Re: Review Request 65871: RANGER-2004: updated Ranger authorization plugin for Atlas for the changes in ATLAS-2459

2018-03-02 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65871/#review198541
---


Ship it!




Ship It!

- Abhay Kulkarni


On March 2, 2018, 8:48 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65871/
> ---
> 
> (Updated March 2, 2018, 8:48 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Nixon 
> Rodrigues, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2004
> https://issues.apache.org/jira/browse/RANGER-2004
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Atlas updated the authorization model in ATLAS-2459, to support 
> authroization at instance level. Ranger authorization plugin for Atlas has 
> been updated to support this model.
> (publishing review for the patch from Nixon)
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
> 4a550c64 
>   
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
>  90e75a1a 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
>  fe978744 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
>  ea05ad0f 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasConnectionMgr.java
>  140f91e8 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasResourceMgr.java
>  f81e3041 
> 
> 
> Diff: https://reviews.apache.org/r/65871/diff/3/
> 
> 
> Testing
> ---
> 
> Deployed the updated plugin and verified authorization and audit logs for 
> various scenarios (entity-read, entity-add-classification, 
> entity-remove-classification, ..).
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 65854: RANGER-1999: Ranger policy engine updates to support list-of-values in access reource

2018-03-02 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65854/#review198540
---


Ship it!




Ship It!

- Abhay Kulkarni


On March 1, 2018, 8:41 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65854/
> ---
> 
> (Updated March 1, 2018, 8:41 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Nixon Rodrigues, 
> and Ramesh Mani.
> 
> 
> Bugs: RANGER-1999
> https://issues.apache.org/jira/browse/RANGER-1999
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Updated policy engine module to handle resources with multiple values
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java
>  2835cddd 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
>  2ee616a1 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
>  58004862 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceReadOnly.java
>  18bb1f44 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
>  9fcefbe0 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  415263ee 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
>  acd599a7 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java
>  a7399eed 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
>  8183dedb 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/ResourceMatcher.java
>  eab9dbc7 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  aad78340 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerResourceTrie.java
>  f6c1e4d5 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
>  bcd15779 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcherTest.java
>  e2c7c270 
>   agents-common/src/test/resources/policyengine/test_policyengine_atlas.json 
> PRE-CREATION 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
>  e4eafc69 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
>  0008808e 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 5b7d0859 
> 
> 
> Diff: https://reviews.apache.org/r/65854/diff/2/
> 
> 
> Testing
> ---
> 
> - added unit tests to validate the enhancements
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

[jira] [Created] (RANGER-2006) Fix problems detected by static code analysis in ranger usersync for ldap sync source

2018-03-02 Thread Sailaja Polavarapu (JIRA) 
Sailaja Polavarapu created RANGER-2006:
--

 Summary: Fix problems detected by static code analysis in ranger 
usersync for ldap sync source
 Key: RANGER-2006
 URL: https://issues.apache.org/jira/browse/RANGER-2006
 Project: Ranger
  Issue Type: Bug
  Components: Ranger, usersync
Affects Versions: 0.7.1
Reporter: Sailaja Polavarapu
 Fix For: master


1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically 
generated LDAP filter with unvalidated input, which could allow an attacker to 
modify the statement's meaning.
In the file LdapDeltaUserGroupBuilder.java similar issues were on line numbers 
913

*Comments* : need to verify the search() parameters for validation
2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically 
generated LDAP filter with unvalidated input, which could allow an attacker to 
modify the statement's meaning.
In the file LdapUserGroupBuilder.java similar issues were on line numbers 818

*Comments* : need to verify the search() parameters for validation



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-2006) Fix problems detected by static code analysis in ranger usersync for ldap sync source

2018-03-02 Thread Sailaja Polavarapu (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu reassigned RANGER-2006:
--

Assignee: Sailaja Polavarapu

> Fix problems detected by static code analysis in ranger usersync for ldap 
> sync source
> -
>
> Key: RANGER-2006
> URL: https://issues.apache.org/jira/browse/RANGER-2006
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger, usersync
>Affects Versions: 0.7.1
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Minor
> Fix For: master
>
>
> 1. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically 
> generated LDAP filter with unvalidated input, which could allow an attacker 
> to modify the statement's meaning.
> In the file LdapDeltaUserGroupBuilder.java similar issues were on line 
> numbers 913
> *Comments* : need to verify the search() parameters for validation
> 2. *Overview* : The method goUpGroupHierarchyLdap() invokes a dynamically 
> generated LDAP filter with unvalidated input, which could allow an attacker 
> to modify the statement's meaning.
> In the file LdapUserGroupBuilder.java similar issues were on line numbers 818
> *Comments* : need to verify the search() parameters for validation



