.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74417/#review225420 --- Ship it! Ship It! - Mehul Parikh On April 26, 2023, 9:45 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74417/ > --- > > (Updated April 26, 2023, 9:45 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4197 > https://issues.apache.org/jira/browse/RANGER-4197 > > > Repository: ranger > > > Description > --- > > Encryption Tab's key manager table shows blank data in the attributes column. > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyCreate.jsx > 9b1f05e86 > > security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyManager.jsx > 2acc3436d > > > Diff: https://reviews.apache.org/r/74417/diff/1/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with react code > base. > > > Successful completion of build command : > mvn clean compile package -Psecurity-admin-react > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 74393: RANGER-4182: Ranger Admin - Enable isRecursive option to additional default policies while service creation
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74393/#review225398
---
Ship it!
Ship It!
- Mehul Parikh
On April 14, 2023, 5:35 a.m., Kishor Gollapalliwar wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74393/
> ---
>
> (Updated April 14, 2023, 5:35 a.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan
> Neethiraj, Mehul Parikh, Nikhil P, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4182
> https://issues.apache.org/jira/browse/RANGER-4182
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Currently while service creation when we create additional default policies
> via curl we do not have option to support isRecursive. This is mostly due to
> https://github.com/apache/ranger/blob/2d9af00153e8326c7b5eb80e7c86e1e8988dfbdc/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java#L209,
> where we are setting it explicitly false. We need a mechanism where in user
> should be able to dynamically enable/ disable is-isRecursive option for a
> resource using JSON provided.
>
>
>
> Sample curl command to create service & additional default policies
>
> curl -u admin: -ivk -H "Accept:application/json" -H
> "Content-Type:application/json" -X POST
> 'http://localhost:6080/service/plugins/services' -d @hive_test.json
> vim hive_test.json
> {"isEnabled":"true","type":"hive","configs":{"username":"hive","password":"hive","cluster.name":"My
> Dummy
> Cluster","jdbc.driverClassName":"org.apache.hive.jdbc.HiveDriver","jdbc.url":"none","enable.hive.metastore.lookup":"true","hive.site.file.path":"/etc/hive/conf/hive-site.xml","policy.download.auth.users":"hive,hdfs,impala","tag.download.auth.users":"hive,hdfs,impala","policy.grantrevoke.auth.users":"hive,impala","setup.additional.default.policies":"true","default-policy.1.name":"User
> URL
> Policy","default-policy.1.resource.url":"/test/kishor","default-policy.1.policyItem.1.users":"kishor","default-policy.1.policyItem.1.accessTypes":"read,write","default.policy.users":"impala,hive,hue,beacon,admin,dpprofiler"},"name":"hive_test","displayName":"Hive
> service","description":"Hive repository/ service for Kishor"}
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
> d49e4dc20
>
>
> Diff: https://reviews.apache.org/r/74393/diff/3/
>
>
> Testing
> ---
>
> 1. mvn clean compile package install
> 2. checked existing service creation for any regression
> 3. verified service creation with new flag (resource.is-recursive=false)
> 4. verified service creation with new flag (resource.is-recursive=true)
> 5. verified service creation with new flag (No flag)
>
> Sample new JSON
> {"isEnabled":"true","type":"hive","configs":{"username":"hive","password":"hive","cluster.name":"My
> Dummy
> Cluster","jdbc.driverClassName":"org.apache.hive.jdbc.HiveDriver","jdbc.url":"none","enable.hive.metastore.lookup":"true","hive.site.file.path":"/etc/hive/conf/hive-site.xml","policy.download.auth.users":"hive,hdfs,impala","tag.download.auth.users":"hive,hdfs,impala","policy.grantrevoke.auth.users":"hive,impala","setup.additional.default.policies":"true","default-policy.1.name":"User
> URL
> Policy","default-policy.1.resource.url":"/test/kishor","default-policy.1.resource.url.is-recursive":"true","default-policy.1.policyItem.1.users":"kishor","default-policy.1.policyItem.1.accessTypes":"read,write","default-policy.2.name":"User
> DB
> Policy","default-policy.2.resource.database":"kgdb","default-policy.2.resource.database.is-excludes":"true","default-policy.2.resource.table":"kgtbl","default-policy.2.resource.table.is-excludes":"true","default-policy.2.policyItem.1.users":"kishor","defa
ult-policy.2.policyItem.1.accessTypes":"read,write","default.policy.users":"impala,hive,hue,beacon,admin,dpprofiler,kishor"},"name":"hive_test","displayName":"Hive
service","description":"Hive repository/ service for Kishor"}
>
>
> Thanks,
>
> Kishor Gollapalliwar
>
>
Re: Review Request 74014: RANGER-3739: Add JWT filter in Ranger Admin -- follow-up patch
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74014/#review225390 --- Ship it! Ship It! - Mehul Parikh On June 8, 2022, 3:19 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74014/ > --- > > (Updated June 8, 2022, 3:19 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, > Jayendra Parab, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3739 > https://issues.apache.org/jira/browse/RANGER-3739 > > > Repository: ranger > > > Description > --- > > Add JWT auth filter in Ranger Admin, which authenticates browser & > non-browser JWT requests without altering existing authentication filters. > > The existing authorization process must be alter to incorporate following > cases > > Token SSO Enabled First Authorizer / Filter > Present Yes RangerSSOAuthenticationFilter > Absent Yes RangerSSOAuthenticationFilter > Present No RangerJwtAuthFilter (NEW) > Absent No RangerJwtAuthFilter (NEW) > > Enabled JWT filter by default. > > > Diffs > - > > security-admin/src/main/resources/conf.dist/security-applicationContext.xml > 7db9c3850 > > > Diff: https://reviews.apache.org/r/74014/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Login ModHeader (chrome plugin): invalid JWT > 3. Login ModHeader (chrome plugin): expired JWT > 4. Login ModHeader (chrome plugin): tampered JWT > 5. Login ModHeader (chrome plugin): valid JWT > 6. Curl Access API: invalid JWT > 7. Curl Access API: expired JWT > 8. Curl Access API: tampered JWT > 9. Curl Access API: valid JWT > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74368: RANGER-4149 : Create common module for HA support
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74368/#review225363 --- Ship it! Ship It! - Mehul Parikh On April 10, 2023, 8:15 a.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74368/ > --- > > (Updated April 10, 2023, 8:15 a.m.) > > > Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4149 > https://issues.apache.org/jira/browse/RANGER-4149 > > > Repository: ranger > > > Description > --- > > This patch is part of RANGER-4148. > This common module act as common jar and will help other component to > implement HA. > > > Diffs > - > > pom.xml de0617e2a > ranger-common-ha/pom.xml PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/RangerHAInitializer.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveInstanceElectorService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveInstanceState.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveStateChangeHandler.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/CuratorFactory.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/HAConfiguration.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/RangerServiceServerIdSelector.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/ServiceState.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ZookeeperSecurityProperties.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/annotation/HAService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/service/HARangerService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/service/ServiceManager.java > PRE-CREATION > > ranger-common-ha/src/test/java/org/apache/ranger/ha/service/TestRangerServiceServerIdSelector.java > PRE-CREATION > ranger-common-ha/src/test/resources/log4j.xml PRE-CREATION > ranger-common-ha/src/test/resources/ranger-tagsync-site.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/74368/diff/3/ > > > Testing > --- > > > Thanks, > > Dineshkumar Yadav > >
Re: Review Request 74365: RANGER-4152: Create common module for metrics and add metrics in Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74365/#review225362 --- Ship it! Ship It! - Mehul Parikh On April 6, 2023, 2:51 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74365/ > --- > > (Updated April 6, 2023, 2:51 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-4152 > https://issues.apache.org/jira/browse/RANGER-4152 > > > Repository: ranger > > > Description > --- > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. Also add > metrics in Ranger Admin. > > > Diffs > - > > pom.xml 3a039565d > ranger-metrics/.gitignore PRE-CREATION > ranger-metrics/pom.xml PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/RangerMetricsInfo.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/RangerMetricsSystemWrapper.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/sink/RangerMetricsJsonSink.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/sink/RangerMetricsPrometheusSink.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/source/RangerMetricsJvmSource.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/source/RangerMetricsSource.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/wrapper/RangerMetricsSinkWrapper.java > PRE-CREATION > > ranger-metrics/src/main/java/org/apache/ranger/metrics/wrapper/RangerMetricsSourceWrapper.java > PRE-CREATION > security-admin/pom.xml 2e5e21950 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 562467e80 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 455ae0bc4 > security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java > 1787eeae6 > security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java > 111c30d0d > security-admin/src/main/java/org/apache/ranger/db/XXServiceDefDao.java > ddf28f2e2 > security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java 97bc2680a > > security-admin/src/main/java/org/apache/ranger/metrics/RangerAdminMetricsWrapper.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/RangerMetricsFetcher.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourceBase.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourceContextEnricher.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourceDenyConditions.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourcePolicyMasking.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourcePolicyResourceAccess.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourcePolicyRowFiltering.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourceService.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/metrics/source/RangerAdminMetricsSourceUserGroup.java > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java > e8e67c91d > security-admin/src/main/java/org/apache/ranger/service/XGroupService.java > 27651f312 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 1762d60c6 > security-admin/src/main/resources/conf.dist/security-applicationContext.xml > 646da9d8c > security-admin/src/main/resources/hadoop-metrics2.properties PRE-CREATION > > > Diff: https://reviews.apache.org/r/74365/diff/3/ > > > Testing > --- > > 1. mvn clean compile package install > 2. checked existing metrics APIs for any regression > 3. verified new metrics API > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74381: RANGER-4090 : Resouce lookup exception message is not available in react UI.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74381/#review225345 --- Ship it! Ship It! - Mehul Parikh On April 4, 2023, 7:38 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74381/ > --- > > (Updated April 4, 2023, 7:38 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4090 > https://issues.apache.org/jira/browse/RANGER-4090 > > > Repository: ranger > > > Description > --- > > Resouce lookup exception message is not available in react UI > > Steps to reproduce : > 1. While creating policy enter any resouce name which is not available > > Actual : We are not getting any expception message related to these resouce > while resouce lookup > > Expected : Like Old ui user should get these expection message for resource > lookup > > Thanks > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/TagBasePermissionItem.jsx > 221f0ea1d > > security-admin/src/main/webapp/react-webapp/src/views/Resources/ResourceComp.jsx > e9ed9bac6 > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx > f8fc7781f > > > Diff: https://reviews.apache.org/r/74381/diff/2/ > > > Testing > --- > > Tested that while resource lookup failed for resource, exception message > displayed properly. > > > Thanks, > > Dhaval Rajpara > >
Re: [VOTE] Apache Ranger 2.4.0 Release - rc2
+1 for Apache Ranger 2.4.0 rc2 release. - Verified successful build . - Verified PGP signature. - Verified SHA256 / 512 hash. - Verified CRUD operations of services, policies, security zones. Thanks & Regards, Mehul Parikh On Wed, Mar 29, 2023 at 9:54 AM Nixon Rodrigues wrote: > +1 Apache Ranger 2.4.0 - rc2 release. > > Thanks & Regards > Nixon > > On Wed, 29 Mar 2023 at 07:43, Balaji Ganesan > wrote: > > > +1 > > > > On Tue, Mar 28, 2023 at 7:46 AM Ramesh Mani wrote: > > > > > +1 for Apache Ranger 2.4.0 rc2 > > > > > > - Build from the source > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz > > > file was > > > successful. > > > - Verified some of the source code in tar files built. > > > - Verified PGP signature. > > > - Verified SHA256 / 512 hash. > > > > > > Thank you Selva for Apache Ranger 2.4.0 release candidate #2 > > > > > > Thanks, > > > Ramesh > > > > > > On Mon, Mar 27, 2023 at 8:41 PM Selvamohan Neethiraj < > > sneet...@apache.org> > > > wrote: > > > > > > > Rangers: > > > > > > > > Apache Ranger 2.4.0 release candidate #2 is now available for a vote > > > > within the dev community. > > > > Links to the release artifacts are given below. Please review and > vote. > > > > > > > > The vote will be open for at least 72 hours or until necessary votes > > are > > > > reached. > > > > [ ] +1 approve > > > > [ ] +0 no opinion > > > > [ ] -1 disapprove (and reason why) > > > > > > > > Thanks, > > > > Selva- > > > > Ranger PMC > > > > > > > > List of issues / improvements addressed in this release: click-here > < > > > > > > > > > > https://issues.apache.org/jira/browse/RANGER-4154?jql=project=RANGER%20and%20fixVersion%20%20=%202.4.0%20and%20status%20=%20Resolved%20ORDER%20BY%20key%20desc > > > > > > > > > > > > > Git tag for the release: > > > > https://github.com/apache/ranger/tree/release-2.4.0-rc2 > > > > Sources for the release: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz > > > > > > > > Source release verification: > > > > PGP Signature: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.asc > > > > SHA256 > > > > < > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.ascSHA256 > > > > > > > > Hash: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha256 > > > > SHA512 > > > > < > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha256SHA512 > > > > > > > > Hash: > > > > > > > > > > https://dist.apache.org/repos/dist/dev/ranger/2.4.0-rc2/apache-ranger-2.4.0.tar.gz.sha512 > > > > > > > > Keys to verify the signature: > > > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > > > > > Click Here < > > > > > > > > > > https://issues.apache.org/jira/issues/?jql=project=RANGER%20and%20fixVersion%20%20=%202.4.0%20and%20status%20=%20Resolved%20and%20type%20in%20(%22New%20Feature%22,%20Improvement)%20ORDER%20BY%20key%20desc > > > > > > > > to view New Features/Enhancements in this release. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: Review Request 74328: RANGER-4089: Getting browser specific pop-up message if try to delete policy after edit
