[jira] [Assigned] (RANGER-3142) Access control based on groups not working for presto plugin
[
https://issues.apache.org/jira/browse/RANGER-3142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-3142:
---
Assignee: Pradeep Agrawal
> Access control based on groups not working for presto plugin
> -
>
> Key: RANGER-3142
> URL: https://issues.apache.org/jira/browse/RANGER-3142
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.1.0
> Environment: ranger-2.1.0-presto-plugin.tar.gz
> presto-server-347.tar.gz
>Reporter: Anchal Agarwal
>Assignee: Pradeep Agrawal
>Priority: Major
>
> I'm using ranger-2.1.0 for access control in prestosql-347.
> A policy with user list in 'allow conditions' works i.e. if I connect to
> presto with a user in the allowed list, my query returns the expected results.
> But instead of users, if I use group in the policy and try accessing presto
> with a user belonging to that group, then I'm denied access.
> {code:java}
> %presto
> show tables in default
> Query failed (#20210106_032741_0_dddsy): Access Denied: Cannot access
> catalog hive
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-3137) Lookup user should has 'Select' permission for all resource in hive-agent
[ https://issues.apache.org/jira/browse/RANGER-3137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3137. - Fix Version/s: 3.0.0 Resolution: Fixed https://github.com/apache/ranger/commit/6fcab6993e8beb94c80514dd44f53d9d5e63db8c > Lookup user should has 'Select' permission for all resource in hive-agent > - > > Key: RANGER-3137 > URL: https://issues.apache.org/jira/browse/RANGER-3137 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Minor > Fix For: 3.0.0 > > Attachments: > 0001-add-select-permission-for-lookup-user-in-hive-agent.patch > > > Currently, there is only 'Read' permission for lookupuser in hive-agent, it > is better to add 'Select' permission to lookup user and make sure lookupuser > can lookup resource in web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-3135.
-
Fix Version/s: 3.0.0
Resolution: Fixed
https://github.com/apache/ranger/commit/5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3136. - Fix Version/s: 3.0.0 Resolution: Fixed https://github.com/apache/ranger/commit/bd1cf093b7a03431e3bbddf36dd2a565c32dcd40 > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3123) Add AlterSchema and AlterTable access control method in Ranger Presto Plugin
[ https://issues.apache.org/jira/browse/RANGER-3123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3123: Summary: Add AlterSchema and AlterTable access control method in Ranger Presto Plugin (was: Add AlterTable access control method in Ranger Presto Plugin) > Add AlterSchema and AlterTable access control method in Ranger Presto Plugin > > > Key: RANGER-3123 > URL: https://issues.apache.org/jira/browse/RANGER-3123 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > > Need to add Alter Table privilege access control method implementation in the > Ranger Presto Plugin. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3123) Add AlterTable access control method in Ranger Presto Plugin
Pradeep Agrawal created RANGER-3123: --- Summary: Add AlterTable access control method in Ranger Presto Plugin Key: RANGER-3123 URL: https://issues.apache.org/jira/browse/RANGER-3123 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Need to add Alter Table privilege access control method implementation in the Ranger Presto Plugin. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
[ https://issues.apache.org/jira/browse/RANGER-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17249784#comment-17249784 ] Pradeep Agrawal commented on RANGER-3100: - [~saketjajoo77] : Please review https://reviews.apache.org/r/73067/ > Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 > -- > > Key: RANGER-3100 > URL: https://issues.apache.org/jira/browse/RANGER-3100 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Saket Jajoo >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch, > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch, > RANGER-3100-V1.patch > > > Ranger is pulling in [httpclient > 4.5.6|https://github.com/apache/ranger/blob/2f4277eb15f86b82718d05989de5545687c33539/pom.xml#L132]. > Please upgrade to httpclient 4.5.13+. > CVE-2020-13956: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
[ https://issues.apache.org/jira/browse/RANGER-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3100: Attachment: 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch > Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 > -- > > Key: RANGER-3100 > URL: https://issues.apache.org/jira/browse/RANGER-3100 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Saket Jajoo >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch, > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch, > RANGER-3100-V1.patch > > > Ranger is pulling in [httpclient > 4.5.6|https://github.com/apache/ranger/blob/2f4277eb15f86b82718d05989de5545687c33539/pom.xml#L132]. > Please upgrade to httpclient 4.5.13+. > CVE-2020-13956: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
[ https://issues.apache.org/jira/browse/RANGER-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3100: Attachment: 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch > Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 > -- > > Key: RANGER-3100 > URL: https://issues.apache.org/jira/browse/RANGER-3100 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Saket Jajoo >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch > > > Ranger is pulling in [httpclient > 4.5.6|https://github.com/apache/ranger/blob/2f4277eb15f86b82718d05989de5545687c33539/pom.xml#L132]. > Please upgrade to httpclient 4.5.13+. > CVE-2020-13956: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
[ https://issues.apache.org/jira/browse/RANGER-3100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3100: --- Assignee: Pradeep Agrawal > Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956 > -- > > Key: RANGER-3100 > URL: https://issues.apache.org/jira/browse/RANGER-3100 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Saket Jajoo >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-3100-Upgrade-httpclient-version-from-4.5.6-to.patch > > > Ranger is pulling in [httpclient > 4.5.6|https://github.com/apache/ranger/blob/2f4277eb15f86b82718d05989de5545687c33539/pom.xml#L132]. > Please upgrade to httpclient 4.5.13+. > CVE-2020-13956: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface
[ https://issues.apache.org/jira/browse/RANGER-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3033: Issue Type: Improvement (was: Bug) > Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface > --- > > Key: RANGER-3033 > URL: https://issues.apache.org/jira/browse/RANGER-3033 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch > > > command 'show role grant user xxx' is not supported now -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface
[ https://issues.apache.org/jira/browse/RANGER-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3033. - Fix Version/s: 3.0.0 Resolution: Fixed https://github.com/apache/ranger/commit/4195eab099682024827fd88f4d2d3a93ce1f250d > Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface > --- > > Key: RANGER-3033 > URL: https://issues.apache.org/jira/browse/RANGER-3033 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch > > > command 'show role grant user xxx' is not supported now -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3092) KMS fails to start with NullPointerException in catalina.out logs
[
https://issues.apache.org/jira/browse/RANGER-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-3092:
Priority: Blocker (was: Major)
> KMS fails to start with NullPointerException in catalina.out logs
> -
>
> Key: RANGER-3092
> URL: https://issues.apache.org/jira/browse/RANGER-3092
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Blocker
> Fix For: 3.0.0
>
>
> Ranger KMS setup.sh executes successfully, however when we try to start KMS
> service with following command :
> {code:java}
> ./ranger-kms start
> {code}
> It shows "Apache Ranger KMS Service failed to start" and only catalina.out
> log file is created in ews/logs folder.
> Following error at ews/logs/catalina.out file :
> {code:java}
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:94)
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:85){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-3092) KMS fails to start with NullPointerException in catalina.out logs
[
https://issues.apache.org/jira/browse/RANGER-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-3092.
-
Resolution: Fixed
https://github.com/apache/ranger/commit/cbd4cdbb2567e86da7ecd89c0d55b088b107e559
> KMS fails to start with NullPointerException in catalina.out logs
> -
>
> Key: RANGER-3092
> URL: https://issues.apache.org/jira/browse/RANGER-3092
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger KMS setup.sh executes successfully, however when we try to start KMS
> service with following command :
> {code:java}
> ./ranger-kms start
> {code}
> It shows "Apache Ranger KMS Service failed to start" and only catalina.out
> log file is created in ews/logs folder.
