Re: Review Request 71467: RANGER-2565 Remove duplicate error messages when test connection fails

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71467/#review219012
---


Ship it!




Ship It!

- pengjianhua


On 九月 11, 2019, 9:50 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71467/
> ---
> 
> (Updated 九月 11, 2019, 9:50 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2565
> https://issues.apache.org/jira/browse/RANGER-2565
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Remove duplicate error messages when test connection fails
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
>  5c2660fc3 
> 
> 
> Diff: https://reviews.apache.org/r/71467/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 71467: RANGER-2565 Remove duplicate error messages when test connection fails

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71467/#review218969
---


Ship it!




Ship It!

- pengjianhua


On 九月 11, 2019, 9:50 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71467/
> ---
> 
> (Updated 九月 11, 2019, 9:50 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2565
> https://issues.apache.org/jira/browse/RANGER-2565
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Remove duplicate error messages when test connection fails
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopException.java
>  5c2660fc3 
> 
> 
> Diff: https://reviews.apache.org/r/71467/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 71876: RANGER-2662 Upgrade Kylin version to 2.6.4

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71876/#review218967
---


Ship it!




Ship It!

- pengjianhua


On 十二月 5, 2019, 11:28 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71876/
> ---
> 
> (Updated 十二月 5, 2019, 11:28 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep 
> Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor 
> Gegesy.
> 
> 
> Bugs: RANGER-2662
> https://issues.apache.org/jira/browse/RANGER-2662
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We should upgrade to the recently release Apache Kylin 2.6.4. No code changes 
> are required.
> 
> 
> Diffs
> -
> 
>   pom.xml cb04757a8 
> 
> 
> Diff: https://reviews.apache.org/r/71876/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Ranger with Kylin 2.6.4
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 71877: RANGER-2663 Add elasticsearch-plugin infomation to README.txt

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71877/#review218968
---


Ship it!




Ship It!

- pengjianhua


On 十二月 5, 2019, 11:50 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71877/
> ---
> 
> (Updated 十二月 5, 2019, 11:50 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nitin Galave, pengjianhua, Pradeep 
> Agrawal, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Zsombor 
> Gegesy.
> 
> 
> Bugs: RANGER-2663
> https://issues.apache.org/jira/browse/RANGER-2663
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As elasticsearch plugin has been submitted and merged into to Ranger,
> we should add elasticsearch-plugin infomation to README.txt.
> Related Issue: RANGER-2170
> 
> 
> Diffs
> -
> 
>   README.txt 788b281de 
> 
> 
> Diff: https://reviews.apache.org/r/71877/diff/1/
> 
> 
> Testing
> ---
> 
> Test OK.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 71418: RANGER-2533: update ‘xasecure.audit.is.enabled’ default value to ‘true’ in AuditProviderFactory.java and remove unnecessary unit test changes

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71418/#review217645
---


Ship it!




Ship It!

- pengjianhua


On 八月 31, 2019, 2:38 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71418/
> ---
> 
> (Updated 八月 31, 2019, 2:38 a.m.)
> 
> 
> Review request for ranger, Colm O hEigeartaigh, Madhan Neethiraj, 
> pengjianhua, Pradeep Agrawal, Ramesh Mani, Velmurugan Periasamy, and Qiang 
> Zhang.
> 
> 
> Bugs: RANGER-2533
> https://issues.apache.org/jira/browse/RANGER-2533
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> to avoid breaking deployments where xasecure.audit.is.enabled is not set in 
> configuration file, please update default value to 'true' in 
> AuditProviderFactory.java, which will make the unit test changes in this 
> patch unnecessary
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
>  405fb1d23 
>   security-admin/src/test/java/org/apache/ranger/audit/TestAuditQueue.java 
> 99b7c49c5 
> 
> 
> Diff: https://reviews.apache.org/r/71418/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 71438: RANGER-2560 Solve the problem of the order of the configuration items of the Solr plugin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71438/#review217644
---


Ship it!




Ship It!

- pengjianhua


On 九月 5, 2019, 12:12 p.m., Kehua Wu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71438/
> ---
> 
> (Updated 九月 5, 2019, 12:12 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, Qiang Zhang, and Barna Zsombor Klara.
> 
> 
> Bugs: RANGER-2560
> https://issues.apache.org/jira/browse/RANGER-2560
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There is one problem in the method "init()" of class "RangerSolrAuthorizer".
> 
> Firstly, the code logic is to get the parameters "useProxyIP", 
> "useProxyIP","solrAppName" and "solrAppName" from RangerConfiguration, as 
> follows:
> 
> useProxyIP = RangerConfiguration.getInstance().getBoolean(useProxyIP = 
> RangerConfiguration.getInstance().getBoolean( PROP_USE_PROXY_IP, useProxyIP);
> proxyIPHeader = RangerConfiguration.getInstance().get( PROP_PROXY_IP_HEADER, 
> proxyIPHeader);
> // First get from the -D property
> solrAppName = System.getProperty("solr.kerberos.jaas.appname", solrAppName);
> // Override if required from Ranger properties
> solrAppName = RangerConfiguration.getInstance().get( PROP_SOLR_APP_NAME, 
> solrAppName);
> But after that, the code logic is to call "solrPlugin.init()" to parse the 
> configuration file, as follows:
> 
> configuration.addResourcesForServiceType(serviceType); 
> Due to the opposite logic, the values of the parameters "useProxyIP", 
> "useProxyIP","solrAppName" and "solrAppName" are not available.
> 
> 
> Diffs
> -
> 
>   
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  f87e531 
> 
> 
> Diff: https://reviews.apache.org/r/71438/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Kehua Wu
> 
>

Re: Review Request 71325: RANGER-2542 Similar to RANGER-2515, add .gitignore for project plugin-ozone and ranger-ozone-plugin-shim

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71325/#review217329
---


Ship it!




Ship It!

- pengjianhua


On 八月 20, 2019, 8:50 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71325/
> ---
> 
> (Updated 八月 20, 2019, 8:50 a.m.)
> 
> 
> Review request for ranger, Colm O hEigeartaigh, pengjianhua, Pradeep Agrawal, 
> Ramesh Mani, Velmurugan Periasamy, Qiang Zhang, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2542
> https://issues.apache.org/jira/browse/RANGER-2542
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> git status will show target directory
> add .gitignore for project plugin-ozone and ranger-ozone-plugin-shim
> 
> 
> Diffs
> -
> 
>   plugin-ozone/.gitignore PRE-CREATION 
>   ranger-ozone-plugin-shim/.gitignore PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71325/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 71261: RANGER-2533: After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still logged

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71261/#review217197
---


Ship it!




Ship It!

- pengjianhua


On 八月 9, 2019, 7:44 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71261/
> ---
> 
> (Updated 八月 9, 2019, 7:44 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, Qiang Zhang, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2533
> https://issues.apache.org/jira/browse/RANGER-2533
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> After setting 'xasecure.audit.is.enabled' to 'false', the audit log is still 
> logged
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java
>  f858efe8f 
> 
> 
> Diff: https://reviews.apache.org/r/71261/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 71153: RANGER-2515: add .gitignore for project plugin-presto and ranger-presto-plugin-shim

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71153/#review216872
---


Ship it!




Ship It!

- pengjianhua


On July 24, 2019, 10:57 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71153/
> ---
> 
> (Updated July 24, 2019, 10:57 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, Velmurugan 
> Periasamy, Qiang Zhang, and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2515
> https://issues.apache.org/jira/browse/RANGER-2515
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> git status will show target directory
> add .gitignore for project plugin-presto and ranger-presto-plugin-shim
> 
> 
> Diffs
> -
> 
>   plugin-presto/.gitignore PRE-CREATION 
>   ranger-presto-plugin-shim/.gitignore PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/71153/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> 
> Tested.
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 70312: RANGER-2381 Failed to refresh policies when servicename contains space

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70312/#review214148
---


Ship it!




Ship It!

- pengjianhua


On 三月 27, 2019, 1:56 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70312/
> ---
> 
> (Updated 三月 27, 2019, 1:56 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2381
> https://issues.apache.org/jira/browse/RANGER-2381
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> 2019-03-26 19:30:32,657 ERROR [http-bio-7070-exec-8] util.PolicyRefresher:275 
> : PolicyRefresher(serviceName=kylin service): failed to refresh policies. 
> Will continue to use last known version of policies (-1)
> java.lang.IllegalArgumentException: Illegal character in path at index 65: 
> http//:10.43.159.143:6080/service/plugins/policies/download/kylin service
> at java.net.URI.create(URI.java:852)
> at com.sun.jersey.api.client.Client.resource(Client.java:433)
> at 
> org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:156)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.createWebResource(RangerAdminRESTClient.java:285)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:134)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:251)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:191)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:137)
> at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:235)
> at 
> org.apache.ranger.authorization.kylin.authorizer.RangerKylinPlugin.init(RangerKylinAuthorizer.java:152)
> at 
> org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer.init(RangerKylinAuthorizer.java:66)
> at 
> org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer.init(RangerKylinAuthorizer.java:68)
> at 
> org.apache.kylin.rest.security.ExternalAclProvider.getInstance(ExternalAclProvider.java:45)
> at 
> org.apache.kylin.rest.security.KylinAclPermissionEvaluator.hasPermission(KylinAclPermissionEvaluator.java:45)
> at 
> org.springframework.security.access.expression.SecurityExpressionRoot.hasPermission(SecurityExpressionRoot.java:177)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:483)
> at 
> org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:113)
> at 
> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:129)
> at 
> org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:85)
> at 
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:170)
> at 
> org.springframework.expression.spel.ast.OpOr.getBooleanValue(OpOr.java:55)
> at 
> org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:50)
> at 
> org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:36)
> at 
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:170)
> at 
> org.springframework.expression.spel.ast.OpOr.getBooleanValue(OpOr.java:55)
> at 
> org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:46)
> at 
> org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:36)
> at 
> org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:170)
> at 
> org.springframework.expression.spel.ast.OpOr.getBooleanValue(OpOr.java:55)
>  

Re: Review Request 69959: RANGER-2336:Ranger HBase plugin should pack guava lib as a dependency

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69959/#review212773
---


Ship it!




Ship It!

- pengjianhua


On 二月 12, 2019, 10:34 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69959/
> ---
> 
> (Updated 二月 12, 2019, 10:34 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2336
> https://issues.apache.org/jira/browse/RANGER-2336
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2336:Ranger HBase plugin should pack guava lib as a dependency
> 
> 
> Diffs
> -
> 
>   src/main/assembly/hbase-agent.xml 3ebc334 
> 
> 
> Diff: https://reviews.apache.org/r/69959/diff/1/
> 
> 
> Testing
> ---
> 
> Testing done in Local VM
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 69637: RANGER-2314 Do some code improvement for the error message in SqoopClient.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69637/#review211547
---


Ship it!




Ship It!

- pengjianhua


On 十二月 27, 2018, 7:17 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69637/
> ---
> 
> (Updated 十二月 27, 2018, 7:17 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2314
> https://issues.apache.org/jira/browse/RANGER-2314
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Modify the error message to show the HTTP response code instead of 'got null 
> response'.
> 
> 
> Diffs
> -
> 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  3563b3193 
> 
> 
> Diff: https://reviews.apache.org/r/69637/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69466: RANGER-2294:Front-end and back-end email address regular expression should be the same

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69466/#review211137
---


Ship it!




Ship It!

- pengjianhua


On 十一月 28, 2018, 8:16 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69466/
> ---
> 
> (Updated 十一月 28, 2018, 8:16 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2294
> https://issues.apache.org/jira/browse/RANGER-2294
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When edit user email address, and input the incorrect email address,
> there are two kinds of error message:
> 1.Input .@ab.ab, there is error message:
> Invalid email address
> [JsValidateEmail.jpg|https://issues.apache.org/jira/secure/attachment/12949801/JsValidateEmail.jpg]
> 
> 2.Input a...@ab.ab, there is error message:
> Please provide valid email address.
> [JavaValidateEmail.jpg|https://issues.apache.org/jira/secure/attachment/12949800/JavaValidateEmail.jpg]
> 
> It is not reasonable when email address passed front-end validation,
> but failed back-end validation.
> So front-end and back-end email address regular expression should be the same,
> and add hint message for user to fill email address.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 2c0ee98 
>   security-admin/src/main/webapp/scripts/views/users/UserForm.js ee0d256 
> 
> 
> Diff: https://reviews.apache.org/r/69466/diff/1/
> 
> 
> Testing
> ---
> 
> #Test Result:
> Test OK.
> [FixedJsValidateEmail.jpg|https://issues.apache.org/jira/secure/attachment/12949805/FixedJsValidateEmail.jpg]
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69489: RANGER-2299 Modify the permissions of the kms install.properties file to 700

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69489/#review211136
---


Ship it!




Ship It!

- pengjianhua


On 十一月 30, 2018, 9:07 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69489/
> ---
> 
> (Updated 十一月 30, 2018, 9:07 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2299
> https://issues.apache.org/jira/browse/RANGER-2299
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Now the owner of the kms install.properties file has only read and execute 
> permissions, no write permissions.
> 
> 
> Diffs
> -
> 
>   src/main/assembly/kms.xml ed818b1a7 
> 
> 
> Diff: https://reviews.apache.org/r/69489/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69488: RANGER-2298 Modify JAVA_VERSION_REQUIRED to 1.8 in install.properties

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69488/#review20
---


Ship it!