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74328/#review225253 --- Ship it! Ship It! - Mehul Parikh On Feb. 28, 2023, 9:16 a.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74328/ > --- > > (Updated Feb. 28, 2023, 9:16 a.m.) > > > Review request for ranger, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, > Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4089 > https://issues.apache.org/jira/browse/RANGER-4089 > > > Repository: ranger > > > Description > --- > > Getting browser specific pop-up message if try to delete policy after edit > > Steps to reproduce : > 1. Create a policy > 2. Edit policy , instead of save click on delete , user is getting browser > specic pop-up . > 3. If move to different tab Policy is deleted & user will be present on > Deleted policy edit page . > > Expected : Behaviour should be like old UI , Once system specific Delete > confirmation popup should be enough. > > Thanks > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx > 876afd4f9 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyPermissionItem.jsx > 6895898bd > > > Diff: https://reviews.apache.org/r/74328/diff/1/ > > > Testing > --- > > 1)Build and Verified Ranger Admin setup with this changes. > 2)Verified the following things:- > - CRUD operation on Policy Forms. > - Deleting policy while editing it. > - Policy listing tables. > > > Thanks, > > Brijesh Bhalala > >
Re: Review Request 74246: RANGER-3537 : Find a viable replacement of Backbone JS for Ranger UI.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74246/#review225029 --- Ship it! Ship It! - Mehul Parikh On Dec. 22, 2022, 11:17 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74246/ > --- > > (Updated Dec. 22, 2022, 11:17 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Brijesh Bhalala, > Dhaval Shah, Dineshkumar Yadav, Gautam Borad, Harshal Chavan, jay zalavadia, > Jayendra Parab, Kishore Gopalakrishna, Abhay Kulkarni, Madhan Neethiraj, > Mahesh Bandal, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, Nitin Galave, > Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3537 > https://issues.apache.org/jira/browse/RANGER-3537 > > > Repository: ranger > > > Description > --- > > As backbone JS is an old library, and its related js library like > backbone-form, backbone-pagination, and backbone table has not been updated > for the last 6 years. Therefore we need to move to the latest and stable UI > framework for Ranger UI. This is critical for security reasons. > > The given review request contains code changes for migrating Ranger Admin UI > to use React JS. > Created a react-webapp directory inside the existing webapp directory to add > the code changes. > > To build a Ranger Admin UI with this changes, please use below mvn command : > > --> mvn clean compile package -DskipTests -Psecurity-admin-react > > > Diffs > - > > .gitignore 9768b791e > security-admin/pom.xml f887e03a1 > security-admin/src/main/resources/conf.dist/security-applicationContext.xml > 4ee80b98f > security-admin/src/main/webapp/react-webapp/README.md PRE-CREATION > security-admin/src/main/webapp/react-webapp/babel.config.json PRE-CREATION > security-admin/src/main/webapp/react-webapp/config/paths.js PRE-CREATION > security-admin/src/main/webapp/react-webapp/config/webpack.config.js > PRE-CREATION > security-admin/src/main/webapp/react-webapp/config/webpack.dev.config.js > PRE-CREATION > security-admin/src/main/webapp/react-webapp/config/webpack.prod.config.js > PRE-CREATION > security-admin/src/main/webapp/react-webapp/package-lock.json PRE-CREATION > security-admin/src/main/webapp/react-webapp/package.json PRE-CREATION > security-admin/src/main/webapp/react-webapp/src/App.jsx PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/CommonComponents.jsx > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/CreatableField.jsx > PRE-CREATION > security-admin/src/main/webapp/react-webapp/src/components/Editable.jsx > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/XATableLayout.jsx > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/main.jsx > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/calendar.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/date_input.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/datepicker.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-datepicker/popover.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/keyevent.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/react-typeahead.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/tokenizer/index.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/tokenizer/token.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/typeahead/index.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/typeahead/option.js > PRE-CREATION > > security-admin/src/main/webapp/react-webapp/src/components/structured-filter/react-typeahead/typeahead/selector.js > P
[jira] [Updated] (RANGER-3961) AuditFileSpool logs out all events that were not audited successfully
[
https://issues.apache.org/jira/browse/RANGER-3961?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mehul Parikh updated RANGER-3961:
-
Affects Version/s: 2.4.0
(was: 2.3.0)
> AuditFileSpool logs out all events that were not audited successfully
> -
>
> Key: RANGER-3961
> URL: https://issues.apache.org/jira/browse/RANGER-3961
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 3.0.0, 2.4.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> In AuditFileSpool.java from line 901-905, there is this code:
> {code:java}
> } catch (Throwable t) {
>logger.error("Error while sending logs to consumer. provider="
> + queueProvider.getName() + ", consumer="
> + consumerProvider.getName() + ", log=" + lines, t);
> } {code}
> Here the variable *lines* holds all the events that are in current batch,
> that is 1000 by default (~0.5MB of strings). The batch can be configured even
> higher that makes things worse.
> If there is an issue in audit, a lot of huge strings will be logged out.
> Suggesting to remove *lines* variable and/or add lines.size() to know how
> many events were not sent.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-3962) Add preload directive to HSTS header
[ https://issues.apache.org/jira/browse/RANGER-3962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh updated RANGER-3962: - Affects Version/s: 2.4.0 (was: 2.3.0) > Add preload directive to HSTS header > > > Key: RANGER-3962 > URL: https://issues.apache.org/jira/browse/RANGER-3962 > Project: Ranger > Issue Type: Improvement > Components: kms, Ranger >Affects Versions: 3.0.0, 2.4.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 3.0.0 > > > "Preload" directive is absent in HSTS header. As security its recommended to > have within HSTS header. > ref: > [https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html] -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74194: RANGER-3962: Add preload directive to HSTS header
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74194/#review224884 --- Ship it! Ship It! - Mehul Parikh On Nov. 8, 2022, 11:37 a.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74194/ > --- > > (Updated Nov. 8, 2022, 11:37 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3962 > https://issues.apache.org/jira/browse/RANGER-3962 > > > Repository: ranger > > > Description > --- > > "Preload" directive is absent in HSTS header. As security its recommended to > have within HSTS header. > > > Diffs > - > > kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java > 1174f0bd6 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java > 9f83daf9a > security-admin/src/main/webapp/login.jsp df234efd9 > > > Diff: https://reviews.apache.org/r/74194/diff/1/ > > > Testing > --- > > 1. Ranger maven build successful -> mvn clean compile verify test install > 2. Ranger Setup & install successful > 3. Performed sanity testing. > > > Thanks, > > Mahesh Bandal > >
Re: Review Request 74192: RANGER-3961: AuditFileSpool logs out all events that were not audited successfully
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74192/#review224883 --- Ship it! Ship It! - Mehul Parikh On Nov. 8, 2022, 11:37 a.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74192/ > --- > > (Updated Nov. 8, 2022, 11:37 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3961 > https://issues.apache.org/jira/browse/RANGER-3961 > > > Repository: ranger > > > Description > --- > > At AuditFileSpool.java#L904, the variable lines holds all the events that are > in current batch, that is 1000 by default (~0.5MB of strings). The batch can > be configured even higher that makes things worse. > > If there is an issue in audit, a lot of huge strings will be logged out. > > Suggesting to remove lines variable and/or add lines.size() to know how many > events were not sent. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java > edce2461a > > > Diff: https://reviews.apache.org/r/74192/diff/1/ > > > Testing > --- > > 1. Ranger maven build successful -> mvn clean compile verify test install > 2. Ranger Setup & install successful > 3. Performed sanity testing. > > > Thanks, > > Mahesh Bandal > >
Re: Review Request 74134: RANGER-3888, RANGER-3887, RANGER-3886, RANGER-3931: Validity Scheduler , recurrence schedule: added validation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74134/#review224772 --- Ship it! Ship It! - Mehul Parikh On Sept. 28, 2022, 8:20 a.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74134/ > --- > > (Updated Sept. 28, 2022, 8:20 a.m.) > > > Review request for ranger, Dhaval Shah, Jayendra Parab, Kishor Gollapalliwar, > Abhay Kulkarni, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-3886, RANGER-3887, RANGER-3888, and RANGER-3931 > https://issues.apache.org/jira/browse/RANGER-3886 > https://issues.apache.org/jira/browse/RANGER-3887 > https://issues.apache.org/jira/browse/RANGER-3888 > https://issues.apache.org/jira/browse/RANGER-3931 > > > Repository: ranger > > > Description > --- > > below validation is added for Validity Scheduler and recurrence schedule. > 1. When there is no interval but schedule is specified , policy is created > 2. Ranger accepts invalid start/endTime > 3. Ranger reports overlapping ranges though there are no overlapping values > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerValidityScheduleValidator.java > 2b4b049fa > > > Diff: https://reviews.apache.org/r/74134/diff/2/ > > > Testing > --- > > tested using curl request. > > > Thanks, > > Dineshkumar Yadav > >
Re: Review Request 74054: RANGER-3825: Ranger internal user is unable to change his password after the upgrade
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74054/#review224565 --- Ship it! Ship It! - Mehul Parikh On July 13, 2022, 5:41 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74054/ > --- > > (Updated July 13, 2022, 5:41 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3825 > https://issues.apache.org/jira/browse/RANGER-3825 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Ranger internal User is unable to change his password > after upgrading from ranger 2.1 to 2.2 or higher. > The issue is caused by RANGER-2950 commit > https://github.com/apache/ranger/commit/e9b1e1d5f2009e90c6bbf912d5039bdafe319a5c > The issue is coming due to change in default algorithm used before the > upgrade and after the upgrade. This could be due to typo mistake while > writing the code for RANGER-2950 and lack of developer test case coverage. > > **Proposed Solution:** Replacing the default algorithm seems resolving the > issue as password storage algorithm is same before and after the upgrade. > > **Workaround for existing environment:** if anyone facing this issue after > the upgrade and can not apply this patch then they can change/reset that user > password through ranger admin user and after that user would be able to > change his password. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 53fa007aa > > > Diff: https://reviews.apache.org/r/74054/diff/1/ > > > Testing > --- > > Following tests were performed with this proposed patch: > > 1) installed ranger-admin of older version(2.1) and created used testuser1 > and testuser2. stopped the ranger-admin. > 2) Upgraded ranger-admin with this patch on top of master branch and used the > same db configurations used in step 1. > 3) logged in from testuser1 and tried to change password and it was > succeeded. logout and tried login for testuser1 with updated password which > was succeeded. > 4) logged in from admin user and tried to change password of testuser1 and > testuser2 and it was succeeded. logout and tried login for testuser1 with > updated password which was succeeded. > 5) logged in from admin user and created testuser3 and testuser4 > 6) logged in from testuser3 and tried to change password and it was > succeeded. logout and tried login for testuser3 with updated password which > was succeeded. > 7) logged in from admin user and tried to change password of testuser3 and > testuser4 and it was succeeded. logout and tried login for testuser3 with > updated password which was succeeded. > > > Thanks, > > Pradeep Agrawal > >
Re: [VOTE] Release Apache Ranger version 2.3.0 - rc3
