[jira] [Commented] (RANGER-3182) Prestosql is renamed to Trino
[ https://issues.apache.org/jira/browse/RANGER-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522133#comment-17522133 ] rujia commented on RANGER-3182: --- [~aakashnand] i can't find any define for commons.lang3.version in root pom, did u miss it? > Prestosql is renamed to Trino > - > > Key: RANGER-3182 > URL: https://issues.apache.org/jira/browse/RANGER-3182 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Viacheslav Kriuchkov >Priority: Blocker > Attachments: 0001-RANGER-3182-Rename-Prestosql-to-Trino.patch, > ranger-commons-lang3-master.patch > > Time Spent: 2h 40m > Remaining Estimate: 0h > > All "prestosql" classes are "trino" now and Presto plugin can't integrate > with Trino because of that. It means all Presto deployments that use Ranger > are stuck on version 350 and can't upgrade further. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES
[ https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17460530#comment-17460530 ] rujia commented on RANGER-2892: --- [~bpatel] Yes, Other plugins are able to write. > NoClassDeFoundError occur when HDFS write audit to ES > - > > Key: RANGER-2892 > URL: https://issues.apache.org/jira/browse/RANGER-2892 > Project: Ranger > Issue Type: Bug > Components: audit >Reporter: rujia >Priority: Major > > When enable audit for es, HDFS will throw NoClassDeFoundError: > org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17271153#comment-17271153
]
rujia commented on RANGER-3155:
---
Thanks [~maheshbandal]. About case2, i think the the response should be :
{code:java}
User non-admin does not have privilege to role role3
1
{code}
Because the exec user is none-admin, do you agree with me?
About PMD issues, i list below:
!screenshot-1.png!
!screenshot-2.png!
!screenshot-3.png!
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: screenshot-1.png, screenshot-2.png, screenshot-3.png
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3155:
--
Attachment: screenshot-2.png
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: screenshot-1.png, screenshot-2.png
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3155:
--
Attachment: screenshot-1.png
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: screenshot-1.png
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269758#comment-17269758
]
rujia commented on RANGER-3155:
---
[~maheshbandal] So, follow your code, can you recheck the result of this case
"loginUser=Admin and execUser=none-admin"? By the way, there are some PMD
problems in method ensureRoleAccess and getRoleIfAccessible , Did you find out?
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269280#comment-17269280
]
rujia edited comment on RANGER-3155 at 1/21/21, 1:05 PM:
-
Hi [~maheshbandal] there is a main point that none-admin user has no permission
to know whether a role exists, right?
CC: [~mehul], [~vel],[~pradeep]
was (Author: rujia1019):
Hi [~maheshbandal] there is a main point that none-admin user has no permission
to know whether a role exists, right?
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3155) Roles are not accessible for Admin User through REST API
[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269280#comment-17269280
]
rujia commented on RANGER-3155:
---
Hi [~maheshbandal] there is a main point that none-admin user has no permission
to know whether a role exists, right?
> Roles are not accessible for Admin User through REST API
>
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
>
> Role with name: role1 does not exist
> 1
>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269267#comment-17269267 ] rujia commented on RANGER-3136: --- [~maheshbandal] I got your point, but i think apply resource filter is a regular process when do getServicePolicies, if no resource params defined in request, then it will return all policies. So add "Service Name" will affect nothing, just follow the orignal rule. If you want skip resource filter to reduce some time for delete-all case, it is better to change the condition at https://github.com/apache/ranger/blob/4ff1c7ea9984812ec2ea02910ff8bb9eb9003f9a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java#L2536, make sure only request which has resource params can execute resource filter. > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > ServiceDBStore-L2536.png, image-2021-01-21-11-26-15-996.png, > image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269167#comment-17269167
]
rujia edited comment on RANGER-3135 at 1/21/21, 9:26 AM:
-
Hi [~maheshbandal], i have submit
https://issues.apache.org/jira/browse/RANGER-3154, can you check that?
CC: [~pradeep],[~mehul],[~vel]
was (Author: rujia1019):
Hi [~maheshbandal], i have submit
https://issues.apache.org/jira/browse/RANGER-3154, can you check that?
CC : Pradeep Agrawal, Mehul Parikh, Velmurugan Periasamy
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269167#comment-17269167
]
rujia commented on RANGER-3135:
---
Hi [~maheshbandal], i have submit
https://issues.apache.org/jira/browse/RANGER-3154, can you check that?