> Following error at ews/logs/catalina.out file :
> {code:java}
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:94)
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:85){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-3095) not able to list the keys with a user whose id contains non latin character
[ https://issues.apache.org/jira/browse/RANGER-3095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3095. - Resolution: Fixed https://github.com/apache/ranger/commit/9146836b281fc7342250f57b40f612060afadb52 > not able to list the keys with a user whose id contains non latin character > --- > > Key: RANGER-3095 > URL: https://issues.apache.org/jira/browse/RANGER-3095 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Deepak Sharma >Assignee: Mateen Mansoori >Priority: Major > > not able to list the keys with a user whose id contains non latin character -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-3095) not able to list the keys with a user whose id contains non latin character
[ https://issues.apache.org/jira/browse/RANGER-3095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3095: --- Assignee: Mateen Mansoori > not able to list the keys with a user whose id contains non latin character > --- > > Key: RANGER-3095 > URL: https://issues.apache.org/jira/browse/RANGER-3095 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Deepak Sharma >Assignee: Mateen Mansoori >Priority: Major > > not able to list the keys with a user whose id contains non latin character -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3105) Upgrade Ranger Tomcat to 8.5 or 9.0
Pradeep Agrawal created RANGER-3105: --- Summary: Upgrade Ranger Tomcat to 8.5 or 9.0 Key: RANGER-3105 URL: https://issues.apache.org/jira/browse/RANGER-3105 Project: Ranger Issue Type: Wish Components: kms, Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 As Apache tomcat 7.0 support will end on march 2021, I propose to upgrade version to 8.5 or 9. Reference : [https://tomcat.apache.org/tomcat-70-eol.html] [https://tomcat.apache.org/whichversion.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3072) Build Ranger2.1.0 encounter error with Apache Maven 3.6.3
[ https://issues.apache.org/jira/browse/RANGER-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17232557#comment-17232557 ] Pradeep Agrawal commented on RANGER-3072: - [~未知的证明] : Build is working fine with command : mvn clean install -DskipTests=true you can remove "-DskipTests=true" if you want with testcases. > Build Ranger2.1.0 encounter error with Apache Maven 3.6.3 > - > > Key: RANGER-3072 > URL: https://issues.apache.org/jira/browse/RANGER-3072 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 > Environment: CentOS Linux release 7.8.2003 (Core) >Reporter: 李远锋 >Priority: Major > Fix For: 2.1.0 > > > [INFO] Building tar: > /home/liyuanfeng/software/apache-ranger-2.1.0/target/ranger-2.1.0-admin.tar.gz > [WARNING] When creating tar entry > java.lang.reflect.UndeclaredThrowableException > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:62) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.archiver.ArchiveEntry.getInputStream > (ArchiveEntry.java:126) > at org.codehaus.plexus.archiver.tar.TarArchiver.tarFile > (TarArchiver.java:316) > at org.codehaus.plexus.archiver.tar.TarArchiver.execute > (TarArchiver.java:171) > at org.codehaus.plexus.archiver.AbstractArchiver.createArchive > (AbstractArchiver.java:916) > at > org.apache.maven.plugin.assembly.archive.archiver.AssemblyProxyArchiver.createArchive > (AssemblyProxyArchiver.java:445) > at > org.apache.maven.plugin.assembly.archive.DefaultAssemblyArchiver.createArchive > (DefaultAssemblyArchiver.java:181) > at org.apache.maven.plugin.assembly.mojos.AbstractAssemblyMojo.execute > (AbstractAssemblyMojo.java:484) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:137) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:210) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions > (MojoExecutor.java:355) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:200) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:117) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:128) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedMethodAccessor154.invoke (Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:78) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at >
[jira] [Assigned] (RANGER-3072) Build Ranger2.1.0 encounter error with Apache Maven 3.6.3
[ https://issues.apache.org/jira/browse/RANGER-3072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-3072: --- Assignee: Pradeep Agrawal > Build Ranger2.1.0 encounter error with Apache Maven 3.6.3 > - > > Key: RANGER-3072 > URL: https://issues.apache.org/jira/browse/RANGER-3072 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 > Environment: CentOS Linux release 7.8.2003 (Core) >Reporter: 李远锋 >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > > [INFO] Building tar: > /home/liyuanfeng/software/apache-ranger-2.1.0/target/ranger-2.1.0-admin.tar.gz > [WARNING] When creating tar entry > java.lang.reflect.UndeclaredThrowableException > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:62) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.archiver.ArchiveEntry.getInputStream > (ArchiveEntry.java:126) > at org.codehaus.plexus.archiver.tar.TarArchiver.tarFile > (TarArchiver.java:316) > at org.codehaus.plexus.archiver.tar.TarArchiver.execute > (TarArchiver.java:171) > at org.codehaus.plexus.archiver.AbstractArchiver.createArchive > (AbstractArchiver.java:916) > at > org.apache.maven.plugin.assembly.archive.archiver.AssemblyProxyArchiver.createArchive > (AssemblyProxyArchiver.java:445) > at > org.apache.maven.plugin.assembly.archive.DefaultAssemblyArchiver.createArchive > (DefaultAssemblyArchiver.java:181) > at org.apache.maven.plugin.assembly.mojos.AbstractAssemblyMojo.execute > (AbstractAssemblyMojo.java:484) > at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo > (DefaultBuildPluginManager.java:137) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:210) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions > (MojoExecutor.java:355) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:200) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:156) > at org.apache.maven.lifecycle.internal.MojoExecutor.execute > (MojoExecutor.java:148) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:117) > at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject > (LifecycleModuleBuilder.java:81) > at > org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build > (SingleThreadedBuilder.java:56) > at org.apache.maven.lifecycle.internal.LifecycleStarter.execute > (LifecycleStarter.java:128) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) > at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) > at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) > at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) > at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) > at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) > at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke > (NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced > (Launcher.java:282) > at org.codehaus.plexus.classworlds.launcher.Launcher.launch > (Launcher.java:225) > at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode > (Launcher.java:406) > at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) > Caused by: java.lang.reflect.InvocationTargetException > at sun.reflect.GeneratedMethodAccessor154.invoke (Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke > (DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke (Method.java:497) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:78) > at com.sun.proxy.$Proxy55.getContents (Unknown Source) > at org.codehaus.plexus.components.io.resources.Deferred.getContents > (Deferred.java:60) > at > org.codehaus.plexus.components.io.resources.proxy.ResourceInvocationHandler.invoke > (ResourceInvocationHandler.java:62) > at
[jira] [Resolved] (RANGER-3042) plugin-presto: some log issues should be fixed
[
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal resolved RANGER-3042.
-
Fix Version/s: 3.0.0
Resolution: Fixed
https://github.com/apache/ranger/commit/44f633b3de5c68c60a0710327787cc806e48bc8f
> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
> Fix For: 3.0.0
>
> Attachments: 0001-plugin-presto-some-log-mistake-fix.patch
>
>
> some log issues should be fixed about log or exception about presto plugin
>
> {code:java}
> @Override
> public void checkCanDropView(SystemSecurityContext context,
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP))
> {
> LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
> view.getSchemaTableName().getTableName() + ") denied");
>
> AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
> }
> }
> [~Override]
> public void checkCanSetCatalogSessionProperty(SystemSecurityContext
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName,
> propertyName), context, PrestoAccessType.ALTER)) {
>
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
> + catalogName + ") denied");
> AccessDeniedException.denySetCatalogSessionProperty(catalogName,
> propertyName);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (RANGER-3035) Ranger Presto Plugin: Machine-Machine user can not access presto with right permission
[ https://issues.apache.org/jira/browse/RANGER-3035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3035. - Fix Version/s: 3.0.0 Resolution: Fixed Commit Link : https://github.com/apache/ranger/commit/ce4de4e7e34f95f6a6df02bc1e9873fd1d423101 > Ranger Presto Plugin: Machine-Machine user can not access presto with right > permission > -- > > Key: RANGER-3035 > URL: https://issues.apache.org/jira/browse/RANGER-3035 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-plugin-presto-M-M-user-can-not-access.patch > > > plugin-presto use the user who comes from identity object to create request > now , it will not match when the user is M-M user(like: user1/h...@test.com) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default
[ https://issues.apache.org/jira/browse/RANGER-3040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-3040. - Fix Version/s: 3.0.0 Resolution: Fixed https://github.com/apache/ranger/commit/7849c658f7b5ca71d43ed3299fb36992c48b4b2c > There is no read permission for lookupuser on presto/storm/es by default > - > > Key: RANGER-3040 > URL: https://issues.apache.org/jira/browse/RANGER-3040 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-add-read-permission-for-lookupuser-on-default-polici.patch > > > lookupuser should has read permission for all components by default, > otherwise the function of lookup resource will not work on ranger web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2976) User can not create external table in Hive Plugin
[
https://issues.apache.org/jira/browse/RANGER-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17187420#comment-17187420
]
Pradeep Agrawal commented on RANGER-2976:
-
[~Symious]: If would able to let you know only after testing this patch. It may
take time to get the env. and test.
> User can not create external table in Hive Plugin
> -
>
> Key: RANGER-2976
> URL: https://issues.apache.org/jira/browse/RANGER-2976
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0
>Reporter: Janus Chow
>Priority: Major
> Attachments: RANGER-2976.patch
>
>
> A user "userA" want's to create an external table on "hdfs://test/testDir"
> via Hive Metastore installed Ranger Hive plugin. Permission information is as
> follows.
> {code:java}
> # id userA
> uid=3044(userA) gid=3044(userA) groups=992(supergroup)
> # hadoop fs -ls hdfs://test
> drwxrwxr-x - userB supergroup 0 2019-01-01 00:00
> hdfs://test/testDir
> # hadoop fs -ls hdfs://test/testDir
> -rw-rw-r-- 3 userB supergroup 100 2019-01-01 00:00
> hdfs://test/testDir/part-0-db98bf17-bda6-4da9-9ea4-d7c75e8d995e-c000.snappy.parquet{code}
> When "userA" is trying to create an external table on "hdfs://test/testDir"
> with the following command,
> {code:java}
> spark.sql("create table userA_test USING org.apache.spark.sql.parquet OPTIONS
> ( path = 'hdfs://test/testDir')")
> {code}
> Ranger denied the operation with the following error message.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException:
> MetaException(message:Permission denied: user [userA] does not have [ALL]
> privilege on [hdfs://test/testDir])
> {code}
> The reason is when Ranger is checking URI permission, it will check if the
> user has FSAction.ALL on the URI if "userA" is not the owner of the HDFS
> path, but HDFS file will not set the execution permission by default, so the
> Ranger permission check will return false.
