[jira] [Created] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for cm_kms repo
Dhaval B. SHAH created RANGER-2983: -- Summary: Add hbase users with Decrypteek permission in default policy for cm_kms repo Key: RANGER-2983 URL: https://issues.apache.org/jira/browse/RANGER-2983 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dhaval B. SHAH Assignee: Dhaval B. SHAH At present we have following user ⇔ permission mapping for default policies on KMS Hdfs ⇔ Get Metadata , Generate EEK Hive ⇔ Get Metadata , Decrypt EEK Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/ --- (Updated Sept. 4, 2020, 10:31 a.m.) Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, and Sarath Subramanian. Changes --- Fixed unused imports for PMD. Bugs: RANGER-2929 https://issues.apache.org/jira/browse/RANGER-2929 Repository: ranger Description --- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898. Currently in the Atlas-Ranger plugin for types resource READ permission is not available and read access is available by default to all types of any category. This patch updates service-def with "type-read" permission and updates authorizer for read of all typedefs and also filters typesdefs based on access provided. Diffs (updated) - agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 7672be05a plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 28d71de21 plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java 7c89ffef5 pom.xml 1f88b27e4 ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java 0e220f132 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql dfaf3c987 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 21626f6dc security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 5cd2cc798 security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 081b153a3 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 642d6c151 security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10040.java PRE-CREATION Diff: https://reviews.apache.org/r/72828/diff/6/ Changes: https://reviews.apache.org/r/72828/diff/5-6/ Testing --- Tested Atlas UI and typedefs API functionality by setting policies in ranger Admin for type-category/type resources . Thanks, Nixon Rodrigues
[jira] [Updated] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for kms
[ https://issues.apache.org/jira/browse/RANGER-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2983: --- Summary: Add hbase users with Decrypteek permission in default policy for kms (was: Add hbase users with Decrypteek permission in default policy for cm_kms repo) > Add hbase users with Decrypteek permission in default policy for kms > > > Key: RANGER-2983 > URL: https://issues.apache.org/jira/browse/RANGER-2983 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > > At present we have following user ⇔ permission mapping for default policies > on KMS > Hdfs ⇔ Get Metadata , Generate EEK > Hive ⇔ Get Metadata , Decrypt EEK > Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 72836: RANGER-2983 : Add hbase users with Decrypteek permission in default policy for kms
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72836/ --- Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Jayendra Parab, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2983 https://issues.apache.org/jira/browse/RANGER-2983 Repository: ranger Description --- At present we have following user and permission mapping for default policies on KMS Hdfs => Get Metadata , Generate EEK Hive => Get Metadata , Decrypt EEK Similarly we need to hbase user with decrepeek permission Diffs - plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java d33d608bf security-admin/src/main/resources/conf.dist/ranger-admin-site.xml c4109847f Diff: https://reviews.apache.org/r/72836/diff/1/ Testing --- Successfully created defualt policy for Ranger KMS with decrepeek permission. Thanks, Dhaval Shah
[jira] [Updated] (RANGER-2984) “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar
[ https://issues.apache.org/jira/browse/RANGER-2984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bing-ok updated RANGER-2984: Description: Hi, there are multiple versions of _*com.google.guava:guava*_ in _*ranger\unixauthclient*_. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only _*com.google.guava:guava:25.1-jre*_ can be loaded, _*com.google.guava:guava:16.0.1*_ will be shadowed. As _*com.google.guava:guava:16.0.1*_ has not been loaded during the building process, several methods are missing. However, the missing methods: 1. _*com.google.common.reflect.TypeToken: java.lang.reflect.Type access$400(com.google.common.reflect.TypeToken)*_ {noformat} paths-- ranger\unixauthclient\target\classes Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar {noformat} The above missing methods are actually referenced by _*ranger\unixauthclient*_, which will cause “NoSuchMethodErrors” at runtime. Suggested fixing solutions: 1. Upgrade dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_*. Because one conflicting library version _*com.google.guava:guava:16.0.1*_ is transitively introduced by _*org.apache.hadoop:hadoop-auth:3.3.0*_. Upgrading dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_* can solve this dependency conflict. 