Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 


> On March 20, 2024, 3:50 p.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
> > Lines 79 (patched)
> > 
> >
> > - please update 'Testing Done' section in this review with an example 
> > of search by tagNames, especially with multiple names.
> > - REST endpoints in 'Description' and 'Testing Done' are different. 
> > Please review and update.

Done


> On March 20, 2024, 3:50 p.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
> > Lines 92 (patched)
> > 
> >
> > Is query-param 'resourceElements' used after the recent update to this 
> > patch, given resources are specified in query-params using prefix 
> > "resource:"?

resourceElements query param is used for freetext search on resources in GET 
service/tags/resources/paginated api. This is not done using "resource:" prefix.

"resource:" prefix is used in GET 
service/tags/resource/service/{serviceName}/resource api


> On March 20, 2024, 3:50 p.m., Madhan Neethiraj wrote:
> > security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
> > Lines 34 (patched)
> > 
> >
> > Is it necessary to initialize with "new ArrayList<>"? How about setting 
> > to null here?

Initialised it to null


- Anand


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/#review226340
---


On March 21, 2024, 5:36 a.m., Anand Nadar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74941/
> ---
> 
> (Updated March 21, 2024, 5:36 a.m.)
> 
> 
> Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika 
> Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4749
> https://issues.apache.org/jira/browse/RANGER-4749
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Created new tag api which will get the service resource by comparing the 
> resouse signature of the resource from request. (GET - 
> service/tags/resource/service/{serviceName}/resource?resource:database=db1:database.isExcludes=false:database.isRecursive=false)
> 
> Added list of tags to the service/tags/resource/paginated api which will 
> return all the tags which are associated with the resource.
> 
> Added freetext search on resource, and multiple search of tagNames in 
> service/tags/resources/paginated api - 
> 1 - 
> service/tags/resources/paginated?tagServiceName=hive=Cust_
> 2 - 
> service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
>  716a1a9ea 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
>  PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> b0fad0aea 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 
> a472fe131 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> c816ad229 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
>  PRE-CREATION 
>   security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
> d6ebbc54d 
>   security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
> 98d87bc0a 
> 
> 
> Diff: https://reviews.apache.org/r/74941/diff/7/
> 
> 
> Testing
> ---
> 
> Validated GET - service/tags/resource/service/{serviceName}/resource with 
> postive and negative case.
> Sample URL - 
> /service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB-1:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB-2
> 
> Response:
> {
> "id": 21,
> "guid": "1acaa4c9-1f1a-4328-b265-bde77c94f98f",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1710999025297,
> "updateTime": 1710999025362,
> "version": 4,
> "serviceName": "hive8",
> "resourceElements": {
> "column": {
>

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/
---

(Updated March 21, 2024, 5:36 a.m.)


Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, 
Siddhesh Phatak, and Subhrat Chaudhary.


Bugs: RANGER-4749
https://issues.apache.org/jira/browse/RANGER-4749


Repository: ranger


Description
---

Created new tag api which will get the service resource by comparing the 
resouse signature of the resource from request. (GET - 
service/tags/resource/service/{serviceName}/resource?resource:database=db1:database.isExcludes=false:database.isRecursive=false)

Added list of tags to the service/tags/resource/paginated api which will return 
all the tags which are associated with the resource.

Added freetext search on resource, and multiple search of tagNames in 
service/tags/resources/paginated api - 
1 - service/tags/resources/paginated?tagServiceName=hive=Cust_
2 - 
service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
 716a1a9ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
b0fad0aea 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java a472fe131 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
c816ad229 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
d6ebbc54d 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
98d87bc0a 


Diff: https://reviews.apache.org/r/74941/diff/7/

Changes: https://reviews.apache.org/r/74941/diff/6-7/


Testing
---

Validated GET - service/tags/resource/service/{serviceName}/resource with 
postive and negative case.
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB-1:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB-2