> I think in the getURIAccessType function in RangerHiveAuthorizer, we should
> return FSAction.READ_WRITE instead of FSAction.ALL. For HDFS directory,
> Hadoop will help us to add FSAction.EXECUTE when we are trying to do the
> permission check, we can skip FSAction.EXECUTE here to work well with HDFS
> files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (RANGER-2976) User can not create external table in Hive Plugin
[
https://issues.apache.org/jira/browse/RANGER-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17187420#comment-17187420
]
Pradeep Agrawal edited comment on RANGER-2976 at 8/31/20, 4:20 AM:
---
[~Symious]: If would able to let you know only after testing this patch. It may
take time to get the env. and test. If possible please raise the review request.
was (Author: pradeep.agrawal):
[~Symious]: If would able to let you know only after testing this patch. It may
take time to get the env. and test.
> User can not create external table in Hive Plugin
> -
>
> Key: RANGER-2976
> URL: https://issues.apache.org/jira/browse/RANGER-2976
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0
>Reporter: Janus Chow
>Priority: Major
> Attachments: RANGER-2976.patch
>
>
> A user "userA" want's to create an external table on "hdfs://test/testDir"
> via Hive Metastore installed Ranger Hive plugin. Permission information is as
> follows.
> {code:java}
> # id userA
> uid=3044(userA) gid=3044(userA) groups=992(supergroup)
> # hadoop fs -ls hdfs://test
> drwxrwxr-x - userB supergroup 0 2019-01-01 00:00
> hdfs://test/testDir
> # hadoop fs -ls hdfs://test/testDir
> -rw-rw-r-- 3 userB supergroup 100 2019-01-01 00:00
> hdfs://test/testDir/part-0-db98bf17-bda6-4da9-9ea4-d7c75e8d995e-c000.snappy.parquet{code}
> When "userA" is trying to create an external table on "hdfs://test/testDir"
> with the following command,
> {code:java}
> spark.sql("create table userA_test USING org.apache.spark.sql.parquet OPTIONS
> ( path = 'hdfs://test/testDir')")
> {code}
> Ranger denied the operation with the following error message.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException:
> MetaException(message:Permission denied: user [userA] does not have [ALL]
> privilege on [hdfs://test/testDir])
> {code}
> The reason is when Ranger is checking URI permission, it will check if the
> user has FSAction.ALL on the URI if "userA" is not the owner of the HDFS
> path, but HDFS file will not set the execution permission by default, so the
> Ranger permission check will return false.
> I think in the getURIAccessType function in RangerHiveAuthorizer, we should
> return FSAction.READ_WRITE instead of FSAction.ALL. For HDFS directory,
> Hadoop will help us to add FSAction.EXECUTE when we are trying to do the
> permission check, we can skip FSAction.EXECUTE here to work well with HDFS
> files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2951) Ranger's Default Hive Policies do not include a database value wildcard in UI.
[ https://issues.apache.org/jira/browse/RANGER-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2951: Fix Version/s: 3.0.0 > Ranger's Default Hive Policies do not include a database value wildcard in > UI. > --- > > Key: RANGER-2951 > URL: https://issues.apache.org/jira/browse/RANGER-2951 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-2951.patch > > > The default policies created for ranger when you install a new environment > that do not by default include the appropriate entries in the database field, > so that if you edit those policies you will get an error and will be required > to put something in that field. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2948) Ranger plugins to support a hook to register plugin chains
[ https://issues.apache.org/jira/browse/RANGER-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2948: Fix Version/s: 3.0.0 > Ranger plugins to support a hook to register plugin chains > -- > > Key: RANGER-2948 > URL: https://issues.apache.org/jira/browse/RANGER-2948 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0 > > > Ranger plugins authorize access based on resource-based and > classification-based policies defined in a service. RangerBasePlugin > abstraction in plugins-common library deals with details of > retrieving/refreshing of policies/classifications from Ranger Admin, caching > retrieved policies/classifications, building policy-engine, etc. Enhancing > this abstraction to support additional plugins that can influence > authorization decision, for example by consulting another system, can help > address deployment specific needs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2952) Not able remove services from Security zone
[ https://issues.apache.org/jira/browse/RANGER-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2952: Fix Version/s: 3.0.0 > Not able remove services from Security zone > --- > > Key: RANGER-2952 > URL: https://issues.apache.org/jira/browse/RANGER-2952 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-2952.patch > > > Steps > 1.Go to security zone tab. > 2.Create a zone 'zone1' with 'cm_hdfs'. > 3.Click on edit zone. > 4.try to remove 'cm_hdfs'. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2977) ES Plugin communication may fail in secure env due to unavailability of core-site.xml
Pradeep Agrawal created RANGER-2977: --- Summary: ES Plugin communication may fail in secure env due to unavailability of core-site.xml Key: RANGER-2977 URL: https://issues.apache.org/jira/browse/RANGER-2977 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Similar issue was seen in Kafka and storm. Refer RANGER-2810 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
[ https://issues.apache.org/jira/browse/RANGER-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2947. - Fix Version/s: 2.1.0 Resolution: Fixed Commit links: [https://github.com/apache/ranger/commit/d2eaba6739895fff34b6d6e492b66d27756a39b7] [https://github.com/apache/ranger/commit/876d0bcb853cb46975b8c1b6953c748c2404ea8b] > [Ranger][Policy Import] Usage of serviceType config while importing ranger > policy for any service > - > > Key: RANGER-2947 > URL: https://issues.apache.org/jira/browse/RANGER-2947 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > Observed that serviceType config is currently not used while importing a > ranger policy, so we can give any random value or a different service name > [from the service name to which import should happen] > *Solution* > Added validation to check for serviceType provided in import policy to > it's service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105
[ https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2949: Fix Version/s: (was: 3.0.0) 2.1.0 > Upgrade Tomcat to 7.0.105 > - > > Key: RANGER-2949 > URL: https://issues.apache.org/jira/browse/RANGER-2949 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Minor > Fix For: 2.1.0 > > > Upgrade Tomcat version to follow best practices -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105
[ https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2949: Fix Version/s: (was: 2.1.0) 3.0.0 > Upgrade Tomcat to 7.0.105 > - > > Key: RANGER-2949 > URL: https://issues.apache.org/jira/browse/RANGER-2949 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Minor > Fix For: 3.0.0 > > > Upgrade Tomcat version to follow best practices -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2939) Search functionality with Cluster name is not working on Audit>>Access and Plugins tab
[ https://issues.apache.org/jira/browse/RANGER-2939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2939: Fix Version/s: 2.1.0 > Search functionality with Cluster name is not working on Audit>>Access and > Plugins tab > -- > > Key: RANGER-2939 > URL: https://issues.apache.org/jira/browse/RANGER-2939 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2939.patch > > > Expected Result: Search functionality with cluster name should work on > Audit>>Access and Plugins tab > Actual Result: Search Functionality with cluster name is not working on > Audit>>Access and Plugins tab > Steps to Reproduce: > # Go to Audit>>Access Tab > # Search with Cluster Name : Cluster 1 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2925) Ranger UI - third party library version upgrades part 1
[ https://issues.apache.org/jira/browse/RANGER-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2925: Fix Version/s: 2.1.0 > Ranger UI - third party library version upgrades part 1 > --- > > Key: RANGER-2925 > URL: https://issues.apache.org/jira/browse/RANGER-2925 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2925.patch, 0002-RANGER-2925.patch > > > In this we update backbone.js ,underscore.js, require.js. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2922) Query info not included for solr query audits in Ranger
[ https://issues.apache.org/jira/browse/RANGER-2922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2922: Fix Version/s: 2.1.0 > Query info not included for solr query audits in Ranger > --- > > Key: RANGER-2922 > URL: https://issues.apache.org/jira/browse/RANGER-2922 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Sailaja Polavarapu >Assignee: Sailaja Polavarapu >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2922-Added-code-to-audit-events-for-document-.patch, > 0001-RANGER-2922-Minor-change-of-moving-solr-plugin-initi.patch, solraudit.png > > > For solr document level authorization, audit events don't include query > information. > !solraudit.png! -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
Pradeep Agrawal created RANGER-2950: --- Summary: Upgrade Spring framework and Spring Security libraries. Key: RANGER-2950 URL: https://issues.apache.org/jira/browse/RANGER-2950 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
[ https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2950: Affects Version/s: (was: 2.1.0) > Upgrade Spring framework and Spring Security libraries. > --- > > Key: RANGER-2950 > URL: https://issues.apache.org/jira/browse/RANGER-2950 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.