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

2018-03-02 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
---

(Updated March 2, 2018, 10:02 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

Modified the index names to be less than 30 characters as pointed out by Pradeep


Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985


Repository: ranger


Description
---

Added code to support auditing for Ranger Usersync operations. This includes 
auditing for all the sync sources (unix, file, and LDAP/AD) for every sync 
interval. Also includes Rest API for showing these audits in Ranger UI.


Diffs (updated)
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql d516d64e 
  security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql 
PRE-CREATION 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql abc7d593 
  
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql 
PRE-CREATION 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
88629463 
  
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql
 PRE-CREATION 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
bf3d954b 
  
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql
 PRE-CREATION 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
56e2e99a 
  
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 71298a41 
  security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
4a02e26b 
  security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
d61cbc7b 
  security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 460c7fda 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 35ba30d9 
  security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 2852b320 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 18366ef1 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 6b2648d9 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java 
PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
 713c8688 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 864d884d 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 60ce08d1 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 
494efc21 


Diff: https://reviews.apache.org/r/65739/diff/6/

Changes: https://reviews.apache.org/r/65739/diff/5-6/


Testing
---

1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.


Thanks,

Sailaja Polavarapu

Re: Review Request 65871: RANGER-2004: updated Ranger authorization plugin for Atlas for the changes in ATLAS-2459

2018-03-02 Thread Velmurugan Periasamy 


> On March 1, 2018, 11:16 p.m., Velmurugan Periasamy wrote:
> > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json
> > Lines 12 (patched)
> > 
> >
> > Madhan - I believe existing atlas service definition needs to be 
> > updated during upgrades, right?
> 
> Madhan Neethiraj wrote:
> Vel - given the scope of the authorization model changes, current 
> service-def can't be migrated to the new model. We will have to rename it 
> (better delete it) and register the new service-def as 'atlas'

Would there be a Java patch to address this?


- Velmurugan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65871/#review198481
---


On March 2, 2018, 8:48 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65871/
> ---
> 
> (Updated March 2, 2018, 8:48 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Nixon 
> Rodrigues, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2004
> https://issues.apache.org/jira/browse/RANGER-2004
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Atlas updated the authorization model in ATLAS-2459, to support 
> authroization at instance level. Ranger authorization plugin for Atlas has 
> been updated to support this model.
> (publishing review for the patch from Nixon)
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
> 4a550c64 
>   
> plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
>  90e75a1a 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
>  fe978744 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
>  ea05ad0f 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasConnectionMgr.java
>  140f91e8 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasResourceMgr.java
>  f81e3041 
> 
> 
> Diff: https://reviews.apache.org/r/65871/diff/3/
> 
> 
> Testing
> ---
> 
> Deployed the updated plugin and verified authorization and audit logs for 
> various scenarios (entity-read, entity-add-classification, 
> entity-remove-classification, ..).
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 65871: RANGER-2004: updated Ranger authorization plugin for Atlas for the changes in ATLAS-2459

2018-03-02 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65871/
---

(Updated March 2, 2018, 8:48 a.m.)


Review request for ranger, Gautam Borad, Abhay Kulkarni, Mehul Parikh, Nixon 
Rodrigues, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

added resouce-lookup implementation


Bugs: RANGER-2004
https://issues.apache.org/jira/browse/RANGER-2004


Repository: ranger


Description
---

Apache Atlas updated the authorization model in ATLAS-2459, to support 
authroization at instance level. Ranger authorization plugin for Atlas has been 
updated to support this model.
(publishing review for the patch from Nixon)


Diffs (updated)
-

  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
4a550c64 
  
plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java
 90e75a1a 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java
 fe978744 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
 ea05ad0f 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasConnectionMgr.java
 140f91e8 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasResourceMgr.java
 f81e3041 


Diff: https://reviews.apache.org/r/65871/diff/3/

Changes: https://reviews.apache.org/r/65871/diff/2-3/


Testing
---

Deployed the updated plugin and verified authorization and audit logs for 
various scenarios (entity-read, entity-add-classification, 
entity-remove-classification, ..).