> > RANGER-3573 Add vim in docker base image > > > > > > RANGER-3577 RANGER : Upgrade POI version to 5.1.0 > > > > > > RANGER-3578 Simplify code for policy label creation > > > > > > RANGER-3580 Support Ranger KMS integration with TencentKMS > > > > > > RANGER-3585 Docker setup to run Ranger usersync and tagsync > > > > > > RANGER-3586 Script condition expression to support csv of > group/tag > > > > > > attributes > > > > > > RANGER-3595 Tar of KMS contains rubbish files > > > > > > RANGER-3597 User role should not be able to modify the Policy > > > > > > RANGER-3600 Ranger service tags import request failure > > > > > > RANGER-3603 HDFS audit files rollover improvement to trigger > > rollover > > > > > > in monitoring thread > > > > > > RANGER-3605 Support macros in row-filter/condition expressions > > > > > > RANGER-3606 remove unnecessary static members from plugin class > > loaders > > > > > > RANGER-3609 option to add user group enricher automatically based > > on > > > > > > references in policies > > > > > > RANGER-3620 Ranger - Upgrade tomcat to 8.5.75 > > > > > > RANGER-3621 Optimise Tag/Policy iterator > > > > > > RANGER-3624 Update Ranger services Password Policy > > > > > > RANGER-3628 Support fine grain authorization for different solr > > objects > > > > > > RANGER-3629 RANGER - Handle solr permissions during upgrade > > > > > > RANGER-3630 Support wildcards, group short names, and list of > > memberof > > > > > > attribute DNs for computing user search filter > > > > > > RANGER-3632 Improve ranger logs, RENAME_ON_ROTATE and others > > > > > > RANGER-3634 Remove duplicate entries from usersync distribution > > file > > > > > > RANGER-3646 LOG.debug print content error > > > > > > RANGER-3647 Connection to DB fails for MySQL version above 8.0 > > > > > > RANGER-3649 Represent the Solr admin object types on the Ranger > UI > > > > > > RANGER-3651 Remove jersey 1.x version dependency for knox plugin > > > > > > RANGER-3653 Replace aws java sdk bom dependencies with bundled > > > > > > dependencies > > > > > > RANGER-3658 Docker: Ranger containers to run as user=ranger > > > > > > RANGER-3659 Ranger Admin goes to OOM when usersync is trying to > > delete > > > > > > existing group mappings from ranger DB > > > > > > RANGER-3660 [Ranger Admin UI] Improvements in tooltip hints for > > better > > > > > > user experience > > > > > > RANGER-3662 There should be a pause button for error popup > > > > > > RANGER-3665 "No Data Found !!" messages in Ranger admin UI alarm > > users > > > > > > RANGER-3666 Ranger UI improvement - Add warning popup if > > auto-complete > > > > > > for resource lookup is failing in Edit policy page > > > > > > RANGER-3667 Improve feedback in policy creation UI when resource > > does > > > > > > not exist > > > > > > RANGER-3669 Connection to DB fails for MySQL version above 8.0 > > > > > > RANGER-3672 Show better error messages during failed logins > > > > > > RANGER-3673 Need to enable cipher configuration for Usersync > > > > > > RANGER-3675 Upgrade tomcat due to intermittent READ TIMEOUT > > > > > > RANGER-3686 Docker setup to run Ranger with MySQL database > > > > > > RANGER-3687 Password Policy Best Practices for Strong Security > > > > > > RANGER-3689 Ranger : ranger-2.3 Port missing commits. > > > > > > RANGER-3693 Ranger - Upgrade tomcat to 8.5.78 > > > > > > RANGER-3698 Ranger - Upgrade kylin to 3.1.3 > > > > > > RANGER-3699 Ranger - Upgrade poi to 5.2.1+ > > > > > > RANGER-3704 remove semicolon from c3P0 preferredTestQuery > > > > > > RANGER-3725 Update atlas default audit filter to filter Atlas > > > > > > entity-read events by Nifi user. > > > > > > RANGER-3736 Update RangerChainedPlugin to support masking and > > > > > > row-filtering > > > > > > RANGER-3738 Restructure ranger Dockerfile to use multi-stage > builds > > > > > > RANGER-3743 Add isDenyAllElse mapping to > > > > > > addCustomRangerDefaultPolicies method > > > > > > RANGER-3744 Produces annotation ordering should be consistent: > > json, > > > > xml > > > > > > RANGER-3764:conditions to support macros IS_IN_GROUP, IS_IN_ROLE, > > > > HAS_TAG > > > > > > RANGER-3768 RangerBasePlugin configuration to optionally disable > > > > > > userstore refresher > > > > > > RANGER-3779:Conditions enhancement to support macros > > IS_IN_ANY_GROUP, > > > > > > IS_IN_ANY_ROLE, HAS_TAGS > > > > > > > > > > > > > > > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: Review Request 74029: RANGER-3795: Fix java patch J10033 and J10046 failure
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74029/#review224524 --- Ship it! Ship It! - Mehul Parikh On June 17, 2022, 11:41 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74029/ > --- > > (Updated June 17, 2022, 11:41 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3795 > https://issues.apache.org/jira/browse/RANGER-3795 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** During kafka policy porting to new db schema via java > patch PatchForMigratingOldRegimePolicyJson_J10046, it finds a kafka default > policy which has user kafka and rangerlookup in it. If these users do not > exist in ranger-admin then ranger policy porting to new schema may fail. > > Note: The issue is observed only when older version of ranger installation > does not have PatchForMigratingOldRegimePolicyJson_J10046 applied in it. > > **Proposed solution:** Earlier Ranger has restriction that policy user should > be created before policy creation, but in current version ranger policy > creation API can create the policy user if it does not exist in ranger db. > During the porting/migrating the ranger policy to new ranger db schema we can > add the same implementation to avoid any upgrade failure and make the ranger > upgrade step consistent with run time behavior. > > I have made similar changes in older patches also J10019 and J10033. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 4f2527223 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java > 9302c130f > > security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java > 74ea7b2c6 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java > 6dcf3f264 > > > Diff: https://reviews.apache.org/r/74029/diff/1/ > > > Testing > --- > > 1) Installed ranger from 1.x branch build and created kafka service and > policy in it without the "kafka" or "rangerlookup" in the kafka service or > policy. > 2) Applied the patch on Apache ranger master branch, build and generate the > tar file. > 3) Untar the ranger admin and provide the same config which was used in > ranger 1.x version (refer step 1 above) > 4) Run the setup.sh script and it will apply all the java patches without any > failure. > 5) restart ranger-admin and check the kafka service policies. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74033: RANGER-3798 : Ranger API Resource Metrics REST "Up time of JVM" does not update.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74033/#review224522 --- Ship it! Ship It! - Mehul Parikh On June 21, 2022, 2:14 p.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74033/ > --- > > (Updated June 21, 2022, 2:14 p.m.) > > > Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Mehul > Parikh, Pradeep Agrawal, and Vishal Suvagia. > > > Bugs: RANGER-3798 > https://issues.apache.org/jira/browse/RANGER-3798 > > > Repository: ranger > > > Description > --- > > Ranger API Resource Metrics REST, one of the attribute "Up time of JVM" does > not get updated value over the period of time > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java > 223bb6ead > > > Diff: https://reviews.apache.org/r/74033/diff/1/ > > > Testing > --- > > Tested using below curl request every time it fetches new value for "Up time > of JVM" > curl -u admin:Admin123 -H "Content-type:application/json" -X GET > "http://dy-t01-1.dy-t01.root.hwx.site:6080/service/metrics/status/ > > > Thanks, > > Dineshkumar Yadav > >
Re: Review Request 74026: RANGER-3789 : Upgrade Handlebars version to 4.7.7.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74026/#review224518 --- Ship it! Ship It! - Mehul Parikh On June 17, 2022, 5:40 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74026/ > --- > > (Updated June 17, 2022, 5:40 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3789 > https://issues.apache.org/jira/browse/RANGER-3789 > > > Repository: ranger > > > Description > --- > > Upgrade Handlebars version to 4.7.7 > > > Diffs > - > > > security-admin/src/main/webapp/libs/bower/require-handlebars-plugin/js/Handlebars.js > e7cd51740 > > > Diff: https://reviews.apache.org/r/74026/diff/1/ > > > Testing > --- > > Tested UI with updating handlebars library. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 74006: RANGER-3740: Create Ranger Admin API to refresh tag cache -- follow-up patch
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74006/#review224486 --- Ship it! Ship It! - Mehul Parikh On June 1, 2022, 3:15 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74006/ > --- > > (Updated June 1, 2022, 3:15 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3740 > https://issues.apache.org/jira/browse/RANGER-3740 > > > Repository: ranger > > > Description > --- > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. > > Problem: In the current API, if a user accidently do not pass service_name, > it resets everything. > > Changes: > 1. Updated existing API: enforcing service_name as mandatory parameter > 2. Created new API: reset/ remove everything (all service policy cache) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 79dbdc76d > > > Diff: https://reviews.apache.org/r/74006/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Hit API without service name > (http://localhost:6080/service/tags/tags/cache/reset) > 3. Hit API with empty service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=) > 4. Hit API with invalid service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=invalid_service) > 5. Hit API with valid service name > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) > 6. Hit API with valid service name when cache is empty > (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) > 7. Hit API when cache is not empty > (http://localhost:6080/service/tags/tags/cache/reset-all) > 8. Hit API when cache is empty > (http://localhost:6080/service/tags/tags/cache/reset-all) > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 74008: RANGER-3780: Upgrade tomcat to 8.5.79
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74008/#review224485 --- Ship it! Ship It! - Mehul Parikh On June 2, 2022, 3:43 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74008/ > --- > > (Updated June 2, 2022, 3:43 p.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3780 > https://issues.apache.org/jira/browse/RANGER-3780 > > > Repository: ranger > > > Description > --- > > Here I am proposing to change tomcat version > > from 8.5.78 ==> 8.5.79 > > Changelog link : > https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.79_(schultz) > > > Diffs > - > > pom.xml b0bdcc56f > > > Diff: https://reviews.apache.org/r/74008/diff/1/ > > > Testing > --- > > Tested Ranger admin installation, user login, usersync and other crud > operations on service, policy, user and group module. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 73992: RANGER-3767 : Add text message in HDFS and YARN policy pages to highlight the fallback ACL option.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73992/#review224465 --- Ship it! Ship It! - Mehul Parikh On May 18, 2022, 1:28 p.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73992/ > --- > > (Updated May 18, 2022, 1:28 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3767 > https://issues.apache.org/jira/browse/RANGER-3767 > > > Repository: ranger > > > Description > --- > > HDFS and YARN policy pages need to show a text message highlighting the > fallback ACL option. By default, fallback is enabled for these components. > Showing this message in policy page will allow customers to understand the > behavior better and decide. > > Message could be something like below. > > "By default, fallback to [HDFS|Yarn] ACLs are enabled. If access cannot be > determined by Ranger policies, authorization will fall back to [HDFS|Yarn] > ACLs. If this behavior needs to be changed, modify [HDFS plugin config|Yarn > plugin config]" > > > Diffs > - > > security-admin/src/main/webapp/scripts/utils/XAEnums.js 6407b68f3 > security-admin/src/main/webapp/scripts/utils/XAUtils.js 37b35d2dd > > security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js > d7ff26da1 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js > af7c70a80 > > security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html > d1ca2a94c > > > Diff: https://reviews.apache.org/r/73992/diff/1/ > > > Testing > --- > > Tested that message display properly with HDFS and YARN base policy listing > page with there config name. > > > Thanks, > > Dhaval Rajpara > >
Re: [VOTE] Release Apache Ranger version 2.3.0 - rc0
+1 for Apache Ranger 2.3.0-rc0 - Verified signatures - Verified successful build - Verified install and start of Ranger with Postgres DB. - Verified CRUD of Policies / Services / Security Zones Thanks and Regards, Mehul Parikh On Fri, May 20, 2022 at 3:29 AM Ramesh Mani wrote: > Dear Rangers, > > Apache Ranger 2.3.0 release candidate #0 is now available for a vote within > the dev community. Links to the release artifacts are given below. Please > review and vote. > > The vote will be open for at least 72 hours or until necessary votes are > reached. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Thanks, > Ramesh > > List of all issues / improvements addressed in this release: > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > status=Resolved AND fixVersion=2.3.0 ORDER BY key DESC > > Git tag for the release: > https://github.com/apache/ranger/tree/release-2.3.0-rc0 > > Sources for the release: > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz > > Source release verification: > PGP Signature: > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.asc > SHA256 Hash: > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.sha256 > SHA512 Hash: > > https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.sha512 > > Keys to verify the signature of the release artifacts are available at: > https://dist.apache.org/repos/dist/release/ranger/KEYS > > New features/enhancements: > > RANGER-2846 Add support for resource[volume, bucket, key] look up in ozone > plugin > RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store > RANGER-3023 Permission tab takes longer time to load with large number of > users and group_users data > RANGER-3030 Replace Findbugs with Spotbugs maven plugin > RANGER-3182 Prestosql is renamed to Trino > RANGER-3221 Improve logging in Presto plugin > RANGER-3276 Remove duplicate code from buildks.java > RANGER-3290 ArrayIndexOutOfBoundsException if solr is down > RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on > RANGER-3298 Add coarse URI check for Hive Agent > RANGER-3389 Swagger UI Support for Ranger REST API > RANGER-3435 Add unique index on guid, service and zone_id column of > x_policy table > RANGER-3439 Add rest api to get or delete ranger policy based on guid > RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect to > knox logout page > RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8 > RANGER-3475 Promote TagRest endpoints to /public/v2 > RANGER-3487 Update underscore js with latest version. > RANGER-3493 Add unique index on service and resource_signature column of > x_policy table > RANGER-3498 RANGER : Remove log4j1 dependencies. > RANGER-3504 Create framework to execute DB patch dependent on Java patch. > RANGER-3510 Ranger upgrade spring framework version to 5.3.12 > RANGER-3511 Create Java patch to update policy resource-signature to unique > value. > RANGER-3512 Create Java patch to update policy guid to unique value. > RANGER-3515 Enhance Ranger Java client SSL config to be configured using > serviceType and AppId > RANGER-3518 Limit the query size stored in Audit logs > RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC > 6797 > RANGER-3526 policy evaluation ordering to use name as secondary sorting key > RANGER-3533 Provide sorting on columns throughout the audits result set and > policy listing page. > RANGER-3538 Reduce the granularity of locking when building/retrieving a > policy-engine within Ranger admin service > RANGER-3539 Add jacoco-maven-plugin for code coverage > RANGER-3540 Add support to read audit logs from Amazon CloudWatch > RANGER-3545 Remove Logger Checks for Info Enabled > RANGER-3548 Update performance engine test scripts > RANGER-3550 support for using user/tag attributes in row-filter expressions > and conditions > RANGER-3551 Analyze & optimize module permissions related API > RANGER-3553 Unit test coverage for XUserMgr and UserMgr class > RANGER-3556 Ranger tagsync logs unnecessary messages > RANGER-3561 Upgrade Storm version to 1.2.4 > RANGER-3562 Redesign post commit tasks for updating ref-tables when > policy/role is updated > RANGER-3565 RangerRESTClient to support retry > RANGER-3567 support for use of user attributes in policy resources > RANGER-3569 Support Ranger KMS integration with Google cloud HSM > RANGER-3573 Add vim in docker base image > RANGER-3577 RANGER : Upgrade POI version to 5.1.0 > RANGER-3578 Simplify code for policy label creation > RANGER-3580 Support Range