[ https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2950: Fix Version/s: (was: 2.1.0) > Upgrade Spring framework and Spring Security libraries. > --- > > Key: RANGER-2950 > URL: https://issues.apache.org/jira/browse/RANGER-2950 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release
[ https://issues.apache.org/jira/browse/RANGER-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2930: Attachment: 0001-RANGER-2930-Change-atlas-version-to-2.1.0.patch > Change atlas version to 2.1.0 for Ranger 2.1.0 release > -- > > Key: RANGER-2930 > URL: https://issues.apache.org/jira/browse/RANGER-2930 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2930-Change-atlas-version-to-2.1.0.patch > > > Change atlas version to 2.1.0 for Ranger 2.1.0 release -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2931) Fix PMD Error of RANGER-2922
[ https://issues.apache.org/jira/browse/RANGER-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2931: Attachment: 0001-RANGER-2931-Fix-PMD-Error-of-RANGER-2922.patch > Fix PMD Error of RANGER-2922 > > > Key: RANGER-2931 > URL: https://issues.apache.org/jira/browse/RANGER-2931 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2931-Fix-PMD-Error-of-RANGER-2922.patch > > > Fix PMD Error of RANGER-2922 which has a blank if statement. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2931) Fix PMD Error of RANGER-2922
Pradeep Agrawal created RANGER-2931: --- Summary: Fix PMD Error of RANGER-2922 Key: RANGER-2931 URL: https://issues.apache.org/jira/browse/RANGER-2931 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 Fix PMD Error of RANGER-2922 which has a blank if statement. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release
Pradeep Agrawal created RANGER-2930: --- Summary: Change atlas version to 2.1.0 for Ranger 2.1.0 release Key: RANGER-2930 URL: https://issues.apache.org/jira/browse/RANGER-2930 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 Change atlas version to 2.1.0 for Ranger 2.1.0 release -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release
[ https://issues.apache.org/jira/browse/RANGER-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17166802#comment-17166802 ] Pradeep Agrawal commented on RANGER-2930: - [~madhan] : Please confirm. > Change atlas version to 2.1.0 for Ranger 2.1.0 release > -- > > Key: RANGER-2930 > URL: https://issues.apache.org/jira/browse/RANGER-2930 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > > Change atlas version to 2.1.0 for Ranger 2.1.0 release -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2926) Issue in setting up Audit Log with ElasticSearch
[
https://issues.apache.org/jira/browse/RANGER-2926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165746#comment-17165746
]
Pradeep Agrawal commented on RANGER-2926:
-
[~bdasari] : Are you able to insert the same data manually via curl request to
your ES index ?
> Issue in setting up Audit Log with ElasticSearch
> -
>
> Key: RANGER-2926
> URL: https://issues.apache.org/jira/browse/RANGER-2926
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Bhanu
>Priority: Major
>
> Hi,
> We are using Ranger 2.1.0.
> Trying to setup AuditLog with ElasticSearch Server having version 7.0.1
> We have configured the Ranger with all details but there is an error that is
> keep on coming as below. Please let me know where we are going wrong here. We
> have tried recreating the index multiple times with all below parameters
> 2020-07-27T13:08:35.233Z ERROR org.apache.ranger.audit.queue.AuditBatchQueue0
> org.apache.ranger.audit.provider.BaseAuditHandler Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;2: type is missing;
> at org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.base/java.lang.Thread.run(Thread.java:834)
> 2020-07-27T13:08:35.233Z WARN org.apache.ranger.audit.queue.AuditBatchQueue0
> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit event:
> \{"repoType":17,"repo":"prestostg-tkg","reqUser":"bdasari","evtTime":"2020-07-27
>
> 13:08:35.102","resource":"hive_stg/ref_maritz","resType":"schema","action":"select","result":1,"agent":"presto","policy":21,"enforcer":"ranger-acl","agentHost":"coordinator2-694c5dbbb6-msh58","logType":"RangerAudit","id":"f733c835-c9ee-4507-b917-9eb822303d2b-792211","seq_num":1584423,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":148},
> errorMessage=
> 2020-07-27T13:08:35.233Z WARN org.apache.ranger.audit.queue.AuditBatchQueue0
> org.apache.ranger.audit.provider.BaseAuditHandler Log failure count: 4 in
> past 01:30.003 minutes; 792212 during process lifetime
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2901) Remove libfb303 thrift library from Ranger dependency
[ https://issues.apache.org/jira/browse/RANGER-2901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2901: Fix Version/s: (was: 2.1.0) > Remove libfb303 thrift library from Ranger dependency > - > > Key: RANGER-2901 > URL: https://issues.apache.org/jira/browse/RANGER-2901 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > > Remove libfb303 thrift library from Ranger dependency. This library is used > in ranger hive plugin as a lookup feature dependency. This is not needed > anymore. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2911) ES plugin missing implemention for some ES request
[ https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2911. - Fix Version/s: 2.1.0 Resolution: Fixed [https://github.com/apache/ranger/commit/ad06828d2d0b31731e02247a29bba65b9c9f2cef] > ES plugin missing implemention for some ES request > > > Key: RANGER-2911 > URL: https://issues.apache.org/jira/browse/RANGER-2911 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Blocker > Fix For: 2.1.0 > > Attachments: 0001-Add-ES-Plugin-Request-support.patch > > > If a policy set resource to a specific index or string with wildcard like > 'index*', and has been given all permission for user1, ES plugin will deny > the request from user1 if the request is not matched in code. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
[ https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2917: Description: Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" when plugin is enabled for ranger_audit index. When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's audit log index), there will be recursive audit log getting generated for audits logs that are getting in this collection. This JIRA will address 1) recursive audit log done by service user "elasticsearch" in the ranger_audit index. 2) provide a configuration parameter to add service users to exclude from audit log for "ranger_audit" index. This is in case if customer users are used as service user in Elasticsearch process. > Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is > enabled for ranger_audits index > --- > > Key: RANGER-2917 > URL: https://issues.apache.org/jira/browse/RANGER-2917 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > > > Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" > when plugin is enabled for ranger_audit index. > When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's > audit log index), there will be recursive audit log getting generated for > audits logs that are getting in this collection. > This JIRA will address > 1) recursive audit log done by service user "elasticsearch" in the > ranger_audit index. > 2) provide a configuration parameter to add service users to exclude from > audit log for "ranger_audit" index. This is in case if customer users are > used as service user in Elasticsearch process. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
[ https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2917: Attachment: 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is > enabled for ranger_audits index > --- > > Key: RANGER-2917 > URL: https://issues.apache.org/jira/browse/RANGER-2917 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2919) Source policies gets deleted after importing policy with deleteifexists parameter
[ https://issues.apache.org/jira/browse/RANGER-2919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2919: Attachment: 0001-RANGER-2919.patch > Source policies gets deleted after importing policy with deleteifexists > parameter > - > > Key: RANGER-2919 > URL: https://issues.apache.org/jira/browse/RANGER-2919 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Attachments: 0001-RANGER-2919.patch > > > Steps to Reproduce: > 1. Create 2 Hbase service i.e. hbase1 and hbase2, > 2. Create some policies in service - hbase1 > 3. perform policy import from source service - hbase1 to target service - > hbase2 > 4. Policies from service - hbase1 gets successfully imported to service - > hbase2 as per deleteifexist parameter feature > 5. After import, Policies from source service - hbase1 also gets deleted -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2895) Replace c3p0 connection pool with HikariCP, upgrading MySQL connector
[ https://issues.apache.org/jira/browse/RANGER-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160974#comment-17160974 ] Pradeep Agrawal commented on RANGER-2895: - [~RickyMa] : We will not take this patch for 2.1.0 release as its testing is not possible in available time frame. We will revisit this later. > Replace c3p0 connection pool with HikariCP, upgrading MySQL connector > - > > Key: RANGER-2895 > URL: https://issues.apache.org/jira/browse/RANGER-2895 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Reporter: RickyMa >Priority: Major > Attachments: > 0001-RANGER-2895-Replace-c3p0-connection-pool-with-Hikari.patch > > Time Spent: 0.5h > Remaining Estimate: 0h > > We should replace c3p0 with > [HikariCP|[https://github.com/brettwooldridge/HikariCP]]. HikariCP is much > faster and less error prone. HikariCP is more popular with 13.2k+ stars on > its github. There were no more new commits since Nov 18, 2019 in > [c3p0|[https://github.com/swaldman/c3p0/commits/master]]. > [MySQL connector|[https://github.com/mysql/mysql-connector-j]] should be > upgraded to the latest stable versions as well to include many essential > bugfixes. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode
[ https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2912. - Fix Version/s: 2.1.0 Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/0fa3ef5497bc563e0ff80e9696fdb1bc309d7fe1] > ranger and plugins will throw GSSAPI error when write audit log to > ElasticSearch when cluster running on none security mode > --- > > Key: RANGER-2912 > URL: https://issues.apache.org/jira/browse/RANGER-2912 > Project: Ranger > Issue Type: Bug > Components: audit, plugins, Ranger >Reporter: rujia >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-issue-fix-for-es-audit.patch > > > user and password default set to 'NONE' when connect to ES, but ranger-audit > and plugins doesn't handle String 'NONE', and will try to get subject from > ENV for both sec and none sec mode. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
Pradeep Agrawal created RANGER-2917: --- Summary: Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index Key: RANGER-2917 URL: https://issues.apache.org/jira/browse/RANGER-2917 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2909. - Resolution: Information Provided > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2901) Remove libfb303 thrift library from Ranger dependency
[ https://issues.apache.org/jira/browse/RANGER-2901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159689#comment-17159689 ] Pradeep Agrawal commented on RANGER-2901: - [~rmani] : Please close the RR : [https://reviews.apache.org/r/72657/] > Remove libfb303 thrift library from Ranger dependency > - > > Key: RANGER-2901 > URL: https://issues.apache.org/jira/browse/RANGER-2901 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > Fix For: 2.1.0 > > > Remove libfb303 thrift library from Ranger dependency. This library is used > in ranger hive plugin as a lookup feature dependency. This is not needed > anymore. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2751) SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto (Prestosql 310) - Policy synch up not happening
[
https://issues.apache.org/jira/browse/RANGER-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2751:
Fix Version/s: (was: 2.1.0)
> SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto
> (Prestosql 310) - Policy synch up not happening
> --
>
> Key: RANGER-2751
> URL: https://issues.apache.org/jira/browse/RANGER-2751
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.1.0
>Reporter: sajai
>Priority: Major
>
> *Facing the below error when trying to integrate Apache Ranger with Prestosql
> (310 version).*
> *Both Ranger and Presto is working independently, but the Presto policies
> from Ranger are not downloading/refreshing. Couldn't find the policies
> downloaded in Ranger web ui in Audits/Plugin tab. Also if we remove SSL from
> Ranger side it starts working fine. Issue is only when SSL is enabled in
> Ranger, then Presto inot working with Ranger,*
> 2020-03-04T07:50:59.600-0600 ERROR Thread-91
> org.apache.ranger.plugin.util.PolicyRefresher
> PolicyRefresher(serviceName=presto-catalogs-dev): failed to refresh policies.