CC : Pradeep Agrawal, Mehul Parikh, Velmurugan Periasamy
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3154) Admin user cann't get role info throught rest API
[
https://issues.apache.org/jira/browse/RANGER-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3154:
--
Attachment: 0001-fix-rest-API-result-of-getRoleByName-admin-user-can-.patch
> Admin user cann't get role info throught rest API
> -
>
> Key: RANGER-3154
> URL: https://issues.apache.org/jira/browse/RANGER-3154
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments:
> 0001-fix-rest-API-result-of-getRoleByName-admin-user-can-.patch
>
>
> RANGER-3135 optmized the log print about rest API 'roles/user/{user}', it
> broken the behaviour of rangeradmin, and admin user always get msg :"Role
> with name: xxx does not exist".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-3154) Admin user cann't get role info throught rest API
rujia created RANGER-3154:
-
Summary: Admin user cann't get role info throught rest API
Key: RANGER-3154
URL: https://issues.apache.org/jira/browse/RANGER-3154
Project: Ranger
Issue Type: Bug
Components: admin
Affects Versions: 2.1.0
Reporter: rujia
RANGER-3135 optmized the log print about rest API 'roles/user/{user}', it
broken the behaviour of rangeradmin, and admin user always get msg :"Role with
name: xxx does not exist".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269062#comment-17269062 ] rujia commented on RANGER-3136: --- so the main point now is: Whether to add "Service Name" to searchFilter, what's your suggestion? [~maheshbandal] > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > ServiceDBStore-L2536.png, image-2021-01-21-11-26-15-996.png, > image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269058#comment-17269058 ] rujia commented on RANGER-3136: --- [~maheshbandal] Oh, https://issues.apache.org/jira/browse/RANGER-3078 this patch has resolved NPE before my report. Actullay the time i got this issue is between RANGER-3064 and RANGER-3078, :( > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > ServiceDBStore-L2536.png, image-2021-01-21-11-26-15-996.png, > image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269010#comment-17269010 ] rujia commented on RANGER-3136: --- [~maheshbandal] Maybe the different is my ranger is without SecurityZone, this issue is only occured when no SecurityZone defined > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > image-2021-01-21-11-26-15-996.png, image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269008#comment-17269008 ] rujia edited comment on RANGER-3136 at 1/21/21, 3:27 AM: - [~maheshbandal] The similar procedure as you i do, but i got error stack below: !image-2021-01-21-11-27-05-887.png! 2021-01-21 11:14:07,452 | ERROR | http-bio- It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! can u check that? was (Author: rujia1019): [~maheshbandal] The similar procedure as you i do, but i got error stack below: !image-2021-01-21-11-27-05-887.png! 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! can u check that? > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > image-2021-01-21-11-26-15-996.png, image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269008#comment-17269008 ] rujia edited comment on RANGER-3136 at 1/21/21, 3:27 AM: - [~maheshbandal] The similar procedure as you i do, but i got error stack below: !image-2021-01-21-11-27-05-887.png! 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! can u check that? was (Author: rujia1019): [~maheshbandal] The similar procedure as you i do, but i got error stack below: 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > image-2021-01-21-11-26-15-996.png, image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269008#comment-17269008 ] rujia edited comment on RANGER-3136 at 1/21/21, 3:27 AM: - [~maheshbandal] The similar procedure as you i do, but i got error stack below: !image-2021-01-21-11-27-05-887.png! It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! can u check that? was (Author: rujia1019): [~maheshbandal] The similar procedure as you i do, but i got error stack below: !image-2021-01-21-11-27-05-887.png! 2021-01-21 11:14:07,452 | ERROR | http-bio- It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! can u check that? > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > image-2021-01-21-11-26-15-996.png, image-2021-01-21-11-27-05-887.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269008#comment-17269008 ] rujia edited comment on RANGER-3136 at 1/21/21, 3:26 AM: - [~maheshbandal] The similar procedure as you i do, but i got error stack below: 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, the related code is : !image-2021-01-21-11-26-15-996.png! was (Author: rujia1019): [~maheshbandal] The similar procedure as you i do, but i got error stack below: 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, can you check this error stack? > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch, > image-2021-01-21-11-26-15-996.png > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17269008#comment-17269008 ] rujia commented on RANGER-3136: --- [~maheshbandal] The similar procedure as you i do, but i got error stack below: 2021-01-21 11:14:07,452 | ERROR | http-bio-10.244.224.244-21401-exec-6 | getServicePolicies(Hive) failed | ServiceREST.java:3043 java.lang.NullPointerException at java.util.HashMap.putMapEntries(HashMap.java:501) at java.util.HashMap.(HashMap.java:490) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2542) at org.apache.ranger.biz.ServiceDBStore.getServicePolicies(ServiceDBStore.java:2511) at org.apache.ranger.rest.ServiceREST.getServicePolicies(ServiceREST.java:3029) at org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:2769) at org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2338) at org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() It is a obvious NPE when RA delete existing policies of destinationService, can you check this error stack? > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17268343#comment-17268343
]
rujia commented on RANGER-3135:
---
[~maheshbandal] Thanks for your reply. I will recheck this patch