Response:
{
"id": 21,
"guid": "1acaa4c9-1f1a-4328-b265-bde77c94f98f",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1710999025297,
"updateTime": 1710999025362,
"version": 4,
"serviceName": "hive8",
"resourceElements": {
"column": {
"values": [
"NAME"
],
"isExcludes": false,
"isRecursive": true
},
"database": {
"values": [
"HR-DB-2",
"HR-DB-1"
],
"isExcludes": false,
"isRecursive": true
},
"table": {
"values": [
"EMPLOYEE"
],
"isExcludes": false,
"isRecursive": true
}
},
"resourceSignature": 
"24a4a0329c4c62f6a76d19231f5f748ef2e49de0301ebe9af2991a19e5b198a9"
}

The values of resource can be multiple - 
resource:database=db1:database=db2
For isExcludes and isRecursive there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

Validated response of service/tags/resources/paginated?tagServiceName=hive api 
Sample response
{
"startIndex": 0,
"pageSize": 5,
"totalCount": 1,
"resultSize": 1,
"sortType": "asc",
"sortBy": "resourceId",
"queryTimeMS": 1710869881240,
"resourceList": [
{
"id": 2,
"guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986829922,
"updateTime": 1708247930089,
"version": 3,
"serviceName": "hive",
"resourceElements": {
"database": {
"values": [
"db1"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"tbl1"

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/
---

(Updated March 21, 2024, 5:36 a.m.)


Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, 
Siddhesh Phatak, and Subhrat Chaudhary.


Bugs: RANGER-4749
https://issues.apache.org/jira/browse/RANGER-4749


Repository: ranger


Description (updated)
---

Created new tag api which will get the service resource by comparing the 
resouse signature of the resource from request. (GET - 
service/tags/resource/service/{serviceName}/resource?resource:database=db1:database.isExcludes=false:database.isRecursive=false)

Added list of tags to the service/tags/resource/paginated api which will return 
all the tags which are associated with the resource.

Added freetext search on resource, and multiple search of tagNames in 
service/tags/resources/paginated api - 
1 - service/tags/resources/paginated?tagServiceName=hive=Cust_
2 - 
service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
 716a1a9ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
b0fad0aea 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java a472fe131 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
c816ad229 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
d6ebbc54d 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
98d87bc0a 


Diff: https://reviews.apache.org/r/74941/diff/6/

Changes: https://reviews.apache.org/r/74941/diff/5-6/


Testing (updated)
---

Validated GET - service/tags/resource/service/{serviceName}/resource with 
postive and negative case.
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB-1:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB-2

Response:
{
"id": 21,
"guid": "1acaa4c9-1f1a-4328-b265-bde77c94f98f",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1710999025297,
"updateTime": 1710999025362,
"version": 4,
"serviceName": "hive8",
"resourceElements": {
"column": {
"values": [
"NAME"
],
"isExcludes": false,
"isRecursive": true
},
"database": {
"values": [
"HR-DB-2",
"HR-DB-1"
],
"isExcludes": false,
"isRecursive": true
},
"table": {
"values": [
"EMPLOYEE"
],
"isExcludes": false,
"isRecursive": true
}
},
"resourceSignature": 
"24a4a0329c4c62f6a76d19231f5f748ef2e49de0301ebe9af2991a19e5b198a9"
}

The values of resource can be multiple - 
resource:database=db1:database=db2
For isExcludes and isRecursive there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

Validated response of service/tags/resources/paginated?tagServiceName=hive api 
Sample response
{
"startIndex": 0,
"pageSize": 5,
"totalCount": 1,
"resultSize": 1,
"sortType": "asc",
"sortBy": "resourceId",
"queryTimeMS": 1710869881240,
"resourceList": [
{
"id": 2,
"guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986829922,
"updateTime": 1708247930089,
"version": 3,
"serviceName": "hive",
"resourceElements": {
"database": {
"values": [
"db1"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [

Re: Review Request 74942: RANGER-3831 Add support of pegasus to ranger

2024-03-20 Thread Kirby Zhou 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74942/
---

(Updated 三月 21, 2024, 4:23 a.m.)


Review request for ranger, Bhavik Bavishi and Madhan Neethiraj.