Re: Review Request 73985: RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73985/#review224443 --- Ship it! Ship It! - Mehul Parikh On May 12, 2022, 8:48 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73985/ > --- > > (Updated May 12, 2022, 8:48 a.m.) > > > Review request for ranger, bhavik patel, Dineshkumar Yadav, Kirby Zhou, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3724 > https://issues.apache.org/jira/browse/RANGER-3724 > > > Repository: ranger > > > Description > --- > > Create Ranger Admin API to refresh policy cache, which will help refreshing > cache externally. > > Problem: In the current API, if a user accidently do not pass service_name, > it resets everything. > > Changes: > 1. Updated existing API: enforcing service_name as mandatory parameter > 2. Created new API: reset/ remove everything (all service policy cache) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 1aa861424 > > > Diff: https://reviews.apache.org/r/73985/diff/2/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Hit API with invalid service name > (http://localhost:6080/service/plugins/policies/cache/reset?name=invalid_service) > 3. Hit API with empty service name > (http://localhost:6080/service/plugins/policies/cache/reset) > 3. Hit API with valid service name > (http://localhost:6080/service/plugins/policies/cache/reset?name=test_hdfs) > 4. Hit API with valid service name when cache is empty > (http://localhost:6080/service/plugins/policies/cache/reset?name=test_hdfs) > 5. Hit API when cache is not empty > (http://localhost:6080/service/plugins/policies/cache/reset-all) > 6. Hit API when cache is empty > (http://localhost:6080/service/plugins/policies/cache/reset-all) > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73965: RANGER-3739: Add JWT filter in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73965/#review224410 --- Ship it! Ship It! - Mehul Parikh On May 2, 2022, 11:53 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73965/ > --- > > (Updated May 2, 2022, 11:53 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3739 > https://issues.apache.org/jira/browse/RANGER-3739 > > > Repository: ranger > > > Description > --- > > Add JWT auth filter in Ranger Admin, which authenticates browser & > non-browser JWT requests without altering existing authentication filters. > > The existing authorization process must be alter to incorporate following > cases > > Token SSO Enabled First Authorizer / Filter > Present Yes RangerSSOAuthenticationFilter > AbsentYes RangerSSOAuthenticationFilter > Present No RangerJwtAuthFilter (NEW) > AbsentNo RangerJwtAuthFilter (NEW) > > > Diffs > - > > security-admin/pom.xml eaa8db1c1 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthFilter.java > PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthWrapper.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/73965/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install -U > 2. Login ModHeader (chrome plugin): invalid JWT > 3. Login ModHeader (chrome plugin): expired JWT > 4. Login ModHeader (chrome plugin): tampered JWT > 5. Login ModHeader (chrome plugin): valid JWT > 6. Curl Access API: invalid JWT > 7. Curl Access API: expired JWT > 8. Curl Access API: tampered JWT > 9. Curl Access API: valid JWT > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73932: RANGER-3698 : Upgrade kylin to 3.1.3
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73932/#review224324 --- Ship it! Ship It! - Mehul Parikh On April 7, 2022, 7:16 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73932/ > --- > > (Updated April 7, 2022, 7:16 a.m.) > > > Review request for ranger and Pradeep Agrawal. > > > Bugs: RANGER-3698 > https://issues.apache.org/jira/browse/RANGER-3698 > > > Repository: ranger > > > Description > --- > > Ranger is currently pulling in kylin 2.6.6, This task is to track kylin > verison upgrade to 3.1.3 > > > Diffs > - > > plugin-kylin/pom.xml 563e53a87 > pom.xml 9889685c9 > ranger-kylin-plugin-shim/pom.xml 53e567467 > > > Diff: https://reviews.apache.org/r/73932/diff/1/ > > > Testing > --- > > - Build Succeeded > - All Unit tests are passed. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73934: RANGER-3699 : Upgrade poi to 5.2.2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73934/#review224323 --- Ship it! Ship It! - Mehul Parikh On April 7, 2022, 9:03 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73934/ > --- > > (Updated April 7, 2022, 9:03 a.m.) > > > Review request for ranger, bhavik patel, Mehul Parikh, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-3699 > https://issues.apache.org/jira/browse/RANGER-3699 > > > Repository: ranger > > > Description > --- > > Ranger currently pulling poi 5.1.0, Upgraded to 5.2.2 > > > Diffs > - > > pom.xml 9889685c9 > > > Diff: https://reviews.apache.org/r/73934/diff/1/ > > > Testing > --- > > - Build succeeded > - Tested on local VM : policy import - export funtionality. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73935: RANGER-3669 : Connection to DB fails for MySQL version above 8.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73935/#review224292 --- Ship it! Ship It! - Mehul Parikh On April 8, 2022, 10:57 a.m., Vishal Suvagia wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73935/ > --- > > (Updated April 8, 2022, 10:57 a.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-3669 > https://issues.apache.org/jira/browse/RANGER-3669 > > > Repository: ranger > > > Description > --- > > Ranger KMS db setup script needs to be updated to support MySql versions > greater than 8.0 > Made changes to allow non-ssl connection with DB for Mysql version greater > than 8.0 > made a fix to allow user to define the custom jdbc url which can be used in > db-setup. > Added missing change for Ranger Admin db-setup in RANGER-3647 > > > Diffs > - > > kms/scripts/db_setup.py 165e30d89443b7e8244ed965c34a5d7219e7d1f3 > kms/scripts/install.properties 780509dcdd06c13e84f1a860213eb28f3556fa26 > security-admin/scripts/db_setup.py eaae5c8990724d7ead703d747140a0c3c49289d7 > > > Diff: https://reviews.apache.org/r/73935/diff/1/ > > > Testing > --- > > Validated changes locally with available Mysql-8.0 release. > > > File Attachments > > > RANGER-3669.01.patch > > https://reviews.apache.org/media/uploaded/files/2022/04/08/48106a24-5c65-47d3-b971-7b69f5d7bb79__RANGER-3669.01.patch > > > Thanks, > > Vishal Suvagia > >
Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72024/#review224271 --- Ship it! Ship It! - Mehul Parikh On April 5, 2022, 12:24 p.m., Vishal Suvagia wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72024/ > --- > > (Updated April 5, 2022, 12:24 p.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2704 > https://issues.apache.org/jira/browse/RANGER-2704 > > > Repository: ranger > > > Description > --- > > Need to support browser login using kerberos authentication. Added a logout > for an unauthenticated user to redirect to the login page. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java > 223a991c76bae7d25f5ce89604d0a8a90d426fe5 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > abbf2d983beb30b59e5d3f6429d6fc226f735793 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 0a1128613dca50fe67ea3f891261f1ee449c46db > > > Diff: https://reviews.apache.org/r/72024/diff/2/ > > > Testing > --- > > Veriried kerberos ticket authentication is working on a kerberized browser. > > > Steps to test for a kerberized browser: > #1) For Kerberized browsers: > #1> To open Chrome in kerberos enabled mode need to run below command: >google-chrome --auth-server-whitelist="*ranger.testserver.com" > #2> For Firefox, need to go to about:configs and then search for > negotiate and then add the host domain > ranger.testserver.com to the property > "network.negotiate-auth.trusted-uris" > #2) Perform kinit with the required user. > #3) Open the Ranger Admin portal using FQDN of the server host. > > > Known Issue: If there is no valid kerberos ticket, user lands on a blank page > and a short hack is to either append locallogin to the URL or refresh the > browser tab to redirect to the login page. > P.S: this issue is not observed on Google Chrome browser > > > File Attachments > > > RANGER-2704.patch > > https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch > RANGER-2704.02.patch > > https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch > RANGER-2704.03.patch > > https://reviews.apache.org/media/uploaded/files/2022/04/05/31e52557-051e-40ba-bc34-5dc6418e06f8__RANGER-2704.03.patch > > > Thanks, > > Vishal Suvagia > >
Re: Review Request 73911: RANGER-3666 : Ranger UI improvement - Add warning popup if auto-complete for resource lookup is failing in Edit policy page.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73911/#review224202 --- Ship it! Ship It! - Mehul Parikh On March 23, 2022, 1:07 p.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73911/ > --- > > (Updated March 23, 2022, 1:07 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3666 > https://issues.apache.org/jira/browse/RANGER-3666 > > > Repository: ranger > > > Description > --- > > Currently if the resource lookup fails (due to some misconfiguration), there > is no indication to the user. If a warning popup is added in Edit policy page > if auto-complete for resource lookup is failing, that would help > > > Diffs > - > > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > be779f55f > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js > d4452a8d2 > > security-admin/src/main/webapp/scripts/views/security_zone/ZoneResourceForm.js > 7242d7bc2 > > security-admin/src/main/webapp/scripts/views/service/ServiceAuditFilterResources.js > 115486efd > security-admin/src/main/webapp/styles/xa.css ff99fb195 > > > Diff: https://reviews.apache.org/r/73911/diff/1/ > > > Testing > --- > > Tested that while the resource lookup fails (due to some misconfiguration), > we added notification that indicate proper error message. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73905: RANGER-3675: Upgrade tomcat due to intermittent READ TIMEOUT
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73905/#review224194 --- Ship it! Ship It! - Mehul Parikh On March 21, 2022, 2:33 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73905/ > --- > > (Updated March 21, 2022, 2:33 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3675 > https://issues.apache.org/jira/browse/RANGER-3675 > > > Repository: ranger > > > Description > --- > > There are intermittent READ-TIMEOUTs observed in tomcat 8.5.75 upgrade it to > 8.5.76 > > > Diffs > - > > pom.xml 49a06411d > > > Diff: https://reviews.apache.org/r/73905/diff/1/ > > > Testing > --- > > 1. mvn clean compile package install > 2. Sanity check on Ranger Admin > 3. Sanity check on plugin enforcement > 4. Sanity check on KMS > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73903: RANGER-3667 : Improve feedback in policy creation UI when resource does not exist.
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73903/#review224189
---
Ship it!
Ship It!
- Mehul Parikh
On March 21, 2022, 11:58 a.m., Dhaval Rajpara wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73903/
> ---
>
> (Updated March 21, 2022, 11:58 a.m.)
>
>
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan,
> Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep
> Agrawal, Vishal Suvagia, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-3667
> https://issues.apache.org/jira/browse/RANGER-3667
>
>
> Repository: ranger
>
>
> Description
> ---
>
> 1. In Ranger's policy creation UI, when a resource (e.g. Hive database or
> table name) is entered in the Policy Details, the autocomplete feature will
> proactively present a dropdown of possible matches to known resource names
> pulled from the service, which the user can then select to populate the
> fields in the policy.
>
>
> 2. If there is only one match to an existing resource name, then only that
> single name will be presented in the dropdown.
>
>
> 3. If there are no matches, then the text already entered into the field will
> be presented in the autocomplete dropdown. This behavior is exactly the same
> as (2) whether the resource exists or not.
>
>
> 4. While there are some use cases where a policy may need to be created prior
> to creating the actual resource itself, there is no validation or feedback in
> the UI to indicate if a resource name already exists. In the case of a simple
> typo error, this lack of feedback can result in the creation of invalid
> policies that are then difficult to isolate and fix.
>
>
> This request is to include some additional feedback ("not found" message or
> similar) in the UI, to indicate when a resource does not exist. This would
> also assist in identifying communication issues between Ranger and the
> backend services.
>
>
> Diffs
> -
>
> security-admin/src/main/webapp/scripts/utils/XAUtils.js fa4916547
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
> 5b3940a10
>
> security-admin/src/main/webapp/scripts/views/security_zone/ZoneResourceForm.js
> 68092fd62
>
> security-admin/src/main/webapp/scripts/views/service/ServiceAuditFilterResources.js
> 2cfdfd937
> security-admin/src/main/webapp/styles/xa.css ef3347be3
>
>
> Diff: https://reviews.apache.org/r/73903/diff/2/
>
>
> Testing
> ---
>
> checked resources in policy creation, zone creation, service creation page
> and
> All case "create" tag display while creating new option in select2 except
> 1) Resource path field not display Create tag.