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3137) Lookup user should has 'Select' permission for all resource in hive-agent
[ https://issues.apache.org/jira/browse/RANGER-3137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3137: -- Attachment: 0001-add-select-permission-for-lookup-user-in-hive-agent.patch > Lookup user should has 'Select' permission for all resource in hive-agent > - > > Key: RANGER-3137 > URL: https://issues.apache.org/jira/browse/RANGER-3137 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-add-select-permission-for-lookup-user-in-hive-agent.patch > > > Currently, there is only 'Read' permission for lookupuser in hive-agent, it > is better to add 'Select' permission to lookup user and make sure lookupuser > can lookup resource in web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3137) Lookup user should has 'Select' permission for all resource in hive-agent
rujia created RANGER-3137: - Summary: Lookup user should has 'Select' permission for all resource in hive-agent Key: RANGER-3137 URL: https://issues.apache.org/jira/browse/RANGER-3137 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia Attachments: 0001-add-select-permission-for-lookup-user-in-hive-agent.patch Currently, there is only 'Read' permission for lookupuser in hive-agent, it is better to add 'Select' permission to lookup user and make sure lookupuser can lookup resource in web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3136: -- Attachment: 0001-NUllPointException-occur-when-import-polices-anf-isO.patch > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > Attachments: > 0001-NUllPointException-occur-when-import-polices-anf-isO.patch > > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3135:
--
Attachment: 0001-optimze-log-print-for-querying-roles.patch
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3135:
--
Attachment: (was: 0001-optimze-log-print-for-querying-roles.patch)
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
[ https://issues.apache.org/jira/browse/RANGER-3136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3136: -- Description: i got NullPointException when i imported policies json file from rangeradmin web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter will be null when do deletePolices. (was: i got NullPointException when i imported policies json file from rangeradmin web, i selected "isOverride" flag, it is caused by [#RANGER-3064]) > NullPointException found when import policies form web side and "isOverride" > is selected > > > Key: RANGER-3136 > URL: https://issues.apache.org/jira/browse/RANGER-3136 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.1.0 >Reporter: rujia >Priority: Major > > i got NullPointException when i imported policies json file from rangeradmin > web, i selected "isOverride" flag, it is caused by RANGER-3064, serchFilter > will be null when do deletePolices. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3136) NullPointException found when import policies form web side and "isOverride" is selected
rujia created RANGER-3136: - Summary: NullPointException found when import policies form web side and "isOverride" is selected Key: RANGER-3136 URL: https://issues.apache.org/jira/browse/RANGER-3136 Project: Ranger Issue Type: Bug Components: admin Affects Versions: 2.1.0 Reporter: rujia i got NullPointException when i imported policies json file from rangeradmin web, i selected "isOverride" flag, it is caused by [#RANGER-3064] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3135:
--
Attachment: 0001-optimze-log-print-for-querying-roles.patch
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-optimze-log-print-for-querying-roles.patch
>
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3135:
--
Description:
when i access /role/name/{name}, a Exception "User does not have permission for
this operation" always been taken, even if this role doesn't exist .
it is better to prompt user this role is not exist in this case when
execute-user has admin permission.
was:
when i access /role/name/{name} , a Exception "User does not have permission
for this operation" always been taken, even if this role doesn't exist .
it is better to prompt user this role is not exist in this case when
execute-user has admin permission.
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
>
> when i access /role/name/{name}, a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
[
https://issues.apache.org/jira/browse/RANGER-3135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3135:
--
Description:
when i access /role/name/{name} , a Exception "User does not have permission
for this operation" always been taken, even if this role doesn't exist .
it is better to prompt user this role is not exist in this case when
execute-user has admin permission.
was:
when i access /role/name/{name} url , a Exception "User does not have
permission for this operation" always been taken, even if this role doesn't
exist .
it is better to prompt user this role is not exist in this case when
execute-user has admin permission.
> Ranger always ponit out "User does not have permission for this operation"
> when user try to query a none-exist role
> ---
>
> Key: RANGER-3135
> URL: https://issues.apache.org/jira/browse/RANGER-3135
> Project: Ranger
> Issue Type: Improvement
> Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
>
> when i access /role/name/{name} , a Exception "User does not have permission
> for this operation" always been taken, even if this role doesn't exist .
> it is better to prompt user this role is not exist in this case when
> execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-3135) Ranger always ponit out "User does not have permission for this operation" when user try to query a none-exist role
rujia created RANGER-3135:
-
Summary: Ranger always ponit out "User does not have permission
for this operation" when user try to query a none-exist role
Key: RANGER-3135
URL: https://issues.apache.org/jira/browse/RANGER-3135
Project: Ranger
Issue Type: Improvement
Components: admin
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia
when i access /role/name/{name} url , a Exception "User does not have
permission for this operation" always been taken, even if this role doesn't
exist .