Changes
---

fix typo


Bugs: RANGER-3831
https://issues.apache.org/jira/browse/RANGER-3831


Repository: ranger


Description
---

Apache Pegasus is A horizontally scalable, strongly consistent and 
high-performance key-value store.
It now have ACLs and SASL, but do not related to ranger.
We suggest to add support to it.

Pegasus have done its work.
https://github.com/apache/incubator-pegasus/issues/1054
Could anyone do some work to merge this definition into ranger?


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 92ce183bb 
  agents-common/src/main/resources/service-defs/ranger-servicedef-pegasus.json 
PRE-CREATION 
  distro/src/main/assembly/admin-web.xml 245d9ca09 
  plugin-pegasus/pom.xml PRE-CREATION 
  
plugin-pegasus/src/main/java/org/apache/ranger/services/pegasus/RangerServicePegasus.java
 PRE-CREATION 
  pom.xml cec2390f2 


Diff: https://reviews.apache.org/r/74942/diff/2/

Changes: https://reviews.apache.org/r/74942/diff/1-2/


Testing
---

Done by our mini site.


Thanks,

Kirby Zhou

[jira] [Created] (RANGER-4757) Use Ranger roles similar to RBAC for administering Ranger APIs instead of role assignment rules

2024-03-20 Thread Sailaja Polavarapu (Jira) 
Sailaja Polavarapu created RANGER-4757:
--

 Summary: Use Ranger roles similar to RBAC for administering Ranger 
APIs instead of role assignment rules
 Key: RANGER-4757
 URL: https://issues.apache.org/jira/browse/RANGER-4757
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Sailaja Polavarapu


Currently users accessing/administering Ranger requires special privileges like 

ROLE_USER, ROLE_SYS_ADMIN, ROLE_KEY_ADMIN, ROLE_ADMIN_AUDITOR, or 
ROLE_KEY_ADMIN_AUDITOR. These roles are assigned to the user based on role 
assignment rules by Ranger Usersync process while syncing the users and groups 
from the sync source. This creates major overhead on Ranger User sync to 
compute the roles every time a group memberships are updated as well on Ranger 
admin to update the database to reflect the roles for each user.

As part of RANGER-2414, we introduced support for Role based authorization for 
plugins which basically checks the user/group in the authorization request is 
part of a role and uses that role information for authorization.

Proposal:
--
Create default special roles (ROLE_USER, ROLE_SYS_ADMIN, ROLE_KEY_ADMIN, 
ROLE_ADMIN_AUDITOR, or ROLE_KEY_ADMIN_AUDITOR) in Ranger DB as part of the 
setup and add default admin, rangerusersync, rangertagsync, and keyadmin users 
to the corresponding roles.
Similar to plugin role computation, when a user is accessing any Ranger API, 
get the groups that this user belongs to (from ranger DB) and check if the 
user/group is part of any of these special roles to authorize these APIs.

Pros: 
1. Role of a user is computed at the time of API access which in some cases can 
be dynamic
2. Reduces performance overhead on Ranger Usersync and Ranger Admin
3. Uniform user experience for Ranger APIs authorization as well as data 
authorization
4. Avoids inconsistency of setting a specific role for a user via Ranger UI and 
thru role assignment rules.
5. Can consolidate few DB tables that currently saves role information for a 
user

Cons:
1. Requires decent amount of code changes
2. Regression testing impact
3. Migrating role assignment rules to Roles as part of upgrade



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Ranger OS compatability

2024-03-20 Thread Bhavik Patel 
Yes, it is compatible.

On Thu, 21 Mar 2024, 1:54 am Zuniga, Maria,
 wrote:

> Hello Team,
>
> Is ranger version 2.1 compatible with Rocky ?
>

Ranger OS compatability

2024-03-20 Thread Zuniga, Maria 
Hello Team,

Is ranger version 2.1 compatible with Rocky ?