> 2) Policy resource with "validationRegEx" not display Create tag
>
>
> Thanks,
>
> Dhaval Rajpara
>
>
Re: Review Request 73902: RANGER-3660 : [Ranger Admin UI] Improvements in tooltip hints for better user experience.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73902/#review224165 --- Ship it! Ship It! - Mehul Parikh On March 16, 2022, 12:03 p.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73902/ > --- > > (Updated March 16, 2022, 12:03 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3660 > https://issues.apache.org/jira/browse/RANGER-3660 > > > Repository: ranger > > > Description > --- > > * Update policy search bar tooltips: > ** Update search hints that show "Undefined". > * Update Access Audits search bar tooltips: > ** Remove ambari from Cluster name hint. > ** Update other search filter hints and provide well-defined, sanitized, > user-friendly messages which can help end-users to use the filters easily and > effectively. > > > Diffs > - > > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > 1d87d1620 > > security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js > 2e32ef7c8 > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js > 35952d49f > > > Diff: https://reviews.apache.org/r/73902/diff/1/ > > > Testing > --- > > 1.Verified on policy page > 2.Verified on Access audit page tooltip hints display properly. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73900: RANGER-3665 : "No Data Found !!" messages in Ranger admin UI alarm users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73900/#review224164 --- Ship it! Ship It! - Mehul Parikh On March 15, 2022, 12:55 p.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73900/ > --- > > (Updated March 15, 2022, 12:55 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3665 > https://issues.apache.org/jira/browse/RANGER-3665 > > > Repository: ranger > > > Description > --- > > In the Ranger web console, when no conditions or exclusions of a certain type > are present, a message appears saying "No Data Found !!" > > > The wording, capitalization, and punctuation of this message all suggest > something is wrong. However, this condition is normal. For example, default > policies generally don't include any Deny conditions. Having no Deny > conditions isn't a problem, but the message in the UI gives a different > impression. > > I suggest replacing the current message that suggests an error with something > more low-key. Perhaps it could just say "(None)". > > Or maybe no message at all is needed. Unless an actual error is present, a > blank table is probably sufficient to convey that no items of that type are > present. > > > Diffs > - > > security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html > f41557748 > > > Diff: https://reviews.apache.org/r/73900/diff/1/ > > > Testing > --- > > Changed the massage to 'No policy Item of "Allow Condition" are present' > Same for other policy item > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73901: RANGER-3662 : There should be pause button for error popup.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73901/#review224161 --- Ship it! Ship It! - Mehul Parikh On March 16, 2022, 11:49 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73901/ > --- > > (Updated March 16, 2022, 11:49 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3662 > https://issues.apache.org/jira/browse/RANGER-3662 > > > Repository: ranger > > > Description > --- > > There should be pause button for error popup > > > Diffs > - > > > security-admin/src/main/webapp/libs/bower/bootstrap-notify/js/bootstrap-notify.js > e1910f9c1 > security-admin/src/main/webapp/styles/xa.css 96dacd6b2 > > > Diff: https://reviews.apache.org/r/73901/diff/1/ > > > Testing > --- > > 1.Checked error popup is getting paused when pause button clicked > 2.Checked popup gets closed when cancelled > 3.Checked popup goes when pause button removed > 4.Checked popup goes when no pause button clicked > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73853: RANGER-3628 : Support fine grain authorization for different solr objects
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73853/#review224159 --- Ship it! Ship It! - Mehul Parikh On March 10, 2022, 11:15 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73853/ > --- > > (Updated March 10, 2022, 11:15 a.m.) > > > Review request for ranger, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3628 > https://issues.apache.org/jira/browse/RANGER-3628 > > > Repository: ranger > > > Description > --- > > Modifying ranger solr plugin to allow granting the following privileges: > >- QUERY - read only privilege on an object >- UPDATE - write only privilege on an object >- All - read and write access > > Privileges can be defined on the following objects: > > - admin > - collections > - cores > - metrics > - autoscaling > - security > - collection > - config > - schema > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json > dfaa2f701 > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java > 359211cb2 > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > d4dd7b0ec > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/SolrAuthzUtil.java > PRE-CREATION > > plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java > 97909ae54 > > plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerSolrConstants.java > PRE-CREATION > > plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java > 5f7b9b924 > > > Diff: https://reviews.apache.org/r/73853/diff/4/ > > > Testing > --- > > Tested on cluster with by covering test cases as per new implementation. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73895: RANGER-3642 : Ranger - Upgrade jquery-ui to 1.13.1
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73895/#review224149 --- Ship it! Ship It! - Mehul Parikh On March 9, 2022, 11:33 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73895/ > --- > > (Updated March 9, 2022, 11:33 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Nitin > Galave, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3642 > https://issues.apache.org/jira/browse/RANGER-3642 > > > Repository: ranger > > > Description > --- > > Ranger - Upgrade jquery-ui to 1.13.1 > > > Diffs > - > > security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui.css > 6ff23f650 > security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui.min.css > 776e2595a > > security-admin/src/main/webapp/libs/other/jquery-ui/js/jquery-ui-1.12.1.custom.js > 912e8fbee > security-admin/src/main/webapp/libs/other/jquery-ui/js/jquery-ui.min.js > 74ef5e51f > security-admin/src/main/webapp/scripts/Init.js e155fa384 > security-admin/src/main/webapp/scripts/utils/XAUtils.js 63006a408 > security-admin/src/main/webapp/styles/xa.css f170d4772 > > > Diff: https://reviews.apache.org/r/73895/diff/1/ > > > Testing > --- > > Validated below scenarios on old and new UI: > 1. Tested Resource Based/Tag Based/ KMS Service CRUD. > 2. Tested Zone & Unzone policy CRUD. > 3. Tested User/Group/ Role CRUD. > 4. Tested Zone CRUD. > 5. Tested with all role users. > 6. Tested reports/permissions/audits tab. > 7. Tested Export and import feature. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73890: RANGER-3649 : Represent the Solr admin object types on the Ranger UI.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73890/#review224147 --- Ship it! Ship It! - Mehul Parikh On March 4, 2022, 11:51 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73890/ > --- > > (Updated March 4, 2022, 11:51 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Kishor Gollapalliwar, Mateen Mansoori, Mehul Parikh, Nitin Galave, Pradeep > Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3649 > https://issues.apache.org/jira/browse/RANGER-3649 > > > Repository: ranger > > > Description > --- > > The admin resource types is a fixed list (collections, cores, metrics, > autoscaling, security) need to be represented on the UI. Should we make this > a dropdown list so the user does not have to type in the names? > > > Diffs > - > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js > 3ea1db34b > > security-admin/src/main/webapp/scripts/views/security_zone/ZoneResourceForm.js > 700d4f461 > > security-admin/src/main/webapp/scripts/views/service/ServiceAuditFilterResources.js > 6a489b57b > > > Diff: https://reviews.apache.org/r/73890/diff/1/ > > > Testing > --- > > 1. Checked resources in Policy creation page for all services > 2. Checked resources in Service creation page for all services > 3. Checked resource in tag Policy and service creation page > 4. Checked resources in zone creation page > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73860: RANGER-3615 : Issue with exported audit json builder while writing events to log4j
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73860/#review224091
---
Ship it!
Ship It!
- Mehul Parikh
On Feb. 23, 2022, 5:47 a.m., Dhaval Shah wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73860/
> ---
>
> (Updated Feb. 23, 2022, 5:47 a.m.)
>
>
> Review request for ranger, Ankita Sinha, bhavik patel, Dineshkumar Yadav,
> Jayendra Parab, Kishore Gopalakrishna, Abhay Kulkarni, madhan, Mahesh Bandal,
> Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and
> Velmurugan Periasamy.
>
>
> Bugs: RANGER-3615
> https://issues.apache.org/jira/browse/RANGER-3615
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Ref Doc:
>
> https://blog.cloudera.com/auditing-to-external-systems-in-cdp-private-cloud-base/
>
> Here's the example:
>
> {"repoType":3,"repo":"hive","reqUser":"systest","evtTime":"2022-01-20
> 12:56:31.909","access":"USE","resource":"default","resType":"@database","action":"_any","result":1,"agent":"hiveServer2","policy":14,"enforcer":"ranger-acl","sess":"e162e0ad-717b-4934-9a50-6915de2268c3","cliType":"HIVESERVER2","cliIP":"172.27.27.131","reqData":"show
>
> tables","agentHost":"pravinknox-2.pravinknox.root.site","logType":"RangerAudit","id":"d8c7d941-26b7-4390-85dd-4a51e716ae40-0","seq_num":1,"event_count":1,"event_dur_ms":1,"additional_info":"{\"remote-ip-address\":172.27.27.131,
> \"forwarded-ip-addresses\":[]","cluster_name":"Cluster
> 1","policy_version":1}
>
> Found some issue parsing the log due to a json format error there are
> basically missing a '}' at the end of addition_info.
>
> Code Ref:
>
> https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L270
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
> 838cfada3
>
> hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
> 8940f36c0
>
>
> Diff: https://reviews.apache.org/r/73860/diff/1/
>
>
> Testing
> ---
>
> 1.) Build Succeeded with test cases.
> 2.) Validataed audit JSON for hdfs , hive services.
>
>
> Thanks,
>
> Dhaval Shah
>
>
Re: Review Request 73838: RANGER-3613 : RANGER KMS - KeyStore will not be initialized when HSM(Luna) is enabled
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73838/#review224033 --- Ship it! Ship It! - Mehul Parikh On Feb. 10, 2022, 8:06 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73838/ > --- > > (Updated Feb. 10, 2022, 8:06 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Mehul Parikh, Pradeep > Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3613 > https://issues.apache.org/jira/browse/RANGER-3613 > > > Repository: ranger > > > Description > --- > > - Fixing RangerKeyStore initialization issue. > - This change includes a fix also for master key 'alias' check and some code > improvement. > > > Diffs > - > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java 4e960986d > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > 74c54a7a6 > > > Diff: https://reviews.apache.org/r/73838/diff/1/ > > > Testing > --- > > - Verified on local VM. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73803: RANGER-3568 : Services of one zone are seen in other zone from UI
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73803/#review223981 --- Ship it! Ship It! - Mehul Parikh On Jan. 13, 2022, 9:26 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73803/ > --- > > (Updated Jan. 13, 2022, 9:26 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mateen Mansoori, Mehul > Parikh, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3568 > https://issues.apache.org/jira/browse/RANGER-3568 > > > Repository: ranger > > > Description > --- > > Services of one zone are seen in other zone from Ranger UI > > Steps > 1.Create zone 'zone1' with HBASE, HIVE, KAFKA, ATLAS service > 2.Craete zone 'zone2' with 'KAFKA' service > 3.Now go to unzone resource based page > 4.From dropdown select 'zone1' you will see HBASE, HIVE, KAFKA, ATLAS service > 5.Now select 'zone2' from zone dropdown we see HBASE, HIVE, KAFKA, ATLAS > service and for KAFKA we see 2 services but as per step2 only KAFKA service > is there in zone2 > > > Diffs > - > > security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js > 6ef563719 > security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js > e3593e8e7 > > security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js > e6a47ab67 > > > Diff: https://reviews.apache.org/r/73803/diff/1/ > > > Testing > --- > > Tested > -- Zone service filters properly on the dashboard page. > -- Login with different users and check zone service filtration on the > dashboard page. > > > Thanks, > > Dhaval Rajpara > >
Re: Review Request 73783: RANGER-3569 : Support Ranger KMS integration with Google cloud HSM
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73783/#review223955 --- Ship it! Ship It! - Mehul Parikh On Jan. 5, 2022, 11:42 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73783/ > --- > > (Updated Jan. 5, 2022, 11:42 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, > Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep > Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and Velmurugan > Periasamy. > > > Bugs: RANGER-3569 > https://issues.apache.org/jira/browse/RANGER-3569 > > > Repository: ranger > > > Description > --- > > Ranger KMS integration with Google cloud HSM > - This task is to integrate the RANGER KMS Service with Google Cloud HSM. > - To Configure RANGER KMS Service with Google Cloud HSM below configurations > need to be added in install.properties file bfore running the setup.sh > > IS_GCP_ENABLED=true > GCP_KEYRING_ID=YourKeyRingId > GCP_CRED_JSON_FILE=/full/path/to/downloadedCredfile.json > GCP_PROJECT_ID=YourProjectId > GCP_LOCATION_ID=LocationId > GCP_MASTER_KEY_NAME=MyMasterKeyNameChangeIt > > - Run the setup.sh, It will add the below configs in dbks-site.xml > > > ranger.kms.gcp.enabled > false > > > > ranger.kms.gcp.keyring.id > > > > > ranger.kms.gcp.cred.file > > > > > ranger.kms.gcp.project.id > > > > > ranger.kms.gcp.location.id > > > > > ranger.kms.gcp.masterkey.name > > > > > - Start the kms service, On start Master Key should be created in Google > Cloud HSM. > > > Diffs > - > > distro/src/main/assembly/kms.xml aacdcf103 > kms/config/kms-webapp/dbks-site.xml 75f21c80e > kms/pom.xml b940e75c0 > kms/scripts/MigrateMKeyStorageDbToGCP.sh PRE-CREATION > kms/scripts/install.properties 4cf79080f > kms/scripts/setup.sh 60c026b80 > kms/src/main/java/org/apache/hadoop/crypto/key/MigrateDBMKeyToGCP.java > PRE-CREATION > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerGoogleCloudHSMProvider.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSMKI.java 75e70fffa > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java > b9e7cb2fd > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > db8fa69e0 > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.java > 854d7f0b6 > kms/src/main/resources/META-INF/context.xml PRE-CREATION > pom.xml 5c621a5b4 > > > Diff: https://reviews.apache.org/r/73783/diff/3/ > > > Testing > --- > > Build Succeeded - mvn clean compile test verify install > Testing : Verified fresh and upgrade scenarios. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73776: RANGER-3561: Upgrade Storm version to 1.2.4