2. Change dependency _*com.google.guava:guava*_ from _*25.1-jre*_ to *_24.0-jre_*. Please let me know which solution do you prefer? I can submit a PR to fix it. Thank you very much for your attention. Best regards, Dependency tree [INFO] org.apache.ranger:unixauthclient:jar:3.0.0-SNAPSHOT [INFO] +- *com.google.guava:guava:jar:25.1-jre:compile* [INFO] - org.apache.hadoop:hadoop-auth:jar:3.1.1:compile [INFO] +- org.apache.curator:curator-framework:jar:2.12.0:compile [INFO] | - org.apache.curator:curator-client:jar:2.12.0:compile [INFO] | - *(com.google.guava:guava:jar:16.0.1:compile - omitted for conflict with 25.1-jre)* [INFO] - (com.google.guava:guava:jar:11.0.2:compile - omitted for conflict with 25.1-jre) was: @Mention someone by typing their name...Hi, there are multiple versions of _*com.google.guava:guava*_ in _*ranger\unixauthclient*_. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only _*com.google.guava:guava:25.1-jre*_ can be loaded, _*com.google.guava:guava:16.0.1*_ will be shadowed. As _*com.google.guava:guava:16.0.1*_ has not been loaded during the building process, several methods are missing. However, the missing methods: 1. _*com.google.common.reflect.TypeToken: java.lang.reflect.Type access$400(com.google.common.reflect.TypeToken)*_ {noformat} paths-- ranger\unixauthclient\target\classes Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar {noformat} The above missing methods are actually referenced by _*ranger\unixauthclient*_, which will cause “NoSuchMethodErrors” at runtime. Suggested fixing solutions: 1. Upgrade dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_*. Because one conflicting library version _*com.google.guava:guava:16.0.1*_ is transitively introduced by _*org.apache.hadoop:hadoop-auth:3.3.0*_. Upgrading dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_* can solve this dependency conflict. 2. Change dependency _*com.google.guava:guava*_ from _*25.1-jre*_ to *_24.0-jre_*. Please let me know which solution do you prefer? I can submit a PR to fix it. Thank you very much for your attention. Best regards, Dependency tree [INFO] org.apache.ranger:unixauthclient:jar:3.0.0-SNAPSHOT [INFO] +- *com.google.guava:guava:jar:25.1-jre:compile* [INFO] - org.apache.hadoop:hadoop-auth:jar:3.1.1:compile [INFO] +- org.apache.curator:curator-framework:jar:2.12.0:compile [INFO] | - org.apache.curator:curator-client:jar:2.12.0:compile [INFO] | - *(com.google.guava:guava:jar:16.0.1:compile - omitted for conflict with 25.1-jre)* [INFO] - (com.google.guava:guava:jar:11.0.2:compile - omitted for conflict with 25.1-jre) > “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar > --- > > Key: RANGER-2984 > URL: https://issues.apache.org/jira/browse/RANGER-2984 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Bing-ok >Priority: Major > > Hi, there are multiple versions of
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/#review221804 --- Ship it! Ship It! - Mehul Parikh On Sept. 4, 2020, 10:31 a.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72828/ > --- > > (Updated Sept. 4, 2020, 10:31 a.m.) > > > Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, > Ramesh Mani, and Sarath Subramanian. > > > Bugs: RANGER-2929 > https://issues.apache.org/jira/browse/RANGER-2929 > > > Repository: ranger > > > Description > --- > > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898. > > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > > This patch updates service-def with "type-read" permission and updates > authorizer for read of all typedefs and also filters typesdefs based on > access provided. > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > 7672be05a > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 28d71de21 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > 7c89ffef5 > pom.xml 1f88b27e4 > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 0e220f132 > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > dfaf3c987 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 21626f6dc > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 5cd2cc798 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 081b153a3 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 642d6c151 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10040.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72828/diff/6/ > > > Testing > --- > > Tested Atlas UI and typedefs API functionality by setting policies in ranger > Admin for type-category/type resources . > > > Thanks, > > Nixon Rodrigues > >
[jira] [Created] (RANGER-2984) “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar
Bing-ok created RANGER-2984: --- Summary: “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar Key: RANGER-2984 URL: https://issues.apache.org/jira/browse/RANGER-2984 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0 Reporter: Bing-ok @Mention someone by typing their name...Hi, there are multiple versions of _*com.google.guava:guava*_ in _*ranger\unixauthclient*_. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only _*com.google.guava:guava:25.1-jre*_ can be loaded, _*com.google.guava:guava:16.0.1*_ will be shadowed. As _*com.google.guava:guava:16.0.1*_ has not been loaded during the building process, several methods are missing. However, the missing methods: 1. _*com.google.common.reflect.TypeToken: java.lang.reflect.Type access$400(com.google.common.reflect.TypeToken)*_ {noformat} paths-- ranger\unixauthclient\target\classes Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar {noformat} The above missing methods are actually referenced by _*ranger\unixauthclient*_, which will cause “NoSuchMethodErrors” at runtime. Suggested fixing solutions: 1. Upgrade dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_*. Because one conflicting library version _*com.google.guava:guava:16.0.1*_ is transitively introduced by _*org.apache.hadoop:hadoop-auth:3.3.0*_. Upgrading dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_* can solve this dependency conflict. 2. Change dependency _*com.google.guava:guava*_ from _*25.1-jre*_ to *_24.0-jre_*. Please let me know which solution do you prefer? I can submit a PR to fix it. Thank you very much for your attention. Best regards, Dependency tree [INFO] org.apache.ranger:unixauthclient:jar:3.0.0-SNAPSHOT [INFO] +- *com.google.guava:guava:jar:25.1-jre:compile* [INFO] \- org.apache.hadoop:hadoop-auth:jar:3.1.1:compile [INFO] +- org.apache.curator:curator-framework:jar:2.12.0:compile [INFO] | \- org.apache.curator:curator-client:jar:2.12.0:compile [INFO] | \- *(com.google.guava:guava:jar:16.0.1:compile - omitted for conflict with 25.1-jre)* [INFO] \- (com.google.guava:guava:jar:11.0.2:compile - omitted for conflict with 25.1-jre) -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2984) “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar
[ https://issues.apache.org/jira/browse/RANGER-2984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bing-ok updated RANGER-2984: Description: @Mention someone by typing their name...Hi, there are multiple versions of _*com.google.guava:guava*_ in _*ranger\unixauthclient*_. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only _*com.google.guava:guava:25.1-jre*_ can be loaded, _*com.google.guava:guava:16.0.1*_ will be shadowed. As _*com.google.guava:guava:16.0.1*_ has not been loaded during the building process, several methods are missing. However, the missing methods: 1. _*com.google.common.reflect.TypeToken: java.lang.reflect.Type access$400(com.google.common.reflect.TypeToken)*_ {noformat} paths-- ranger\unixauthclient\target\classes Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar {noformat} The above missing methods are actually referenced by _*ranger\unixauthclient*_, which will cause “NoSuchMethodErrors” at runtime. Suggested fixing solutions: 1. Upgrade dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_*. Because one conflicting library version _*com.google.guava:guava:16.0.1*_ is transitively introduced by _*org.apache.hadoop:hadoop-auth:3.3.0*_. Upgrading dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_* can solve this dependency conflict. 2. Change dependency _*com.google.guava:guava*_ from _*25.1-jre*_ to *_24.0-jre_*. Please let me know which solution do you prefer? I can submit a PR to fix it. Thank you very much for your attention. Best regards, Dependency tree [INFO] org.apache.ranger:unixauthclient:jar:3.0.0-SNAPSHOT [INFO] +- *com.google.guava:guava:jar:25.1-jre:compile* [INFO] - org.apache.hadoop:hadoop-auth:jar:3.1.1:compile [INFO] +- org.apache.curator:curator-framework:jar:2.12.0:compile [INFO] | - org.apache.curator:curator-client:jar:2.12.0:compile [INFO] | - *(com.google.guava:guava:jar:16.0.1:compile - omitted for conflict with 25.1-jre)* [INFO] - (com.google.guava:guava:jar:11.0.2:compile - omitted for conflict with 25.1-jre) was: @Mention someone by typing their name...Hi, there are multiple versions of _*com.google.guava:guava*_ in _*ranger\unixauthclient*_. As shown in the following dependency tree, according to Maven's “nearest wins” strategy, only _*com.google.guava:guava:25.1-jre*_ can be loaded, _*com.google.guava:guava:16.0.1*_ will be shadowed. As _*com.google.guava:guava:16.0.1*_ has not been loaded during the building process, several methods are missing. However, the missing methods: 1. _*com.google.common.reflect.TypeToken: java.lang.reflect.Type access$400(com.google.common.reflect.TypeToken)*_ {noformat} paths-- ranger\unixauthclient\target\classes Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar Repositories\org\apache\curator\curator-client\2.12.0\curator-client-2.12.0.jar {noformat} The above missing methods are actually referenced by _*ranger\unixauthclient*_, which will cause “NoSuchMethodErrors” at runtime. Suggested fixing solutions: 1. Upgrade dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_*. Because one conflicting library version _*com.google.guava:guava:16.0.1*_ is transitively introduced by _*org.apache.hadoop:hadoop-auth:3.3.0*_. Upgrading dependency _*org.apache.hadoop:hadoop-auth*_ from _*3.1.1*_ to *_3.3.0_* can solve this dependency conflict. 