Ship It!

- pengjianhua


On 十一月 30, 2018, 7:30 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69488/
> ---
> 
> (Updated 十一月 30, 2018, 7:30 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2298
> https://issues.apache.org/jira/browse/RANGER-2298
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Modify JAVA_VERSION_REQUIRED to 1.8 in install.properties
> 
> 
> Diffs
> -
> 
>   kms/scripts/install.properties 947d9f389 
>   security-admin/scripts/install.properties 674844cec 
> 
> 
> Diff: https://reviews.apache.org/r/69488/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69506: RANGER-2303:Add kylin-plugin infomation to README.txt

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69506/#review211109
---


Ship it!




Ship It!

- pengjianhua


On 十二月 5, 2018, 6:15 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69506/
> ---
> 
> (Updated 十二月 5, 2018, 6:15 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2303
> https://issues.apache.org/jira/browse/RANGER-2303
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As kylin plugin has been submitted and merged into to Ranger,
> we should add kylin-plugin infomation to README.txt.
> Related Issue:
> RANGER-1672 Ranger supports plugin to enable, monitor and manage apache kylin
> 
> 
> Diffs
> -
> 
>   README.txt e54ce33 
> 
> 
> Diff: https://reviews.apache.org/r/69506/diff/1/
> 
> 
> Testing
> ---
> 
> Test OK.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69406: RANGER-2289 Unable to get Audit Admin tab page

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69406/#review210746
---


Ship it!




Ship It!

- pengjianhua


On 十一月 20, 2018, 9:47 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69406/
> ---
> 
> (Updated 十一月 20, 2018, 9:47 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2289
> https://issues.apache.org/jira/browse/RANGER-2289
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Unable to get Audit Admin tab page.
> 
> Steps:
> 1. Go to Audit Admin tab page.
> 2. Click on 'Session ID' to show session detail modal.
> 3. Click on 'Show Actions' button.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js bb88ec306 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 
> 718a95d70 
> 
> 
> Diff: https://reviews.apache.org/r/69406/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69340: RANGER-2244 Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.91 or later.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69340/#review210641
---


Ship it!




Ship It!

- pengjianhua


On 十一月 15, 2018, 9:01 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69340/
> ---
> 
> (Updated 十一月 15, 2018, 9:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2244
> https://issues.apache.org/jira/browse/RANGER-2244
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [SECURITY] CVE-2018-11784 Apache Tomcat - Open Redirect
> CVE-2018-11784 Apache Tomcat - Open Redirect
> 
> Severity: Moderate
> 
> Vendor: The Apache Software Foundation
> 
> Versions Affected:
> Apache Tomcat 9.0.0.M1 to 9.0.11
> Apache Tomcat 8.5.0 to 8.5.33
> Apache Tomcat 7.0.23 to 7.0.90
> The unsupported 8.0.x release line has not been analysed but is likely
> to be affected.
> 
> Description:
> When the default servlet returned a redirect to a directory (e.g.
> redirecting to '/foo/' when the user requested '/foo') a specially
> crafted URL could be used to cause the redirect to be generated to any
> URI of the attackers choice.
> 
> Mitigation:
> Users of the affected versions should apply one of the following
> mitigations:
> 
> Upgrade to Apache Tomcat 9.0.12 or later.
> Upgrade to Apache Tomcat 8.5.34 or later.
> Upgrade to Apache Tomcat 7.0.91 or later.
> Use mapperDirectoryRedirectEnabled="true" and
> mapperContextRootRedirectEnabled="true" on the Context to ensure that
> redirects are issued by the Mapper rather than the default Servlet.
> See the Context configuration documentation for further important
> details.
> Credit:
> This vulnerability was found by Sergey Bobrov and reported responsibly
> to the Apache Tomcat Security Team.
> 
> History:
> 2018-10-03 Original advisory
> 
> References:
> [1] http://tomcat.apache.org/security-9.html
> [2] http://tomcat.apache.org/security-8.html
> [3] http://tomcat.apache.org/security-7.html
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
>  eac0dacaf 
>   pom.xml 514f87e7f 
> 
> 
> Diff: https://reviews.apache.org/r/69340/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Modify the ssl configuration item in install.properties for the Ranger 
> Admin.
> 
> **SSL config**
> 
> db_ssl_enabled=true
> db_ssl_required=true
> db_ssl_verifyServerCertificate=true
> javax_net_ssl_keyStore=/opt/ranger-ssl/keystore
> javax_net_ssl_keyStorePassword=hdp1234$
> javax_net_ssl_trustStore=/opt/ranger-ssl/truststore
> javax_net_ssl_trustStorePassword=hdp1234$
> ...
> 
> 
> **--- PolicyManager CONFIG **
> 
> 
> policymgr_external_url=https://localhost:6182
> policymgr_http_enabled=false
> policymgr_https_keystore_file=/opt/ranger-ssl/rangertomcatverify.jks
> policymgr_https_keystore_keyalias=rangertomcatverify
> policymgr_https_keystore_password=hdp1234$
> 
> 
> 2.Install the Ranger Admin
> 
> 
> 3.Modify the ssl configuration item in install.properties for the usersync.
> 
> 
> **POLICY_MGR_URL = http://policymanager.xasecure.net:6080**
> 
> 
> POLICY_MGR_URL = https://sslrangerserver:6182
> 
> 
> **SSL Authentication**
> 
> AUTH_SSL_ENABLED=false
> AUTH_SSL_KEYSTORE_FILE=/opt/ranger-ssl/keystore
> AUTH_SSL_KEYSTORE_PASSWORD=hdp1234$
> AUTH_SSL_TRUSTSTORE_FILE=/opt/ranger-ssl/truststore
> AUTH_SSL_TRUSTSTORE_PASSWORD=hdp1234$
> 
> 
> 4.Install the Ranger usersync
> 
> 
> 5.Modified the ssl configuration item in install.properties for the kms.
> 
> 
> **POLICY_MGR_URL = http://policymanager.xasecure.net:6080**
> 
> 
> POLICY_MGR_URL = https://sslrangerserver:6182
> db_ssl_enabled=true
> db_ssl_required=true
> db_ssl_verifyServerCertificate=true
> db_ssl_auth_type=2-way
> javax_net_ssl_keyStore=/opt/ranger-ssl/keystore
> javax_net_ssl_keyStorePassword=hdp1234$
> javax_net_ssl_trustStore=/opt/ranger-ssl/truststore
> javax_net_ssl_trustStorePassword=hdp1234$
> 
> 
> **SSL Client Certificate Inform

Re: Review Request 69371: RANGER-2288 Sqoop repository config missing "Common Name for Certificate"

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69371/#review210602
---


Ship it!




Ship It!

- pengjianhua


On 十一月 16, 2018, 7:12 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69371/
> ---
> 
> (Updated 十一月 16, 2018, 7:12 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2288
> https://issues.apache.org/jira/browse/RANGER-2288
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently there is no field for specifying "Common Name for Certificate" in 
> Sqoop repository configuration. To get SSL setup between ranger admin and 
> Sqoop plugin working, this field should be added to the repo config.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> 902a0b88b 
> 
> 
> Diff: https://reviews.apache.org/r/69371/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69320: RANGER-2282 The error message for changing password is incorrect in User Profile page.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69320/#review210599
---


Ship it!




Ship It!

- pengjianhua


On 十一月 13, 2018, 2:51 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69320/
> ---
> 
> (Updated 十一月 13, 2018, 2:51 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2282
> https://issues.apache.org/jira/browse/RANGER-2282
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The error message for changing password is incorrect in User Profile page.
> 
> Following error message needs to be fixed.
> 1.Enter the wrong old password
> Error message: You can not use old password.
> 2.The new password entered is the same as the old password
> Error message: Invalid Password. Minimum 8 characters with min one alphabet 
> and one numeric.
> 
> After fixing:
> 1.Enter the wrong old password
> Error message: Your password does not match. Please try again with proper 
> password.
> 2.The new password entered is the same as the old password
> Error message: You can not use old password.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 2a638f890 
>   security-admin/src/main/webapp/scripts/views/user/UserProfile.js 8e60b53b9 
> 
> 
> Diff: https://reviews.apache.org/r/69320/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69239: RANGER-2276:Email Address should be verified when Add New User in Ranger Admin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69239/#review210595
---


Ship it!




Ship It!

- pengjianhua


On 十一月 12, 2018, 8:34 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69239/
> ---
> 
> (Updated 十一月 12, 2018, 8:34 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2276
> https://issues.apache.org/jira/browse/RANGER-2276
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Click Add New User in Ranger Admin to create user,
> and fill in Email Address with a@b.c, user can be created successfully.
> But when you update the user with Email Address like x@y.z,
> update would be failed with the following message:
> Error:Please provide valid email address.
> Please refer screenshots:
> [UpdateUserWithEmail.jpg|https://issues.apache.org/jira/secure/attachment/12946646/UpdateUserWithEmail.jpg]
> Email Address should be verified when creating users like updating users.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ced600f 
> 
> 
> Diff: https://reviews.apache.org/r/69239/diff/2/
> 
> 
> Testing
> ---
> 
> Tested:
> Email Address is verified when Add New User in Ranger Admin.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69239: RANGER-2276:Email Address should be verified when Add New User in Ranger Admin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69239/#review210436
---




security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 31 (patched)
<https://reviews.apache.org/r/69239/#comment295096>

This path has conflicts, StringUtils is already defined in the latest code.

security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java:[89] 
error: org.apache.commons.lang.StringUtils is already defined in a single-type 
import


- pengjianhua


On 十一月 2, 2018, 7:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69239/
> ---
> 
> (Updated 十一月 2, 2018, 7:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2276
> https://issues.apache.org/jira/browse/RANGER-2276
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Click Add New User in Ranger Admin to create user,
> and fill in Email Address with a@b.c, user can be created successfully.
> But when you update the user with Email Address like x@y.z,
> update would be failed with the following message:
> Error:Please provide valid email address.
> Please refer screenshots:
> [UpdateUserWithEmail.jpg|https://issues.apache.org/jira/secure/attachment/12946646/UpdateUserWithEmail.jpg]
> Email Address should be verified when creating users like updating users.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java febf221 
> 
> 
> Diff: https://reviews.apache.org/r/69239/diff/1/
> 
> 
> Testing
> ---
> 
> Tested:
> Email Address is verified when Add New User in Ranger Admin.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69156: RANGER-2267 Add a icon to differentiate the status of the service

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69156/#review210435
---


Ship it!




Ship It!

- pengjianhua


On 十月 31, 2018, 6:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69156/
> ---
> 
> (Updated 十月 31, 2018, 6:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2267
> https://issues.apache.org/jira/browse/RANGER-2267
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> On the Service Manager page, the enabled service and the disabled service are 
> displayed the same, and the user cannot distinguish between them.
> Add a icon lable to differentiate the status of the service
> 
> Modified screenshots:
> 
> https://issues.apache.org/jira/secure/attachment/12946338/Modify.PNG
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 27de701ae 
> 
> 
> Diff: https://reviews.apache.org/r/69156/diff/2/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69248: RANGER-2277 Kylin repository config missing "Common Name for Certificate"

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69248/#review210434
---


Ship it!




Ship It!

- pengjianhua


On 十一月 5, 2018, 9:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69248/
> ---
> 
> (Updated 十一月 5, 2018, 9:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2277
> https://issues.apache.org/jira/browse/RANGER-2277
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently there is no field for specifying "Common Name for Certificate" in 
> Kylin repository configuration. To get SSL setup between ranger admin and 
> Kylin plugin working, this field should be added to the repo config.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> 3e0f0a3fb 
> 
> 
> Diff: https://reviews.apache.org/r/69248/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69297: RANGER-2280:The emptyText of User Sync and Plugin Status should be reasonable

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69297/#review210433
---


Ship it!




Ship It!

- pengjianhua


On 十一月 8, 2018, 7:08 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69297/
> ---
> 
> (Updated 十一月 8, 2018, 7:08 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2280
> https://issues.apache.org/jira/browse/RANGER-2280
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In the User Sync webpage under the Audit of Ranger Admin?
> if the form is empty, it will show emptyText:
> No plugin found!
> Refer screenshots:
> [AuditUserSyncNotFound|https://issues.apache.org/jira/secure/attachment/12947353/AuditUserSyncNotFound.jpg]
> The message shown above is not reasonable. It should be changed to:
> No user sync audit found!
> Fixed screenshots:
> [AuditUserSyncNotFound_Fix|https://issues.apache.org/jira/secure/attachment/12947354/AuditUserSyncNotFound_Fix.jpg]
> 
> Similar to User Sync, the emptyText of Plugin Status is not reasonable.
> It should be changed to:
> No plugin status found!
> Fixed screenshots:
> [AuditPluginStatusNotFound_Fix|https://issues.apache.org/jira/secure/attachment/12947352/AuditPluginStatusNotFound_Fix.jpg]
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js fe9566c 
> 
> 
> Diff: https://reviews.apache.org/r/69297/diff/1/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69154: RANGER-2266:To make Id to ID in Audit Pages of Ranger Admin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69154/#review210129
---


Ship it!