> Will continue to use last known version of policies (-1)
> java.lang.IllegalArgumentException: TrustManager is not specified
> *ranger-2.1.0-SNAPSHOT-admin/install.properties:-*
> db_root_user=root
> db_root_password=Sqlpwd@123
> db_host=localhost
> db_name=ranger
> db_user=rangeradmin
> db_password=Rangerpwd@123
> rangerAdmin_password=Rangerpwd@123
> rangerTagsync_password=Rangerpwd@123
> rangerUsersync_password=Rangerpwd@123
> keyadmin_password=Rangerpwd@123
> policymgr_external_url=https://hostname_ranger:6182
> policymgr_http_enabled=false
> policymgr_https_keystore_file=/opt/iss_cert/clientcert.jks
> policymgr_https_keystore_keyalias=
> policymgr_https_keystore_password=31b17532aeb4fb5ba3af2bae850567
> unix_user=ranger
> unix_user_pwd=Rangerpwd@123
> unix_group=ranger
> #LDAP|ACTIVE_DIRECTORY|UNIX|NONE
> authentication_method=LDAP
> xa_ldap_url=ldaps://hostname_ldapserver:636
> xa_ldap_userDNpattern=uid=\{0},OU=xxx,DC=xx,DC=,DC=COM
> xa_ldap_groupSearchBase=DC=xxx,DC=ccc,DC=COM
> xa_ldap_groupSearchFilter=(member=cn=\{0},OU=xxx,DC=xx,DC=,DC=COM)
> xa_ldap_groupRoleAttribute=cn
> xa_ldap_base_dn=DC=xx,DC=,DC=COM
> xa_ldap_bind_dn=CN=XXX,OU=XX,DC=xx,DC=,DC=COM
> xa_ldap_bind_password=uBLRzVJK
> xa_ldap_referral=follow
> xa_ldap_userSearchFilter=(uid=\{0})
> *With the above values,able to start ranger with SSL and LDAP enabled and
> also able to login succesfully with both unix admin credentials and also with
> ldap credentials.*
>
> *ranger-2.1.0-SNAPSHOT-presto-plugin/install.properties:-*
> POLICY_MGR_URL=https:/hostname_ranger:6182
> REPOSITORY_NAME=presto-catalogs-dev
> *# You do not need use SSL between agent and security admin tool, please
> leave these sample value as it is.*
> SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
> SSL_KEYSTORE_PASSWORD=none
> SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
> SSL_TRUSTSTORE_PASSWORD=none
> *keep blank if component user is default*
> CUSTOM_USER=
> *keep blank if component group is default*
> CUSTOM_GROUP=
>
> *presto-server-310/etc/config.properties:-*
> coordinator=true
> node-scheduler.include-coordinator=true
> http-server.http.enabled=false
> node.internal-address-source=FQDN
> node.internal-address=hostname_presto
> internal-communication.https.required=true
> internal-communication.https.keystore.path=/opt/iss_cert/clientcert.jks
> internal-communication.https.keystore.key=31b17532aeb4fb5ba3af2bae850567
> discovery-server.enabled=true
> discovery.uri=https://hostname_presto:8443
> http-server.authentication.type=PASSWORD,CERTIFICATE
> http-server.https.enabled=true
> http-server.https.port=8443
> http-server.https.keystore.path=/opt/iss_cert/clientcert.jks
> http-server.https.keystore.key=31b17532aeb4fb5ba3af2bae850567
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2693) Authorize new Hive Operations in RangerHiveAuthorizer
[ https://issues.apache.org/jira/browse/RANGER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2693: Fix Version/s: (was: 2.1.0) > Authorize new Hive Operations in RangerHiveAuthorizer > - > > Key: RANGER-2693 > URL: https://issues.apache.org/jira/browse/RANGER-2693 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Minor > > Authorize new Hive Operations in RangerHiveAuthorizer. > Following operations are newly added and ranger should authorize those. > CREATE_SCHEDULED_QUERY > ALTER_SCHEDULED_QUERY > DROP_SCHEDULED_QUERY -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2629) Service disabled should not use the last known version of policies
[ https://issues.apache.org/jira/browse/RANGER-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2629: Fix Version/s: (was: 2.1.0) > Service disabled should not use the last known version of policies > -- > > Key: RANGER-2629 > URL: https://issues.apache.org/jira/browse/RANGER-2629 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.0.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Attachments: > 0001-RANGER-2629-Service-disabled-should-not-use-the-last.patch > > > When service is disabled, the plugins should use an empty policy instead of > the last known version of policies. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2329) [Hive Plugin] show databases denied although user has access to some databases
[
https://issues.apache.org/jira/browse/RANGER-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2329:
Fix Version/s: (was: 1.2.1)
(was: 1.1.1)
(was: 1.0.1)
> [Hive Plugin] show databases denied although user has access to some databases
> --
>
> Key: RANGER-2329
> URL: https://issues.apache.org/jira/browse/RANGER-2329
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 1.0.0, 1.2.0
>Reporter: peng bo
>Priority: Major
> Labels: patch
> Attachments: RANGER-2329.patch,
> show-databases-permission-denied-ranger1.1.0.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> a. assign select permission to user1 for database A with table * and hive
> Column *
> b. login user1 by beeline
> c. type 'show databases', error shows
> Error: Error while compiling statement: FAILED: HiveAccessControlException
> Permission denied: user [hadoop] does not have [USE] privilege on [*]
> (state=42000,code=4)
> The cause:
> It seems to be a regression introduced by
> [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]:
> {code:java}
> public class RangerHiveResource extends RangerAccessResourceImpl {
> public RangerHiveResource(HiveObjectType objectType, String
> databaseorUrl, String tableOrUdf, String column) {
> case DATABASE:
> +if (databaseorUrl == null) {
> + databaseorUrl = "*";
> +}
> {code}
> This code applies on "show databases" as well which prevents the according
> RangerPolicyEvaluator from being returned.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2640) Implement SHOW ROLE GRANT in Hive ranger plugin
[ https://issues.apache.org/jira/browse/RANGER-2640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2640: Fix Version/s: (was: 2.1.0) > Implement SHOW ROLE GRANT in Hive ranger plugin > --- > > Key: RANGER-2640 > URL: https://issues.apache.org/jira/browse/RANGER-2640 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2640-Implement-SHOW-ROLE-GRANT-in-Hive-ranger.patch > > > Implement SHOW ROLE GRANT in Hive ranger plugin -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2492) In setup.sh, there is no uniform way to get python execution path through PYTHON_COMMAND_INVOKER
[ https://issues.apache.org/jira/browse/RANGER-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2492: Fix Version/s: (was: 1.2.1) > In setup.sh, there is no uniform way to get python execution path through > PYTHON_COMMAND_INVOKER > > > Key: RANGER-2492 > URL: https://issues.apache.org/jira/browse/RANGER-2492 > Project: Ranger > Issue Type: Bug > Components: kms >Affects Versions: 1.1.1, 1.2.1 >Reporter: sishu.yss >Priority: Major > > In setup.sh, there is no uniform way to get python execution path through > PYTHON_COMMAND_INVOKER; -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2865) Add ALL WITH GRANT access type to Kudu
[ https://issues.apache.org/jira/browse/RANGER-2865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2865: Fix Version/s: (was: 2.1.0) > Add ALL WITH GRANT access type to Kudu > -- > > Key: RANGER-2865 > URL: https://issues.apache.org/jira/browse/RANGER-2865 > Project: Ranger > Issue Type: Task > Components: plugins >Reporter: Attila Bukor >Priority: Major > Attachments: 0001-RANGER-2865-Add-ALL-WITH-GRANT-to-Kudu-service.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-1942) Disable xmlparser and configEdit API in Solr for Audit setup
[
https://issues.apache.org/jira/browse/RANGER-1942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-1942:
Fix Version/s: (was: 0.7.2)
> Disable xmlparser and configEdit API in Solr for Audit setup
>
>
> Key: RANGER-1942
> URL: https://issues.apache.org/jira/browse/RANGER-1942
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Reporter: Kevin Risden
>Priority: Major
>
> AMBARI-22273 addresses this for Ambari Infra Solr. Ranger should do its best
> to protect users from using a config that could be an issue. Solr 5.5.5,
> 6.6.2, and 7.1.0 all fix the below issues.
