Re: Review Request 72520: RANGER-2829: plugins to support super-users/groups, and audit-exclude-users/groups/roles via configurations
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72520/#review220814 --- Ship it! Ship It! - bhavik patel On May 17, 2020, 8:16 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72520/ > --- > > (Updated May 17, 2020, 8:16 p.m.) > > > Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Mehul > Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2829 > https://issues.apache.org/jira/browse/RANGER-2829 > > > Repository: ranger > > > Description > --- > > Updated RangerBasePlugins to read super-users/groups and > audit-exclude-users/groups/roles from plugin config > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java > 89a31ccf6 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 41b24920d > > agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java > 2567edb29 > > > Diff: https://reviews.apache.org/r/72520/diff/1/ > > > Testing > --- > > - verified manually by using updated agents-common library > - updated unit tests to read super-users/groups, > audit-exclude-users/groups/roles from plugin-config > - verified that unit tests pass > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 72500: RANGER-2823: RangerResouceTrie.copySubTree() does not set up TrieNode's child nodes correctly
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72500/#review220813 --- Ship it! Ship It! - bhavik patel On May 12, 2020, 4:51 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72500/ > --- > > (Updated May 12, 2020, 4:51 p.m.) > > > Review request for ranger and Madhan Neethiraj. > > > Bugs: RANGER-2823 > https://issues.apache.org/jira/browse/RANGER-2823 > > > Repository: ranger > > > Description > --- > > Ranger uses Trie object (instance of RangerResourceTrie class) to index > policies, tags and zones for efficient searching. The API to deep-copy Trie > object does not work correctly, as the information about the child nodes in a > TrieNode is not replicated correctly. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java > e7d913c54 > > > Diff: https://reviews.apache.org/r/72500/diff/1/ > > > Testing > --- > > Tested by exercising copying existing Trie object and asserting that copy > contains the same TrieNode hierarchy as original Trie. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 72517: RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72517/#review220812 --- Ship it! Ship It! - bhavik patel On May 16, 2020, 6:28 a.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72517/ > --- > > (Updated May 16, 2020, 6:28 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2828 > https://issues.apache.org/jira/browse/RANGER-2828 > > > Repository: ranger > > > Description > --- > > RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 857a597 > > > Diff: https://reviews.apache.org/r/72517/diff/2/ > > > Testing > --- > > Verified in local vm with curl > curl -k -u admin:admin --verbose -X GET > 'http://172.25.34.170:6080/service/plugins/policies/exportJson?serviceName=c349_hive=SZ_SL:database=SZ_SL=hive=self_or_ancestor=full' > curl -k -u admin:admin --verbose -X GET > 'http://172.25.34.170:6080/service/plugins/policies/exportJson?serviceName=c349_hive=SZ_SL:database=SZ_SL=hive=self_or_ancestor' > > > Thanks, > > Ramesh Mani > >
[jira] [Commented] (RANGER-2754) Update presto dependency and implement row/column level security
[ https://issues.apache.org/jira/browse/RANGER-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17110094#comment-17110094 ] Bolke de Bruin commented on RANGER-2754: It's already fixed in master > Update presto dependency and implement row/column level security > > > Key: RANGER-2754 > URL: https://issues.apache.org/jira/browse/RANGER-2754 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: master >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > RANGER-2754-v2.patch, RANGER-2754.patch > > > 1. PrestoSql has changed its Security API hence the Ranger plugin has stopped > working for versions > ~321. > 2. Presto master now has row/column level security support -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2754) Update presto dependency and implement row/column level security
[ https://issues.apache.org/jira/browse/RANGER-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17109963#comment-17109963 ] Palash Das commented on RANGER-2754: [~toopt4] This is bad news, does this mean that we have to stick to prestosql 331? > Update presto dependency and implement row/column level security > > > Key: RANGER-2754 > URL: https://issues.apache.org/jira/browse/RANGER-2754 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: master >Reporter: Bolke de Bruin >Assignee: Bolke de Bruin >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, > RANGER-2754-v2.patch, RANGER-2754.patch > > > 1. PrestoSql has changed its Security API hence the Ranger plugin has stopped > working for versions > ~321. > 2. Presto master now has row/column level security support -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2810: Component/s: (was: audit) Ranger Affects Version/s: 2.1.0 master > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