2. Change dependency _*com.google.guava:guava*_ from _*25.1-jre*_ to *_24.0-jre_*. Please let me know which solution do you prefer? I can submit a PR to fix it. Thank you very much for your attention. Best regards, Dependency tree [INFO] org.apache.ranger:unixauthclient:jar:3.0.0-SNAPSHOT [INFO] +- *com.google.guava:guava:jar:25.1-jre:compile* [INFO] \- org.apache.hadoop:hadoop-auth:jar:3.1.1:compile [INFO] +- org.apache.curator:curator-framework:jar:2.12.0:compile [INFO] | \- org.apache.curator:curator-client:jar:2.12.0:compile [INFO] | \- *(com.google.guava:guava:jar:16.0.1:compile - omitted for conflict with 25.1-jre)* [INFO] \- (com.google.guava:guava:jar:11.0.2:compile - omitted for conflict with 25.1-jre) > “NoSuchMethodErrors” due to multiple versions of com.google.guava:guava:jar > --- > > Key: RANGER-2984 > URL: https://issues.apache.org/jira/browse/RANGER-2984 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Bing-ok >Priority: Major > >
[jira] [Updated] (RANGER-2983) Add hbase users with Decrypteek permission in default policy for kms
[ https://issues.apache.org/jira/browse/RANGER-2983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval B. SHAH updated RANGER-2983: --- Fix Version/s: 2.2.0 > Add hbase users with Decrypteek permission in default policy for kms > > > Key: RANGER-2983 > URL: https://issues.apache.org/jira/browse/RANGER-2983 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval B. SHAH >Assignee: Dhaval B. SHAH >Priority: Major > Fix For: 2.2.0 > > > At present we have following user ⇔ permission mapping for default policies > on KMS > Hdfs ⇔ Get Metadata , Generate EEK > Hive ⇔ Get Metadata , Decrypt EEK > Similarly we need to hbase user with decrepeek permission -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72828: RANGER-2929 :- Update Atlas Ranger Authorizer for "type-read" accessType changes done in ATLAS-3898
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72828/#review221805 --- Ship it! Ship It! - Madhan Neethiraj On Sept. 4, 2020, 10:31 a.m., Nixon Rodrigues wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72828/ > --- > > (Updated Sept. 4, 2020, 10:31 a.m.) > > > Review request for ranger, Jayendra Parab, Madhan Neethiraj, Mehul Parikh, > Ramesh Mani, and Sarath Subramanian. > > > Bugs: RANGER-2929 > https://issues.apache.org/jira/browse/RANGER-2929 > > > Repository: ranger > > > Description > --- > > Update Atlas Ranger Authorizer for "type-read" accessType changes done in > ATLAS-3898. > > Currently in the Atlas-Ranger plugin for types resource READ permission is > not available and read access is available by default to all types of any > category. > > This patch updates service-def with "type-read" permission and updates > authorizer for read of all typedefs and also filters typesdefs based on > access provided. > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json > 7672be05a > > plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 28d71de21 > > plugin-atlas/src/main/java/org/apache/ranger/services/atlas/RangerServiceAtlas.java > 7c89ffef5 > pom.xml 1f88b27e4 > > ranger-atlas-plugin-shim/src/main/java/org/apache/ranger/authorization/atlas/authorizer/RangerAtlasAuthorizer.java > 0e220f132 > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > dfaf3c987 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 21626f6dc > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 5cd2cc798 > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 081b153a3 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 642d6c151 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasToAddTypeRead_J10040.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/72828/diff/6/ > > > Testing > --- > > Tested Atlas UI and typedefs API functionality by setting policies in ranger > Admin for type-category/type resources . > > > Thanks, > > Nixon Rodrigues > >
Review Request 72837: RANGER-2985, RANGER-2845, and RAGNER-2848: Update ozone service Def, added upgrade patch, and updated ozone plugin pom file to use version from main pom