it is better to prompt user this role is not exist in this case when
execute-user has admin permission.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3113) AccessType 'configure' should be replaced by 'alter' in plugin-kafka
[ https://issues.apache.org/jira/browse/RANGER-3113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3113: -- Attachment: (was: 0001-plugin-kafka-use-alter-instead-of-configure.patch) > AccessType 'configure' should be replaced by 'alter' in plugin-kafka > > > Key: RANGER-3113 > URL: https://issues.apache.org/jira/browse/RANGER-3113 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Minor > > kafka-plugin map 'alter' ACL to 'configure' AccessType now, and it is better > to use 'alter' instead of configure in ranger -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3113) AccessType 'configure' should be replaced by 'alter' in plugin-kafka
rujia created RANGER-3113: - Summary: AccessType 'configure' should be replaced by 'alter' in plugin-kafka Key: RANGER-3113 URL: https://issues.apache.org/jira/browse/RANGER-3113 Project: Ranger Issue Type: Improvement Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia Attachments: 0001-plugin-kafka-use-alter-instead-of-configure.patch kafka-plugin map 'alter' ACL to 'configure' AccessType now, and it is better to use 'alter' instead of configure in ranger -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3113) AccessType 'configure' should be replaced by 'alter' in plugin-kafka
[ https://issues.apache.org/jira/browse/RANGER-3113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3113: -- Attachment: 0001-plugin-kafka-use-alter-instead-of-configure.patch > AccessType 'configure' should be replaced by 'alter' in plugin-kafka > > > Key: RANGER-3113 > URL: https://issues.apache.org/jira/browse/RANGER-3113 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Minor > Attachments: 0001-plugin-kafka-use-alter-instead-of-configure.patch > > > kafka-plugin map 'alter' ACL to 'configure' AccessType now, and it is better > to use 'alter' instead of configure in ranger -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-2640) Implement SHOW ROLE GRANT in Hive ranger plugin
[ https://issues.apache.org/jira/browse/RANGER-2640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17247107#comment-17247107 ] rujia edited comment on RANGER-2640 at 12/10/20, 9:10 AM: -- this patch will be good, can u update the patch based on https://issues.apache.org/jira/browse/RANGER-3033?, [~rmani], thanks was (Author: rujia1019): this patch will be good, can u update the patch based on https://issues.apache.org/jira/browse/RANGER-3033?[~rmani], thanks > Implement SHOW ROLE GRANT in Hive ranger plugin > --- > > Key: RANGER-2640 > URL: https://issues.apache.org/jira/browse/RANGER-2640 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2640-Implement-SHOW-ROLE-GRANT-in-Hive-ranger.patch > > > Implement SHOW ROLE GRANT in Hive ranger plugin -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2640) Implement SHOW ROLE GRANT in Hive ranger plugin
[ https://issues.apache.org/jira/browse/RANGER-2640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17247107#comment-17247107 ] rujia commented on RANGER-2640: --- this patch will be good, can u update the patch based on https://issues.apache.org/jira/browse/RANGER-3033?[~rmani], thanks > Implement SHOW ROLE GRANT in Hive ranger plugin > --- > > Key: RANGER-2640 > URL: https://issues.apache.org/jira/browse/RANGER-2640 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.1.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani >Priority: Major > Attachments: > 0001-RANGER-2640-Implement-SHOW-ROLE-GRANT-in-Hive-ranger.patch > > > Implement SHOW ROLE GRANT in Hive ranger plugin -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Issue Comment Deleted] (RANGER-3092) KMS fails to start with NullPointerException in catalina.out logs
[
https://issues.apache.org/jira/browse/RANGER-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3092:
--
Comment: was deleted
(was: yes,i'm planning to repair it soon:))
> KMS fails to start with NullPointerException in catalina.out logs
> -
>
> Key: RANGER-3092
> URL: https://issues.apache.org/jira/browse/RANGER-3092
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger KMS setup.sh executes successfully, however when we try to start KMS
> service with following command :
> {code:java}
> ./ranger-kms start
> {code}
> It shows "Apache Ranger KMS Service failed to start" and only catalina.out
> log file is created in ews/logs folder.
> Following error at ews/logs/catalina.out file :
> {code:java}
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:94)
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:85){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3092) KMS fails to start with NullPointerException in catalina.out logs
[
https://issues.apache.org/jira/browse/RANGER-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17242838#comment-17242838
]
rujia commented on RANGER-3092:
---
yes,i'm planning to repair it soon:)
> KMS fails to start with NullPointerException in catalina.out logs
> -
>
> Key: RANGER-3092
> URL: https://issues.apache.org/jira/browse/RANGER-3092
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger KMS setup.sh executes successfully, however when we try to start KMS
> service with following command :
> {code:java}
> ./ranger-kms start
> {code}
> It shows "Apache Ranger KMS Service failed to start" and only catalina.out
> log file is created in ews/logs folder.
> Following error at ews/logs/catalina.out file :
> {code:java}
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:94)
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:85){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (RANGER-3092) KMS fails to start with NullPointerException in catalina.out logs
[
https://issues.apache.org/jira/browse/RANGER-3092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241225#comment-17241225
]
rujia commented on RANGER-3092:
---
it seems kms server doesn't contains log4j.properties parameter in classpath,
it use log4j through code inside
> KMS fails to start with NullPointerException in catalina.out logs
> -
>
> Key: RANGER-3092
> URL: https://issues.apache.org/jira/browse/RANGER-3092
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger KMS setup.sh executes successfully, however when we try to start KMS
> service with following command :
> {code:java}
> ./ranger-kms start
> {code}
> It shows "Apache Ranger KMS Service failed to start" and only catalina.out
> log file is created in ews/logs folder.