Thanks,

Madhan Neethiraj

[jira] [Updated] (RANGER-2004) Update Ranger Atlas Authorizer for the authorization model changes in Atlas

2018-03-02 Thread Madhan Neethiraj (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj updated RANGER-2004:
-
Attachment: RANGER-2004-3.patch

> Update Ranger Atlas Authorizer for the authorization model changes in Atlas
> ---
>
> Key: RANGER-2004
> URL: https://issues.apache.org/jira/browse/RANGER-2004
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Nixon Rodrigues
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: RANGER-2004-3.patch, RANGER-2004.patch
>
>
> Apache Atlas authorization model was updated in master branch, in ATLAS-2459, 
> for upcoming 1.0 release. This requires corresponding updates in Ranger Atlas 
> Authorizer implementation.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1992) Ranger Read Wrong INode Information

2018-03-02 Thread chuanjie.duan (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1992?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16383408#comment-16383408
 ] 

chuanjie.duan commented on RANGER-1992:
---

Because of checkDefaultEnforcer would call FSPermissionChecker, but the last 
inodeAttrs is /user/hive/warehouse/dataswap.db so check failed.

 

> Ranger Read Wrong INode Information
> ---
>
> Key: RANGER-1992
> URL: https://issues.apache.org/jira/browse/RANGER-1992
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: chuanjie.duan
>Priority: Major
>
> hdfs dfs -ls /user/hive/warehouse/dataswap.db/
> drwxrwx--   --    cim_beta_db dataswap          0 2018-02-26 09:49 
> /user/hive/warehouse/dataswap.db/test
>  
> hdfs dfs -ls /user/hive/warehouse/dataswap.db/test
> ls: Permission denied: user=cim_beta_db, access=EXECUTE, 
> inode="/user/hive/warehouse/dataswap.db/test":{color:#ff}dataswap{color}:dataswap:drwxrwx---
>  
> user should be cim_beta_db, maybe it's a hdfs bug



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1991) Fix problems detected by static code analysis

2018-03-02 Thread Zsombor Gegesy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zsombor Gegesy updated RANGER-1991:
---
Fix Version/s: (was: master)
   1.0.0

> Fix problems detected by static code analysis
> -
>
> Key: RANGER-1991
> URL: https://issues.apache.org/jira/browse/RANGER-1991
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.7.1
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Minor
>  Labels: code-cleanup, findbugs
> Fix For: 1.0.0
>
> Attachments: RANGER-1991.patch
>
>
> FindBugs/SpotBug detects a couple of problems with the code base:
>  * Incorrect class casting - in XXServiceDef.equals
>  * Unnecessary NPE checks - for variables which is known to be non-null (for 
> example, because in other places a method is called on that object). In 
> ServiceREST.java PublicAPIs.java, ServiceUtil.java and independently in 
> XUserMgr.java
>  * Collection.contains method call which is never true - in 
> ServiceDBStore.validatePolicyItems for policyItem.getAccesses().contains("") 
> - because getAccesses doesn't store String objects
>  * Making public partially initialized objects in 
> HadoopConfigHolder.initResourceMap()
>  * Calling toString on array, which is not too readable
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1991) Fix problems detected by static code analysis

2018-03-02 Thread Zsombor Gegesy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16383681#comment-16383681
 ] 

Zsombor Gegesy commented on RANGER-1991:


Commited to 1.0 branch: 
https://github.com/apache/ranger/commit/fdce224fa1aa63eba2fec2dce52f3d5ac3532df6