[jira] [Updated] (RANGER-4756) [JDK 11]: NullPointerException in KnoxRangerTest

2024-03-20 Thread Abhishek Kumar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhishek Kumar updated RANGER-4756:
---
Description: 
Build URL: 
[https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304]
 
 
Error logs:
 
2024-03-20T18:34:20.3418536Z [ERROR] Tests run: 1, Failures: 0, Errors: 1, 
Skipped: 0, Time elapsed: 4.43 s <<< FAILURE! - in 
org.apache.ranger.services.knox.KnoxRangerTest
2024-03-20T18:34:20.3420325Z [ERROR] 
org.apache.ranger.services.knox.KnoxRangerTest  Time elapsed: 4.43 s  <<< ERROR!
2024-03-20T18:34:20.3421404Z java.lang.NullPointerException
2024-03-20T18:34:20.3422776Zat 
java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:588)
2024-03-20T18:34:20.3424228Zat 
java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:189)
2024-03-20T18:34:20.3425458Zat 
java.base/java.security.KeyStore.store(KeyStore.java:1411)
2024-03-20T18:34:20.3427109Zat 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
2024-03-20T18:34:20.3429428Zat 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
2024-03-20T18:34:20.3431887Zat 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
2024-03-20T18:34:20.3434326Zat 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
2024-03-20T18:34:20.3436370Zat 
org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
2024-03-20T18:34:20.3438041Zat 
org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
2024-03-20T18:34:20.3439852Zat 
org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
2024-03-20T18:34:20.3441313Zat 
org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
2024-03-20T18:34:20.3442783Zat 
java.base/java.lang.reflect.Method.invoke(Method.java:566)

  was:
Build URL: 
[https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304]
 
 
Error logs:
 
Error:  Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 4.43 s 
<<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest 
[4264|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4265]Error:
  org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 4.43 s <<< 
ERROR! 
[4265|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4266]java.lang.NullPointerException
 
[4266|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4267]
 at 
java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:588) 
[4267|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4268]
 at 
java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:189)
 
[4268|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4269]
 at java.base/java.security.KeyStore.store(KeyStore.java:1411) 
[4269|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4270]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
 
[4270|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4271]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
 
[4271|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4272]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
 
[4272|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4273]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
 
[4273|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4274]
 at 
org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
 
[4274|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4275]
 at 
org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
 
[4275|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4276]
 at 
org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)

[jira] [Created] (RANGER-4756) [JDK 11]: NullPointerException in KnoxRangerTest

2024-03-20 Thread Abhishek Kumar (Jira) 
Abhishek Kumar created RANGER-4756:
--

 Summary: [JDK 11]: NullPointerException in KnoxRangerTest 
 Key: RANGER-4756
 URL: https://issues.apache.org/jira/browse/RANGER-4756
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Abhishek Kumar


Build URL: 
[https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304]
 
 
Error logs:
 
Error:  Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 4.43 s 
<<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest 
[4264|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4265]Error:
  org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 4.43 s <<< 
ERROR! 
[4265|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4266]java.lang.NullPointerException
 
[4266|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4267]
 at 
java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:588) 
[4267|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4268]
 at 
java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:189)
 
[4268|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4269]
 at java.base/java.security.KeyStore.store(KeyStore.java:1411) 
[4269|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4270]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
 
[4270|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4271]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
 
[4271|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4272]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
 
[4272|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4273]
 at 
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
 
[4273|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4274]
 at 
org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
 
[4274|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4275]
 at 
org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
 
[4275|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4276]
 at 
org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
 
[4276|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4277]
 at 
org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
 
[4277|https://github.com/apache/ranger/actions/runs/8352270188/job/22898147241?pr=304#step:4:4278]
 at java.base/java.lang.reflect.Method.invoke(Method.java:566)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4755) [RangeruserSync] Removes users/groups in case of punctual issue to retrieve users/groups

2024-03-20 Thread Pierrick FLORECK (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pierrick FLORECK updated RANGER-4755:
-
Attachment: usersyncError.log