> A fix for Ranger would be to set the following in solrconfig.xml. Another
> could be to make sure that the documentation for Ranger -> Solr ensures that
> recommended versions are used.
> {code:xml}
>
> {code}
> From https://lucene.apache.org/solr/news.html
> * Fix for a 0-day exploit (CVE-2017-12629), details:
> https://s.apache.org/FJDl. RunExecutableListener has been disabled by default
> (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving
> external entities in the XML query parser (defType=xmlparser or {!xmlparser
> ... }) is disabled by default.
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node
> communication in Apache Solr, details: https://s.apache.org/APTY
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
[
https://issues.apache.org/jira/browse/RANGER-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2868:
Fix Version/s: (was: 2.1.0)
> RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
> ---
>
> Key: RANGER-2868
> URL: https://issues.apache.org/jira/browse/RANGER-2868
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Reporter: Dhaval B. SHAH
>Assignee: Dhaval B. SHAH
>Priority: Major
> Attachments: RANGER-2868.patch
>
>
> Facing below type casting error in catalina.out when Ranger KMs is configure
> to use Oracle 19.
> {code:java}
> [EL Warning]: 2020-06-17
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')[EL Warning]: 2020-06-17
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')[EL Warning]: 2020-06-17
> 10:15:57.508--UnitOfWork(629597660)--java.lang.ClassCastException: class
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed
> module of loader 'app')java.lang.ClassCastException: class java.lang.String
> cannot be cast to class oracle.sql.CLOB (java.lang.String is in module
> java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of
> loader 'app') at
> org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:184)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:92)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:740)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:655)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:77)
> at
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:188)
> at
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:168)
> at
> org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:402)
> at
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165)
> at
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180)
> at
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489)
> at
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80)
> at
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90)
> at
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301)
> at
> org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
> at
> org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899)
> at
> org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798)
> at
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
> at
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85)
> at
> org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786)
> at
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737)
> at
> org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226)
> at
> org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:125)
> at
>
[jira] [Updated] (RANGER-1964) java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType
[ https://issues.apache.org/jira/browse/RANGER-1964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-1964: Fix Version/s: (was: 0.7.1) > java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType > - > > Key: RANGER-1964 > URL: https://issues.apache.org/jira/browse/RANGER-1964 > Project: Ranger > Issue Type: Wish > Components: Ranger >Reporter: Ronald van de Kuil >Priority: Trivial > > Hi, I have Kafka nicely working with Ranger and I noticed that there is an > warning during startup. It does not impact the functioning of Kafka as far as > I can see. I would like to keep the logs tidy, ... so, that, ... amaze, > amaze, nobody ever haves to worry unnecessarily. For this I raised > KAFKA-6338. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2782) Upgrade log4j dependency
[ https://issues.apache.org/jira/browse/RANGER-2782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2782: Fix Version/s: (was: 2.1.0) > Upgrade log4j dependency > > > Key: RANGER-2782 > URL: https://issues.apache.org/jira/browse/RANGER-2782 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Blocker > Attachments: > 0001-RANGER-2782-Upgrade-log4j-to-a-supported-version.patch > > > The current log4j version in ranger is end of life and contains critical > security Vulnerabilities > CVE-2019-17571 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2428) Populate Ranger ACL summary for roles
[ https://issues.apache.org/jira/browse/RANGER-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2428: Fix Version/s: (was: master) > Populate Ranger ACL summary for roles > - > > Key: RANGER-2428 > URL: https://issues.apache.org/jira/browse/RANGER-2428 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > > Ranger provides a concise summary of permissions represented by Ranger > policies for users and groups. With support for Roles in Ranger, computing > and providing similar information for roles is needed. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2673) Build Python based Rest Api client for Ranger
[ https://issues.apache.org/jira/browse/RANGER-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2673: Fix Version/s: (was: master) > Build Python based Rest Api client for Ranger > - > > Key: RANGER-2673 > URL: https://issues.apache.org/jira/browse/RANGER-2673 > Project: Ranger > Issue Type: Task > Components: Ranger >Affects Versions: master >Reporter: Deepak Sharma >Assignee: Deepak Sharma >Priority: Major > > It is good to have Python based API client for Ranger. > Decision to be made before starting on this work: > 1) whether to support python2 or python3 or both. > 2) Scope: > CRUD operations on Policy/Service/Zones > User/group operation -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2285) Error page is not available when API call returns HTTP status code 403(forbidden)
[ https://issues.apache.org/jira/browse/RANGER-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2285: Fix Version/s: (was: master) > Error page is not available when API call returns HTTP status code > 403(forbidden) > -- > > Key: RANGER-2285 > URL: https://issues.apache.org/jira/browse/RANGER-2285 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Minor > Attachments: > 0001-RANGER-2285-Error-page-is-not-available-when-API-cal.patch, > 0002-RANGER-2285.patch, 403ErrorPage.png, screenshort_1.png, screenshort_2.png > > > Error page not populated when getting response 403(Forbidden). > scenario-1 > Steps - > 1. Login with admin. > 2. Create users 'testuser3' and 'testuser2' with USER_ROLE. > 3. Create a group 'group1'. > 4. Add 'testuser3' and testuser2' to 'group1'. > 5. Give 'User/Group' page permission to 'testuser1' > 6. Login with 'testuser3' > 7. Go to group listing page > 8. Click on 'view user' button in group listing page. > 9. Click on 'testuser2' username (The page goes into loading state instant > off error page ). > (Refer image screenshort_1) > scenario-2 > Steps - > 1. Login with 'testuser3'. > 2. 'testuser3' user does not have permission to view Tag base policy. > 3. By changing the router to '/policymanager/tag' its show blank 'Service > Manager' page instant off error page. > (Refer image screenshort_2). -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2139) UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files
[
https://issues.apache.org/jira/browse/RANGER-2139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2139:
Fix Version/s: (was: master)
> UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and
> group files
> ---
>
> Key: RANGER-2139
> URL: https://issues.apache.org/jira/browse/RANGER-2139
> Project: Ranger
> Issue Type: Bug
> Components: usersync
>Affects Versions: 1.0.0, master, 0.7.1
>Reporter: Cetin Sahin
>Priority: Critical
> Attachments: 0001-RANGER-2139-Fix-UnixUserGroupBuilder.patch
>
>
> When Unix based user and group synchronization is enabled in Ranger,
> UnixUserGroupBuilder periodically checks whether one of the /etc/passwd or
> /etc/group files is modified or not to trigger a synchronization.
> However, while checking the modification of a file, the UnixUserGroupBuilder
> uses java.io.File.lastModified() to check whether the file is updated after
> the latest synchronization time.
> {code:java}
> long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified();
> {code}
> java.io.File.lastModified() function, however, returns the latest modified
> timestamp in the time granularity of seconds. That means each timestamp ends
> with 000 independent of the millisecond precision.
> [https://bugs.openjdk.java.net/browse/JDK-8177809]
>
> [http://dev-answers.blogspot.com/2014/11/avoid-using-javaiofilelastmodified-for.html]
> This can cause UnixUserGroupBuilder to fail to detect the update on the file
> if the file modification check happens between the two consecutive updates
> within the same second. Assume the following scenario with the corresponding
> timestamps where UnixUserGroupBuilder checks the updates per minute.
> the latest modification of users and group files are at t0 (00:00:00.111),
> which have a corresponding timestamp of 1529539200111, denoted by T0
> Now, consider the following scenario.
> * At time t1 (01:*00:00.123*), T1 (1529542800123): /etc/group file is
> updated and a new group called group01 is added.
> * At time t2 (01:*00:00.345*), T2 (1529542800345): UnixUserGroupBuilder
> threads wakes up and detects the update on the group file and performed the
> synchronization. After the synchronization, the latest modification time for
> the group is updated from the File.lastModified() function. latest
> modification of group file = File.lastModified(t1) = *152954280*. Please
> note that the last 3 digits corresponding to the milliseconds is truncated to
> 000 with File.lastModified() function.
> * At time t3 (01:*00:00.567*), T3 (1529542800567): /etc/group file is
> updated and a user membership is added to one of the groups (e.g., user
> user01 becomes a member of group group01).