> Following error at ews/logs/catalina.out file :
> {code:java}
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:94)
> at
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:85){code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed
[
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3042:
--
Attachment: 0001-plugin-presto-some-log-mistake-fix.patch
> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
> Attachments: 0001-plugin-presto-some-log-mistake-fix.patch
>
>
> some log issues should be fixed about log or exception about presto plugin
>
> {code:java}
> @Override
> public void checkCanDropView(SystemSecurityContext context,
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP))
> {
> LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
> view.getSchemaTableName().getTableName() + ") denied");
>
> AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
> }
> }
> [~Override]
> public void checkCanSetCatalogSessionProperty(SystemSecurityContext
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName,
> propertyName), context, PrestoAccessType.ALTER)) {
>
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
> + catalogName + ") denied");
> AccessDeniedException.denySetCatalogSessionProperty(catalogName,
> propertyName);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed
[
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3042:
--
Description:
some log issues should be fixed about log or exception about presto plugin
{code:java}
@Override
public void checkCanDropView(SystemSecurityContext context,
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
view.getSchemaTableName().getTableName() + ") denied");
AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
}
}
[~Override]
public void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName),
context, PrestoAccessType.ALTER)) {
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
+ catalogName + ") denied");
AccessDeniedException.denySetCatalogSessionProperty(catalogName,
propertyName);
}
}
{code}
was:
some log issues should be fixed about log or exception about presto plugin
{code:java}
@Override
public void checkCanDropView(SystemSecurityContext context,
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
view.getSchemaTableName().getTableName() + ") denied");
AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
}
}
[~Override]
public void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName),
context, PrestoAccessType.ALTER)) {
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
+ catalogName + ") denied");
AccessDeniedException.denySetCatalogSessionProperty(catalogName,
propertyName);
}
}
{code}
> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
>
> some log issues should be fixed about log or exception about presto plugin
>
> {code:java}
> @Override
> public void checkCanDropView(SystemSecurityContext context,
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP))
> {
> LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
> view.getSchemaTableName().getTableName() + ") denied");
>
> AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
> }
> }
> [~Override]
> public void checkCanSetCatalogSessionProperty(SystemSecurityContext
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName,
> propertyName), context, PrestoAccessType.ALTER)) {
>
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
> + catalogName + ") denied");
> AccessDeniedException.denySetCatalogSessionProperty(catalogName,
> propertyName);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed
[
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3042:
--
Description:
some log issues should be fixed about log or exception about presto plugin
{code:java}
@Override
public void checkCanDropView(SystemSecurityContext context,
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
view.getSchemaTableName().getTableName() + ") denied");
AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
}
}
[~Override]
public void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName),
context, PrestoAccessType.ALTER)) {
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
+ catalogName + ") denied");
AccessDeniedException.denySetCatalogSessionProperty(catalogName,
propertyName);
}
}
{code}
was:
some log issues should be fixed about log or exception about presto plugin
{code:java}
@Override
public void checkCanDropView(SystemSecurityContext context,
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
view.getSchemaTableName().getTableName() + ") denied");
AccessDeniedException.{color:#DE350B}denyCreateView{color}(view.getSchemaTableName().getTableName());
}
}
@Override
public void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName),
context, PrestoAccessType.ALTER)) {
LOG.debug("RangerSystemAccessControl.{color:#DE350B}checkCanSetSystemSessionProperty{color}("
+ catalogName + ") denied");
AccessDeniedException.denySetCatalogSessionProperty(catalogName,
propertyName);
}
}
{code}
> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
>
> some log issues should be fixed about log or exception about presto plugin
>
> {code:java}
> @Override
> public void checkCanDropView(SystemSecurityContext context,
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP))
> {
> LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
> view.getSchemaTableName().getTableName() + ") denied");
>
> AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
> }
> }
> [~Override]
> public void checkCanSetCatalogSessionProperty(SystemSecurityContext
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName,
> propertyName), context, PrestoAccessType.ALTER)) {
>
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
> + catalogName + ") denied");
> AccessDeniedException.denySetCatalogSessionProperty(catalogName,
> propertyName);
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-3042) plugin-presto: some log issues should be fixed
rujia created RANGER-3042:
-
Summary: plugin-presto: some log issues should be fixed
Key: RANGER-3042
URL: https://issues.apache.org/jira/browse/RANGER-3042
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia
some log issues should be fixed about log or exception about presto plugin
{code:java}
@Override
public void checkCanDropView(SystemSecurityContext context,
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
LOG.debug("RangerSystemAccessControl.checkCanDropView(" +
view.getSchemaTableName().getTableName() + ") denied");
AccessDeniedException.{color:#DE350B}denyCreateView{color}(view.getSchemaTableName().getTableName());
}
}
@Override
public void checkCanSetCatalogSessionProperty(SystemSecurityContext context,
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName),
context, PrestoAccessType.ALTER)) {
LOG.debug("RangerSystemAccessControl.{color:#DE350B}checkCanSetSystemSessionProperty{color}("
+ catalogName + ") denied");
AccessDeniedException.denySetCatalogSessionProperty(catalogName,
propertyName);
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3041) hive-plugin: default policy 'default database tables columns' should contains permission of lookupuser and {OWNER}
[
https://issues.apache.org/jira/browse/RANGER-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-3041:
--
Attachment: 0001-default-database-policy-update-for-hive-pulgin.patch
> hive-plugin: default policy 'default database tables columns' should contains
> permission of lookupuser and {OWNER}
> --
>