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73776/#review223949 --- Ship it! Ship It! - Mehul Parikh On Dec. 22, 2021, 4:21 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73776/ > --- > > (Updated Dec. 22, 2021, 4:21 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3561 > https://issues.apache.org/jira/browse/RANGER-3561 > > > Repository: ranger > > > Description > --- > > Storm version can be upgraded from 1.2.0 to 1.2.4 > > > Diffs > - > > pom.xml f9c46f669 > > > Diff: https://reviews.apache.org/r/73776/diff/1/ > > > Testing > --- > > Able to build and run ranger succesfully. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 73745: RANGER-3487 : Update underscorejs with latest version.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73745/#review223929 --- Ship it! Ship It! - Mehul Parikh On Dec. 7, 2021, 1:36 p.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73745/ > --- > > (Updated Dec. 7, 2021, 1:36 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and > Velmurugan Periasamy. > > > Bugs: RANGER-3487 > https://issues.apache.org/jira/browse/RANGER-3487 > > > Repository: ranger > > > Description > --- > > For more functionality update underscorejs with the latest version is 1.13.1. > > > Diffs > - > > security-admin/src/main/webapp/libs/bower/underscore/js/underscore-min.js > 898bd44a1 > security-admin/src/main/webapp/libs/bower/underscore/js/underscore.js > 5cdf62ea6 > > > Diff: https://reviews.apache.org/r/73745/diff/1/ > > > Testing > --- > > Tested > 1.CRUD of service > 2.Policy CRUD > 3.User, group and role crud > 4.Audit tab to check popup and also is all the data is coming in audit > 5.Permission tab CRUD > 6.Import and export of csv, xml and json > 7.Enforcement > 8.sync details in user page > > > Thanks, > > Nitin Galave > >
Re: Review Request 73719: RANGER-3435: Add unique index on guid, service and zone_id column of x_policy table
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73719/#review223789 --- Ship it! Ship It! - Mehul Parikh On Nov. 24, 2021, 3:44 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73719/ > --- > > (Updated Nov. 24, 2021, 3:44 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3435 > https://issues.apache.org/jira/browse/RANGER-3435 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** After first commit of RANGER-3435 > https://reviews.apache.org/r/73594/ x_policy table have unique constraint on > guid and service column. if there are more than one zone and policies > exported from one zone is imported in the other zone then policy guid will > remain same. since guid are same for both the policies, we need to restrict 1 > entry only for the same guid under a specific service and zone. > > **Proposed Solution:** > it will be better to include zone_id also with guid and service column for > the unique key creation so that the same restriction can be enforced from db > end. > > > Diffs > - > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > e444e78eb > > security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql > 357b7efe3 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 9e5da70fc > > security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql > 580841c6b > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 9fd45037b > > security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql > 81718aae4 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > bdccecc19 > > security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql > 16ad476e4 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 8515ac0b0 > > security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql > 3037988e2 > > > Diff: https://reviews.apache.org/r/73719/diff/3/ > > > Testing > --- > > Tested the patch for MySQL, Oracle, Postgres and MSSQL. > unique constraint is being created in x_policy table for a fresh installation > and upgrade case as well. > > > Thanks, > > Pradeep Agrawal > >
[jira] [Resolved] (RANGER-3529) Ranger default policies for Hive should include HDFS
[ https://issues.apache.org/jira/browse/RANGER-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh resolved RANGER-3529. -- Resolution: Invalid > Ranger default policies for Hive should include HDFS > > > Key: RANGER-3529 > URL: https://issues.apache.org/jira/browse/RANGER-3529 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Mehul Parikh >Priority: Major > > Ranger default policies for Hive should include HDFS -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (RANGER-3529) Ranger default policies for Hive should include HDFS
[ https://issues.apache.org/jira/browse/RANGER-3529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh closed RANGER-3529. > Ranger default policies for Hive should include HDFS > > > Key: RANGER-3529 > URL: https://issues.apache.org/jira/browse/RANGER-3529 > Project: Ranger > Issue Type: Bug > Components: Ranger > Reporter: Mehul Parikh >Priority: Major > > Ranger default policies for Hive should include HDFS -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3529) Ranger default policies for Hive should include HDFS
Mehul Parikh created RANGER-3529: Summary: Ranger default policies for Hive should include HDFS Key: RANGER-3529 URL: https://issues.apache.org/jira/browse/RANGER-3529 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Mehul Parikh Ranger default policies for Hive should include HDFS -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73698: RANGER-3510 : Ranger upgrade spring framework version to 5.3.12
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73698/#review223732 --- Ship it! Ship It! - Mehul Parikh On Nov. 9, 2021, 10:24 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73698/ > --- > > (Updated Nov. 9, 2021, 10:24 a.m.) > > > Review request for ranger, Dhaval Shah, Kishor Gollapalliwar, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Sailaja > Polavarapu. > > > Bugs: RANGER-3510 > https://issues.apache.org/jira/browse/RANGER-3510 > > > Repository: ranger > > > Description > --- > > Ranger is currently pulling in 5.3.7. This needs to be upgraded to 5.3.11 or > higher. > > > Diffs > - > > pom.xml 2937f0894 > > > Diff: https://reviews.apache.org/r/73698/diff/1/ > > > Testing > --- > > Ran : mvn clean compile test verify install > Tested : Admin CRUD operation, KMS CRUD operation on Local VM. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73680: RANGER-3499 : Upgrade tomcat to 8.5.72
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73680/#review223731 --- Ship it! Ship It! - Mehul Parikh On Nov. 2, 2021, 10:04 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73680/ > --- > > (Updated Nov. 2, 2021, 10:04 a.m.) > > > Review request for ranger, Dhaval Shah, Jayendra Parab, Abhay Kulkarni, > Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3499 > https://issues.apache.org/jira/browse/RANGER-3499 > > > Repository: ranger > > > Description > --- > > Currently ranger is pulling tomcat-8.5.69, Upgraded to tomcat-8.5.72. > > > Diffs > - > > pom.xml 2937f0894 > > > Diff: https://reviews.apache.org/r/73680/diff/1/ > > > Testing > --- > > Ran : mvn clean compile test verify install > Tested on local VM, Performed crud operation on Ranger Admin and Ranger KMS. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73452: RANGER-3023: Permission tab takes longer time to load with large number of users and group_users data
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73452/#review223694 --- Ship it! Ship It! - Mehul Parikh On Oct. 26, 2021, 11:29 a.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73452/ > --- > > (Updated Oct. 26, 2021, 11:29 a.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul > Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3023 > https://issues.apache.org/jira/browse/RANGER-3023 > > > Repository: ranger > > > Description > --- > > GET API /service/xusers/permission takes longer time to load with following > number of users and group mappings in db. > > select count(*) from x_user; > 109040 > > select count(*) from x_portal_user; > 109038 > > select count(*) from x_group_users; > 689952 > > Current problem : For every ModuleDef, db call to fetch all XXUser, > XXPortalUser and creating a Map object using > xUserService.getXXPortalUserIdXXUserMap() is a costly operation. Similarly > for xGroupService.getXXGroupIdXXGroupMap(). > > Solution: > In the following patch, I have overriedden searchModuleDef function in > XModuleDefService which will fetch users and groups only once. > i.e. Map xXPortalUserIdXXUserMap = > xUserService.getXXPortalUserIdXXUserMap(); > Map xXGroupMap = xGroupService.getXXGroupIdXXGroupMap(); > > These two objects will be passed to an overloaded method populateViewBean() > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java 1bd59f8d2 > security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java 4c0f33ed9 > > security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java > 13d0a8fcb > security-admin/src/main/java/org/apache/ranger/service/XGroupService.java > d615d1775 > > security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java > d5ca38548 > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java > 47a1fadb7 > security-admin/src/main/java/org/apache/ranger/service/XUserService.java > 9647096fe > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 96dc0df8e > > > Diff: https://reviews.apache.org/r/73452/diff/3/ > > > Testing > --- > > xUserService.getXXPortalUserIdXXUserMap() takes approximately 2000 > milliseconds. > xGroupService.getXXGroupIdXXGroupMap() takes approximately 500 milliseconds. > > Before patch, XModuleDefServiceBase.searchModuleDef() took 30252 milliseconds. > After patch, XModuleDefService.searchModuleDef() took 13766 milliseconds. > > GET API /service/xusers/permission response improved by ~16 seconds for the > above mentioned dataset. > > > Thanks, > > Mahesh Bandal > >
Re: [VOTE] Release Apache Ranger version 2.2.0 - rc2
+1 for Apache Ranger 2.2.0 rc2 - Verified signatures - Built ranger-2.2-rc2 from sources successfully - Started Ranger-admin successfully - Verified policy download by hdfs / yarn / hbase / hive / kafka / plugins. On Mon, Oct 25, 2021 at 3:34 AM Abhay Kulkarni wrote: > +1 > > - Verified pgp, sha signatures > - Built ranger-2.2-rc2 from sources successfully > - Started Ranger-admin successfully > - Verified that the changes to tag policies are downloaded to > hdfs/hbase/hive/kafka/yarn plugins > > Thanks! > -Abhay > > On Sat, Oct 23, 2021 at 5:31 PM Madhan Neethiraj > wrote: > > > > +1 for Apache Ranger 2.2.0 rc2 > > > > - verified signature > > - verified 2.2.0-rc2 builds successfully > > - verified Ranger admin startup; created services/policies/security > zones > > - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins > > - verified audit logs from plugins, audit-filters > > > > Thank you Ramesh for putting this release together. > > > > Thanks, > > Madhan > > > > > > On 10/23/21, 12:33 AM, "Ramesh Mani" wrote: > > > > Dear Rangers, > > > > Apache Ranger 2.2.0 release candidate #2 is now available for a vote > within > > the dev community. Links to the release artifacts are given below. > Please > > review and vote. > > > > The vote will be open for at least 72 hours or until necessary votes > are > > reached. > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove (and reason why) > > > > Thanks, > > Ramesh > > > > List of all the issues addressed in this release: > > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > > status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC > > > > Git tag for the release: > > https://github.com/apache/ranger/tree/release-2.2.0-rc2 > > > > Sources for the release: > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz > > > > Source release verification: > > PGP Signature: > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc > > SHA256 Hash: > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256 > > SHA512 Hash: > > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512 > > > > Keys to verify the signature of the release artifacts are available > at: > > https://dist.apache.org/repos/dist/release/ranger/KEYS > > > > New features/enhancements: > > > > > >- > > > >Schema changes to improve performance of chained plugin features. > >RANGER-3067 > > > > > >- > > > >Support delegation-admin for specific permissions.RANGER-3122 > >- > > > >Kafka Client improvement to use Kafka AdminClient API instead of > >Zookeeper. RANGER-3001 > >- > > > >GET API service/xusers/users response time improvement. > RANGER-3027/ > >RANGER-3024 > >- > > > >Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 > >- > > > >Ranger UI Search by object name in page /reports/audit/admin. > RANGER-3052 > >- > > > >Enhancement to trace additional information on resources. > RANGER-3065 > >- > > > >Improve audit log for Role operations in Ranger Hive authorizer. > >RANGER-3170 > >- > > > >Audit-filter feature implementation to help reduce volume of > audit logs > >generated.RANGER-3000 > >- > > > >Need feature to make the access log file name configurable for > >user.RANGER-3242/RANGER-3241 > >- > > > >Upgrade solr version in Ranger to Solr 8.6.3 for better > >performance.RANGER-3091 > >- > > > >Enhance Ranger admin REST Client to use cookie for policy, tag > and role > >download.RANGER-3283 > >- > > > >Audit Filter default policies for reducing verbosity in auditing. > >RANGER-3260/RANGER-3283 > >- > > > >Auditing for HDFS chmod and chown operations.RANGER-3148 > >- > > > >Ranger HiveAuthorizer improvements to handle uncharted hive > >commands.RANGER-3368 > >- > > > >Ranger Access audit page improvement. RANGER-3109 > >- > > > >Dockerfile to support building from local repository.RANGER-3012 > >- > > > >Performance improvement for Ranger usersync. RANGER-2986 > > > > > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
[jira] [Assigned] (RANGER-3430) Null Dereference in RangerDefaultAuditHandler.java
[ https://issues.apache.org/jira/browse/RANGER-3430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh reassigned RANGER-3430: Assignee: Mehul Parikh > Null Dereference in RangerDefaultAuditHandler.java > -- > > Key: RANGER-3430 > URL: https://issues.apache.org/jira/browse/RANGER-3430 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek Kumar >Assignee: Mehul Parikh >Priority: Minor > > Null dereference in RangerDefaultAuditHandler.java at line numbers : 150 and > 181. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-3471) Upgrade Jetty-client, commons-compress, poi-ooxml jar.