Ship It!

- pengjianhua


On 十月 25, 2018, 7:18 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69154/
> ---
> 
> (Updated 十月 25, 2018, 7:18 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2266
> https://issues.apache.org/jira/browse/RANGER-2266
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The ID in the Audit web pages of Ranger Admin is not uniform.
> There are two ways to write in the pages: Id and ID.
> In Access,Table Head: Policy ID
> In Admin, Table Head and Search Options: Session Id
> In Login Sessions,Table Head and Search Options: Session Id, Login Id
> In Plugins,   Table Head: Plugin Id, but Search Options: 
> Plugin ID
> Please check the following screenshots:
> [Access|https://issues.apache.org/jira/secure/attachment/12945554/Access_PolicyID.jpg]
> [Admin|https://issues.apache.org/jira/secure/attachment/1294/Admin_SessionID.jpg]
> [Login 
> Sessions|https://issues.apache.org/jira/secure/attachment/12945556/LoginSeeions_LoginIDandSessionID.jpg]
> [Plugins|https://issues.apache.org/jira/secure/attachment/12945557/Plugins_PluginID.jpg]
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 19cc7b4 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 3da1567 
> 
> 
> Diff: https://reviews.apache.org/r/69154/diff/1/
> 
> 
> Testing
> ---
> 
> Change Id to ID in Audit Pages of Ranger Admin
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69156: RANGER-2267 Add a "disabled" lable to differentiate the status of the service

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69156/#review210130
---


Ship it!




Ship It!

- pengjianhua


On 十月 25, 2018, 9:22 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69156/
> ---
> 
> (Updated 十月 25, 2018, 9:22 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2267
> https://issues.apache.org/jira/browse/RANGER-2267
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> On the Service Manager page, the enabled service and the disabled service are 
> displayed the same, and the user cannot distinguish between them.
> Add a "disabled" lable to differentiate the status of the service
> 
> Modified screenshots:
> 
> https://issues.apache.org/jira/secure/attachment/12945573/Modify.PNG
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 27de701ae 
> 
> 
> Diff: https://reviews.apache.org/r/69156/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68990: RANGER-2248 Sorting does not work in AbstractPredicateUtil.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68990/#review209913
---


Ship it!




Ship It!

- pengjianhua


On 十月 11, 2018, 7:32 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68990/
> ---
> 
> (Updated 十月 11, 2018, 7:32 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, 
> pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, 
> Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2248
> https://issues.apache.org/jira/browse/RANGER-2248
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Sorting does not work in AbstractPredicateUtil.java
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  4d2bc622b 
> 
> 
> Diff: https://reviews.apache.org/r/68990/diff/1/
> 
> 
> Testing
> ---
> 
> Tested api:
> http://rangeradmin:6080/service/plugins/policies?sortBy={sortBy}
> http://rangeradmin:6080/service/plugins/policies/service/name/{name}?sortBy={sortBy}
> http://rangeradmin:6080/service/plugins/policies/service/{id}?sortBy={sortBy}
> Verified sort results.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69081: RANGER-2258 Improve the policy list page to prompt users when the service is disabled

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69081/#review209912
---


Ship it!




Ship It!

- pengjianhua


On 十月 19, 2018, 8:06 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69081/
> ---
> 
> (Updated 十月 19, 2018, 8:06 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, 
> pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, 
> Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2258
> https://issues.apache.org/jira/browse/RANGER-2258
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> After disabling the service, the policy list page displays "No Policies 
> found!", the user can still add policies, but the page still displays 'No 
> Policies found!', which may cause user confusion.
> Modify the prompt message to “No Policies found! The service is disabled!” 
> and hide the “Add new policy” button when the service is disabled.
> 
> Modified screenshots:
> 
> https://issues.apache.org/jira/secure/attachment/12944673/Modify.PNG
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  115083881 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
>  bcd495cf6 
> 
> 
> Diff: https://reviews.apache.org/r/69081/diff/1/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 69080: RANGER-2257:Add policyID to error message when click the Access log of Audit

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69080/#review209911
---


Ship it!




Ship It!

- pengjianhua


On 十月 19, 2018, 3:26 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69080/
> ---
> 
> (Updated 十月 19, 2018, 3:26 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2257
> https://issues.apache.org/jira/browse/RANGER-2257
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Check the Access log of Audit in RangerAdmin,
> click on a log to see its corresponding policyID history,
> If the policyID does not exist, the following error will occur:
> No policy history found for given time: 2018-08-14T08:43:11Z
> Please check the following screenshots:
> https://issues.apache.org/jira/secure/attachment/12944645/OnlyTime.png
> The information given in the above error message does not give policyID 
> information, 
> which can lead to user confusion.
> Add policyID to modify the error message as follows:
> No policy history found for given policy ID: 1 and event time: 
> 2018-08-14T08:43:11Z
> Modified screenshots:
> https://issues.apache.org/jira/secure/attachment/12944644/IDandTime.png
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 5dfe446 
> 
> 
> Diff: https://reviews.apache.org/r/69080/diff/1/
> 
> 
> Testing
> ---
> 
> #Test Result:
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68871: RANGER-2238 String comparison should not use ‘==’ in ServiceUtil.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68871/#review209474
---


Ship it!




Ship It!

- pengjianhua


On 十月 8, 2018, 2:08 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68871/
> ---
> 
> (Updated 十月 8, 2018, 2:08 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, 
> pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, 
> Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2238
> https://issues.apache.org/jira/browse/RANGER-2238
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Here is related code:
> 
> for(RangerPolicy.RangerPolicyItemCondition condition : 
> policyItem.getConditions()) {
> if(condition.getType() == "ipaddress") {
> 
> equals() should be used to compare Strings.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> 0292881b4 
> 
> 
> Diff: https://reviews.apache.org/r/68871/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68864: RANGER-2237 Upgrade Kylin version to 2.5.0

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68864/#review209086
---


Ship it!




Ship It!

- pengjianhua


On 九月 27, 2018, 7:19 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68864/
> ---
> 
> (Updated 九月 27, 2018, 7:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nitin Galave, 
> pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, 
> Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2237
> https://issues.apache.org/jira/browse/RANGER-2237
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade Kylin version to 2.5.0
> 
> 
> Diffs
> -
> 
>   pom.xml e6695b440 
> 
> 
> Diff: https://reviews.apache.org/r/68864/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Passed all unit tests.
> 2. Tested authorization works correctly with Kylin v2.5.0
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68849: RANGER-2235 Modify the login session detail page as a modal.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68849/#review209063
---


Ship it!




Ship It!

- pengjianhua


On 九月 26, 2018, 9:01 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68849/
> ---
> 
> (Updated 九月 26, 2018, 9:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, pengjianhua, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat 
> Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2235
> https://issues.apache.org/jira/browse/RANGER-2235
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> On the Audit Admin tab page, if the user clicks to view the session details, 
> it will jump to a new page, user cannot return to previous page. We need to 
> click again to enter the Audit Admin tab page, and reselect the filter 
> condition and the page number.
> Audit Login Sessions tab page has the same problem.
> 
> Modify the login session detail page as a modal?the user can continue to view 
> the current page after close the modal.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 
> 697d33d9c 
>   security-admin/src/main/webapp/scripts/views/reports/LoginSessionDetail.js 
> e92929a93 
>   
> security-admin/src/main/webapp/templates/reports/LoginSessionDetail_tmpl.html 
> b11fa83fb 
> 
> 
> Diff: https://reviews.apache.org/r/68849/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68681: RANGER-2213 Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.90.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68681/#review208836
---


Ship it!




Ship It!

- pengjianhua


On 九月 11, 2018, 3:07 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68681/
> ---
> 
> (Updated 九月 11, 2018, 3:07 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2213
> https://issues.apache.org/jira/browse/RANGER-2213
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [SECURITY] CVE-2018-1336
> Severity: High 
> Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 
> 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
> Description: An improper handing of overflow in the UTF-8 decoder with 
> supplementary characters can lead to an infinite loop in the decoder causing 
> a Denial of Service.
> 
> CVE-2018-8014
> Description: The defaults settings for the CORS filter provided in Apache 
> Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 
> 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is 
> expected that users of the CORS filter will have configured it appropriately 
> for their environment rather than using it in the default configuration. 
> Therefore, it is expected that most users will not be impacted by this issue.
> 
> CVE-2018-8034
> Description: The host name verification when using TLS with the WebSocket 
> client was missing. It is now enabled by default. 
> Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 
> 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
> 
> 
> Diffs
> -
> 
>   pom.xml ae3f4be4c 
> 
> 
> Diff: https://reviews.apache.org/r/68681/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Modify the ssl configuration item in install.properties for the Ranger 
> Admin.
> 
> **SSL config**
> 
> db_ssl_enabled=true
> db_ssl_required=true
> db_ssl_verifyServerCertificate=true
> javax_net_ssl_keyStore=/opt/ranger-1.1.0-admin/ssl/keystore
> javax_net_ssl_keyStorePassword=hdp1234$
> javax_net_ssl_trustStore=/opt/ranger-1.1.0-admin/ssl/truststore
> javax_net_ssl_trustStorePassword=hdp1234$
> ...
> 
> 
> **--- PolicyManager CONFIG **
> 
> 
> policymgr_external_url=https://localhost:6182
> policymgr_http_enabled=false
> policymgr_https_keystore_file=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify.jks
> policymgr_https_keystore_keyalias=rangertomcatverify
> policymgr_https_keystore_password=hdp1234$
> 
> 
> 2. Install the Ranger Admin
> 
> 
> 3. Modify the ssl configuration item in install.properties for the usersync.
> 
> 
> **POLICY_MGR_URL = http://policymanager.xasecure.net:6080**
> 
> 
> POLICY_MGR_URL = https://sslrangerserver:6182
> 
> 
> **SSL Authentication**
> 
> AUTH_SSL_ENABLED=false
> AUTH_SSL_KEYSTORE_FILE=/opt/ranger-1.1.0-admin/ssl/keystore
> AUTH_SSL_KEYSTORE_PASSWORD=hdp1234$
> AUTH_SSL_TRUSTSTORE_FILE=/opt/ranger-1.1.0-admin/ssl/truststore
> AUTH_SSL_TRUSTSTORE_PASSWORD=hdp1234$
> 
> 
> 4. Install the Ranger usersync
> 
> 
> 5. Modified the ssl configuration item in install.properties for the kms.
> 
> 
> **POLICY_MGR_URL = http://policymanager.xasecure.net:6080**
> 
> 
> POLICY_MGR_URL = https://sslrangerserver:6182
> db_ssl_enabled=true
> db_ssl_required=true
> db_ssl_verifyServerCertificate=true
> db_ssl_auth_type=2-way
> javax_net_ssl_keyStore=/opt/ranger-1.1.0-admin/ssl/keystore
> javax_net_ssl_keyStorePassword=hdp1234$
> javax_net_ssl_trustStore=/opt/ranger-1.1.0-admin/ssl/truststore
> javax_net_ssl_trustStorePassword=hdp1234$
> 
> 
> **SSL Client Certificate Information**
> 
> 
> SSL_KEYSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-keystore.jks
> SSL_KEYSTORE_PASSWORD=myKeyFilePassword
> SSL_TRUSTSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-truststore.jks
> SSL_TRUSTSTORE_PASSWORD=changeit
> 
> 
> 6. Install the KMS
> 
> 
> 7. Modified the ssl configuration item in install.properties for plugins
> 
> 
> **POLICY_MGR_URL = http://policymanager.xasecure.net:6080**
> 
> 
> POLICY_MGR_URL = https://sslrangerserver:6182
> 
> 
> **SSL Client Certificate Information**
> 
> 
> SSL_KEYSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-keystore.jks
> SSL_KEYSTORE_PASSWORD=myKeyFilePassword
> SSL_TRUSTSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-truststore.jks
> SSL_TRUSTSTORE_PASSWORD=changeit
> 
> 
> 8. Install plugins
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68423: RANGER-2193 Form validation during testconnection should be consistent with service creation/editing

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68423/#review208791
---


Ship it!




Ship It!

- pengjianhua


On 八月 18, 2018, 5:48 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68423/
> ---
> 
> (Updated 八月 18, 2018, 5:48 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, pengjianhua, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat 
> Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2193
> https://issues.apache.org/jira/browse/RANGER-2193
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Form validation during testconnection should be consistent with service 
> creation/editing
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/service/ServiceCreate.js 
> 7c2c778c1 
> 
> 
> Diff: https://reviews.apache.org/r/68423/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68682: RANGER-2214 Do some code improvement for the error message for KylinClient.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68682/#review208790
---


Ship it!




Ship It!

- pengjianhua


On 九月 11, 2018, 3:30 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68682/
> ---
> 
> (Updated 九月 11, 2018, 3:30 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2214
> https://issues.apache.org/jira/browse/RANGER-2214
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Now the test connection get an error return, such as 401, the error message 
> always show 'got null response'
> 
> 
> Diffs
> -
> 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java
>  9cf21aa67 
> 
> 
> Diff: https://reviews.apache.org/r/68682/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68676: RANGER-2212 Add multiple urls tips for the ‘Kylin URL’ configuration item when creating the kylin-plugin service

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68676/#review208789
---


Ship it!




