[jira] [Updated] (HAWQ-1007) Add the pgcrypto code into hawq
[ https://issues.apache.org/jira/browse/HAWQ-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Goden Yao updated HAWQ-1007: Component/s: Build > Add the pgcrypto code into hawq > --- > > Key: HAWQ-1007 > URL: https://issues.apache.org/jira/browse/HAWQ-1007 > Project: Apache HAWQ > Issue Type: Bug > Components: Build >Reporter: Paul Guo >Assignee: Lei Chang > Fix For: 2.0.0.0-incubating > > > We are using pgcrypto with a hacking solution by dynamically git-cloning > postgresql and patching the code. This is inefficient for development. > We are doing like this just because of the Apache crypto process. > http://www.apache.org/dev/crypto.html > Recently the community decides to go through the apache crypto process. > Now it is a good chance for us to add the code into hawq. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] incubator-hawq issue #848: HAWQ-1006. Fix RPM compliance in Redhat Satellite...
Github user kavinderd commented on the issue: https://github.com/apache/incubator-hawq/pull/848 LGTM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq issue #848: HAWQ-1006. Fix RPM compliance in Redhat Satellite...
Github user GodenYao commented on the issue: https://github.com/apache/incubator-hawq/pull/848 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Updated] (HAWQ-1007) Add the pgcrypto code into hawq
[ https://issues.apache.org/jira/browse/HAWQ-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Goden Yao updated HAWQ-1007: Fix Version/s: 2.0.0.0-incubating > Add the pgcrypto code into hawq > --- > > Key: HAWQ-1007 > URL: https://issues.apache.org/jira/browse/HAWQ-1007 > Project: Apache HAWQ > Issue Type: Bug >Reporter: Paul Guo >Assignee: Lei Chang > Fix For: 2.0.0.0-incubating > > > We are using pgcrypto with a hacking solution by dynamically git-cloning > postgresql and patching the code. This is inefficient for development. > We are doing like this just because of the Apache crypto process. > http://www.apache.org/dev/crypto.html > Recently the community decides to go through the apache crypto process. > Now it is a good chance for us to add the code into hawq. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] incubator-hawq pull request #851: HAWQ-838. Replace python module paramiko w...
GitHub user radarwave opened a pull request: https://github.com/apache/incubator-hawq/pull/851 HAWQ-838. Replace python module paramiko with pexpect Since paramiko's license is conflict with Apache HAWQ's license, so we can't deliver it with HAWQ package. We can use pexpect(and it's submodule ptyprocess) to replace it which license is compatible with HAWQ. So user don't need to install it manually. You can merge this pull request into a Git repository by running: $ git pull https://github.com/radarwave/incubator-hawq pexpect Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-hawq/pull/851.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #851 commit a1a2f2c5ceb5953c613e2a4707563e08461095ef Author: rlei Date: 2016-08-05T03:09:09Z HAWQ-838. Replace python module paramiko with pexpect --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Comment Edited] (HAWQ-256) Integrate Security with Apache Ranger
[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422443#comment-15422443 ] Lili Ma edited comment on HAWQ-256 at 8/16/16 8:51 AM: --- [~bosco] [~vineetgoel] [~lei_chang] [~hubertzhang] [~wenlin] Another thing we need to discuss is whether we support user send "GRANT" SQL besides setting policy in Ranger. If we also support Grant SQL, there is a minor difference between the "with grant option" of Grant SQL and what inside Ranger UI. We need to discuss it clear. Ranger has one button "Delegate Admin" when defining policy, this is different from what HAWQ grant SQL specifies. That button in Ranger means the Ranger internal user has the privileges to operate the given path/object and assign someone else the rights for the objects. That button has no influence on Ranger external user, say, HAWQ internal user. For example, if we add a policy specifying user A has the privileges to select a table T and click on the button and user A is Ranger internal user, then user A has the right to log into Ranger and assign the insert/select privileges for table T to user B. The grant SQL with grant option means that the to-be-granted user has the privilege to grant certain privileges to other users. If the grant privilege specifies just select, then user A can't grant insert privilege to user B. So this is minor different from what Ranger has already provided. If we allow grant/revoke SQL from HAWQ, we need to add "grant" as an action option to the resource. Action option means for each action, it has an attribute which indicates whether this action can be granted by the user. For example, admin grant two privileges: "grant select on t1 to u1" "grant insert on t1 to u1 with grant option" Then u1 grant privilege to u2 "grant select on t1 to u2" result: failed! grant insert on t1 to u2" result: succeed! As a result, u2 can insert on t1, but it cannot select on t1. Correspondingly, in Ranger, we have the following policies(* means with grant privilege): t1 u1 insert*select t1 u2 insert So the conclusion is that we need double the privileges for defining "with grant option" if we want to support Grant/Revoke SQL from HAWQ side. was (Author: lilima): [~bosco][~vineetgoel][~lei_chang][~hubertzhang][~wenlin] Another thing we need to discuss is whether we support user send "GRANT" SQL besides setting policy in Ranger. If we also support Grant SQL, there is a minor difference between the "with grant option" of Grant SQL and what inside Ranger UI. We need to discuss it clear. Ranger has one button "Delegate Admin" when defining policy, this is different from what HAWQ grant SQL specifies. That button in Ranger means the Ranger internal user has the privileges to operate the given path/object and assign someone else the rights for the objects. That button has no influence on Ranger external user, say, HAWQ internal user. For example, if we add a policy specifying user A has the privileges to select a table T and click on the button and user A is Ranger internal user, then user A has the right to log into Ranger and assign the