> Key: RANGER-3041
> URL: https://issues.apache.org/jira/browse/RANGER-3041
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-default-database-policy-update-for-hive-pulgin.patch
>
>
> 'default database tables columns' and policy of hvie service only contains
> create permission for public group now, the right permissions should be
> added for lookupuser and {OWNER} , because default database is often used by
> users
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-3041) hive-plugin: default policy 'default database tables columns' should contains permission of lookupuser and {OWNER}
rujia created RANGER-3041:
-
Summary: hive-plugin: default policy 'default database tables
columns' should contains permission of lookupuser and {OWNER}
Key: RANGER-3041
URL: https://issues.apache.org/jira/browse/RANGER-3041
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia
'default database tables columns' and policy of hvie service only contains
create permission for public group now, the right permissions should be added
for lookupuser and {OWNER} , because default database is often used by users
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default
[ https://issues.apache.org/jira/browse/RANGER-3040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3040: -- Attachment: 0001-add-read-permission-for-lookupuser-on-default-polici.patch > There is no read permission for lookupuser on presto/storm/es by default > - > > Key: RANGER-3040 > URL: https://issues.apache.org/jira/browse/RANGER-3040 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: > 0001-add-read-permission-for-lookupuser-on-default-polici.patch > > > lookupuser should has read permission for all components by default, > otherwise the function of lookup resource will not work on ranger web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default
[ https://issues.apache.org/jira/browse/RANGER-3040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3040: -- Description: lookupuser should has read permission for all components by default, otherwise the function of lookup resource will not work on ranger web. > There is no read permission for lookupuser on presto/storm/es by default > - > > Key: RANGER-3040 > URL: https://issues.apache.org/jira/browse/RANGER-3040 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: > 0001-add-read-permission-for-lookupuser-on-default-polici.patch > > > lookupuser should has read permission for all components by default, > otherwise the function of lookup resource will not work on ranger web. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default
rujia created RANGER-3040: - Summary: There is no read permission for lookupuser on presto/storm/es by default Key: RANGER-3040 URL: https://issues.apache.org/jira/browse/RANGER-3040 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3039) plugin-hive: user belongs to role 'admin' should has access to execute dfs command
rujia created RANGER-3039: - Summary: plugin-hive: user belongs to role 'admin' should has access to execute dfs command Key: RANGER-3039 URL: https://issues.apache.org/jira/browse/RANGER-3039 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia Attachments: 0001-user-belongs-to-role-admin-should-has-access-to-exec.patch currently, dfs command is not supported through hive beeline, and it should be supported when user belongs role 'admin' -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3039) plugin-hive: user belongs to role 'admin' should has access to execute dfs command
[ https://issues.apache.org/jira/browse/RANGER-3039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3039: -- Attachment: 0001-user-belongs-to-role-admin-should-has-access-to-exec.patch > plugin-hive: user belongs to role 'admin' should has access to execute dfs > command > -- > > Key: RANGER-3039 > URL: https://issues.apache.org/jira/browse/RANGER-3039 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: > 0001-user-belongs-to-role-admin-should-has-access-to-exec.patch > > > currently, dfs command is not supported through hive beeline, and it should > be supported when user belongs role 'admin' -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3035) Ranger Presto Plugin: Machine-Machine user can not access presto with right permission
[ https://issues.apache.org/jira/browse/RANGER-3035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3035: -- Attachment: 0001-plugin-presto-M-M-user-can-not-access.patch > Ranger Presto Plugin: Machine-Machine user can not access presto with right > permission > -- > > Key: RANGER-3035 > URL: https://issues.apache.org/jira/browse/RANGER-3035 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: 0001-plugin-presto-M-M-user-can-not-access.patch > > > plugin-presto use the user who comes from identity object to create request > now , it will not match when the user is M-M user(like: user1/h...@test.com) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3035) Ranger Presto Plugin: Machine-Machine user can not access presto with right permission
rujia created RANGER-3035: - Summary: Ranger Presto Plugin: Machine-Machine user can not access presto with right permission Key: RANGER-3035 URL: https://issues.apache.org/jira/browse/RANGER-3035 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia plugin-presto use the user who comes from identity object to create request now , it will not match when the user is M-M user(like: user1/h...@test.com) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface
[ https://issues.apache.org/jira/browse/RANGER-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3033: -- Attachment: 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch > Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface > --- > > Key: RANGER-3033 > URL: https://issues.apache.org/jira/browse/RANGER-3033 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: > 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch > > > command 'show role grant user xxx' is not supported now -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface
rujia created RANGER-3033: - Summary: Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface Key: RANGER-3033 URL: https://issues.apache.org/jira/browse/RANGER-3033 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.1.0, 2.0.0 Reporter: rujia Attachments: 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch command 'show role grant user xxx' is not supported now -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3032) The log4j properties of rangeradmin cannot take effect dynamically
[ https://issues.apache.org/jira/browse/RANGER-3032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-3032: -- Attachment: 0001-make-rangeradmin-log4j-dynamically.patch > The log4j properties of rangeradmin cannot take effect dynamically > -- > > Key: RANGER-3032 > URL: https://issues.apache.org/jira/browse/RANGER-3032 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 2.0.0, 2.1.0 >Reporter: rujia >Priority: Major > Attachments: 0001-make-rangeradmin-log4j-dynamically.patch > > > When i tried to modify log4j.properties of rangeradmin after rangeradmin > started, i found it cann't take effect without restart service -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3032) The log4j properties of rangeradmin cannot take effect dynamically