> * At time t4 (01:*01:00.345*), T4 (1529542860345): UnixUserGroupBuilder
> thread wakes up and couldn't detect any changes since the timestamp generated
> from the File.lastModified() function returns the same timestamp for t1 and
> t3. Recall that the latest modification time of the group file becomes
> 152954280 at t2 and File.lastModified(t3) returns *152954280* as
> well. Since both File.lastModified(t1) = File.lastModified(t3),
> UnixUserGroupBuilder could not detect the modification on the file at t4,
> assumes there is no update, and then, sleeps again without syncing the
> changes.
> At time t4, UnixUserGroupBuilder is supposed to sync the user group
> membership but if fails to detect the update. If there is no any further
> update on one of these files, the user01 will never be part of group01 in
> Ranger.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2206) Add Policy Validity Period and Override as search filters and add distinguishing icons in policy listing page
[ https://issues.apache.org/jira/browse/RANGER-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2206: Fix Version/s: (was: master) > Add Policy Validity Period and Override as search filters and add > distinguishing icons in policy listing page > - > > Key: RANGER-2206 > URL: https://issues.apache.org/jira/browse/RANGER-2206 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Attachments: > 0001-RANGER-2206-Add-Policy-Validity-Period-and-Override-.patch, > 0002-RANGER-2206.patch > > > – Add policy validity period as search filter in policy listing page. Both > start date and end date (along with timezone). Search should show policies > that have validity period specified and meet that condition. > – Add policy override as search filter in policy listing page. Search should > show only policies defined as override. > – Add indication in policy listing page to distinguish policies with validity > period and override policies. Add icons for visual clue. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-817) [Ranger-hive] Update operation & select operation while export on partitioned table is not logged in audit log
[ https://issues.apache.org/jira/browse/RANGER-817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-817: --- Fix Version/s: (was: 0.5.4) > [Ranger-hive] Update operation & select operation while export on partitioned > table is not logged in audit log > -- > > Key: RANGER-817 > URL: https://issues.apache.org/jira/browse/RANGER-817 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.5.0 >Reporter: Deepak Sharma >Assignee: Alok Lal >Priority: Critical > > Scenario: > 1. create a partition table. > create table exportPartitionTable (id int, name string) partitioned by > (country string); > 2. insert data into this partitioned table. > insert into table exportPartitionTable PARTITION(country='india') values ( 7, > 'ranger'); > 3. export this partitiontable to hdfs data store. > export table exportPartitionTable to '/user/user1/exportDataStore'; > Defect: > both insert and export (select is done in export) operation are successful > but Both are not logged in audit log. > same is working fine in case of non partition table. > Note: select operation is logged if we do through command like select * from > but it is not logged if it is done as part of export, -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-1939) Simplify Maven dependencies and assembly specification for hdfs plugin module
[ https://issues.apache.org/jira/browse/RANGER-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-1939: Fix Version/s: (was: master) > Simplify Maven dependencies and assembly specification for hdfs plugin module > - > > Key: RANGER-1939 > URL: https://issues.apache.org/jira/browse/RANGER-1939 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > > There are two issues with the Maven POM files for Ranger's hdfs plugin module. > 1. There are overlapping and sometimes conflicting versions of libraries on > which hdfs plugin code depends. Conflicts arise partly because some of the > libraries packaged with hdfs plugin module are already exist in hdfs > component and have different versions. > 2. assembly specification for hdfs plugin module uses DependencySets - a > construct which is confusing and hard to get right. They also clutter up > build output log with spurious messages. It is desirable to use FileSets > which are easier to understand and straightforward to specify in an assembly > spec. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2742) Database patch 046 does not apply correctly on SQL Server and SQL Anywhere
[ https://issues.apache.org/jira/browse/RANGER-2742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2742: Fix Version/s: (was: master) > Database patch 046 does not apply correctly on SQL Server and SQL Anywhere > -- > > Key: RANGER-2742 > URL: https://issues.apache.org/jira/browse/RANGER-2742 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Andrew Luo >Priority: Critical > Attachments: > 0001-RANGER-2742-Fix-database-patch-046-on-SQL-Server-and-SQL-Anywher.patch > > > On SQL Anywhere the constraint and column names are swapped in some > statements. In SQL Server, the same problem exists in addition to not > properly dropping the default constraint. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2346) Ranger admin UI needs to support CRUD of tag policies for a security zone
[ https://issues.apache.org/jira/browse/RANGER-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2346: Fix Version/s: (was: master) > Ranger admin UI needs to support CRUD of tag policies for a security zone > - > > Key: RANGER-2346 > URL: https://issues.apache.org/jira/browse/RANGER-2346 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Priority: Major > > Ranger security zone contains services and resources. If a service in a > security zone is associated with a tag-service, then policies in the > tag-service are also scoped to the security zone. UI needs to support > create/update/delete of tag policies with security zone scope. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-601) Implement Kafka Audit Provider for Ranger Audit using new Destination design
[ https://issues.apache.org/jira/browse/RANGER-601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-601: --- Fix Version/s: (was: 0.5.4) > Implement Kafka Audit Provider for Ranger Audit using new Destination design > > > Key: RANGER-601 > URL: https://issues.apache.org/jira/browse/RANGER-601 > Project: Ranger > Issue Type: Sub-task >Reporter: Bosco >Priority: Major > > We need to reimplement Kafka Audit Destination class for the new Audit design > introduced in 0.5 release -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-263) Packaging for KafkaProvider in plugins
[ https://issues.apache.org/jira/browse/RANGER-263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-263: --- Fix Version/s: (was: 0.5.4) > Packaging for KafkaProvider in plugins > -- > > Key: RANGER-263 > URL: https://issues.apache.org/jira/browse/RANGER-263 > Project: Ranger > Issue Type: Sub-task >Reporter: Bosco >Assignee: Bosco >Priority: Major > > Need to support or provide guidelines to included Kafka libraries/jars in > components which need to send audit records to Kafka -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-600) Failed to execute goal org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly (default-cli) on project ranger
[ https://issues.apache.org/jira/browse/RANGER-600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-600: --- Fix Version/s: (was: 0.5.4) > Failed to execute goal > org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly > (default-cli) on project ranger > - > > Key: RANGER-600 > URL: https://issues.apache.org/jira/browse/RANGER-600 > Project: Ranger > Issue Type: Bug >Affects Versions: 0.5.0 >Reporter: Mujadid khalid >Assignee: Alok Lal >Priority: Major > > when I compile latest code from master branch I got following error > Failed to execute goal > org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly > (default-cli) on project ranger: Failed to create assembly: Error creating > assembly archive src: Problem creating TAR: request to write '8192' bytes > exceeds size in header of '566424' bytes > To fix this issue change following in the pom file > > maven-assembly-plugin > 2.3 > > > src/main/assembly/hdfs-agent.xml > In this way issue was fixed -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-536) Test connection fails with SSL error when setting up knox repository
[ https://issues.apache.org/jira/browse/RANGER-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-536: --- Fix Version/s: (was: 0.5.4) > Test connection fails with SSL error when setting up knox repository > > > Key: RANGER-536 > URL: https://issues.apache.org/jira/browse/RANGER-536 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.4.0 > Environment: Debian 6, HDP 2.2 >Reporter: phanikumar >Priority: Minor > > I have setup Knox with a self-signed cert. When creating a Knox repository > in the Ranger admin web UI the "Test Connection" button produces this error: > == > Connection Failed. > Exception on REST call to KnoxUrl : > https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies. You can > still save the repository and start creating policies, but you would not be > able to use autocomplete for resource names. Check xa_portal.log for more > info. > javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: > No name matching myhost.mydomain.com found. > java.security.cert.CertificateException: No name matching found. > No name matching myhost.mydomain.com found. > == > Ranger policies for Knox can still be created and they work > Additional error messages from xa_portal.log: > 2015-03-31 15:45:27,849 [http-bio-6080-exec-2] ERROR > com.xasecure.biz.AssetMgr (AssetMgr.java:1566) - Unable to get knox resources. > com.xasecure.hadoop.client.exceptions.HadoopException: Exception on REST call > to KnoxUrl : https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies. > at > com.xasecure.knox.client.KnoxClient.getServiceList(KnoxClient.java:223) > at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1547) > at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1544) > at com.xasecure.common.TimedEventUtil.timedTask(TimedEventUtil.java:51) > at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1562) > at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1524) > at com.xasecure.rest.AssetREST.pullKnoxResources(AssetREST.java:381) > at > com.xasecure.rest.AssetREST$$FastClassByCGLIB$$90363ab.invoke() > at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191) > at > org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622) > at > com.xasecure.rest.AssetREST$$EnhancerByCGLIB$$6b3c72e7.pullKnoxResources() > at sun.reflect.GeneratedMethodAccessor87.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:70) > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136) > at > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:86) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136) > at > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:74) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1357) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1289) > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1239) > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1229) > at > com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420) > at > com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:497) > at >
[jira] [Updated] (RANGER-2457) Support download csv via REST as enhancement
[
https://issues.apache.org/jira/browse/RANGER-2457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2457:
Fix Version/s: (was: 0.6.0)
> Support download csv via REST as enhancement
>
>
> Key: RANGER-2457
> URL: https://issues.apache.org/jira/browse/RANGER-2457
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 0.6.0
>Reporter: Venkateswara Reddy
>Assignee: Mehul Parikh
>Priority: Major
>
> +*LIst of changes / improvements*+
> # Along with download excel spreadsheet feature, add support for download
> file as CSV format using REST API.