> [RangeruserSync] Removes users/groups in case of punctual issue to retrieve 
> users/groups
> 
>
> Key: RANGER-4755
> URL: https://issues.apache.org/jira/browse/RANGER-4755
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.2.0
>Reporter: Pierrick FLORECK
>Priority: Major
> Attachments: usersyncError.log
>
>
> Hi team,
> We have encounter an issue on Ranger usersync with ldap synchronization.
> (We use a vip for ldap search and the SSL certificate of one node has been 
> changed without updating it in the ranger truststore.)
> The user search to retrieve users from Ldap failed (SSLHandshakeException) 
> but the sync cycle continue assuming there are no retrieved users instead of 
> failing for this cycle.
> As we were on the delete cycle, account are considered deleted in Ranger and 
> we have Access Denied for all Ranger requests.
> We corrected our incident by updating our certificates but usersync's 
> behavior remains dangerous.
> Could it be possible to update LdapUserGroupBuilder.java to fail the current 
> sync cycle if the user or group ldap search fail?
> Thanks for your help,
> Best Regards



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4755) [RangeruserSync] Removes users/groups in case of punctual issue to retrieve users/groups

2024-03-20 Thread Pierrick FLORECK (Jira) 
Pierrick FLORECK created RANGER-4755:


 Summary: [RangeruserSync] Removes users/groups in case of punctual 
issue to retrieve users/groups
 Key: RANGER-4755
 URL: https://issues.apache.org/jira/browse/RANGER-4755
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.2.0
Reporter: Pierrick FLORECK
 Attachments: usersyncError.log

Hi team,

We have encounter an issue on Ranger usersync with ldap synchronization.
(We use a vip for ldap search and the SSL certificate of one node has been 
changed without updating it in the ranger truststore.)
The user search to retrieve users from Ldap failed (SSLHandshakeException) but 
the sync cycle continue assuming there are no retrieved users instead of 
failing for this cycle.
As we were on the delete cycle, account are considered deleted in Ranger and we 
have Access Denied for all Ranger requests.

We corrected our incident by updating our certificates but usersync's behavior 
remains dangerous.

Could it be possible to update LdapUserGroupBuilder.java to fail the current 
sync cycle if the user or group ldap search fail?

Thanks for your help,

Best Regards



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/#review226340
---




agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
Lines 79 (patched)


- please update 'Testing Done' section in this review with an example of 
search by tagNames, especially with multiple names.
- REST endpoints in 'Description' and 'Testing Done' are different. Please 
review and update.



agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
Lines 92 (patched)


Is query-param 'resourceElements' used after the recent update to this 
patch, given resources are specified in query-params using prefix "resource:"?



security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
Lines 34 (patched)


Is it necessary to initialize with "new ArrayList<>"? How about setting to 
null here?



security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
Lines 62 (patched)


List => List


- Madhan Neethiraj


On March 20, 2024, 8:34 a.m., Anand Nadar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74941/
> ---
> 
> (Updated March 20, 2024, 8:34 a.m.)
> 
> 
> Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika 
> Kachhadiya, Siddhesh Phatak, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4749
> https://issues.apache.org/jira/browse/RANGER-4749
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Created new tag api which will get the service resource by comparing the 
> resouse signature of the resource from request. (GET - 
> service/tags/resource/service/{serviceName}/resource)
> Added list of tagNames to the resource/paginated api which will return all 
> the tagNames which are associated with the resource.
> Added freetext search on resource, and multiple search of tagNames in 
> service/tags/resources/paginated api - 
> 1 - 
> service/tags/resources/paginated?tagServiceName=hive=Cust_
> 2 - 
> service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
>  716a1a9ea 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
>  PRE-CREATION 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> b0fad0aea 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 
> a472fe131 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> c816ad229 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
>  PRE-CREATION 
>   security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
> d6ebbc54d 
>   security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
> 98d87bc0a 
> 
> 
> Diff: https://reviews.apache.org/r/74941/diff/5/
> 
> 
> Testing
> ---
> 
> Validated GET - service/tags/resource/service/{serviceName}/resource with 
> postive and negative case.
> Sample URL - 
> /service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB2
> 
> The values of resource can be multiple - 
> resource:database=db1:database=db2
> For isExcludes and isRecursive there will be a subkey - 
> resource:database.isExcludes=false:databasase.isRecursive=true
> 
> Validated response of service/tags/resources/paginated api 
> Sample response
> {
> "startIndex": 0,
> "pageSize": 5,
> "totalCount": 1,
> "resultSize": 1,
> "sortType": "asc",
> "sortBy": "resourceId",
> "queryTimeMS": 1710869881240,
> "resourceList": [
> {
> "id": 2,
> "guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
> "isEnabled": true,
> "createdBy": "Admin",
> "updatedBy": "Admin",
> "createTime": 1707986829922,
> "updateTime": 1708247930089,
> "version": 3,
>