Ship It!

- pengjianhua


On 九月 10, 2018, 7:43 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68676/
> ---
> 
> (Updated 九月 10, 2018, 7:43 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Mehul Parikh, pengjianhua, 
> Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat 
> Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2212
> https://issues.apache.org/jira/browse/RANGER-2212
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add multiple urls tips for the ‘Kylin URL’ configuration item:
> 1.For one url, eg.
> 'http://:7070'
> 2.For multiple urls (use , or ; delimiter), eg.
> 'http://:7070,http://:7070'
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> cda352665 
> 
> 
> Diff: https://reviews.apache.org/r/68676/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68010: RANGER-2153 Supply the function of reverting policy history version.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68010/#review206829
---


Ship it!




Ship It!

- pengjianhua


On Aug. 2, 2018, 7:42 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68010/
> ---
> 
> (Updated Aug. 2, 2018, 7:42 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2153
> https://issues.apache.org/jira/browse/RANGER-2153
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Supply the function of reverting policy history version.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
> 1e3554f03 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  83253e43a 
> 
> 
> Diff: https://reviews.apache.org/r/68010/diff/3/
> 
> 
> Testing
> ---
> 
> 
> File Attachments
> 
> 
> 0002-RANGER-2153-Supply-the-function-of-reverting-policy-.patch
>   
> https://reviews.apache.org/media/uploaded/files/2018/08/02/25f26bf2-db4f-491e-9757-757803679d57__0002-RANGER-2153-Supply-the-function-of-reverting-policy-.patch
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 68010: RANGER-2153 Supply the function of reverting policy history version.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68010/#review206584
---


Ship it!




- pengjianhua


On July 27, 2018, 6:45 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68010/
> ---
> 
> (Updated July 27, 2018, 6:45 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2153
> https://issues.apache.org/jira/browse/RANGER-2153
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Supply the function of reverting policy history version.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
> a0b46fdf6 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  206bb96ac 
> 
> 
> Diff: https://reviews.apache.org/r/68010/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 67919: RANGER-2152 Incorrect debugging information in RangerPluginClassLoader.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67919/#review206490
---


Ship it!




Ship It!

- pengjianhua


On July 14, 2018, 5:47 a.m., Xing Peng wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67919/
> ---
> 
> (Updated July 14, 2018, 5:47 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Qiang Zhang.
> 
> 
> Bugs: RANGER-2152
> https://issues.apache.org/jira/browse/RANGER-2152
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Incorrect debugging information in RangerPluginClassLoader.java
> 
> 
> Diffs
> -
> 
>   
> ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java
>  28555602d 
> 
> 
> Diff: https://reviews.apache.org/r/67919/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Xing Peng
> 
>

Re: Review Request 66810: RANGER-2085 :- Add resource lookup for entity-id in Atlas service

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66810/#review202053
---


Ship it!




Ship It!

- pengjianhua


On 四月 26, 2018, 12:36 p.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66810/
> ---
> 
> (Updated 四月 26, 2018, 12:36 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, and Ramesh Mani.
> 
> 
> Bugs: RANGER-2085
> https://issues.apache.org/jira/browse/RANGER-2085
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch includes changes to add resource lookup for entity-id in Atlas 
> service.
> 
> 
> Diffs
> -
> 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
>  671d2d14f4dda0274fac3d9b039597360348ca18 
>   src/main/assembly/admin-web.xml 73bf8c05b7b8f0e5d2fea4b2e446c1f087b9788b 
> 
> 
> Diff: https://reviews.apache.org/r/66810/diff/1/
> 
> 
> Testing
> ---
> 
> Searched with names of entity with starting characters in text-box then 
> entities with qualified names are loading in dropdown of selected type.
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Re: Review Request 66598: RANGER-2043 : Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66598/#review201392
---


Ship it!




Ship It!

- pengjianhua


On 四月 18, 2018, 6:05 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66598/
> ---
> 
> (Updated 四月 18, 2018, 6:05 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2043
> https://issues.apache.org/jira/browse/RANGER-2043
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs.
> 
> 
> Diffs
> -
> 
>   kms/scripts/VerifyIsDBMasterkeyCorrect.sh PRE-CREATION 
>   kms/scripts/VerifyIsHSMMasterkeyCorrect.sh PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java 00dc069 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java e73b6d3 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> b9d948f 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 6cfd37e 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/VerifyIsDBMasterkeyCorrect.java
>  PRE-CREATION 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/VerifyIsHSMMasterkeyCorrect.java
>  PRE-CREATION 
>   src/main/assembly/kms.xml 68512ef 
> 
> 
> Diff: https://reviews.apache.org/r/66598/diff/5/
> 
> 
> Testing
> ---
> 
> 1. Verified Ranger Kms is working as expected.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 66627: RANGER-1985:Auditing for Ranger Usersync operations

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66627/#review201373
---


Ship it!




Ship It!

- pengjianhua


On 四月 16, 2018, 2:35 p.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66627/
> ---
> 
> (Updated 四月 16, 2018, 2:35 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, 
> sailaja mada, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> – Show separate icon for showing sync source popup 
> – Add other meta-data to sync source popup (like group search first enabled)
> – Distinguish between full sync and incremental sync events
> – Show synctime, last modified time in event time format
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 66de789 
>   security-admin/src/main/webapp/scripts/utils/XAViewUtils.js fabf709 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js c80dd4f 
>   security-admin/src/main/webapp/styles/xa.css 3869f8e 
> 
> 
> Diff: https://reviews.apache.org/r/66627/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Able to see the correct sync details when we click on view button.
> 2. search filters are woking
> 3.Verified refresh button is woking.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 66600: Fix ranger.plugin.hbase.policy.rest.ssl.config.file parameter error.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66600/#review201181
---


Ship it!




Ship It!

- pengjianhua


On 四月 13, 2018, 8:25 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66600/
> ---
> 
> (Updated 四月 13, 2018, 8:25 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2068
> https://issues.apache.org/jira/browse/RANGER-2068
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> 1. Set configuration items.
> COMPONENT_INSTALL_DIR_NAME=/usr/local/hbase
> POLICY_MGR_URL=https://sslrangerserver:6182
> 2. Install hbase plugin.
> 3. Execute 'hbase-daemon.sh start master' command.
> error log:
> 2018-04-12 08:38:47,495 ERROR [sslmaster:16000.activeMasterManager] 
> util.PolicyRefresher: PolicyRefresher(serviceName=hbasedev): failed to 
> refresh policies. Will continue to use last known version of policies (-1)
> com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: 
> Unexpected end of file from server
> at 
> com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
> at com.sun.jersey.api.client.Client.handle(Client.java:648)
> at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
> at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
> at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:503)
> at 
> org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:131)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:264)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
> at 
> org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
> at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:170)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1032)
> at 
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.start(RangerAuthorizationCoprocessor.java:1072)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$Environment.startup(CoprocessorHost.java:414)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadInstance(CoprocessorHost.java:255)
> at 
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.loadSystemCoprocessors(CoprocessorHost.java:161)
> at 
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.(MasterCoprocessorHost.java:87)
> at 
> org.apache.hadoop.hbase.master.HMaster.finishActiveMasterInitialization(HMaster.java:721)
> at org.apache.hadoop.hbase.master.HMaster.access$600(HMaster.java:189)
> at org.apache.hadoop.hbase.master.HMaster$2.run(HMaster.java:1803)
> at java.lang.Thread.run(Thread.java:748)
> 
> 4. error reason: the ranger.plugin.hbase.policy.rest.ssl.config.file was set 
> to /etc/hbase/conf/ranger-policymgr-ssl.xml. But the ranger-policymgr-ssl.xml 
> file is located under the /usr/local/hbase/conf path.
> 
> 
> Diffs
> -
> 
>   hbase-agent/conf/ranger-hbase-security-changes.cfg 31505b3 
> 
> 
> Diff: https://reviews.apache.org/r/66600/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66593: RANGER-2066: Hbase column family access is authorized by a tagged column in the column family

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66593/#review201072
---


Ship it!




Ship It!

- pengjianhua


On 四月 13, 2018, 12:41 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66593/
> ---
> 
> (Updated 四月 13, 2018, 12:41 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2066
> https://issues.apache.org/jira/browse/RANGER-2066
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> SCENARIO:
> 
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
> Column emp/prof_data/role is tagged with OFFICIAL tag.
> 
> Create following policies:
> Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> 
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
> 1. Resource: emp/personal_data
> Name / Type: column-family
> Allowed
> Policy allowing: Resource based policy
> 
> 2. Resource: emp/prof_data
> Name / Type: column-family
> Allowed
> Policy allowing: TAG based policy for OFFICIAL tag
> 
> prof_data column-family should be authorized by resource policy.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  4a3a95062 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerTagAccessRequest.java
>  dbdcacd11 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  71c076d03 
>   
> agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json 
> b4941cd19 
>   
> agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
> 11f31e317 
> 
> 
> Diff: https://reviews.apache.org/r/66593/diff/1/
> 
> 
> Testing
> ---
> 
> Developed test case for this scenario. Ran all unit tests successfully
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66581: Supply the function of viewing policy history version.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66581/#review201070
---


Ship it!




Ship It!

- pengjianhua


On 四月 12, 2018, 3:19 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66581/
> ---
> 
> (Updated 四月 12, 2018, 3:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2067
> https://issues.apache.org/jira/browse/RANGER-2067
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Supply the function of viewing policy history version.
> We don't can view the policy history version if without access allowed log.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  1afd92e3d 
> 
> 
> Diff: https://reviews.apache.org/r/66581/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66588: RANGER-2066: Hbase column family access is authorized by a tagged column in the column family

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66588/#review201066
---


Ship it!




Ship It!

- pengjianhua


On 四月 12, 2018, 6:13 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66588/
> ---
> 
> (Updated 四月 12, 2018, 6:13 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2066
> https://issues.apache.org/jira/browse/RANGER-2066
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> SCENARIO:
> 
> Table emp has 2 column families: personal_data(name,SSN,age) ; 
> prof_data(role, manager)
> Column emp/prof_data/role is tagged with OFFICIAL tag.
> 
> Create following policies:
> Resource policy allows Read on all tables, all column-families and all 
> columns and a tag policy allows Read on OFFICIAL tag to test_user.
> 
> When test_user executes "scan 'emp' " command, two audit log records are 
> created:
> 1. Resource: emp/personal_data
> Name / Type: column-family
> Allowed
> Policy allowing: Resource based policy
> 
> 2. Resource: emp/prof_data
> Name / Type: column-family
> Allowed
> Policy allowing: TAG based policy for OFFICIAL tag
> 
> prof_data column-family should be authorized by resource policy.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  83d128061 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  5bce47b43 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultDataMaskPolicyItemEvaluator.java
>  bfdf58163 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  63fc468d8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  312deefed 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultRowFilterPolicyItemEvaluator.java
>  a6cea957c 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  e3cd15462 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
>  be0ab7de1 
>   
> agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
> ef758874a 
> 
> 
> Diff: https://reviews.apache.org/r/66588/diff/1/
> 
> 
> Testing
> ---
> 
> Developed a unit test scenario for testing the case. Used localVM to test 
> hbase plugin.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66389: RANGER-2054:Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66389/#review200337
---


Ship it!




Ship It!

- pengjianhua


On 四月 2, 2018, 7:13 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66389/
> ---
> 
> (Updated 四月 2, 2018, 7:13 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2054
> https://issues.apache.org/jira/browse/RANGER-2054
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> 
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D
> 
> 
> Diffs
> -
> 
>   
> plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
>  0c465b3 
> 
> 
> Diff: https://reviews.apache.org/r/66389/diff/1/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66298: Fix execute sql failure in db_setup.py file of the admin.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66298/#review200032
---


Ship it!




Ship It!

- pengjianhua


On 三月 27, 2018, 6:37 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66298/
> ---
> 
> (Updated 三月 27, 2018, 6:37 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2044
> https://issues.apache.org/jira/browse/RANGER-2044
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix execute sql failure in db_setup.py file.
> The reason is that the contributors copied the code and did not modify the 
> related variables.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/db_setup.py 1689e5d 
> 
> 
> Diff: https://reviews.apache.org/r/66298/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66275: Add hbase policy and click the 'Test Connection' button. Connection Failed.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66275/#review200023
---


Ship it!




Ship It!