[ https://issues.apache.org/jira/browse/RANGER-3471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh reassigned RANGER-3471: Assignee: Mateen Mansoori > Upgrade Jetty-client, commons-compress, poi-ooxml jar. > -- > > Key: RANGER-3471 > URL: https://issues.apache.org/jira/browse/RANGER-3471 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Mateen N Mansoori >Assignee: Mateen Mansoori >Priority: Major > > Currently ranger pulling jetty-client : 9.4.31.v20200723, commons-compress : > 1.8.1 and poi-ooxml : 4.1.2, Upgrading these libs to 9.4.44.v20210927, 1.21 > and 5.0.0 respectively. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 73655: RANGER-3482: fix for Kafka plugin initialization failure - NoClassDefFoundError htrace
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73655/#review223632 --- Ship it! Ship It! - Mehul Parikh On Oct. 18, 2021, 10:12 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73655/ > --- > > (Updated Oct. 18, 2021, 10:12 p.m.) > > > Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Mehul > Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3482 > https://issues.apache.org/jira/browse/RANGER-3482 > > > Repository: ranger > > > Description > --- > > updated Kafka plugin packaging to include htrace-core4 library > > > Diffs > - > > dev-support/ranger-docker/.env b3760823e > distro/src/main/assembly/plugin-kafka.xml 91a868e0d > > > Diff: https://reviews.apache.org/r/73655/diff/1/ > > > Testing > --- > > - verified that Kafka plugin initialization completes successfully > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 73638: RANGER-3470 : Ranger - Upgrade commons-io to 2.11.0
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73638/#review223631 --- Ship it! Ship It! - Mehul Parikh On Oct. 12, 2021, 5:05 a.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73638/ > --- > > (Updated Oct. 12, 2021, 5:05 a.m.) > > > Review request for ranger, Jayendra Parab, Kishor Gollapalliwar, Abhay > Kulkarni, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3470 > https://issues.apache.org/jira/browse/RANGER-3470 > > > Repository: ranger > > > Description > --- > > upgrade commons-io to 2.11.0. > > > Diffs > - > > pom.xml 626591d60 > > > Diff: https://reviews.apache.org/r/73638/diff/1/ > > > Testing > --- > > Tested basic admin functionality. > > > Thanks, > > Dineshkumar Yadav > >
Re: [VOTE] Release Apache Ranger version 2.2.0 - rc1
Hi All, +1 for Apache Ranger 2.2.0 rc1 release. - Verified the build - Verified signatures. On Thu, Oct 14, 2021 at 2:42 AM Ramesh Mani wrote: > Dear Rangers, > > Apache Ranger 2.2.0 release candidate #1 is now available for a vote within > the dev community. Links to the release artifacts are given below. Please > review and vote. > > The vote will be open for at least 72 hours or until necessary votes are > reached. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Thanks, > Ramesh > > List of all issues addressed in this release: > https://issues.apache.org/jira/issues/?jql=project=RANGER AND > status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC > > Git tag for the release: > https://github.com/apache/ranger/tree/release-2.2.0-rc1 > > Sources for the release: > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz > > Source release verification: > PGP Signature: > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.asc > SHA256 Hash: > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.sha256 > SHA512 Hash: > > https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc1/apache-ranger-2.2.0.tar.gz.sha512 > > Keys to verify the signature of the release artifacts are available at: > https://dist.apache.org/repos/dist/release/ranger/KEYS > > New features/enhancements: > > Schema changes to improve performance of chained plugin features. > RANGER-3067 > > Support delegation-admin for specific permissions.RANGER-3122 > > Kafka Client improvement to use Kafka AdminClient API instead of Zookeeper. > RANGER-3001 > > GET API service/xusers/users response time improvement. RANGER-3027/ > RANGER-3024 > > Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 > > Ranger UI Search by object name in page /reports/audit/admin. RANGER-3052 > > Enhancement to trace additional information on resources. RANGER-3065 > > Improve audit log for Role operations in Ranger Hive authorizer. > RANGER-3170 > > Audit-filter feature implementation to help reduce volume of audit logs > generated.RANGER-3000 > > Need feature to make the access log file name configurable for > user.RANGER-3242/RANGER-3241 > > Upgrade solr version in Ranger to Solr 8.6.3 for better > performance.RANGER-3091 > > Enhance Ranger admin REST Client to use cookie for policy, tag and role > download.RANGER-3283 > > Audit Filter default policies for reducing verbosity in auditing. > RANGER-3260/RANGER-3283 > > Auditing for HDFS chmod and chown operations.RANGER-3148 > > Ranger HiveAuthorizer improvements to handle uncharted hive > commands.RANGER-3368 > > Ranger Access audit page improvement. RANGER-3109 > > Dockerfile to support building from local repository.RANGER-3012 > > Performance improvement for Ranger usersync. RANGER-2986 > -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: Review Request 73636: RANGER-3418 : Rotated Ranger admin access logs aren't getting removed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73636/#review223623 --- Ship it! Ship It! - Mehul Parikh On Oct. 7, 2021, 6:15 p.m., Vishal Suvagia wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73636/ > --- > > (Updated Oct. 7, 2021, 6:15 p.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-3418 > https://issues.apache.org/jira/browse/RANGER-3418 > > > Repository: ranger > > > Description > --- > > Ranger admin access logs in the configured log directory aren't removed and > keeps up utilizing unused space. Need to have access logs configurable to > have older logs purged. > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 62a188b95233eb5d07e253030819819cc50d4565 > > > Diff: https://reviews.apache.org/r/73636/diff/1/ > > > Testing > --- > > Validated the changes locally. > > > Thanks, > > Vishal Suvagia > >
Re: Review Request 73632: RANGER-3465 : Upgrade spring-security library
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73632/#review223601 --- Ship it! Ship It! - Mehul Parikh On Oct. 12, 2021, 5:03 a.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73632/ > --- > > (Updated Oct. 12, 2021, 5:03 a.m.) > > > Review request for ranger, Jayendra Parab, Kishor Gollapalliwar, Abhay > Kulkarni, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Vishal Suvagia, and > Velmurugan Periasamy. > > > Bugs: RANGER-3465 > https://issues.apache.org/jira/browse/RANGER-3465 > > > Repository: ranger > > > Description > --- > > Upgraded spring-security to 5.5.2 > > > Diffs > - > > pom.xml 626591d60 > > > Diff: https://reviews.apache.org/r/73632/diff/1/ > > > Testing > --- > > Tested basic admin functionality. > > > Thanks, > > Dineshkumar Yadav > >
Re: Review Request 73619: RANGER-3457 : [Session Timeout-Ranger]With multiple tabs if one tab encounters session idle timeout other active tab still continues with old/invalid session cookie.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73619/#review223567 --- Ship it! Ship It! - Mehul Parikh On Sept. 30, 2021, 10:40 a.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73619/ > --- > > (Updated Sept. 30, 2021, 10:40 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3457 > https://issues.apache.org/jira/browse/RANGER-3457 > > > Repository: ranger > > > Description > --- > > 1) > *Steps:* > > 1. Configured ranger.service.inactivity.timeout to 45 sec > > 2. Opened ranger UI on multiple tabs. > > 3. Left the session idle for 40 secs > > 4. once the popup for session idle going to expire shows up clicked on the > "stay logged in" button and performed an operation in one of the tabs. > > *Observation* > # Other tabs which were opened removed the RangerSessionID, but the tab > which became active before timeout still using the same RangerSessionID. > # Clicking a link from the above active tab to a new tab still uses the same > RangerSessionID which was removed earlier > # But when clicking ranger ui from CP it opens with a new RangerSessionID > > *Note:* > > Though using RangerSessionID which was removed in other tabs, i was able to > navigate and perform policy updates. But not sure if any other action will > fail based on session which was removed > > 2) > *Steps:* > 1. Configured ranger.service.inactivity.timeout to 40 sec and restarted > Ranger > 2. Open Ranger UI on an incognito window with hrt_qa/Password@123 > 3. Didnt perform any operation / mouse operation for 4 mins > > *Issue:* > Idle logout wizard (with "logout now" and "stay logged in" is not shown) > > > Diffs > - > > security-admin/src/main/webapp/scripts/controllers/Controller.js aab73b6f7 > security-admin/src/main/webapp/scripts/controllers/NController.js 2598035c4 > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > 46e4c1901 > security-admin/src/main/webapp/scripts/utils/XAUtils.js 49f03d185 > > > Diff: https://reviews.apache.org/r/73619/diff/1/ > > > Testing > --- > > Tested that if session timeout happens in one tab and we log out from that > tab all other tabs also get logout. > Tested that user does not perform any activity than after desire time idle > logout popup appears. > > > Thanks, > > Nitin Galave > >
Re: Review Request 73617: RANGER-3455 : [Logout-Ranger] Should either be disabled/ should redirect to knox logout page.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73617/#review223545 --- Ship it! Ship It! - Mehul Parikh On Sept. 28, 2021, 1:48 p.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73617/ > --- > > (Updated Sept. 28, 2021, 1:48 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3455 > https://issues.apache.org/jira/browse/RANGER-3455 > > > Repository: ranger > > > Description > --- > > Steps: > > 1. Click on Ranger UI from SSO Ranger URL. > > 2. Click on logout button from ranger home page. > > Observation: > > For now we see that it lands on below page. But it would be better if we > disable logout button /land on knox logout page . > > > Diffs > - > > security-admin/src/main/webapp/scripts/controllers/Controller.js 5fc7e9fcd > security-admin/src/main/webapp/scripts/controllers/NController.js 612b0f20b > security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 8a8530391 > > > Diff: https://reviews.apache.org/r/73617/diff/1/ > > > Testing > --- > > Tested that after clicking on logout button its land to knox logout page. > > > Thanks, > > Nitin Galave > >
Re: Review Request 73596: Revert "RANGER-3211: Upgrade libthrift to 0.14.1"
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73596/#review223514 --- Ship it! Ship It! - Mehul Parikh On Sept. 21, 2021, 3:26 p.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73596/ > --- > > (Updated Sept. 21, 2021, 3:26 p.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Dhaval Shah, Gautam > Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Repository: ranger > > > Description > --- > > HiveMetaStoreClient is not compatible with thrift-0.14.1 and due to this hive > resource lookup is not working. > > > Diffs > - > > pom.xml 36036a6ad > > > Diff: https://reviews.apache.org/r/73596/diff/1/ > > > Testing > --- > > BUILD SUCCESS: mvn clean compile verify test install > Ranger installation and setup successful. > Ranger is pulling libthrift-0.13.0.jar > Done sanity testing on ranger. > > > Thanks, > > Mahesh Bandal > >
Re: Planning for Apache Ranger 2.2.0 release
+1 for Ranger 2.2 release. Thanks Ramesh On Tue, Sep 21, 2021 at 7:47 PM Velmurugan Periasamy wrote: > +1 for Ranger 2.2 release. Thank you Ramesh for coordinating the release. > > > > On Tue, Sep 21, 2021 at 9:42 AM Sailaja Polavarapu < > spolavar...@cloudera.com> wrote: > +1 Thanks Ramesh for putting this together. > - Sailaja. > > On Mon, Sep 20, 2021 at 12:46 PM Abhay Kulkarni ab...@apache.org>> wrote: > +1. > > Thanks, Ramesh. > > On Mon, Sep 20, 2021 at 8:48 AM Ramesh Mani rm...@apache.org>> wrote: > > > > Dear Ranger Community members, > > > > This is the reminder to give your opinion on Apache Ranger Release 2.2.0. > > > > Thanks, > > Ramesh > > > > On Tue, Sep 14, 2021 at 2:48 PM Ramesh Mani rm...@apache.org>> wrote: > >> > >> Dear Ranger Community members, > >> > >> > >> > >> There are many features and fixes done in Apache Ranger Project since > the release of Apache Ranger 2.1.0. These features enhance the quality and > improve the user experience of Apache Ranger overall. > >> > >> > >> > >> Some of the key enhancements/features in this release are > >> > >> > >> > >> Schema changes to improve performance of chained plugin features. > RANGER-3067 > >> > >> Support delegation-admin for specific permissions.RANGER-3122 > >> > >> Kafka Client improvement to use Kafka AdminClient API instead of > Zookeeper. RANGER-3001 > >> > >> GET API service/xusers/users response time improvement. RANGER-3027/ > RANGER-3024 > >> > >> Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130 > >> > >> Ranger UI Search by object name in page /reports/audit/admin. > RANGER-3052 > >> > >> Enhancement to trace additional information on resources. RANGER-3065 > >> > >> Improve audit log for Role operations in Ranger Hive authorizer. > RANGER-3170 > >> > >> Audit-filter feature implementation to help reduce volume of audit logs > generated. RANGER-3000 > >> > >> Need feature to make the access log file name configurable for user. > RANGER-3242/RANGER-3241 > >> > >> Upgrade the solr version in Ranger to Solr 8.6.3 for better > performance. RANGER-3091 > >> > >> Enhance Ranger admin REST Client to use cookies for policy, tag and > role download. RANGER-3283 > >> > >> Audit Filter default policies for reducing verbosity in auditing. > RANGER-3260/RANGER-3283 > >> > >> Auditing for HDFS chmod and chown operations. RANGER-3148 > >> > >> Ranger HiveAuthorizer improvements to handle uncharted hive commands. > RANGER-3368 > >> > >> Ranger Access audit page improvement. RANGER-3109 > >> > >> Dockerfile to support building from local repository. RANGER-3012 > >> > >> Performance improvement for Ranger usersync. RANGER-2986 > >> > >> > >> > >> Bug Fixes: > >> > >> In this Apache Ranger release there are around 119 bug fixes done. > >> > >> > >> > >> There are 324 commits with 219 resolved JIRAs in the release branch > ranger-2.2.0 and with these improvements it is time to do the next Apache > Ranger release. > >> > >> > >> Planned timeline to release Apache Ranger 2.2.0 is end of September > 2021. > >> > >> > >> > >> Please review and give your comments. > >> > >> > >> > >> Thanks, > >> > >> Ramesh > >> > >> -- Thanks and regards, Mehul Parikh M: +91 98191 54446 E: xsme...@gmail.com