Re: Review Request 74942: RANGER-3831 Add support of pegasus to ranger

2024-03-20 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74942/#review226339
---



Kirby - the service-def for Pegasus looks good. However, the plugin 
implementation is not included in this review. Can you please review and update?


agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
Lines 102 (patched)


RangerServiceKudu => RangerServicePegasus


- Madhan Neethiraj


On March 20, 2024, 11:05 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74942/
> ---
> 
> (Updated March 20, 2024, 11:05 a.m.)
> 
> 
> Review request for ranger, Bhavik Bavishi and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-3831
> https://issues.apache.org/jira/browse/RANGER-3831
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Pegasus is A horizontally scalable, strongly consistent and 
> high-performance key-value store.
> It now have ACLs and SASL, but do not related to ranger.
> We suggest to add support to it.
> 
> Pegasus have done its work.
> https://github.com/apache/incubator-pegasus/issues/1054
> Could anyone do some work to merge this definition into ranger?
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  92ce183bb 
>   
> agents-common/src/main/resources/service-defs/ranger-servicedef-pegasus.json 
> PRE-CREATION 
>   distro/src/main/assembly/admin-web.xml 245d9ca09 
>   plugin-pegasus/pom.xml PRE-CREATION 
>   
> plugin-pegasus/src/main/java/org/apache/ranger/services/pegasus/RangerServicePegasus.java
>  PRE-CREATION 
>   pom.xml cec2390f2 
> 
> 
> Diff: https://reviews.apache.org/r/74942/diff/1/
> 
> 
> Testing
> ---
> 
> Done by our mini site.
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Review Request 74942: RANGER-3831 Add support of pegasus to ranger

2024-03-20 Thread Kirby Zhou 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74942/
---

Review request for ranger, Bhavik Bavishi and Madhan Neethiraj.


Bugs: RANGER-3831
https://issues.apache.org/jira/browse/RANGER-3831


Repository: ranger


Description
---

Apache Pegasus is A horizontally scalable, strongly consistent and 
high-performance key-value store.
It now have ACLs and SASL, but do not related to ranger.
We suggest to add support to it.

Pegasus have done its work.
https://github.com/apache/incubator-pegasus/issues/1054
Could anyone do some work to merge this definition into ranger?


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
 92ce183bb 
  agents-common/src/main/resources/service-defs/ranger-servicedef-pegasus.json 
PRE-CREATION 
  distro/src/main/assembly/admin-web.xml 245d9ca09 
  plugin-pegasus/pom.xml PRE-CREATION 
  
plugin-pegasus/src/main/java/org/apache/ranger/services/pegasus/RangerServicePegasus.java
 PRE-CREATION 
  pom.xml cec2390f2 


Diff: https://reviews.apache.org/r/74942/diff/1/


Testing
---

Done by our mini site.