- pengjianhua


On 三月 26, 2018, 6:42 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66275/
> ---
> 
> (Updated 三月 26, 2018, 6:42 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2033
> https://issues.apache.org/jira/browse/RANGER-2033
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Clone the lastest code from 
> https://git-wip-us.apache.org/repos/asf/ranger.git. Build the source and 
> install Ranger. Then do as follows:
> 1. Add hbase policy;
> 2. Input right parameter;
> 3. Click the 'Test Connection' button.
> The error information is as follows:
> Unable to retrieve any files using given parameters, You can still save the 
> repository and start creating policies, but you would not be able to use 
> autocomplete for resource names. Check ranger_admin.log for more info.
> 
> java.lang.NoClassDefFoundError: 
> org/apache/hadoop/hbase/ZooKeeperConnectionException.
> org/apache/hadoop/hbase/ZooKeeperConnectionException.
> org.apache.hadoop.hbase.ZooKeeperConnectionException.
> 
> The reason for the error is that the hbase-client-1.2.6.jar file loss under 
> ./ews/webapp/WEB-INF/classes/ranger-plugins/hbase directory.
> 
> 
> Diffs
> -
> 
>   pom.xml 413c23b 
> 
> 
> Diff: https://reviews.apache.org/r/66275/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Ranger SSL Configuration Issues

[pengjianhua]

Please tell me which version you are using. I tested the 0.7.0, 0.7.1, 
1.0.0. There are no problems with these versions. Maybe your 
configuration is wrong.



在 2018年03月25日 04:48, rohit sinha 写道:

*Hello,We have a ranger plugin which works perfectly fine with non-SSL
Ranger but we turn on SSL for Ranger our plugin fails to talk to Ranger
Server because some underlying Ranger classes fail to be initialized. We
see the following error in the logs:2018-03-23 01:34:00,064 - ERROR
[leader-election-election-master.services:o.a.r.p.u.PolicyRefresher@282] -
PolicyRefresher(serviceName=myServicedev): failed to refresh policies. Will
continue to use last known version of policies
(-1)java.lang.IllegalArgumentException: SSLContext must not be null at
com.sun.jersey.client.urlconnection.HTTPSProperties.(HTTPSProperties.java:106)
~[jersey-bundle-1.17.1.jar:1.17.1] at
org.apache.ranger.plugin.util.RangerRESTClient.buildClient(RangerRESTClient.java:200)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.util.RangerRESTClient.getClient(RangerRESTClient.java:175)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.util.RangerRESTClient.getResource(RangerRESTClient.java:155)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.admin.client.RangerAdminRESTClient.createWebResource(RangerAdminRESTClient.java:267)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.admin.client.RangerAdminRESTClient.access$200(RangerAdminRESTClient.java:47)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(RangerAdminRESTClient.java:107)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(RangerAdminRESTClient.java:105)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_112]
at javax.security.auth.Subject.doAs(Subject.java:360) ~[na:1.8.0_112] at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1849)
~[hadoop-common-2.7.3.2.6.4.0-91.jar:na] at
org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:114)
~[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:258)
[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:202)
[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.util.PolicyRefresher.startRefresher(PolicyRefresher.java:149)
[ranger-plugins-common-0.7.0.jar:0.7.0] at
org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:142)
[ranger-plugins-common-0.7.0.jar:0.7.0] at
com.company.myService.security.authorization.ranger.binding.RangerAuthorizer.initialize(RangerAuthorizer.java:90)
[1521768838074-0/:na] at
com.company.myService.security.authorization.AuthorizerInstantiator.createAndInitializeAuthorizerInstance(AuthorizerInstantiator.java:172)
[na:na] at
com.company.myService.security.authorization.AuthorizerInstantiator.get(AuthorizerInstantiator.java:141)
[na:na] at
com.company.myService.security.authorization.DelegatingPrivilegeManager.(DelegatingPrivilegeManager.java:41)
[na:na]  at java.lang.Thread.run(Thread.java:745)
[na:1.8.0_112]From the log, we see that the RangerRestClient fails to be
built because SSLContext is null. Looking into the code of these Ranger
classes we suspect this is because the TrustManger list being returned from
here is
null.https://github.com/apache/ranger/blob/4370b6b135ca5288bf25bd6f7a353b9699821099/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L308
To
the best of our understanding all our configurations looks good. We also
checked we are picking up the ranger-myService-policymgr-ssl.xml correctly.
We were able to load it from the classloader and print it. Following is our
configurations:master.services:c.c.c.s.a.r.b.RangerAuthorizer@96] - http://www.w3.org/2001/XInclude
">
xasecure.policymgr.clientssl.keystore

/usr/local/ranger-myService-conf/ranger-plugin-keystore.jks
Java Keystore files

xasecure.policymgr.clientssl.keystore.password
myKeyFilePassword
password for keystore

xasecure.policymgr.clientssl.truststore

/usr/local/ranger-myService-conf/ranger-plugin-truststore.jks
java truststore file

xasecure.policymgr.clientssl.truststore.password
 

Re: Review Request 66079: RANGER-1808:Write unit test for RANGER-1672 kylin plugin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66079/#review199310
---


Ship it!




Ship It!

- pengjianhua


On 三月 15, 2018, 6:55 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66079/
> ---
> 
> (Updated 三月 15, 2018, 6:55 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1808
> https://issues.apache.org/jira/browse/RANGER-1808
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Write unit test for RANGER-1672 kylin plugin
> 
> 
> Diffs
> -
> 
>   plugin-kylin/pom.xml bfce4c1 
>   
> plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
>  PRE-CREATION 
>   
> plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizerTest.java
>  PRE-CREATION 
>   plugin-kylin/src/test/resources/applicationContext.xml PRE-CREATION 
>   plugin-kylin/src/test/resources/kylin-policies.json PRE-CREATION 
>   plugin-kylin/src/test/resources/kylin.properties PRE-CREATION 
>   plugin-kylin/src/test/resources/kylinSecurity.xml PRE-CREATION 
>   plugin-kylin/src/test/resources/log4j.properties PRE-CREATION 
>   plugin-kylin/src/test/resources/ranger-kylin-security.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66079/diff/1/
> 
> 
> Testing
> ---
> 
> Test
> 1.eclipse->Run as->Junit Test
> 2.mvn test
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 61021: RANGER-1672:Ranger supports plugin to enable, monitor and manage apache kylin

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61021/#review198863
---


Ship it!




I verify the issue. It's run right in my environment. Because of the large 
number of codes, I merged it to avoid code conflicts due to different developer 
submissions. Thanks.

- pengjianhua


On 三月 5, 2018, 8:23 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61021/
> ---
> 
> (Updated 三月 5, 2018, 8:23 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1672
> https://issues.apache.org/jira/browse/RANGER-1672
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger supports plugin to enable, monitor and manage apache kylin
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh 7033f79 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  899bcac 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 6ba42d4 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> PRE-CREATION 
>   plugin-kylin/.gitignore PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-kylin/pom.xml PRE-CREATION 
>   plugin-kylin/scripts/install.properties PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/RangerServiceKylin.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinResourceMgr.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinProjectResponse.java
>  PRE-CREATION 
>   pom.xml 08593aa 
>   ranger-kylin-plugin-shim/.gitignore PRE-CREATION 
>   ranger-kylin-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-kylin-plugin-shim/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 29d728a 
>   src/main/assembly/plugin-kylin.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/61021/diff/4/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 65894: Remove invalid packages and import commands package to installer to fixed RANGER-1469 defect.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65894/#review198606
---


Ship it!




Ship It!

- pengjianhua


On 三月 4, 2018, 2:56 p.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65894/
> ---
> 
> (Updated 三月 4, 2018, 2:56 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2005
> https://issues.apache.org/jira/browse/RANGER-2005
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Remove invalid packages and import commands package to installer to fixed 
> RANGER-1469 defect.
> 
> Some imported pakcages are not used.
> Some packages are imported repeatedly.
> The commands package is missing in usersync installer when merged the 
> RANGER-1469.
> 
> I built, installed and carefully tested this issue after installed.
> 
> 
> Diffs
> -
> 
>   unixauthservice/scripts/setup.py 3fd0dd9 
> 
> 
> Diff: https://reviews.apache.org/r/65894/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 65858: RANGER-2001:Similar to RANGER-1469, we should check whether the user or group has existed before the installer create a new user or group when user install usersync

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65858/#review198493
---


Ship it!




Ship It!

- pengjianhua


On 三月 1, 2018, 7:06 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65858/
> ---
> 
> (Updated 三月 1, 2018, 7:06 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2001
> https://issues.apache.org/jira/browse/RANGER-2001
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Similar to RANGER-1469, we should check whether the user or group has existed 
> before the installer create a new user or group when user install usersync
> 
> 
> Diffs
> -
> 
>   unixauthservice/scripts/setup.py 5ae9123 
> 
> 
> Diff: https://reviews.apache.org/r/65858/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 65709: RANGER-1987 - Upgrade to Storm 1.2.0

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65709/#review198251
---


Ship it!




Ship It!

- pengjianhua


On 二月 19, 2018, 4:21 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65709/
> ---
> 
> (Updated 二月 19, 2018, 4:21 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1987
> https://issues.apache.org/jira/browse/RANGER-1987
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We should upgrade to the recently release Apache Storm 1.2.0. No code changes 
> are required.
> 
> 
> Diffs
> -
> 
>   pom.xml fa1d1c7b 
> 
> 
> Diff: https://reviews.apache.org/r/65709/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Ranger with Storm 1.2.0.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Prep for ranger-1.0.0 release

[pengjianhua]

I agree with Colm's point of view. Zhangqiang am developing this issue 
to upgrade Kafka whichwas delayed due to our Spring Festival.


I also hope to merge the Apacke Kylin Plugin into the ranger 1.0.0. the 
2.3.0 version of the Apache kylin is being voted. The Apacke Kylin 
Plugin of the ranger has been successfully applied in some business 
projects.




Jianhua Peng

在 2018年02月23日 17:36, Colm O hEigeartaigh 写道:

+1. It would be nice to get the Kafka upgrade in if possible, as currently
we support a very old version of Kafka.

Colm.

On Fri, Feb 23, 2018 at 9:00 AM, Jianhua Peng 
wrote:


+1

On 2018/02/23 01:34:36, Sailaja Polavarapu 
wrote:

Rangers:
As we are planning to do a release of ranger 1.0.0 soon (tentatively

3/15/2018), I would like to create a branch ranger-1.0.0 for stabilizing
the release. All of the fixes should go into the master which will track
for our next major release and if needed will get cherry-picked into
ranger-1.0.0 release.

I am volunteering to be the release manager for ranger 1.0.0 release.

Based on the discussion, current plan is to make the ranger 1.0.0 release
with Hadoop 2.7.x (not Hadoop 3) and Atlas 0.8.2 as dependencies.

Please let me know if any of you have any concerns and/or suggestions on

the release process.

Thanks,
Sailaja.

Re: Review Request 65599: RANGER-1976: Upgrade Apache POI to 3.15

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65599/#review197356
---


Ship it!




Ship It!

- pengjianhua


On 二月 12, 2018, 8:58 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65599/
> ---
> 
> (Updated 二月 12, 2018, 8:58 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Mehul 
> Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1976
> https://issues.apache.org/jira/browse/RANGER-1976
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Change Apache POI version from 3.12 to 3.15
> 
> 
> Diffs
> -
> 
>   pom.xml 69e042f 
> 
> 
> Diff: https://reviews.apache.org/r/65599/diff/1/
> 
> 
> Testing
> ---
> 
> Steps performed for Ranger-admin(with patch):
> 1. Created Build with patch and untar the build.
> 2. Opened install.properties and provided db configuration in 
> install.properties
> 3. Called setup.sh
> 
> 
> **Expected Behavior:**
> Ranger-admin installation should finish successfully and File poi-3.17.jar 
> should be available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/poi-3.17.jar
> 
> 
> **Actual Behavior:**
> Ranger-admin Installation finished successfully and File poi-3.17.jar was 
> available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/poi-3.17.jar
> 
> 
> User, Group, Service and Policy creation is working successfully.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 65604: RANGER-1977: Upgrade Apache commons-beanutils to 1.9.3

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65604/#review197354
---


Ship it!




Ship It!

- pengjianhua


On 二月 12, 2018, 11:31 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65604/
> ---
> 
> (Updated 二月 12, 2018, 11:31 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Mehul 
> Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1977
> https://issues.apache.org/jira/browse/RANGER-1977
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade Apache commons-beanutils to 1.9.3
> 
> 
> Diffs
> -
> 
>   pom.xml 69e042f 
>   security-admin/pom.xml 48fff2e 
>   src/main/assembly/kms.xml 120ee00 
> 
> 
> Diff: https://reviews.apache.org/r/65604/diff/1/
> 
> 
> Testing
> ---
> 
> Steps performed for Ranger-admin(with patch):
> 1. Created Build with patch and untar the build.
> 2. Opened install.properties and provided db configuration in 
> install.properties
> 3. Called setup.sh
> 
> 
> **Expected Behavior:**
> Ranger-admin installation should finish successfully and File 
> commons-beanutils-1.9.3.jar should be available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/commons-beanutils-1.9.3.jar
> 
> 
> **Actual Behavior:**
> Ranger-admin Installation finished successfully and File 
> commons-beanutils-1.9.3.jar was available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/commons-beanutils-1.9.3.jar
> 
> 
> User, Group, Service and Policy creation is working successfully.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 65605: RANGER-1979: Upgrade Spring-LDAP to 2.3.2

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65605/#review197353
---


Ship it!




Ship It!

