Re: Review Request 72608: RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log

2020-06-22 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/
---

(Updated June 22, 2020, 8:38 p.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Changes
---

Fixed review comments


Bugs: RANGER-2869
https://issues.apache.org/jira/browse/RANGER-2869


Repository: ranger


Description
---

RANGER-2869: Ranger audit module to provide an option to generate a UUID for 
each audit log


Diffs (updated)
-

  agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 
b7315a9 
  
agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
 137fd1f 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
 b82ff29 


Diff: https://reviews.apache.org/r/72608/diff/2/

Changes: https://reviews.apache.org/r/72608/diff/1-2/


Testing
---

Verified in Local vm - Audit logs has the Strict UUID when 
"xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending 
the UUID with sequence is happening.


Thanks,

Ramesh Mani

Re: Review Request 72608: RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log

2020-06-22 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221049
---


Ship it!




Ship It!

- Abhay Kulkarni


On June 22, 2020, 8:38 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> ---
> 
> (Updated June 22, 2020, 8:38 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for 
> each audit log
> 
> 
> Diffs
> -
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 
> b7315a9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
>  137fd1f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
>  b82ff29 
> 
> 
> Diff: https://reviews.apache.org/r/72608/diff/2/
> 
> 
> Testing
> ---
> 
> Verified in Local vm - Audit logs has the Strict UUID when 
> "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending 
> the UUID with sequence is happening.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 72608: RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log

2020-06-22 Thread Ramesh Mani 


> On June 21, 2020, 10:37 p.m., Abhay Kulkarni wrote:
> > agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
> > Lines 299 (patched)
> > 
> >
> > Although secureRandom object can be slow at times, the black-duck scan 
> > may flag this as a security issue.

When every audit log needs a new UUID, we shall stick to random() as 
secureRandom() will be very slow and will block the operation done.


- Ramesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221039
---


On June 22, 2020, 8:38 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> ---
> 
> (Updated June 22, 2020, 8:38 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for 
> each audit log
> 
> 
> Diffs
> -
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 
> b7315a9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
>  137fd1f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
>  b82ff29 
> 
> 
> Diff: https://reviews.apache.org/r/72608/diff/2/
> 
> 
> Testing
> ---
> 
> Verified in Local vm - Audit logs has the Strict UUID when 
> "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending 
> the UUID with sequence is happening.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 72608: RANGER-2869: Ranger audit module to provide an option to generate a UUID for each audit log

2020-06-22 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72608/#review221040
---




agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Line 76 (original), 77 (patched)


@Abhay - you are right. There is no need to instantiate RANDOM_HOLDER. 
Instead, #303 should directly reference RandomHolder.random, which will defer 
instantiation of RandomHolder.random until its first use.



agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
Lines 299 (patched)


SecureRandom implementation depends on various sources of entropy such as 
(keyboard/mouse/other i/o, ..), which makes it unpredictable. Depending upon 
the activities in the operating system, it might take multiple seconds to 
create a random number - which is not suitable for high volunme audit-log-id 
generation here.


- Madhan Neethiraj


On June 21, 2020, 9:14 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72608/
> ---
> 
> (Updated June 21, 2020, 9:14 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2869
> https://issues.apache.org/jira/browse/RANGER-2869
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2869: Ranger audit module to provide an option to generate a UUID for 
> each audit log
> 
> 
> Diffs
> -
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 
> b7315a9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
>  137fd1f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
>  b82ff29 
> 
> 
> Diff: https://reviews.apache.org/r/72608/diff/1/
> 
> 
> Testing
> ---
> 
> Verified in Local vm - Audit logs has the Strict UUID when 
> "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending 
> the UUID with sequence is happening.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

[jira] [Created] (RANGER-2870) Atlas Resource based policy - classification is not honored

2020-06-22 Thread Nixon Rodrigues (Jira) 
Nixon Rodrigues created RANGER-2870:
---

 Summary: Atlas Resource based policy - classification is not 
honored
 Key: RANGER-2870
 URL: https://issues.apache.org/jira/browse/RANGER-2870
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Reporter: Nixon Rodrigues
Assignee: Nixon Rodrigues


For an Altas policy for a given entity-type, the entity classification field is 
not honoured

Example:

A Datasteward user would like  to apply tags cc.* on their hive db 
credit_card_db1


entity-type : hive_db,hive_table
entity classification: cc.*
entity-id: credit_card_db1*

 

When the classification is * , the atlas user can add all the tags needed

But wants to add tags when entity classifications hat.* or hat* or hat?* and is 
not able to.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge

2020-06-22 Thread Nixon Rodrigues (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues reassigned RANGER-2821:
---

Assignee: Nixon Rodrigues

> Update ranger authorizer for Atlas to add admin-purge
> -
>
> Key: RANGER-2821
> URL: https://issues.apache.org/jira/browse/RANGER-2821
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Sidharth Kumar Mishra
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: 
> 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2863) Ranger UI Improvement.

2020-06-22 Thread Nitin Galave (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-2863:
-
Attachment: (was: 0001-RANGER-2863.patch)

> Ranger UI Improvement.
> --
>
> Key: RANGER-2863
> URL: https://issues.apache.org/jira/browse/RANGER-2863
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: 0001-RANGER-2863.patch, display1.png, display2.png
>
>
> UI Improvement
> 1 . Added sidebar for all page. This will make navigation between various 
> repositories a lot easier



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2863) Ranger UI Improvement.

2020-06-22 Thread Nitin Galave (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-2863:
-
Attachment: 0001-RANGER-2863.patch

> Ranger UI Improvement.
> --
>
> Key: RANGER-2863
> URL: https://issues.apache.org/jira/browse/RANGER-2863
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: 0001-RANGER-2863.patch, display1.png, display2.png
>
>
> UI Improvement
> 1 . Added sidebar for all page. This will make navigation between various 
> repositories a lot easier



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge

2020-06-22 Thread Nixon Rodrigues (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues updated RANGER-2821:

Attachment: 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch

> Update ranger authorizer for Atlas to add admin-purge
> -
>
> Key: RANGER-2821
> URL: https://issues.apache.org/jira/browse/RANGER-2821
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Sidharth Kumar Mishra
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: 
> 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2821) Update ranger authorizer for Atlas to add admin-purge

2020-06-22 Thread Nixon Rodrigues (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2821?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141976#comment-17141976
 ] 

Nixon Rodrigues commented on RANGER-2821:
-

[~pradeep], [~sidharthkmishra],

I have added fix 
[^0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch] to render 
admin-purge permission on UI.  which was missing in earlier patch.

Please review.

> Update ranger authorizer for Atlas to add admin-purge
> -
>
> Key: RANGER-2821
> URL: https://issues.apache.org/jira/browse/RANGER-2821
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Sidharth Kumar Mishra
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: 
> 0001-RANGER-2821-Update-ranger-authorizer-for-Atlas-to-ad.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72603: RANGER-2865: Add ALL WITH GRANT to Kudu service

2020-06-22 Thread Attila Bukor 


> On June 18, 2020, 6:57 p.m., Madhan Neethiraj wrote:
> > agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json
> > Lines 158 (patched)
> > 
> >
> > Is "with grant" here equivalent of "with grant option" in SQL? i.e the 
> > user with this permission can grant access to other users/groups. If that 
> > is the intent, simply adding "impliedGrants" will not be enough. It will 
> > requlre "delegateAdmin" flag to be true in RangerPolicy.
> 
> Attila Bukor wrote:
> It is, but Kudu doesn't support granting permissions in Ranger right now, 
> so this is used for creating tables with a different owner and changing 
> owners. I also tried to go down the delegateAdmin route, do you mean that it 
> can be set in the service definition? Or that I should use delegateAdmin 
> instead of this role? Is there a way to make it imply other grants?

Had a chat with Madhan, then discussed our options with the Kudu team and 
decided we'll go with another approach as suggested by Madhan (ALL + delegate 
admin) for now, dropping this.


- Attila


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72603/#review221027
---


On June 18, 2020, 4:27 p.m., Attila Bukor wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72603/
> ---
> 
> (Updated June 18, 2020, 4:27 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2865: Add ALL WITH GRANT to Kudu service
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kudu.json 
> e2a8b72a96b89893d2bec11a201ffbe1b2b28e09 
> 
> 
> Diff: https://reviews.apache.org/r/72603/diff/1/
> 
> 
> Testing
> ---
> 
> * I did test that it works as expected in Kudu
> 
> 
> Thanks,
> 
> Attila Bukor
> 
>