Re: Review Request 73559: RANGER-3388 : Session Inactivity Timeout: Ranger UI part.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73559/#review223494 --- Ship it! Ship It! - Mehul Parikh On Sept. 17, 2021, 11:38 a.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73559/ > --- > > (Updated Sept. 17, 2021, 11:38 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, > Jayendra Parab, Kishor Gollapalliwar, Madhan Neethiraj, Mahesh Bandal, Mehul > Parikh, Pradeep Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3388 > https://issues.apache.org/jira/browse/RANGER-3388 > > > Repository: ranger > > > Description > --- > > *Background* > > Ranger users who log in via one of the supported authentication flavors stay > logged in until they choose to log out. > > This is a security hole in the scenario where the user has logged in and has > left their desk. The inactivity does not result in early log out. > > This implementation addresses that problem. > > *Scenarios* > * Login to single session. > * Login to multiple tabs. > * Login to multiple services each having its own inactivity detection and > logout implementation. > > > Diffs > - > > security-admin/src/main/webapp/scripts/controllers/Controller.js 6b7bad980 > security-admin/src/main/webapp/scripts/controllers/NController.js 749295667 > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > d30ed4df3 > security-admin/src/main/webapp/scripts/utils/XAUtils.js 42668768d > security-admin/src/main/webapp/scripts/views/common/ProfileBar.js 9dbfa9caf > > > Diff: https://reviews.apache.org/r/73559/diff/1/ > > > Testing > --- > > Tested following scenario > = > > * Check for fresh install default session timeout is set to 900sec(15min). > * Check when session timeout is set to 60sec we get session timeout popup. > * Check we remain login when we click on stay logged it button from session > timeout popup. > * Check we get logout when we click on logout button from session timeout > popup. > * Check when session timeout is set to 60sec when export popup is open. > * Check when session timeout is set to 60sec when audit popup is open. > * Check we wont get session timeout when playing with tabs. > * Check when session timeout is set to 30sec. > * Check from Ranger the value of session is getting converted to sec no > matter what CM keeps. > > > Check session timeout works for Knox SSO > > * Check we remain login when we click on stay logged it button from session > timeout popup through Knox SSO. > * Check we get logout when we click on logout button from session timeout > popup through Knox SSO. > > Check session timeout works for Knox proxy > == > * Check we remain login when we click on stay logged it button from session > timeout popup through knox proxy. > * Check we get logout when we click on logout button from session timeout > popup through knox proxy. > > Check session timeout through knox trusted proxy > > * Check we remain login when we click on stay logged it button from session > timeout popup through knox trusted proxy. > * Check we get logout when we click on logout button from session timeout > popup through knox trusted proxy. > > Upgrade > === > * When cluster is upgraded the ranger.service.inactivity.timeout should be -1. > * When the ranger.service.inactivity.timeout is set to 1min it should work. > > > Thanks, > > Nitin Galave > >
Re: Review Request 73558: RANGER-3387 : Ranger Admin Header Validation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73558/#review223451 --- Ship it! Ship It! - Mehul Parikh On Sept. 7, 2021, 6:22 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73558/ > --- > > (Updated Sept. 7, 2021, 6:22 a.m.) > > > Review request for ranger, Dhaval Shah, Jayendra Parab, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3387 > https://issues.apache.org/jira/browse/RANGER-3387 > > > Repository: ranger > > > Description > --- > > Ranger Admin Header Validation > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 7d26b0a8a > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java > 3736bb4a7 > security-admin/src/main/webapp/scripts/modules/RestCsrf.js 50ac5f181 > > security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerCSRFPreventionFilter.java > b05afb52c > > > Diff: https://reviews.apache.org/r/73558/diff/1/ > > > Testing > --- > > Tested on local VM - performed CRUD operations, Verified User-Sync, Ranger > KMS plugin syncup. > Ran - mvn clean compile test verify install -> Build succeeded. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73568: RANGER-3398: Duplicate JAVA patch suffix should not be allowed
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73568/#review223445 --- Ship it! Ship It! - Mehul Parikh On Sept. 6, 2021, 7:44 a.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73568/ > --- > > (Updated Sept. 6, 2021, 7:44 a.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3398 > https://issues.apache.org/jira/browse/RANGER-3398 > > > Repository: ranger > > > Description > --- > > Duplicate JAVA suffix is allowed. Currently we need a manual human > intervention to find and correct. Use case in details as follows. > > ## Use-Case: > > 1. Say user1 & user2 working on a fix in Ranger and they both need JAVA patch > changes. > 2. Assume user1 needs to update table1 and user2 needs to update table2 using > java. > 3. Both Checked latest JAVA patch suffix (say it is _J10050). And used suffix > _J10051 for their JAVA files > 4. If both commits ends up merging. The setup script will apply ONLY one of > the both JAVA files (suffixed _J10051) randomly. > > ## Reproduce Steps: > > 1. cd /security-admin/src/main/java/org/apache/ranger/patch/ > 2. Update suffix of last 2 patches such that both contains same suffix > 3. mvn clean compile package install -U #build ranger > 4. setup ranger > > To avoid this, we need to fail maven build itself if there are duplicate > suffix. > > > Diffs > - > > security-admin/pom.xml 7ee2b22b2 > > > Diff: https://reviews.apache.org/r/73568/diff/1/ > > > Testing > --- > > ## In-Valid cases > > 1. Same prefixed files inside patches directory > 2. Same prefixed files inside audit directory > 3. Same prefixed files first inside patches second inside audit directory > > ## Valid cases > > 1. NO duplicate prefix > > ## Build > > mvn clean compile package install -U > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73523: RANGER-3339 : Make Ranger Solr audit collection config-set configurable.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73523/#review223430 --- Ship it! Ship It! - Mehul Parikh On Aug. 17, 2021, 3:54 p.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73523/ > --- > > (Updated Aug. 17, 2021, 3:54 p.m.) > > > Review request for ranger, Dhaval Shah, Abhay Kulkarni, Mehul Parikh, Pradeep > Agrawal, Vishal Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3339 > https://issues.apache.org/jira/browse/RANGER-3339 > > > Repository: ranger > > > Description > --- > > Currently ranger admin using a fixed config-set zip to create config, So this > changes are to make it configurable. > > > Diffs > - > > embeddedwebserver/scripts/ranger-admin-services.sh d7cabbcde > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > d04d1c897 > security-admin/scripts/install.properties ae7a00d3f > security-admin/scripts/setup.sh f6f6f564c > security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 793c479bd > > > Diff: https://reviews.apache.org/r/73523/diff/1/ > > > Testing > --- > > Tested on local VM by providing custom config-set zip location and it was > able to create config-set and collection. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73366: RANGER-3293 : Show user source details on user tab in ranger UI.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73366/#review223412 --- Ship it! Ship It! - Mehul Parikh On Aug. 18, 2021, 12:27 p.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73366/ > --- > > (Updated Aug. 18, 2021, 12:27 p.m.) > > > Review request for ranger, Abhishek Kumar, Dhaval Shah, Dineshkumar Yadav, > Harshal Chavan, Jayendra Parab, Kishor Gollapalliwar, Madhan Neethiraj, > Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3293 > https://issues.apache.org/jira/browse/RANGER-3293 > > > Repository: ranger > > > Description > --- > > Two new attributes are added when users are synced. > Show them to the User details page Ranger UI. > > > Diffs > - > > security-admin/src/main/webapp/scripts/utils/XAViewUtils.js e9edc9a39 > security-admin/src/main/webapp/scripts/views/users/GroupForm.js 0c6ef5be0 > security-admin/src/main/webapp/scripts/views/users/UserForm.js d32fa491e > security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js > 57d7a96e2 > security-admin/src/main/webapp/templates/users/GroupForm_tmpl.html > a47f04046 > security-admin/src/main/webapp/templates/users/UserForm_tmpl.html d466c262d > > > Diff: https://reviews.apache.org/r/73366/diff/2/ > > > Testing > --- > > 1."To verify users are getting synced in the user list page successfully > after installation of > user-sync with ranger for source Unix."as well as for LDAP. > 2."To verify sync-source field is visible in the RestAPI response for the > user who sync throu > gh source Unix." > 3."To verify sync-source field and LDAP URL is visible in the RestAPI > response for the user who sync throu > gh source LDAP. > 4.To Verify the Other details in the RestAPI response would be shown correct > for Unix and LDAP source. > 5.Hit the get request using CURL and verify the response where sync-source > details would be shown correct for the Unix and LDAP. > 6."Once the User is sync successfully then same entry for creation of user > would be visible > under ""Audit admin"" logs for source Unix." > 7.Check authentication for the user who sync through source LDAP and Unix. > 8.Verify the fields are added in the search filters and should be working as > expected. > 9."Once Users/ Groups are sync from unix or Ldap source ,Verify user is able > to view sync details > from the Ui from User Listing ,Group Listing,User Details and group detail > page." > 10.Add users from Unix Verify whether those are sync properly in the UI along > with the sync source details in the Rest API call. > > > Thanks, > > Nitin Galave > >
Re: Review Request 73539: RANGER-3348: Add user & group delete functionality in Apache Ranger Python APIs - follow-up
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73539/#review223380 --- Ship it! Ship It! - Mehul Parikh On Aug. 23, 2021, 2:57 p.m., Kishor Gollapalliwar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73539/ > --- > > (Updated Aug. 23, 2021, 2:57 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, > and Velmurugan Periasamy. > > > Bugs: RANGER-3348 > https://issues.apache.org/jira/browse/RANGER-3348 > > > Repository: ranger > > > Description > --- > > Remove hard-coded 'true' for 'forceDelete' request param in delete user & > group APIs > > > Diffs > - > > intg/src/main/python/apache_ranger/client/ranger_client.py dc69b045d > > > Diff: https://reviews.apache.org/r/73539/diff/1/ > > > Testing > --- > > mvn clean compile package install > Python client - create service > Python client - create policy > Python client - delete policy > Python client - delete service > Python client - delete group > Python client - delete user > Python client - delete role > > > Thanks, > > Kishor Gollapalliwar > >
Re: Review Request 73522: RANGER-3372 : ISSUE IN POLICIES SEARCH ON REPORT PAGE WITH USER HAVING MORE THAN ONE UNIX GROUPS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73522/#review223370 --- Ship it! Ship It! - Mehul Parikh On Aug. 20, 2021, 5:16 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73522/ > --- > > (Updated Aug. 20, 2021, 5:16 a.m.) > > > Review request for ranger, Dhaval Rajpara, Dhaval Shah, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-3372 > https://issues.apache.org/jira/browse/RANGER-3372 > > > Repository: ranger > > > Description > --- > > PROBLEM STATEMENT : > We have a user called "A" > User A belongs to 2 Groups [Group 1 and Group 2 ] > Group 1 is assigned to Hive Policy [Test 1 ] > Group 2 is assigned to Hive Policy [Test 2 ] > > Now while searching user "A" in Ranger Reports , We can only see 1 of the > Policy is listing , Expected behaviour should be : Both policy should be > displayed in reports. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > b9a926b33 > > > Diff: https://reviews.apache.org/r/73522/diff/4/ > > > Testing > --- > > Ran - mvn clean compile test verify install > Testing - Tested on local VM. > > > Thanks, > > Mateen Mansoori > >
Re: Review Request 73500: RANGER-3361 : Improve error message while deleting users and groups associated with role.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73500/#review223343 --- Ship it! Ship It! - Mehul Parikh On Aug. 16, 2021, 6:10 a.m., Mateen Mansoori wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73500/ > --- > > (Updated Aug. 16, 2021, 6:10 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, > and Velmurugan Periasamy. > > > Bugs: RANGER-3361 > https://issues.apache.org/jira/browse/RANGER-3361 > > > Repository: ranger > > > Description > --- > > Currently getting 404 response from user/group API when we try to delete > user or groups which are associated with any role(s). > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 38b06d1b2 > security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java > cfd66b13f > > > Diff: https://reviews.apache.org/r/73500/diff/2/ > > > Testing > --- > > Ran : mvn clean compile test verify install > Test : Tested on local VM. > > > Thanks, > > Mateen Mansoori > >