- pengjianhua


On 二月 12, 2018, 12:13 p.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65605/
> ---
> 
> (Updated 二月 12, 2018, 12:13 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Mehul 
> Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1979
> https://issues.apache.org/jira/browse/RANGER-1979
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade Spring-LDAP to 2.3.2
> 
> 
> Diffs
> -
> 
>   pom.xml 69e042f 
> 
> 
> Diff: https://reviews.apache.org/r/65605/diff/1/
> 
> 
> Testing
> ---
> 
> Steps performed for Ranger-admin(with patch):
> 1. Created Build with patch and untar the build.
> 2. Opened install.properties and provided db configuration in 
> install.properties
> 3. Called setup.sh
> 
> **Expected Behavior:**
> Ranger-admin installation should finish successfully and File 
> spring-ldap-core-2.3.2.RELEASE.jar should be available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/spring-ldap-core-2.3.2.RELEASE.jar
> 
> **Actual Behavior:**
> Ranger-admin Installation finished successfully and File 
> spring-ldap-core-2.3.2.RELEASE.jar was available in location: 
> ranger-1.0.0-SNAPSHOT-admin/ews/webapp/WEB-INF/lib/spring-ldap-core-2.3.2.RELEASE.jar
> 
> **Note:**
> User, Group, Service and Policy creation is working successfully.
> Ldap user sync and Ldap Authentication is working successfully.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 65387: RANGER-1965 - Prevent NPE on decrypting a null password

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65387/#review196506
---


Ship it!




Ship It!

- pengjianhua


On 一月 29, 2018, 4:19 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65387/
> ---
> 
> (Updated 一月 29, 2018, 4:19 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1965
> https://issues.apache.org/jira/browse/RANGER-1965
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> If no password is specified, the logs show a NPE:
> 
> java.lang.NullPointerException
> at com.sun.jersey.core.util.Base64.decode(Base64.java:324)
> at 
> org.apache.ranger.plugin.util.PasswordUtils.decrypt(PasswordUtils.java:126)
> at 
> org.apache.ranger.plugin.util.PasswordUtils.decryptPassword(PasswordUtils.java:120)
> at org.apache.ranger.plugin.client.BaseClient.login(BaseClient.java:108)
> at org.apache.ranger.plugin.client.BaseClient.(BaseClient.java:61)
> at 
> org.apache.ranger.services.sqoop.client.SqoopClient.(SqoopClient.java:74)
> at 
> org.apache.ranger.services.sqoop.client.SqoopClient.getSqoopClient(SqoopClient.java:357)
> at 
> org.apache.ranger.services.sqoop.client.SqoopClient.connectionTest(SqoopClient.java:321)
> 
> Instead, we should only try to decrypt the password if it's not null.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java 
> cb170c2c 
> 
> 
> Diff: https://reviews.apache.org/r/65387/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63659: The exception infomation print error for RangerPolicyServiceBase.java

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63659/#review194502
---


Ship it!




Ship It!

- pengjianhua


On 十一月 8, 2017, 8:29 a.m., wang yuan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63659/
> ---
> 
> (Updated 十一月 8, 2017, 8:29 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1878
> https://issues.apache.org/jira/browse/RANGER-1878
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The exception infomation print error for RangerPolicyServiceBase.java?
> 
> {code:title=RangerPolicyServiceBase.java|borderStyle=solid}
> 
> @Override
>   protected T mapViewToEntityBean(V vObj, T xObj, int OPERATION_CONTEXT) {
>   ... ..
>   XXService xService = 
> daoMgr.getXXService().findByName(vObj.getService());
>   if (xService == null) {
>   throw restErrorUtil.createRESTException("No 
> corresponding service found for policyName: " + vObj.getName()
>   + "Service Not Found : " + 
> vObj.getName(), MessageEnums.INVALID_INPUT_DATA);
>... ...
>//should be:"Service Not Found : " + vObj.getService(), 
>   }
> {code}
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
>  0195c72a 
> 
> 
> Diff: https://reviews.apache.org/r/63659/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> wang yuan
> 
>

Review Request 64764: RANGER-1941:Use already defined methods and optimized log printing in RangerScriptExecutionContext class

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64764/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1941
https://issues.apache.org/jira/browse/RANGER-1941


Repository: ranger


Description
---

We have defined the method of log printing in the RangerScriptExecutionContext 
class. Why not use these methods in this class, use the defined method logDebug 
logError instead of LOG.debug and LOG.error to keep the code style and optimize 
the log printing.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
 0c8df41 


Diff: https://reviews.apache.org/r/64764/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 64723: Ranger tagsync should process ENTITY_CREATE notification, to support Atlas import feature

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64723/#review194289
---


Ship it!




Ship It!

- pengjianhua


On 十二月 19, 2017, 9:07 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64723/
> ---
> 
> (Updated 十二月 19, 2017, 9:07 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1937
> https://issues.apache.org/jira/browse/RANGER-1937
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently Ranger tagsync ignores ENTITY_CREATE notifications from Atlas, as 
> no tags would be associated with the newly created entity. However, when an 
> entity is created in Atlas via import, tags could be associated with the 
> entity. To not miss the tags associated with the entities, Ranger tagsync 
> should be updated to process ENTITY_CREATE notifications as well.
> 
> 
> Diffs
> -
> 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
>  f42c908 
> 
> 
> Diff: https://reviews.apache.org/r/64723/diff/1/
> 
> 
> Testing
> ---
> 
> Unit test run successful
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 64634: RANGER-1929:The ranger should support the View policy.

[pengjianhua]

> On 十二月 19, 2017, 11:14 a.m., Colm O hEigeartaigh wrote:
> > Looks good thanks, but please see Vel's comments on the JIRA.

Ok. I had fixed it according to Vel's comments. Please get it from 
https://reviews.apache.org/r/64634/diff/5/. Thanks.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/#review194135
---


On 十二月 20, 2017, 6:23 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64634/
> ---
> 
> (Updated 十二月 20, 2017, 6:23 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1929
> https://issues.apache.org/jira/browse/RANGER-1929
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently we can only edit the policy without viewing the policy. We must use 
> editing funtion of policy when only need to query the detail for policy. So 
> we should supply the function of the query detail for policy.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> b8de5c3ba 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js
>  PRE-CREATION 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
> PRE-CREATION 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  09e2e1669 
>   security-admin/src/main/webapp/styles/xa.css 22eedf644 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/64634/diff/5/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 64634: RANGER-1929:The ranger should support the View policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

(Updated 十二月 20, 2017, 6:23 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description
---

Currently we can only edit the policy without viewing the policy. We must use 
editing funtion of policy when only need to query the detail for policy. So we 
should supply the function of the query detail for policy.


Diffs (updated)
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3ba 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e1669 
  security-admin/src/main/webapp/styles/xa.css 22eedf644 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/5/

Changes: https://reviews.apache.org/r/64634/diff/4-5/


Testing
---


Thanks,

pengjianhua

Re: Review Request 64677: RANGER-1934:Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException

[pengjianhua]

> On 十二月 19, 2017, 11:53 a.m., Colm O hEigeartaigh wrote:
> > Better to have "!tokens.isEmpty()" than "tokens.size() > 0". Also, the 
> > indentation inside the if statement is wrong "if (providerName == null) {".

Hi, I has updated the patch .thanks.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64677/#review194136
-------


On 十二月 20, 2017, 5:54 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64677/
> ---
> 
> (Updated 十二月 20, 2017, 5:54 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1934
> https://issues.apache.org/jira/browse/RANGER-1934
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Optimize the init method in BaseAuditHandler class to avoid 
> ArrayIndexOutOfBoundsException
> The follow in the init method "   List tokens = 
> MiscUtil.toArray(propPrefix, ".");
> String finalToken = tokens.get(tokens.size() - 1);".
> in the init method we should add " if (tokens.size() > 1)" to avoid 
> ArrayIndexOutOfBoundsException.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
>  b095000 
> 
> 
> Diff: https://reviews.apache.org/r/64677/diff/3/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 64677: RANGER-1934:Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64677/
---

(Updated 十二月 20, 2017, 5:54 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1934
https://issues.apache.org/jira/browse/RANGER-1934


Repository: ranger


Description
---

Optimize the init method in BaseAuditHandler class to avoid 
ArrayIndexOutOfBoundsException
The follow in the init method " List tokens = 
MiscUtil.toArray(propPrefix, ".");
String finalToken = tokens.get(tokens.size() - 1);".
in the init method we should add " if (tokens.size() > 1)" to avoid 
ArrayIndexOutOfBoundsException.


Diffs (updated)
-

  
agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
 b095000 


Diff: https://reviews.apache.org/r/64677/diff/3/

Changes: https://reviews.apache.org/r/64677/diff/2-3/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 64634: RANGER-1929:The ranger should support the View policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

(Updated 十二月 20, 2017, 3:19 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Summary (updated)
-

RANGER-1929:The ranger should support  the View policy.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description (updated)
---

Currently we can only edit the policy without viewing the policy. We must use 
editing funtion of policy when only need to query the detail for policy. So we 
should supply the function of the query detail for policy.


Diffs
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3b 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e166 
  security-admin/src/main/webapp/styles/xa.css 22eedf64 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/4/


Testing
---


Thanks,

pengjianhua

Re: Review Request 64634: RANGER-1929:The ranger should support preview policy.

[pengjianhua]

> On 十二月 18, 2017, 4:20 p.m., Colm O hEigeartaigh wrote:
> > Looks pretty good to me. Could you remove the whitespace errors from the 
> > patch?

Ok. I had fixed it. Please get it from 
https://reviews.apache.org/r/64634/diff/4/. Thanks.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/#review194076
---


On 十二月 19, 2017, 9:16 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64634/
> ---
> 
> (Updated 十二月 19, 2017, 9:16 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1929
> https://issues.apache.org/jira/browse/RANGER-1929
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently we can only edit the policy without previewing the policy. We must 
> use editing funtion of policy when only need to query the detail for policy. 
> So we should supply the function of the query detail for policy.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> b8de5c3b 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js
>  PRE-CREATION 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
> PRE-CREATION 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  09e2e166 
>   security-admin/src/main/webapp/styles/xa.css 22eedf64 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
>  PRE-CREATION 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/64634/diff/4/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 64634: RANGER-1929:The ranger should support preview policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

(Updated 十二月 19, 2017, 9:16 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description
---

Currently we can only edit the policy without previewing the policy. We must 
use editing funtion of policy when only need to query the detail for policy. So 
we should supply the function of the query detail for policy.


Diffs (updated)
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3b 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e166 
  security-admin/src/main/webapp/styles/xa.css 22eedf64 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/4/

Changes: https://reviews.apache.org/r/64634/diff/3-4/


Testing
---


Thanks,

pengjianhua

Re: Review Request 64634: RANGER-1929:The ranger should support preview policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

(Updated 十二月 19, 2017, 6:17 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description
---

Currently we can only edit the policy without previewing the policy. We must 
use editing funtion of policy when only need to query the detail for policy. So 
we should supply the function of the query detail for policy.


Diffs (updated)
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3b 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e166 
  security-admin/src/main/webapp/styles/xa.css 22eedf64 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/3/

Changes: https://reviews.apache.org/r/64634/diff/2-3/


Testing
---


Thanks,

pengjianhua

Re: Review Request 64677: RANGER-1934:Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException

[pengjianhua]

> On 十二月 19, 2017, 12:55 a.m., Qiang Zhang wrote:
> > agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
> > Lines 93 (patched)
> > <https://reviews.apache.org/r/64677/diff/1/?file=1919532#file1919532line93>
> >
> > Please modify tokens.size() > 1 to tokens.size() > 0

Ok, I had updated the patch ,please review again.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64677/#review194105
-------


On 十二月 18, 2017, 7:47 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64677/
> ---
> 
> (Updated 十二月 18, 2017, 7:47 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1934
> https://issues.apache.org/jira/browse/RANGER-1934
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Optimize the init method in BaseAuditHandler class to avoid 
> ArrayIndexOutOfBoundsException
> The follow in the init method "   List tokens = 
> MiscUtil.toArray(propPrefix, ".");
> String finalToken = tokens.get(tokens.size() - 1);".
> in the init method we should add " if (tokens.size() > 1)" to avoid 
> ArrayIndexOutOfBoundsException.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
>  b095000 
> 
> 
> Diff: https://reviews.apache.org/r/64677/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 64677: RANGER-1934:Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException

[pengjianhua]

> On 十二月 18, 2017, 10:05 a.m., Qiang Zhang wrote:
> > agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
> > Lines 95-99 (original), 96-100 (patched)
> > <https://reviews.apache.org/r/64677/diff/1/?file=1919532#file1919532line96>
> >
> > They should not be included the following code segment.
> > if (tokens.size() > 1)

Hi,if (providerName == null),the following code not needed to execute if 
(providerName == null) {
List tokens = MiscUtil.toArray(propPrefix, ".");
if (tokens.size() > 0) {
String finalToken = tokens.get(tokens.size() - 1);
setName(finalToken);
LOG.info("Using providerName from property 
prefix. providerName="
+ getName());
}
}
 Because the follow code had executed before above code segment:
"String name = MiscUtil.getStringProperty(props, 
basePropertyName + "."
+ PROP_NAME);
if (name != null && !name.isEmpty()) {
setName(name);
}"
  " public void setName(String name) {
providerName = name;
}"
 So. add the following code segment."if (tokens.size() > 1)" is better


