Re: Review Request 72632: RANGER-2886: Exporting tag policies fails when 'polResource' query parameter is used
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72632/#review221102 --- Ship it! Ship It! - Ramesh Mani On June 30, 2020, 9:54 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72632/ > --- > > (Updated June 30, 2020, 9:54 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Mehul Parikh, Ramesh Mani, and > Velmurugan Periasamy. > > > Bugs: RANGER-2886 > https://issues.apache.org/jira/browse/RANGER-2886 > > > Repository: ranger > > > Description > --- > > Exporting tag policies fails when 'polResource' query parameter is used and > serviceName parameter is omitted > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > c6308eefe > > > Diff: https://reviews.apache.org/r/72632/diff/1/ > > > Testing > --- > > Ensures that REST API for exporting policies in JSON format with and without > serviceName and/or serviceType parameters works as expected. > > > Thanks, > > Abhay Kulkarni > >
Review Request 72632: RANGER-2886: Exporting tag policies fails when 'polResource' query parameter is used
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72632/ --- Review request for ranger, Dineshkumar Yadav, Mehul Parikh, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-2886 https://issues.apache.org/jira/browse/RANGER-2886 Repository: ranger Description --- Exporting tag policies fails when 'polResource' query parameter is used and serviceName parameter is omitted Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c6308eefe Diff: https://reviews.apache.org/r/72632/diff/1/ Testing --- Ensures that REST API for exporting policies in JSON format with and without serviceName and/or serviceType parameters works as expected. Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-2886) Exporting tag policies fails when 'polResource' query parameter is used
[ https://issues.apache.org/jira/browse/RANGER-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-2886: --- Assignee: Abhay Kulkarni (was: Dineshkumar Yadav) > Exporting tag policies fails when 'polResource' query parameter is used > --- > > Key: RANGER-2886 > URL: https://issues.apache.org/jira/browse/RANGER-2886 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Abhay Kulkarni >Priority: Major > > Exporting tag policies fails when 'polResource' query parameter is used -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2886) Exporting tag policies fails when 'polResource' query parameter is used
[ https://issues.apache.org/jira/browse/RANGER-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramesh Mani reassigned RANGER-2886: --- Assignee: Dineshkumar Yadav (was: Abhay Kulkarni) > Exporting tag policies fails when 'polResource' query parameter is used > --- > > Key: RANGER-2886 > URL: https://issues.apache.org/jira/browse/RANGER-2886 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Ramesh Mani >Assignee: Dineshkumar Yadav >Priority: Major > > Exporting tag policies fails when 'polResource' query parameter is used -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2864) Group creation is failing during import policy
[ https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2864: Fix Version/s: 2.1.0 > Group creation is failing during import policy > -- > > Key: RANGER-2864 > URL: https://issues.apache.org/jira/browse/RANGER-2864 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > while creating a group during import policy, description field is null that > is leading to fail group creation. > As "descr" column in the table is not null for x_group in mysql. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2864) Group creation is failing during import policy
[ https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148569#comment-17148569 ] Pradeep Agrawal commented on RANGER-2864: - Patch committed : [https://github.com/apache/ranger/commit/641ef11a2e45887d689c986b2584fd3ba4c9fcc5] > Group creation is failing during import policy > -- > > Key: RANGER-2864 > URL: https://issues.apache.org/jira/browse/RANGER-2864 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > while creating a group during import policy, description field is null that > is leading to fail group creation. > As "descr" column in the table is not null for x_group in mysql. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed
[ https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148567#comment-17148567 ] Pradeep Agrawal commented on RANGER-2855: - Patch committed : [https://github.com/apache/ranger/commit/a14b6d6aa57d6bc0026713e73750df716c65aa8f] > import policy for ranger is not working properly if updateifexist parameter > is passed > - > > Key: RANGER-2855 > URL: https://issues.apache.org/jira/browse/RANGER-2855 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > *Problem Statement:* > Currently, Import Policy API provide option to updateIfExist all policies of > given service but it update the non matching policy. > *Current Imlementation* > 'updateIfExists' flag : API shall update existing policies with new policy > json based on either of the following conditions. > a) existing and new policy guid is matching > b) existing and new policy name, service and zone are matching > c) existing and new policy name and service are matching. > If there is a policy which matches the resource, the policy should be updated > with the data provided. > If there is no policy which matches the resource, a new policy should be > created with the data provided. > *Proposed Solution :* > Patch shall compare resource signature of existing policy with new policy > provide if it matches then update otherwise create new policy. > *Behaviour of the Import API shall be:* > 1) 'Override' flag : API shall delete all the policies of given target > service and shall create the new policies from the received json. > 2) 'deleteIfExists' flag : API shall delete those existing policies which are > exactly matching after comparing with new policy based on their resources. > After deleting the existing policy, API shall create the new policy from the > given json file. > 3) 'updateIfExists' flag with polResource input : API shall delete all the > existing policies from target service of which resources are exactly matching > with given policies resources. > 4) 'updateIfExists' flag without resource input : API shall update existing > policies with new policy json based on following conditions. > a) existing and new policy should match by resource signature > 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items > with the new policy of which resources will match exactly with available > policies. > 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which > resources are exactly matching. update the policies which are matching else > will create the policy. > If none of the cases are matching then API shall try to create the policy. > Policy creation validation will be done before creating the policy. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed
[ https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2855: Fix Version/s: 2.1.0 > import policy for ranger is not working properly if updateifexist parameter > is passed > - > > Key: RANGER-2855 > URL: https://issues.apache.org/jira/browse/RANGER-2855 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.1.0 > > > *Problem Statement:* > Currently, Import Policy API provide option to updateIfExist all policies of > given service but it update the non matching policy. > *Current Imlementation* > 'updateIfExists' flag : API shall update existing policies with new policy > json based on either of the following conditions. > a) existing and new policy guid is matching > b) existing and new policy name, service and zone are matching > c) existing and new policy name and service are matching. > If there is a policy which matches the resource, the policy should be updated > with the data provided. > If there is no policy which matches the resource, a new policy should be > created with the data provided. > *Proposed Solution :* > Patch shall compare resource signature of existing policy with new policy > provide if it matches then update otherwise create new policy. > *Behaviour of the Import API shall be:* > 1) 'Override' flag : API shall delete all the policies of given target > service and shall create the new policies from the received json. > 2) 'deleteIfExists' flag : API shall delete those existing policies which are > exactly matching after comparing with new policy based on their resources. > After deleting the existing policy, API shall create the new policy from the > given json file. > 3) 'updateIfExists' flag with polResource input : API shall delete all the > existing policies from target service of which resources are exactly matching > with given policies resources. > 4) 'updateIfExists' flag without resource input : API shall update existing > policies with new policy json based on following conditions. > a) existing and new policy should match by resource signature > 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items > with the new policy of which resources will match exactly with available > policies. > 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which > resources are exactly matching. update the policies which are matching else > will create the policy. > If none of the cases are matching then API shall try to create the policy. > Policy creation validation will be done before creating the policy. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2545) Migrate Ranger Logging to slf4j framework
[ https://issues.apache.org/jira/browse/RANGER-2545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2545: Fix Version/s: (was: 2.1.0) > Migrate Ranger Logging to slf4j framework > - > > Key: RANGER-2545 > URL: https://issues.apache.org/jira/browse/RANGER-2545 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Minor > Attachments: > 0001-RANGER-2545-Migrate-Ranger-Logging-to-slf4j-framewor.patch > > > Ranger has direct references to Log4j1. > As a result, systems which have moved over to using log4j2, logback etc via > slf4j as a facade end up requiring multiple logging configuration files. One > log4j1 config file for ranger, and another for the rest of the component. > Would be useful to move to slf4j or some other logging facade. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2863) Ranger UI Improvement.
[ https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2863: Fix Version/s: 2.1.0 > Ranger UI Improvement. > -- > > Key: RANGER-2863 > URL: https://issues.apache.org/jira/browse/RANGER-2863 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Fix For: 2.1.0 > > Attachments: 0001-RANGER-2863.patch, 0002-RANGER-2863.patch, > 0003-RANGER-2863.patch, display1.png, display2.png > > > UI Improvement > 1 . Added sidebar for all page. This will make navigation between various > repositories a lot easier -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2810. - Resolution: Information Provided > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, > image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72617: RANGER-2872: The Ranger authentication group permission of the ES does not take effect.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72617/#review221097 --- Ship it! Ship It! - bhavik patel On June 24, 2020, 8:34 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72617/ > --- > > (Updated June 24, 2020, 8:34 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Colm > O hEigeartaigh, Gautam Borad, Jayendra Parab, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, Velmurugan Periasamy, Qiang Zhang, > and Zsombor Gegesy. > > > Bugs: RANGER-2872 > https://issues.apache.org/jira/browse/RANGER-2872 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** In Elastic search plugin group ACL is not working. > When a user is in a group and user is not added in the ranger elasticsearch > policy but group is added in the policy then user request to elasticsearch > API fails. > > **Proposed Solution:** Currently groups value null is being passed in > checkPermission method, hence user's group should be loaded from hadoop ugi > for the logged in user. > > > Diffs > - > > > plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java > f5201cec4 > > > Diff: https://reviews.apache.org/r/72617/diff/1/ > > > Testing > --- > > > Thanks, > > Pradeep Agrawal > >
[jira] [Commented] (RANGER-2863) Ranger UI Improvement.
[ https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148483#comment-17148483 ] Nitin Galave commented on RANGER-2863: -- Committed to [Apache Master|https://github.com/apache/ranger/commit/8ed113f424d0054b364cc6bd5874225d6f2011ba] branch > Ranger UI Improvement. > -- > > Key: RANGER-2863 > URL: https://issues.apache.org/jira/browse/RANGER-2863 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Nitin Galave >Assignee: Nitin Galave >Priority: Major > Attachments: 0001-RANGER-2863.patch, 0002-RANGER-2863.patch, > 0003-RANGER-2863.patch, display1.png, display2.png > > > UI Improvement > 1 . Added sidebar for all page. This will make navigation between various > repositories a lot easier -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail
[ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] rujia updated RANGER-2810: -- Attachment: 0001-kafka-authorizer-ticket-expired-fix.patch > Kafka with Ranger plugin will fail > -- > > Key: RANGER-2810 > URL: https://issues.apache.org/jira/browse/RANGER-2810 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master, 2.0.0, 2.1.0 > Environment: CentOS Linux release 7.6.1810 (Core) > Ranger 2.0.0 >Reporter: bright.zhou >Assignee: Pradeep Agrawal >Priority: Blocker > Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, > image-2020-06-15-14-46-53-528.png > > > We use Ranger plugin to admin acls of Kafka cluster. At first , everything is > ok, but after 10h+ of kafka start, there is something wrong occured, we can > see error log in kafka-root.log, the error log is `Authentication failed > during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ > name protocol error: x `。To solve this we had to restart Kafka, It's so > strange that if i change `authorizer.class.name` to > `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger > is related with acls and not related with SASL authentication,so i want to > ask for help. -- This message was sent by Atlassian Jira (v8.3.4#803005)