rujia created RANGER-3032: - Summary: The log4j properties of rangeradmin cannot take effect dynamically Key: RANGER-3032 URL: https://issues.apache.org/jira/browse/RANGER-3032 Project: Ranger Issue Type: Bug Components: admin Affects Versions: 2.1.0, 2.0.0 Reporter: rujia When i tried to modify log4j.properties of rangeradmin after rangeradmin started, i found it cann't take effect without restart service -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode
[ https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2912: -- Attachment: 0001-issue-fix-for-es-audit.patch > ranger and plugins will throw GSSAPI error when write audit log to > ElasticSearch when cluster running on none security mode > --- > > Key: RANGER-2912 > URL: https://issues.apache.org/jira/browse/RANGER-2912 > Project: Ranger > Issue Type: Bug > Components: audit, plugins, Ranger >Reporter: rujia >Priority: Major > Attachments: 0001-issue-fix-for-es-audit.patch > > > user and password default set to 'NONE' when connect to ES, but ranger-audit > and plugins doesn't handle String 'NONE', and will try to get subject from > ENV for both sec and none sec mode. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode
rujia created RANGER-2912: - Summary: ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode Key: RANGER-2912 URL: https://issues.apache.org/jira/browse/RANGER-2912 Project: Ranger Issue Type: Bug Components: audit, plugins, Ranger Reporter: rujia user and password default set to 'NONE' when connect to ES, but ranger-audit and plugins doesn't handle String 'NONE', and will try to get subject from ENV for both sec and none sec mode. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2911) ES plugin missing implemention for some ES request
[ https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17158015#comment-17158015 ] rujia commented on RANGER-2911: --- review link : [https://reviews.apache.org/r/72684/] > ES plugin missing implemention for some ES request > > > Key: RANGER-2911 > URL: https://issues.apache.org/jira/browse/RANGER-2911 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Blocker > Attachments: 0001-Add-ES-Plugin-Request-support.patch > > > If a policy set resource to a specific index or string with wildcard like > 'index*', and has been given all permission for user1, ES plugin will deny > the request from user1 if the request is not matched in code. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2911) ES plugin missing implemention for some ES request
[ https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2911: -- Attachment: 0001-Add-ES-Plugin-Request-support.patch > ES plugin missing implemention for some ES request > > > Key: RANGER-2911 > URL: https://issues.apache.org/jira/browse/RANGER-2911 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Blocker > Attachments: 0001-Add-ES-Plugin-Request-support.patch > > > If a policy set resource to a specific index or string with wildcard like > 'index*', and has been given all permission for user1, ES plugin will deny > the request from user1 if the request is not matched in code. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2911) ES plugin missing implemention for some ES request
rujia created RANGER-2911: - Summary: ES plugin missing implemention for some ES request Key: RANGER-2911 URL: https://issues.apache.org/jira/browse/RANGER-2911 Project: Ranger Issue Type: Bug Components: plugins Affects Versions: 2.0.0 Reporter: rujia If a policy set resource to a specific index or string with wildcard like 'index*', and has been given all permission for user1, ES plugin will deny the request from user1 if the request is not matched in code. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156685#comment-17156685 ] rujia commented on RANGER-2891: --- this interface has been deleted since presto version 331, so we need not impl it any more > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, > 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot > 2020-07-05 at 9.02.55 PM.png > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia resolved RANGER-2891. --- Resolution: Won't Fix > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, > 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot > 2020-07-05 at 9.02.55 PM.png > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2891: -- Attachment: 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, > 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES
[ https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2892: -- Attachment: (was: 0001-ElasticSearch-plugin-NullPointException-fix.patch) > NoClassDeFoundError occur when HDFS write audit to ES > - > > Key: RANGER-2892 > URL: https://issues.apache.org/jira/browse/RANGER-2892 > Project: Ranger > Issue Type: Bug > Components: audit >Reporter: rujia >Priority: Major > > When enable audit for es, HDFS will throw NoClassDeFoundError: > org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES
[ https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2892: -- Attachment: 0001-ElasticSearch-plugin-NullPointException-fix.patch > NoClassDeFoundError occur when HDFS write audit to ES > - > > Key: RANGER-2892 > URL: https://issues.apache.org/jira/browse/RANGER-2892 > Project: Ranger > Issue Type: Bug > Components: audit >Reporter: rujia >Priority: Major > Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch > > > When enable audit for es, HDFS will throw NoClassDeFoundError: > org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2891: -- Description: plugin-presto does not support > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > > > plugin-presto does not support -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2891: -- Description: plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think it should be implemented. (was: plugin-presto does not support ) > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2890) Add missing log4j properties for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150893#comment-17150893 ] rujia commented on RANGER-2890: --- [~rmani] thanks for your reminder, i have created review request: [https://reviews.apache.org/r/72640/] > Add missing log4j properties for audit log > -- > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > > Currently, plugins missing log4j properties in their audit conf, it need be > added for plugins and enable for default. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2890) Add missing log4j properties for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2890: -- Description: Currently, plugins missing log4j properties in their audit conf, it need be added for plugins and enable for default. > Add missing log4j properties for audit log > -- > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > > Currently, plugins missing log4j properties in their audit conf, it need be > added for plugins and enable for default. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2890) Add missing log4j properties for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150848#comment-17150848 ] rujia commented on RANGER-2890: --- Thanks for your reminder,i have created review request: [https://reviews.apache.org/r/72640/] > Add missing log4j properties for audit log > -- > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > > Currently, plugins missing log4j properties in their audit conf, it need be > added for plugins and enable for default. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2891: -- Attachment: 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Issue Comment Deleted] (RANGER-2890) Add missing log4j properties for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2890: -- Comment: was deleted (was: Thanks for your reminder,i have created review request: [https://reviews.apache.org/r/72640/]) > Add missing log4j properties for audit log > -- > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > > Currently, plugins missing log4j properties in their audit conf, it need be > added for plugins and enable for default. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES
rujia created RANGER-2892: - Summary: NoClassDeFoundError occur when HDFS write audit to ES Key: RANGER-2892 URL: https://issues.apache.org/jira/browse/RANGER-2892 Project: Ranger Issue Type: Bug Components: audit Reporter: rujia When enable audit for es, HDFS will throw NoClassDeFoundError: org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
[ https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150895#comment-17150895 ] rujia commented on RANGER-2891: --- [~rmani] thanks, pls see : [https://reviews.apache.org/r/72639/] > Add checkCanShowColumnsMetadata for presto plugin > - > > Key: RANGER-2891 > URL: https://issues.apache.org/jira/browse/RANGER-2891 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Minor > Attachments: > 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch > > > plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think > it should be implemented. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin
rujia created RANGER-2891: - Summary: Add checkCanShowColumnsMetadata for presto plugin Key: RANGER-2891 URL: https://issues.apache.org/jira/browse/RANGER-2891 Project: Ranger Issue Type: Improvement Components: plugins Affects Versions: 2.0.0 Reporter: rujia -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2890) Add missing log4j properties for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2890: -- Summary: Add missing log4j properties for audit log (was: Add missing log4j propertis for audit log) > Add missing log4j properties for audit log > -- > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2890) Add missing log4j propertis for audit log
[ https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2890: -- Attachment: 0001-aduit-for-log4j.patch > Add missing log4j propertis for audit log > - > > Key: RANGER-2890 > URL: https://issues.apache.org/jira/browse/RANGER-2890 > Project: Ranger > Issue Type: Improvement > Components: audit >Affects Versions: 2.0.0 >Reporter: rujia >Priority: Major > Attachments: 0001-aduit-for-log4j.patch > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2890) Add missing log4j propertis for audit log
rujia created RANGER-2890: - Summary: Add missing log4j propertis for audit log Key: RANGER-2890 URL: https://issues.apache.org/jira/browse/RANGER-2890 Project: Ranger Issue Type: Improvement Components: audit Affects Versions: 2.0.0 Reporter: rujia -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2810: -- Attachment: 0001-kafka-authorizer-ticket-expired-fix.patch > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, > image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519 ] rujia edited comment on RANGER-2810 at 6/29/20, 7:03 AM: - this problem is caused by kafka run without core-site.xml, and then kafka-plugin add OS user to principal list of subject. When the server principal expired, it will be removed from principal list and re-append(relogin), so the OS user will be the first one, and then will cause GSSAPI error when do connection was (Author: rujia1019): this problem is caused by kafka run without core-site.xml, and then kafka-plugin add OS user to principal list of subject, when the server principal expired, the server pricipal will be remove from principal list and re-append(relogin), so the OS user will be the fiest one, and then will cause GSSAPI error then do connection > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519 ] rujia edited comment on RANGER-2810 at 6/29/20, 7:02 AM: - this problem is caused by kafka run without core-site.xml, and then kafka-plugin add OS user to principal list of subject, when the server principal expired, the server pricipal will be remove from principal list and re-append(relogin), so the OS user will be the fiest one, and then will cause GSSAPI error then do connection was (Author: rujia1019): this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the server pricipal will be remove from principal list and re-append(relogin), so the OS user will be the fiest one, and then will cause GSSAPI error then do connection > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519 ] rujia edited comment on RANGER-2810 at 6/29/20, 3:36 AM: - this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the server pricipal will be remove from principal list and re-append(relogin), so the OS user will be the fiest one, and then will cause GSSAPI error then do connection was (Author: rujia1019): this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the os user will be remove and append to the principal list, the OS user will be the fiest one, and then will cause GSSAPI error then do connection > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519 ] rujia commented on RANGER-2810: --- this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the os user will be remove and append to the principal list, the OS user will be the fiest one, and then will cause GSSAPI error then do connection > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'
[
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-2877:
--
Attachment: ES Processing logic.png
> ElasticSearch-Plugin throws NullPointException when the type of request is
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: ES Processing logic.png, NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u :
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
> -H 'Content-Type:application/json' -d
> '\{"mapping":{"properties":{"age":"text"}}}'
> then ES will print NullPointException in it's log file, and the request will
> fail
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'
[
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
rujia updated RANGER-2877:
--
Attachment: NullPointException.png
> ElasticSearch-Plugin throws NullPointException when the type of request is
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u :
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
> -H 'Content-Type:application/json' -d
> '\{"mapping":{"properties":{"age":"text"}}}'
> then ES will print NullPointException in it's log file, and the request will
> fail
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Created] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'
rujia created RANGER-2877:
-
Summary: ElasticSearch-Plugin throws NullPointException when the
type of request is 'PutMappingRequest'
Key: RANGER-2877
URL: https://issues.apache.org/jira/browse/RANGER-2877
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 2.0.0
Reporter: rujia
*request*: curl -XPUT --tlsv1.2 --negotiate -k -u :
'[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
-H 'Content-Type:application/json' -d
'\{"mapping":{"properties":{"age":"text"}}}'
then ES will print NullPointException in it's log file, and the request will
fail
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