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64677/#review194054
---


On 十二月 18, 2017, 7:47 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64677/
> ---
> 
> (Updated 十二月 18, 2017, 7:47 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1934
> https://issues.apache.org/jira/browse/RANGER-1934
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Optimize the init method in BaseAuditHandler class to avoid 
> ArrayIndexOutOfBoundsException
> The follow in the init method "   List tokens = 
> MiscUtil.toArray(propPrefix, ".");
> String finalToken = tokens.get(tokens.size() - 1);".
> in the init method we should add " if (tokens.size() > 1)" to avoid 
> ArrayIndexOutOfBoundsException.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
>  b095000 
> 
> 
> Diff: https://reviews.apache.org/r/64677/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63756: RANGER-1738 - RangerYarnAuthorizer not compatible with Hadoop-3.0.0

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63756/#review194049
---



This is a good idea.
+1

- pengjianhua


On 十一月 13, 2017, 2:55 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63756/
> ---
> 
> (Updated 十一月 13, 2017, 2:55 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1738
> https://issues.apache.org/jira/browse/RANGER-1738
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> A patch for this issue. I introduced a new plugin for Yarn with Hadoop 3.0.0, 
> which simply extends the 2.x plugin with the new methods. A new plugin shim 
> is also included.
> 
> 
> Diffs
> -
> 
>   plugin-yarn3/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-yarn3/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-yarn3/conf/ranger-yarn-audit-changes.cfg PRE-CREATION 
>   plugin-yarn3/conf/ranger-yarn-audit.xml PRE-CREATION 
>   plugin-yarn3/conf/ranger-yarn-security-changes.cfg PRE-CREATION 
>   plugin-yarn3/conf/ranger-yarn-security.xml PRE-CREATION 
>   plugin-yarn3/conf/yarn-site-changes.cfg PRE-CREATION 
>   plugin-yarn3/disable-conf/yarn-site-changes.cfg PRE-CREATION 
>   plugin-yarn3/pom.xml PRE-CREATION 
>   plugin-yarn3/scripts/install.properties PRE-CREATION 
>   
> plugin-yarn3/src/main/java/org/apache/ranger/authorization/yarn3/authorizer/RangerYarnAuthorizer.java
>  PRE-CREATION 
>   pom.xml 589cd6ac 
>   ranger-yarn3-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-yarn3-plugin-shim/src/main/java/org/apache/ranger/authorization/yarn3/authorizer/RangerYarnAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/plugin-yarn3.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/63756/diff/1/
> 
> 
> Testing
> ---
> 
> Tested installing the new plugin and checking that authorization works 
> correctly.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64640: RANGER-1932:After create the service of yarndev, the policy named 'all-queue' created for the default user should have all the permissions.However, this policy does't take e

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64640/#review194048
---


Ship it!




Ship It!

- pengjianhua


On 十二月 15, 2017, 5:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64640/
> ---
> 
> (Updated 十二月 15, 2017, 5:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1932
> https://issues.apache.org/jira/browse/RANGER-1932
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Steps:
> 1.Create service named yarndev and userName is xiehh
> 2.The Queue of the default policy for user xiehh is '.*'
> 3.Using xiehh to execute the command line 'hadoop jar 
> /home/xiehh/hadoop-2.7.1/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.1.jar
>  wordcount -Dmapreduce.job.queuename=default /input /output/mr'
> Exceptions are as follows:
>   [xiehh@zdh41 hadoop-2.7.1]$ hadoop jar 
> /home/xiehh/hadoop-2.7.1/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.7.1.jar
>  wordcount -Dmapreduce.job.queuename=default /input /output/mr
> 17/12/15 10:53:27 WARN util.NativeCodeLoader: Unable to load native-hadoop 
> library for your platform... using builtin-java classes where applicable
> 17/12/15 10:53:28 INFO client.RMProxy: Connecting to ResourceManager at 
> /0.0.0.0:8032
> 17/12/15 10:53:28 INFO input.FileInputFormat: Total input paths to process : 1
> 17/12/15 10:53:28 INFO mapreduce.JobSubmitter: number of splits:1
> 17/12/15 10:53:29 INFO mapreduce.JobSubmitter: Submitting tokens for job: 
> job_1513238905285_0005
> 17/12/15 10:53:44 INFO mapreduce.JobSubmitter: Cleaning up the staging area 
> /tmp/hadoop-yarn/staging/xiehh/.staging/job_1513238905285_0005
> java.io.IOException: org.apache.hadoop.yarn.exceptions.YarnException: Failed 
> to submit application_1513238905285_0005 to YARN : 
> org.apache.hadoop.security.AccessControlException: User xiehh cannot submit 
> applications to queue root.default
>   at org.apache.hadoop.mapred.YARNRunner.submitJob(YARNRunner.java:306)
>   at 
> org.apache.hadoop.mapreduce.JobSubmitter.submitJobInternal(JobSubmitter.java:240)
>   at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1290)
>   at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1287)
>   at java.security.AccessController.doPrivileged(Native Method)
>   at javax.security.auth.Subject.doAs(Subject.java:415)
>   at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>   at org.apache.hadoop.mapreduce.Job.submit(Job.java:1287)
>   at org.apache.hadoop.mapreduce.Job.waitForCompletion(Job.java:1308)
>   at org.apache.hadoop.examples.WordCount.main(WordCount.java:87)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:606)
>   at 
> org.apache.hadoop.util.ProgramDriver$ProgramDescription.invoke(ProgramDriver.java:71)
>   at org.apache.hadoop.util.ProgramDriver.run(ProgramDriver.java:144)
>   at org.apache.hadoop.examples.ExampleDriver.main(ExampleDriver.java:74)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:606)
>   at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
>   at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
> Caused by: org.apache.hadoop.yarn.exceptions.YarnException: Failed to submit 
> application_1513238905285_0005 to YARN : 
> org.apache.hadoop.security.AccessControlException: User xiehh cannot submit 
> applications to queue root.default
>   at 
> org.apache.hadoop.yarn.client.api.impl.YarnClientImpl.submitApplication(YarnClientImpl.java:270)
>   at 
> org.apache.hadoop.mapred.ResourceMgrDelegate.submitApplication(ResourceMgrDelegate.java:290)
>   at org.apache.hadoop.mapred.YARNRunner.submitJob(YARNRunner.java:290)
>   ... 22 more
> The user xiehh d

Review Request 64677: RANGER-1934:Optimize the init method in BaseAuditHandler class to avoid ArrayIndexOutOfBoundsException

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64677/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1934
https://issues.apache.org/jira/browse/RANGER-1934


Repository: ranger


Description
---

Optimize the init method in BaseAuditHandler class to avoid 
ArrayIndexOutOfBoundsException
The follow in the init method " List tokens = 
MiscUtil.toArray(propPrefix, ".");
String finalToken = tokens.get(tokens.size() - 1);".
in the init method we should add " if (tokens.size() > 1)" to avoid 
ArrayIndexOutOfBoundsException.


Diffs
-

  
agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
 b095000 


Diff: https://reviews.apache.org/r/64677/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 64634: RANGER-1929:The ranger should support preview policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

(Updated 十二月 15, 2017, 1:23 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description
---

Currently we can only edit the policy without previewing the policy. We must 
use editing funtion of policy when only need to query the detail for policy. So 
we should supply the function of the query detail for policy.


Diffs (updated)
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3b 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e166 
  security-admin/src/main/webapp/styles/xa.css 22eedf64 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/2/

Changes: https://reviews.apache.org/r/64634/diff/1-2/


Testing
---


Thanks,

pengjianhua

Review Request 64634: RANGER-1929:The ranger should support preview policy.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64634/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1929
https://issues.apache.org/jira/browse/RANGER-1929


Repository: ranger


Description
---

Currently we can only edit the policy without previewing the policy. We must 
use editing funtion of policy when only need to query the detail for policy. So 
we should supply the function of the query detail for policy.


Diffs
-

  security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
b8de5c3b 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyConditions.js 
PRE-CREATION 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
PRE-CREATION 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 09e2e166 
  security-admin/src/main/webapp/styles/xa.css 22eedf64 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyConditions_tmpl.html
 PRE-CREATION 
  
security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html 
PRE-CREATION 


Diff: https://reviews.apache.org/r/64634/diff/1/


Testing
---


Thanks,

pengjianhua

Re: Review Request 64525: RANGER-1924:Simplify ranger-hdfs plugin remove gson.jar in ranger/src/main/assembly/hdfs-agent.xml

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64525/
---

(Updated 十二月 13, 2017, 1:49 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1924
https://issues.apache.org/jira/browse/RANGER-1924


Repository: ranger


Description (updated)
---

Simplify ranger-hdfs plugin remove gson.jar in 
ranger/src/main/assembly/hdfs-agent.xml and  ranger/hdfs-agent/pom.xml
and Simplify ranger-hive plugin remove gson.jar in 
ranger/src/main/assembly/hive-agent.xml and  ranger/hive-agent/pom.xml
Description:
Remove com.google.code.gson:gson* in 
ranger/src/main/assembly/hdfs-agent.xml
Remove com.google.code.gson:gson* in 
ranger/src/main/assembly/hive-agent.xml
Remove  " 
 com.google.code.gson
gson
 " from ranger/hdfs-agent/pom.xml and 
ranger/hive-agent/pom.xml

Reason:
1.Hadoop already has gson.jar removed from gson.jar to prevent conflicts 
2.Observing ranger-yarn plugin has also removed gson.jar in 
ranger/src/main/assembly/plugin-yarn.xml.
3.Hive already has gson.jar removed from gson.jar to prevent conflicts 

Result: the ranger-hdfs plugin also works fine after removing gson.jar.
  the ranger-hive plugin also works fine after removing gson.jar


Diffs
-

  hdfs-agent/pom.xml 0b6773d 
  hive-agent/pom.xml c195443 
  src/main/assembly/hdfs-agent.xml 5279a9a 
  src/main/assembly/hive-agent.xml ca65c80 


Diff: https://reviews.apache.org/r/64525/diff/2/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 64525: RANGER-1924:Simplify ranger-hdfs plugin remove gson.jar in ranger/src/main/assembly/hdfs-agent.xml

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64525/
---

(Updated 十二月 13, 2017, 1:43 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1924
https://issues.apache.org/jira/browse/RANGER-1924


Repository: ranger


Description
---

Simplify ranger-hdfs plugin remove gson.jar in 
ranger/src/main/assembly/hdfs-agent.xml 
Description:
Remove com.google.code.gson:gson* in 
ranger/src/main/assembly/hdfs-agent.xml
Reason:
1.Hadoop already has gson.jar removed from gson.jar to prevent conflicts 
2.Observing ranger-yarn plugin has also removed gson.jar in 
ranger/src/main/assembly/plugin-yarn.xml.
Result: the ranger-hdfs plugin also works fine after removing gson.jar.


Diffs (updated)
-

  hdfs-agent/pom.xml 0b6773d 
  hive-agent/pom.xml c195443 
  src/main/assembly/hdfs-agent.xml 5279a9a 
  src/main/assembly/hive-agent.xml ca65c80 


Diff: https://reviews.apache.org/r/64525/diff/2/

Changes: https://reviews.apache.org/r/64525/diff/1-2/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 64529: RANGER-1925:Remove invalid code from plugin script.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64529/#review193520
---


Ship it!




Ship It!

- pengjianhua


On 十二月 12, 2017, 9:29 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64529/
> ---
> 
> (Updated 十二月 12, 2017, 9:29 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1925
> https://issues.apache.org/jira/browse/RANGER-1925
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Some codes were copied to plugin script from other file. They are invalid, we 
> should remove them.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d77e4f9e 
>   plugin-kms/scripts/enable-kms-plugin.sh 9180b57 
> 
> 
> Diff: https://reviews.apache.org/r/64529/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 64409: RANGER-1920 - Remove SOLR dependencies from the KMS service + plugins

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64409/#review193519
---


Ship it!




Ship It!

- pengjianhua


On 十二月 7, 2017, 12:40 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64409/
> ---
> 
> (Updated 十二月 7, 2017, 12:40 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1920
> https://issues.apache.org/jira/browse/RANGER-1920
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The SOLR dependencies are not required in the KMS service, or the KMS 
> plugins, as the jar is instead on the classpath via plugins-audit.
> 
> 
> Diffs
> -
> 
>   kms/pom.xml bc0d96f7 
>   plugin-kms/pom.xml 344940aa 
>   ranger-kms-plugin-shim/pom.xml 10473707 
> 
> 
> Diff: https://reviews.apache.org/r/64409/diff/1/
> 
> 
> Testing
> ---
> 
> Tested SOLR auditing works fine with the KMS Service.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64500: RANGER-1923 - Simplify Hive dependencies

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64500/#review193518
---


Ship it!




Ship It!