Thanks,

Kirby Zhou

[jira] [Created] (RANGER-4754) Tag based policies creation_Existing tags search is case sensitive

2024-03-20 Thread Vanita Shankar Ubale (Jira) 
Vanita Shankar Ubale created RANGER-4754:


 Summary: Tag based policies creation_Existing tags search is case 
sensitive
 Key: RANGER-4754
 URL: https://issues.apache.org/jira/browse/RANGER-4754
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Vanita Shankar Ubale


{*}Steps{*}:
 # Create tag abc using import tag API
 # Try to create new tag ABC using same API, this is not allowed and ABC tag 
wont get create
 # Go to tag based policies and click on ADD new policies button
 # In tags section search by tag abc, it will return in the dropdown list
 # Now search by ABC tag name, though it returned 200 status code , empty tag 
list is returned in the response

{*}Expected{*}:

Tag search should be case insensitive

{*}Actual{*}:

Tag search is case sensitive on create tag based policies 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4749) Tag: Create an api to check if a resource is already available in database by resource input. And send tag list along with the resource list in response of GET /service/

2024-03-20 Thread Anand Nadar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4749?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Anand Nadar updated RANGER-4749:

Description: 
*1. Need an api to get the resource by resource if it exists in database.*
Case:
Suppose there already exists below tag and resource association.
PII_NAME tag is associated with (database:HR-DB, table:EMPLOYEE, column:NAME)

Now we dont know about the above resource already existing, so we are now 
trying to create a new tag resource association as below
PII_EMP_NAME associated with (database:HR-DB, table:EMPLOYEE, column:NAME)

This is done using PUT /service/tags/importservicetags -> op: add_or_update
So this will result in the deletion of PII_NAME association with the resource,  
and creation of PII_EMP_NAME tag associated with the resource.

So if we have this GET service/tags/resource/service/\{serviceName}/resource 
api which will have the query params as
{code:java}
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB2{code}
The values of resource can be multiple - 
resource:database=db1:database=db2 For isExcludes and isRecursive 
there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

we can check if this resource already exists or not.

If the resource exists, we can get all the tags associated with that 
resource(in our case PII_NAME), and include the new tag PII_EMP_NAME as well 
and send this in 
PUT /service/tags/importservicetags -> op: add_or_update
then both PII_NAME and PII_EMP_NAME will be associated with the resource.

*2. Need the list of associated tag names for a resource as well in  
/service/tags/resources/paginated api.*
Currently we are not returning the list of tags associated in the response.
This will get the service resources with all its associated tags in a single 
api which is also paginated.
Free text search on the resource, and multiple tag-name search

  was:
*1. Need an api to get the resource by resource if it exists in database.*
Case:
Suppose there already exists below tag and resource association.
PII_NAME tag is associated with (database:HR-DB, table:EMPLOYEE, column:NAME)

Now we dont know about the above resource already existing, so we are now 
trying to create a new tag resource association as below
PII_EMP_NAME associated with (database:HR-DB, table:EMPLOYEE, column:NAME)

This is done using PUT /service/tags/importservicetags -> op: add_or_update
So this will result in the deletion of PII_NAME association with the resource,  
and creation of PII_EMP_NAME tag associated with the resource.

So if we have this GET service/tags/resource/service/\{serviceName}/resource 
api which will have the payload as
{code:java}
{
   "database": {
   "values": [
   "HR-DB"
   ],
   "isRecursive": true
   },
   "table": {
   "values": [
   "EMPLOYEE"
   ],
   "isRecursive": true
   },
   "column": {
   "values": [
   "NAME"
   ],
   "isRecursive": true
   }
} {code}
we can check if this resource already exists or not.

If the resource exists, we can get all the tags associated with that 
resource(in our case PII_NAME), and include the new tag PII_EMP_NAME as well 
and send this in 
PUT /service/tags/importservicetags -> op: add_or_update
then both PII_NAME and PII_EMP_NAME will be associated with the resource.