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72837/ --- Review request for ranger, Abhay Kulkarni, Mehul Parikh, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-2845, RANGER-2848 and RANGER-2985 https://issues.apache.org/jira/browse/RANGER-2845 https://issues.apache.org/jira/browse/RANGER-2848 https://issues.apache.org/jira/browse/RANGER-2985 Repository: ranger Description --- Added read-acl & write-acl access types to ozone service def in order to fix RANGER-2985. Also, cleaned up unused configs in ozone service def and marked recursive supported flag to "false" for Volume resource and "true" for key resource. Added upgrade patch to handle service def changes and update existing policies for ozone. Diffs - agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json 4f2a43284 distro/src/main/assembly/plugin-ozone.xml fb4cdd11e plugin-ozone/pom.xml a310560d9 plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java 46b99321d plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java e16b5db6a ranger-ozone-plugin-shim/pom.xml 1d66fdadb security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 3320fc232 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 698a68705 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql edccc0a7d security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 1ffbc6ca0 security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 957f9249e security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10041.java PRE-CREATION Diff: https://reviews.apache.org/r/72837/diff/1/ Testing --- 1. Patched a cluster with the changes and updated service def with new changes. 2. Verified functionality like create volume and update volume with new changes. 3. Also verified creating new ozone policies with the latest changes. 4. Tested same functionality with upgrade patch as well. Thanks, Sailaja Polavarapu
[jira] [Updated] (RANGER-2985) User with all permission in ranger is not able to update volume
[ https://issues.apache.org/jira/browse/RANGER-2985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu updated RANGER-2985: --- Attachment: 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > User with all permission in ranger is not able to update volume > --- > > Key: RANGER-2985 > URL: https://issues.apache.org/jira/browse/RANGER-2985 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Sailaja Polavarapu >Assignee: Sailaja Polavarapu >Priority: Major > Attachments: > 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > > > Ranger plugin for Ozone is not currently supporting read-acl & write-acl > access types because of which updating a volume operation is failing. > Include read-acl and write-acl access types, in ozone service def as well as > in default policies. Also, add a upgrade patch to handle upgrades. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2848) Update Ozone service definition resource type volume
[ https://issues.apache.org/jira/browse/RANGER-2848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu updated RANGER-2848: --- Attachment: 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > Update Ozone service definition resource type volume > > > Key: RANGER-2848 > URL: https://issues.apache.org/jira/browse/RANGER-2848 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Major > Labels: ozone > Attachments: > 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > > > * Set {{isRecursive}} flag to false in ozone service def for resource type > Volume > * We need to add the {{isRecursive}} flag to key resource [as a key can be a > directory in ozone] > * Can we also add the {{isExcludes}} flag to the volume resource as part of > this change? > * _Improvement_: If {{isExcludes}} is set to True for high-level resources > [volume, bucket], the lower-level resources [bucket, key] should not be shown > in the UI? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-2845) Cleanup ozone service configurations
[ https://issues.apache.org/jira/browse/RANGER-2845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu updated RANGER-2845: --- Attachment: 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > Cleanup ozone service configurations > > > Key: RANGER-2845 > URL: https://issues.apache.org/jira/browse/RANGER-2845 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Minor > Labels: ozone > Attachments: > 0001-RANGER-2985-RANGER-2845-and-RAGNER-2848-Update-ozone.patch > > > Creating this Jira for cleaning up/removing unused configs in ozone service. > {noformat} > dfs.datanode.kerberos.principal > dfs.namenode.kerberos.principal > dfs.secondary.namenode.kerberos.principal > {noformat} > > Other configs like these [Are we consuming these or should these be removed?]: > {noformat} > Authorization Enabled > Common Name for Certificate > {noformat} > > Improvements: > {noformat} > Password config should only be shown in the UI or mandatory if Authentication > Type is Simple? > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2845) Cleanup ozone service configurations