> # REST API should have multiple options to download different file formats
> same as Ranger Reports page.
> Sample Excel Command:
> curl -X GET --header "application/xml" -H "Content-Type:
> application/ms-excel" -o Ranger_Policies.xls -u admin:\{password}
> "http://[ranger-server]:6080/service/plugins/policies/downloadExcel?;
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159681#comment-17159681 ] Pradeep Agrawal commented on RANGER-2909: - [~nityananda] : Try both the patches which Nixon has suggested above. Let me know if issue is still there. > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reassigned RANGER-2909: --- Assignee: Pradeep Agrawal > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
[
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2898:
Fix Version/s: 2.1.0
> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
> Fix For: 2.1.0
>
>
> Found below exception in atlas application.log where audits were not getting
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ Request to collection [ranger_audits] failed due to (0)
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019
> INFO -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ request was not communication error it seems (CloudSolrClient:953)
> 2020-07-01 12:22:27,020 WARN -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ failed to log audit event:
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
> (BaseAuditHandler:374)
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4
[
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2898:
Fix Version/s: (was: 2.1.0)
> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
>
> Found below exception in atlas application.log where audits were not getting
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ Request to collection [ranger_audits] failed due to (0)
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019
> INFO -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ request was not communication error it seems (CloudSolrClient:953)
> 2020-07-01 12:22:27,020 WARN -
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:]
> ~ failed to log audit event:
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
> (BaseAuditHandler:374)
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException:
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2897) Update jQuery version.
[ https://issues.apache.org/jira/browse/RANGER-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2897: Fix Version/s: 2.1.0 > Update jQuery version. > -- > > Key: RANGER-2897 > URL: https://issues.apache.org/jira/browse/RANGER-2897 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2897.patch > > > Update jQuery version 3.4.1 to 3.5.1 for Ranger. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2762) Logout issue when knox-trusted proxy is enabled
[ https://issues.apache.org/jira/browse/RANGER-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2762: Fix Version/s: 2.1.0 > Logout issue when knox-trusted proxy is enabled > --- > > Key: RANGER-2762 > URL: https://issues.apache.org/jira/browse/RANGER-2762 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2762-Handling-browser-requests-when-knox-trus.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2914) Invalid obj name in DB script for MS-SQL
[ https://issues.apache.org/jira/browse/RANGER-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2914: Fix Version/s: 2.1.0 > Invalid obj name in DB script for MS-SQL > > > Key: RANGER-2914 > URL: https://issues.apache.org/jira/browse/RANGER-2914 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2914.patch > > > Need to change obj name from _*getXportalUIdByLoginId*_ to > *_dbo.getXportalUIdByLoginId_* while inserting value in table > x_ranger_global_state -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2908) Upgrade jackson version to 2.10.3
[ https://issues.apache.org/jira/browse/RANGER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2908. - Fix Version/s: 2.1.0 Resolution: Fixed [https://github.com/apache/ranger/commit/850e31e31087fad03ba519d1246d2f0bd70cb669] > Upgrade jackson version to 2.10.3 > - > > Key: RANGER-2908 > URL: https://issues.apache.org/jira/browse/RANGER-2908 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 2.1.0 > > > Upgrade jackson version to 2.10.3 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml
[ https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156700#comment-17156700 ] Pradeep Agrawal commented on RANGER-2907: - [~sneethiraj] : Shall attached patch resolve the issue. I have not tested this patch as I don't have an env to test the patch. > Ranger Plugin is not using default TrustManager if a trustmanager is not > specified in ranger-policymgr-ssl.xml > -- > > Key: RANGER-2907 > URL: https://issues.apache.org/jira/browse/RANGER-2907 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: Selvamohan Neethiraj >Assignee: Selvamohan Neethiraj >Priority: Critical > Attachments: > 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > > > When a CA certified certificate is used by Ranger Admin, the RangerPlugin > should be able to use the default cacerts (from JVM) without having to > configure it manually. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml
[ https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2907: Attachment: 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > Ranger Plugin is not using default TrustManager if a trustmanager is not > specified in ranger-policymgr-ssl.xml > -- > > Key: RANGER-2907 > URL: https://issues.apache.org/jira/browse/RANGER-2907 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: Selvamohan Neethiraj >Assignee: Selvamohan Neethiraj >Priority: Critical > Attachments: > 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch > > > When a CA certified certificate is used by Ranger Admin, the RangerPlugin > should be able to use the default cacerts (from JVM) without having to > configure it manually. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2902) Add policy id to the list of filters in Access Audit Tab
[ https://issues.apache.org/jira/browse/RANGER-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2902. - Fix Version/s: 2.1.0 Resolution: Fixed [https://github.com/apache/ranger/commit/c66c8384757be11335d62f72e63b8da5a5f58234] > Add policy id to the list of filters in Access Audit Tab > > > Key: RANGER-2902 > URL: https://issues.apache.org/jira/browse/RANGER-2902 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2902.patch > > > Add policy Id filter to Access Audit Tab. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2900) Include policy priority in policy details popup on access auidts page
[ https://issues.apache.org/jira/browse/RANGER-2900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2900. - Resolution: Fixed Patch committed : [https://github.com/apache/ranger/commit/87cc02b103c15297e8b8ddb12a8997517a27fc1c] > Include policy priority in policy details popup on access auidts page > - > > Key: RANGER-2900 > URL: https://issues.apache.org/jira/browse/RANGER-2900 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: suja s >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2900.patch, policypriorityscreen1.png, > policypriorityscreen2.png > > > Access Audits page on UI - On clicking on policyid, a popup is displayed with > details of the policy that is getting enforced. Suggestion is to include > policy priority also as part of details. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2858) 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies
[ https://issues.apache.org/jira/browse/RANGER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155145#comment-17155145 ] Pradeep Agrawal commented on RANGER-2858: - Patch 2([https://reviews.apache.org/r/72659/]) committed to master : [https://github.com/apache/ranger/commit/708085410ff2bbbde5f9343c31cd0a1b45f5efa8] > 'show databases' gives permission denied error, even though the user has > permissions on a few of the databases in security zone policies > > > Key: RANGER-2858 > URL: https://issues.apache.org/jira/browse/RANGER-2858 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Abhay Kulkarni >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 2.1.0 > > > When user has permissions on a few of the databases in security zone > policies, "show databases" command is expected to list databases on which the > user has some permission in any security zone(s). However, the command fails > with the following message. > > FAILED: HiveAccessControlException Permission denied: user [behemoth] does > not have [USE] privilege on [Unknown resource!!] > > org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: > Permission denied: user [behemoth] does not have [USE] privilege on [Unknown > resource!!] > at > org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:487) > > Furthermore, command "use " where is name of the > database where user has some access in any security zone, succeeds. > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155074#comment-17155074
]
Pradeep Agrawal commented on RANGER-2905:
-
[~iammehrabalam]: Thanks
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154706#comment-17154706
]
Pradeep Agrawal commented on RANGER-2905:
-
[~iammehrabalam] : Can you take the latest pull and attached patch and see if
changes are working for you or not.
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: (was:
0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch)
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal updated RANGER-2905:
Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments:
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (RANGER-2905) Failed to log Audit event in Elasticsearch
[
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pradeep Agrawal reassigned RANGER-2905:
---
Assignee: Pradeep Agrawal
> Failed to log Audit event in Elasticsearch
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
> Issue Type: Bug
> Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
>
>
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e
> empty string) type.
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>
> {code:java}
> 2020-07-08 22:55:24,740 ERROR
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed:
> 1: type is missing;
> at
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version:
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config
[ https://issues.apache.org/jira/browse/RANGER-2903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2903: Attachment: 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch > Remove elasticsearch audit's is_enabled property from config > > > Key: RANGER-2903 > URL: https://issues.apache.org/jira/browse/RANGER-2903 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Blocker > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch > > > Remove elasticsearch audit's is_enabled property from config as it may cause > plugin setup/start failure. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config
Pradeep Agrawal created RANGER-2903: --- Summary: Remove elasticsearch audit's is_enabled property from config Key: RANGER-2903 URL: https://issues.apache.org/jira/browse/RANGER-2903 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 2.1.0 Remove elasticsearch audit's is_enabled property from config as it may cause plugin setup/start failure. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems
[
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152565#comment-17152565
]
Pradeep Agrawal commented on RANGER-2856:
-
[~RickyMa] : Please close the RR.
Next time please create the patch using "git format-patch" command.
> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
> Issue Type: Bug
> Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png,
> image-2020-07-02-22-03-36-267.png
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets
> one user and no groups.
> Action: Delete the user in the policyItem using API:
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no
> policyItems is completely meaningless and it should be deleted.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