- pengjianhua


On 十二月 11, 2017, 11:36 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64500/
> ---
> 
> (Updated 十二月 11, 2017, 11:36 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1923
> https://issues.apache.org/jira/browse/RANGER-1923
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to simplify the Hive plugin dependencies. The plugin itself has 
> a dependency on the Hadoop HDFS jar that is not required, similarly the Shim 
> has some dependencies on other Hadoop jars.
> 
> With Hive, we pick up the relevant jars from the Hadoop distribution, so 
> Ranger does not have to ship any Hadoop jars.
> 
> No changes are made to the jars shipped in the plugin distribution.
> 
> 
> Diffs
> -
> 
>   hive-agent/pom.xml 7d54a4dc 
>   ranger-hive-plugin-shim/pom.xml 87330cef 
> 
> 
> Diff: https://reviews.apache.org/r/64500/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64447: RANGER-1922 - Simplify HBase dependencies

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64447/#review193517
---


Ship it!




Ship It!

- pengjianhua


On 十二月 8, 2017, 12:38 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64447/
> ---
> 
> (Updated 十二月 8, 2017, 12:38 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1922
> https://issues.apache.org/jira/browse/RANGER-1922
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Description
> 
> This task is to simplify the HBase dependencies:
> 
> a) We don't need to specify the Solr jar as it gets picked up from the audit 
> module.
> b) We don't need to specify the HDFS jar as we don't bundle it in the 
> distribution - the jar is picked up from HBase itself.
> c) The 2.7.1 Hadoop dependencies in the HBase pom should be removed - instead 
> we should just pick up the Hadoop dependencies required for testing from the 
> Hadoop version that ships with HBase.
> 
> This work means that the HBase module compiles + tests work correctly when we 
> upgrade to Hadoop 3.0.0.
> 
> 
> Diffs
> -
> 
>   hbase-agent/pom.xml 19cc905e 
>   ranger-hbase-plugin-shim/pom.xml e0e27a7c 
> 
> 
> Diff: https://reviews.apache.org/r/64447/diff/1/
> 
> 
> Testing
> ---
> 
> Tested HDFS + Solr auditing still works as expected with the plugin.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Review Request 64525: RANGER-1924:Simplify ranger-hdfs plugin remove gson.jar in ranger/src/main/assembly/hdfs-agent.xml

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64525/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1924
https://issues.apache.org/jira/browse/RANGER-1924


Repository: ranger


Description
---

Simplify ranger-hdfs plugin remove gson.jar in 
ranger/src/main/assembly/hdfs-agent.xml 
Description:
Remove com.google.code.gson:gson* in 
ranger/src/main/assembly/hdfs-agent.xml
Reason:
1.Hadoop already has gson.jar removed from gson.jar to prevent conflicts 
2.Observing ranger-yarn plugin has also removed gson.jar in 
ranger/src/main/assembly/plugin-yarn.xml.
Result: the ranger-hdfs plugin also works fine after removing gson.jar.


Diffs
-

  src/main/assembly/hdfs-agent.xml 5279a9a 


Diff: https://reviews.apache.org/r/64525/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Review Request 64404: RANGER-1918:Optimize logic and remove unnecessary temporary variables in YarnClient.class

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64404/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1918
https://issues.apache.org/jira/browse/RANGER-1918


Repository: ranger


Description
---

1.We have already determined the logic of the response! = Null and 
response.getStatus ()! = 200 in the getQueueResponse method, and do not need to 
be evaluated in the run method of the getQueueResponse method. Move 
"response.close ();" into the getQueueResponse method.
2.There is no necessary to create so many useless temporary variables "String 
errMsg = errMessage;"
just use errMessage is better practice.


Diffs
-

  
plugin-yarn/src/main/java/org/apache/ranger/services/yarn/client/YarnClient.java
 b61a07e 


Diff: https://reviews.apache.org/r/64404/diff/1/


Testing
---


Thanks,

pengjianhua

Re: Review Request 63182: RANGER-1849 - Remove PasswordGenerator and FileStoreUtil

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63182/#review193079
---


Ship it!




Ship It!

- pengjianhua


On 十一月 16, 2017, 12:18 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63182/
> ---
> 
> (Updated 十一月 16, 2017, 12:18 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1849
> https://issues.apache.org/jira/browse/RANGER-1849
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> PasswordGenerator is not used in any of the scripts and should be removed. 
> Same goes for FileStoreUtil.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/file/FileStoreUtil.java
>  3f408d76 
>   
> agents-installer/src/main/java/org/apache/ranger/utils/install/PasswordGenerator.java
>  a829957a 
> 
> 
> Diff: https://reviews.apache.org/r/63182/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64051: RANGER-1906 - Simplify Atlas plugin dependency management

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64051/#review193078
---


Ship it!




Ship It!

- pengjianhua


On 十一月 28, 2017, 11:44 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64051/
> ---
> 
> (Updated 十一月 28, 2017, 11:44 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1906
> https://issues.apache.org/jira/browse/RANGER-1906
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to simplify the dependency management for the Atlas plugin. In 
> particular, the hadoop/solr dependencies should just be imported via the 
> ranger-plugin-commons dependency.
> 
> No changes are made to the resulting jars for the Atlas distribution.
> 
> 
> Diffs
> -
> 
>   plugin-atlas/pom.xml 957b4ce3 
>   ranger-atlas-plugin-shim/pom.xml a207d16b 
>   src/main/assembly/plugin-atlas.xml fd988116 
> 
> 
> Diff: https://reviews.apache.org/r/64051/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64375: RANGER-1917 - Remove solr dependency from Kafka + Sqoop modules

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64375/#review193069
---


Ship it!




Ship It!

- pengjianhua


On 十二月 6, 2017, 12:37 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64375/
> ---
> 
> (Updated 十二月 6, 2017, 12:37 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1917
> https://issues.apache.org/jira/browse/RANGER-1917
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to remove the solr dependency from the Kafka + Sqoop modules, as 
> it is picked up on the classpath from the audit module instead. No changes to 
> the distribution jars - also tested Solr auditing as a sanity test for both.
> 
> 
> Diffs
> -
> 
>   plugin-kafka/pom.xml 3a8a1d37 
>   plugin-sqoop/pom.xml 58d10a44 
> 
> 
> Diff: https://reviews.apache.org/r/64375/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Solr auditing works correctly.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Review Request 64365: RANGER-1916:Remove duplicate code and optimize code in AtlasClient.class

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64365/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1916
https://issues.apache.org/jira/browse/RANGER-1916


Repository: ranger


Description
---

Remove duplicate code and optimize code in AtlasClient.class
The follow code
“if (client != null)
{ client.destroy(); }
” 
in connectionTestResource and connectionTestResource method has been declared 
and execute in the getResourceList method that called them ,so remove duplicate 
code,And change the code "AtlasClient AtlasClient = null;" to "AtlasClient 
atlasClient = null;"


Diffs
-

  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
 857df87 


Diff: https://reviews.apache.org/r/64365/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > <https://reviews.apache.org/r/62495/diff/2/?file=1850092#file1850092line212>
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.
> 
> pengjianhua wrote:
> I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
> package. I had fixed this patch. Thanks!
> 
> pengjianhua wrote:
> Hi Colm and bhavik patel, Is there any problem now, if there is no 
> problem, I will merge this issue.
> 
> Vishal Suvagia wrote:
> Hi Pengjianhua,
>The versions for  org.apache.tomcat -> annotations-api 
> present here -> 
> https://mvnrepository.com/artifact/org.apache.tomcat/annotations-api do not 
> have a specific build for 7.0.82 (last stable build version is 6.0.53). 
> Additionally recent fixes from tomcat devs suggest that the 
> tomcat.annotations-api has been removed from tomcat-embed-core shipments in 
> favour of javax.annotations-api refer -> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61439.
> 
> pengjianhua wrote:
> Ok. Thanks. How do you think we should deal with this issue? Should we 
> upgrade directly to tomcat7.0.83 or is there a better way to handle this 
> issue?
> 
> Vishal Suvagia wrote:
> Pengjianhua, Sadly looks like there is no tomcat-7.0.83 build out yet. 
> From what I have tried we will need to add a new dependency for 
> javax.annotation-api -> 
> https://mvnrepository.com/artifact/javax.annotation/javax.annotation-api.

Hi Vishal Suvagia, please reference to 
http://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core/7.0.82
 and 
http://mvnrepository.com/artifact/org.apache.tomcat/tomcat-annotations-api/7.0.82.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十二月 5, 2017, 2:59 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十二月 5, 2017, 2:59 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > <https://reviews.apache.org/r/62495/diff/2/?file=1850092#file1850092line212>
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.
> 
> pengjianhua wrote:
> I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
> package. I had fixed this patch. Thanks!
> 
> pengjianhua wrote:
> Hi Colm and bhavik patel, Is there any problem now, if there is no 
> problem, I will merge this issue.
> 
> Vishal Suvagia wrote:
> Hi Pengjianhua,
>The versions for  org.apache.tomcat -> annotations-api 
> present here -> 
> https://mvnrepository.com/artifact/org.apache.tomcat/annotations-api do not 
> have a specific build for 7.0.82 (last stable build version is 6.0.53). 
> Additionally recent fixes from tomcat devs suggest that the 
> tomcat.annotations-api has been removed from tomcat-embed-core shipments in 
> favour of javax.annotations-api refer -> 
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61439.

Ok. Thanks. How do you think we should deal with this issue? Should we upgrade 
directly to tomcat7.0.83 or is there a better way to handle this issue?


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十二月 5, 2017, 2:59 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十二月 5, 2017, 2:59 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was poss

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/
---

(Updated 十二月 5, 2017, 2:59 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1797
https://issues.apache.org/jira/browse/RANGER-1797


Repository: ranger


Description
---

[Security Vulnerability Alert] Tomcat Information leakage and remote code 
execution vulnerabilities.

CVE ID:
CVE-2017-12615\CVE-2017-12616

Description
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.

Scope
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80

Solution
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.

Reference
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82


Diffs (updated)
-

  embeddedwebserver/pom.xml 81699573 
  pom.xml 589cd6ac 
  src/main/assembly/admin-web.xml aa37426f 
  src/main/assembly/kms.xml 7c40ce4e 


Diff: https://reviews.apache.org/r/62495/diff/5/

Changes: https://reviews.apache.org/r/62495/diff/4-5/


Testing
---


Thanks,

pengjianhua

Review Request 64323: RANGER-1915:Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64323/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1915
https://issues.apache.org/jira/browse/RANGER-1915


Repository: ranger


Description
---

Default constructors didn't need to display declarations and Most of the places 
using HttpServletResponse status code in RangerAdminRESTClient class.
HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
consistent.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 0aa400f 


Diff: https://reviews.apache.org/r/64323/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > <https://reviews.apache.org/r/62495/diff/2/?file=1850092#file1850092line212>
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.
> 
> pengjianhua wrote:
> I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
> package. I had fixed this patch. Thanks!

Hi Colm and bhavik patel, Is there any problem now, if there is no problem, I 
will merge this issue.


- pengjianhua


-------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十二月 4, 2017, 8:47 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十二月 4, 2017, 8:47 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/
---

(Updated 十二月 4, 2017, 8:47 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1797
https://issues.apache.org/jira/browse/RANGER-1797


Repository: ranger


Description
---

[Security Vulnerability Alert] Tomcat Information leakage and remote code 
execution vulnerabilities.

CVE ID:
CVE-2017-12615\CVE-2017-12616

Description
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.

Scope
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80

Solution
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.

Reference
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82


Diffs (updated)
-

  embeddedwebserver/pom.xml 81699573 
  pom.xml 589cd6ac 


Diff: https://reviews.apache.org/r/62495/diff/4/

Changes: https://reviews.apache.org/r/62495/diff/3-4/


Testing
---


Thanks,

pengjianhua

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > <https://reviews.apache.org/r/62495/diff/2/?file=1850092#file1850092line212>
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.

I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
package. I had fixed this patch. Thanks!


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十一月 30, 2017, 1:55 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十一月 30, 2017, 1:55 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 
> Reference
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> 
> 
> Diffs
> -
> 
>   pom.xml 589cd6ac 
> 
> 
> Diff: https://reviews.apache.org/r/62495/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Review Request 64293: RANGER-1914:Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

[pengjianhua]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64293/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1914
https://issues.apache.org/jira/browse/RANGER-1914


Repository: ranger


Description
---

Code: if (crypt_algo_array != null && crypt_algo_array.length > 1)
 when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
java.lang.ArrayIndexOutOfBoundsException.
 Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  to 
"if (crypt_algo_array != null && crypt_algo_array.length > 4)".


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
58cdd35 


Diff: https://reviews.apache.org/r/64293/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

[pengjianhua]

> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > <https://reviews.apache.org/r/62495/diff/2/?file=1850092#file1850092line212>
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class

I compiled the source that I built the patch.Based on the compiling's version 
I've been testing and verify whether the issue effected the ranger's function. 
Maybe our lastest modifications introduced new issues. I will also compile the 
lastest source to further verify the problem you mentioned.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十一月 30, 2017, 1:55 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十一月 30, 2017, 1:55 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 
> Reference
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> 
> 
> Diffs
> -
> 
>   pom.xml 589cd6ac 
> 
> 
> Diff: https://reviews.apache.org/r/62495/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>