> Fix problems detected by static code analysis
> -
>
> Key: RANGER-1991
> URL: https://issues.apache.org/jira/browse/RANGER-1991
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.7.1
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Minor
>  Labels: code-cleanup, findbugs
> Fix For: 1.0.0
>
> Attachments: RANGER-1991.patch
>
>
> FindBugs/SpotBug detects a couple of problems with the code base:
>  * Incorrect class casting - in XXServiceDef.equals
>  * Unnecessary NPE checks - for variables which is known to be non-null (for 
> example, because in other places a method is called on that object). In 
> ServiceREST.java PublicAPIs.java, ServiceUtil.java and independently in 
> XUserMgr.java
>  * Collection.contains method call which is never true - in 
> ServiceDBStore.validatePolicyItems for policyItem.getAccesses().contains("") 
> - because getAccesses doesn't store String objects
>  * Making public partially initialized objects in 
> HadoopConfigHolder.initResourceMap()
>  * Calling toString on array, which is not too readable
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2000) Policy effective dates to support time-bound and temporary authorization

2018-03-02 Thread Abhay Kulkarni (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2000?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni updated RANGER-2000:
---
Summary: Policy effective dates to support time-bound and temporary 
authorization  (was: Policy & policy item effective dates to support time-bound 
and temporary authorization)

> Policy effective dates to support time-bound and temporary authorization
> 
>
> Key: RANGER-2000
> URL: https://issues.apache.org/jira/browse/RANGER-2000
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
>
> Currently Ranger policies have effectiveness period that is permanent i.e. 
> once authored they can only be disabled or enabled. There are many use cases 
> where such policies or even a policy condition needs to be time bound. For 
> example certain financial information about earnings that is sensitive and 
> restricted only until the earnings release date. 
> it would be great to have the ability to specify with each policy a time 
> horizon when it is effective (i.e.) either be effective after a certain date 
> and/or expire after a specific date or only valid within a certain time 
> window and have Ranger check whether the policy is effective before 
> evaluating in the policy engine. Therefore, policy authoring can be 
> simplified and does not require any subsequent action from the user, 
> basically making policy authoring a one time effort and users do not have to 
> go back disable the policies once it is past the expiration date.
> This means that:
>  # Ranger policy engine needs to be able to recognize the start and end times 
> for policies  and enforce them based on period of validity specified by the 
> user.
>  # Active policies should be checked not only based on the resource, user and 
> environment context but also whether the policy is effective.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1967) The Ranger support the Kafka 1.0.0

2018-03-02 Thread Zsombor Gegesy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zsombor Gegesy updated RANGER-1967:
---
Fix Version/s: (was: master)
   1.0.0

> The Ranger support the Kafka 1.0.0
> --
>
> Key: RANGER-1967
> URL: https://issues.apache.org/jira/browse/RANGER-1967
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: newbie, patch
> Fix For: 1.0.0
>
> Attachments: RANGER-1967-2.patch, RANGER-1967-3.patch, 
> RANGER-1967.patch
>
>
> Now the Ranger don't support the Kafka 1.0.0. We should support the Kafka 
> 1.0.0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1967) The Ranger support the Kafka 1.0.0

2018-03-02 Thread Zsombor Gegesy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16383685#comment-16383685
 ] 

Zsombor Gegesy commented on RANGER-1967:


Commited to [1.0 
branch|https://github.com/apache/ranger/commit/55fe5844a3beb1ff54a51bb5c93f15c631426ebc]
 too

> The Ranger support the Kafka 1.0.0
> --
>
> Key: RANGER-1967
> URL: https://issues.apache.org/jira/browse/RANGER-1967
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: newbie, patch
> Fix For: 1.0.0
>
> Attachments: RANGER-1967-2.patch, RANGER-1967-3.patch, 
> RANGER-1967.patch
>
>
> Now the Ranger don't support the Kafka 1.0.0. We should support the Kafka 
> 1.0.0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2005) Remove invalid package and import commands to fixed RANGER-1469 defect

2018-03-02 Thread Qiang Zhang (JIRA) 
Qiang Zhang created RANGER-2005:
---

 Summary: Remove invalid package and import commands to fixed 
RANGER-1469 defect
 Key: RANGER-2005
 URL: https://issues.apache.org/jira/browse/RANGER-2005
 Project: Ranger
  Issue Type: Improvement
  Components: usersync
Reporter: Qiang Zhang
Assignee: Qiang Zhang


Remove invalid packages and import commands package to installer to fixed 
RANGER-1469 defect.
 # Some imported pakcages are not used.
 # Some packages are imported repeatedly.
 # The commands package is missing in usersync installer when merged the 
RANGER-1469.

I build, install and carefully tested this issue after installation.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)