insert/select privileges for table T to user B. The grant SQL with grant option means that the to-be-granted user has the privilege to grant certain privileges to other users. If the grant privilege specifies just select, then user A can't grant insert privilege to user B. So this is minor different from what Ranger has already provided. If we allow grant/revoke SQL from HAWQ, we need to add "grant" as an action option to the resource. Action option means for each action, it has an attribute which indicates whether this action can be granted by the user. For example, admin grant two privileges: "grant select on t1 to u1" "grant insert on t1 to u1 with grant option" Then u1 grant privilege to u2 "grant select on t1 to u2" result: failed! grant insert on t1 to u2" result: succeed! As a result, u2 can insert on t1, but it cannot select on t1. Correspondingly, in Ranger, we have the following policies(* means with grant privilege): t1 u1 insert*select t1 u2 insert So the conclusion is that we need double the privileges for defining "with grant option" if we want to support Grant/Revoke SQL from HAWQ side. > Integrate Security with Apache Ranger > - > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security >Reporter: Michael Andre Pearce (IG) >Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HAWQ-256) Integrate Security with Apache Ranger
[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422443#comment-15422443 ] Lili Ma commented on HAWQ-256: -- [~bosco][~vineetgoel][~lei_chang][~hubertzhang][~wenlin] Another thing we need to discuss is whether we support user send "GRANT" SQL besides setting policy in Ranger. If we also support Grant SQL, there is a minor difference between the "with grant option" of Grant SQL and what inside Ranger UI. We need to discuss it clear. Ranger has one button "Delegate Admin" when defining policy, this is different from what HAWQ grant SQL specifies. That button in Ranger means the Ranger internal user has the privileges to operate the given path/object and assign someone else the rights for the objects. That button has no influence on Ranger external user, say, HAWQ internal user. For example, if we add a policy specifying user A has the privileges to select a table T and click on the button and user A is Ranger internal user, then user A has the right to log into Ranger and assign the insert/select privileges for table T to user B. The grant SQL with grant option means that the to-be-granted user has the privilege to grant certain privileges to other users. If the grant privilege specifies just select, then user A can't grant insert privilege to user B. So this is minor different from what Ranger has already provided. If we allow grant/revoke SQL from HAWQ, we need to add "grant" as an action option to the resource. Action option means for each action, it has an attribute which indicates whether this action can be granted by the user. For example, admin grant two privileges: "grant select on t1 to u1" "grant insert on t1 to u1 with grant option" Then u1 grant privilege to u2 "grant select on t1 to u2" result: failed! grant insert on t1 to u2" result: succeed! As a result, u2 can insert on t1, but it cannot select on t1. Correspondingly, in Ranger, we have the following policies(* means with grant privilege): t1 u1 insert*select t1 u2 insert So the conclusion is that we need double the privileges for defining "with grant option" if we want to support Grant/Revoke SQL from HAWQ side. > Integrate Security with Apache Ranger > - > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security >Reporter: Michael Andre Pearce (IG) >Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HAWQ-256) Integrate Security with Apache Ranger
[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422420#comment-15422420 ] Lili Ma commented on HAWQ-256: -- [~bosco], as [~hubertzhang] mentioned, HAWQ currently has requests for the privileges combination, either 'ALL', or 'ANY'. Do you think it's feasible to implement it inside Ranger REST API service? Certainly we can do it in HAWQ side, but there will be multiple communications with Ranger REST API, I'm afraid it may increase the time for checking privileges. So it's better to implement this judgement inside Ranger REST service. Your thoughts? > Integrate Security with Apache Ranger > - > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security >Reporter: Michael Andre Pearce (IG) >Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HAWQ-256) Integrate Security with Apache Ranger
[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422417#comment-15422417 ] Lili Ma commented on HAWQ-256: -- [~bosco] Thanks for your suggestion about default behaviors. I think Ranger 0.6 can help us resolve this problem. > Integrate Security with Apache Ranger > - > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security >Reporter: Michael Andre Pearce (IG) >Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (HAWQ-256) Integrate Security with Apache Ranger
[ https://issues.apache.org/jira/browse/HAWQ-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15422415#comment-15422415 ] Lili Ma commented on HAWQ-256: -- Per offline discussion, we think the integration between LDAP and HAWQ is out of the scope for HAWQ Integration with Apache Ranger. And since HAWQ already supports LDAP sync, we decide to put this to lower priority. > Integrate Security with Apache Ranger > - > > Key: HAWQ-256 > URL: https://issues.apache.org/jira/browse/HAWQ-256 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security >Reporter: Michael Andre Pearce (IG) >Assignee: Lili Ma > Fix For: backlog > > Attachments: HAWQRangerSupportDesign.pdf > > > Integrate security with Apache Ranger for a unified Hadoop security solution. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] incubator-hawq issue #850: HAWQ-980. hawq does not handle guc value with spa...
Github user paul-guo- commented on the issue: https://github.com/apache/incubator-hawq/pull/850 Merged. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] incubator-hawq pull request #850: HAWQ-980. hawq does not handle guc value w...
Github user paul-guo- closed the pull request at: https://github.com/apache/incubator-hawq/pull/850 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