[ https://issues.apache.org/jira/browse/RANGER-2845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu reassigned RANGER-2845: -- Assignee: Sailaja Polavarapu > Cleanup ozone service configurations > > > Key: RANGER-2845 > URL: https://issues.apache.org/jira/browse/RANGER-2845 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Minor > Labels: ozone > > Creating this Jira for cleaning up/removing unused configs in ozone service. > {noformat} > dfs.datanode.kerberos.principal > dfs.namenode.kerberos.principal > dfs.secondary.namenode.kerberos.principal > {noformat} > > Other configs like these [Are we consuming these or should these be removed?]: > {noformat} > Authorization Enabled > Common Name for Certificate > {noformat} > > Improvements: > {noformat} > Password config should only be shown in the UI or mandatory if Authentication > Type is Simple? > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Issue Comment Deleted] (RANGER-2845) Cleanup ozone service configurations
[ https://issues.apache.org/jira/browse/RANGER-2845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu updated RANGER-2845: --- Comment: was deleted (was: Also set recursive flag to false in ozone service def for resource type Volume. This is not applicable for ozone volumes as there are no path-separators for the resource value. ) > Cleanup ozone service configurations > > > Key: RANGER-2845 > URL: https://issues.apache.org/jira/browse/RANGER-2845 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Minor > Labels: ozone > > Creating this Jira for cleaning up/removing unused configs in ozone service. > {noformat} > dfs.datanode.kerberos.principal > dfs.namenode.kerberos.principal > dfs.secondary.namenode.kerberos.principal > {noformat} > > Other configs like these [Are we consuming these or should these be removed?]: > {noformat} > Authorization Enabled > Common Name for Certificate > {noformat} > > Improvements: > {noformat} > Password config should only be shown in the UI or mandatory if Authentication > Type is Simple? > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2845) Cleanup ozone service configurations
[ https://issues.apache.org/jira/browse/RANGER-2845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17190910#comment-17190910 ] Sailaja Polavarapu commented on RANGER-2845: Also set recursive flag to false in ozone service def for resource type Volume. This is not applicable for ozone volumes as there are no path-separators for the resource value. > Cleanup ozone service configurations > > > Key: RANGER-2845 > URL: https://issues.apache.org/jira/browse/RANGER-2845 > Project: Ranger > Issue Type: Improvement > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Minor > Labels: ozone > > Creating this Jira for cleaning up/removing unused configs in ozone service. > {noformat} > dfs.datanode.kerberos.principal > dfs.namenode.kerberos.principal > dfs.secondary.namenode.kerberos.principal > {noformat} > > Other configs like these [Are we consuming these or should these be removed?]: > {noformat} > Authorization Enabled > Common Name for Certificate > {noformat} > > Improvements: > {noformat} > Password config should only be shown in the UI or mandatory if Authentication > Type is Simple? > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (RANGER-2848) Update Ozone service definition resource type volume
[ https://issues.apache.org/jira/browse/RANGER-2848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sailaja Polavarapu reassigned RANGER-2848: -- Assignee: Sailaja Polavarapu > Update Ozone service definition resource type volume > > > Key: RANGER-2848 > URL: https://issues.apache.org/jira/browse/RANGER-2848 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 2.1.0 >Reporter: Abhishek Shukla >Assignee: Sailaja Polavarapu >Priority: Major > Labels: ozone > > * Set {{isRecursive}} flag to false in ozone service def for resource type > Volume > * We need to add the {{isRecursive}} flag to key resource [as a key can be a > directory in ozone] > * Can we also add the {{isExcludes}} flag to the volume resource as part of > this change? > * _Improvement_: If {{isExcludes}} is set to True for high-level resources > [volume, bucket], the lower-level resources [bucket, key] should not be shown > in the UI? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2985) User with all permission in ranger is not able to update volume
Sailaja Polavarapu created RANGER-2985: -- Summary: User with all permission in ranger is not able to update volume Key: RANGER-2985 URL: https://issues.apache.org/jira/browse/RANGER-2985 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Sailaja Polavarapu Assignee: Sailaja Polavarapu Ranger plugin for Ozone is not currently supporting read-acl & write-acl access types because of which updating a volume operation is failing. Include read-acl and write-acl access types, in ozone service def as well as in default policies. Also, add a upgrade patch to handle upgrades. -- This message was sent by Atlassian Jira (v8.3.4#803005)