*2. Need the list of associated tag names for a resource as well in  
/service/tags/resources/paginated api.*
Currently we are not returning the list of tags associated in the response.
This will get the service resources with all its associated tags in a single 
api which is also paginated.
Free text search on the resource, and multiple tag-name search


> Tag: Create an api to check if a resource is already available in database by 
> resource input. And send tag list along with the resource list in response of 
> GET /service/tags/resources/paginated API
> -
>
> Key: RANGER-4749
> URL: https://issues.apache.org/jira/browse/RANGER-4749
> Project: Ranger
>  Issue Type: Task
>  Components: admin
>Reporter: Anand Nadar
>Assignee: Anand Nadar
>Priority: Major
> Attachments: RANGER-4749.patch
>
>
> *1. Need an api to get the resource by resource if it exists in database.*
> Case:
> Suppose there already exists below tag and resource association.
> PII_NAME tag is associated with (database:HR-DB, table:EMPLOYEE, column:NAME)
> Now we dont know about the above

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/
---

(Updated March 20, 2024, 8:34 a.m.)


Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, 
Siddhesh Phatak, and Subhrat Chaudhary.


Bugs: RANGER-4749
https://issues.apache.org/jira/browse/RANGER-4749


Repository: ranger


Description
---

Created new tag api which will get the service resource by comparing the 
resouse signature of the resource from request. (GET - 
service/tags/resource/service/{serviceName}/resource)
Added list of tagNames to the resource/paginated api which will return all the 
tagNames which are associated with the resource.
Added freetext search on resource, and multiple search of tagNames in 
service/tags/resources/paginated api - 
1 - service/tags/resources/paginated?tagServiceName=hive=Cust_
2 - 
service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
 716a1a9ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
b0fad0aea 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java a472fe131 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
c816ad229 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
d6ebbc54d 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
98d87bc0a 


Diff: https://reviews.apache.org/r/74941/diff/5/

Changes: https://reviews.apache.org/r/74941/diff/4-5/


Testing
---

Validated GET - service/tags/resource/service/{serviceName}/resource with 
postive and negative case.
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB2

The values of resource can be multiple - 
resource:database=db1:database=db2
For isExcludes and isRecursive there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

Validated response of service/tags/resources/paginated api 
Sample response
{
"startIndex": 0,
"pageSize": 5,
"totalCount": 1,
"resultSize": 1,
"sortType": "asc",
"sortBy": "resourceId",
"queryTimeMS": 1710869881240,
"resourceList": [
{
"id": 2,
"guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986829922,
"updateTime": 1708247930089,
"version": 3,
"serviceName": "hive",
"resourceElements": {
"database": {
"values": [
"db1"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"tbl1"
],
"isExcludes": false,
"isRecursive": false
}
},
"associatedTags": [
{
"id": 2,
"guid": "a1d21642-3f4c-4557-9226-372d3dce5a64",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986831329,
"updateTime": 1707986831556,
"type": "PII_NAME",
"owner": 0,
"attributes": {
"lastname": "stark"
}
}
]
}
]
}

Validated service/tags/resources/paginated api with resourceElements and 
tagNames for freestext resource search and multiple tagNames search 
respectively.


Thanks,

Anand Nadar

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/
---

(Updated March 20, 2024, 8:31 a.m.)


Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, 
Siddhesh Phatak, and Subhrat Chaudhary.


Bugs: RANGER-4749
https://issues.apache.org/jira/browse/RANGER-4749


Repository: ranger


Description
---

Created new tag api which will get the service resource by comparing the 
resouse signature of the resource from request. (GET - 
service/tags/resource/service/{serviceName}/resource)
Added list of tagNames to the resource/paginated api which will return all the 
tagNames which are associated with the resource.
Added freetext search on resource, and multiple search of tagNames in 
service/tags/resources/paginated api - 
1 - service/tags/resources/paginated?tagServiceName=hive=Cust_
2 - 
service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
 716a1a9ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
b0fad0aea 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java a472fe131 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
c816ad229 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
d6ebbc54d 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
98d87bc0a 


Diff: https://reviews.apache.org/r/74941/diff/4/

Changes: https://reviews.apache.org/r/74941/diff/3-4/


Testing
---

Validated GET - service/tags/resource/service/{serviceName}/resource with 
postive and negative case.
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB2

The values of resource can be multiple - 
resource:database=db1:database=db2
For isExcludes and isRecursive there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

Validated response of service/tags/resources/paginated api 
Sample response
{
"startIndex": 0,
"pageSize": 5,
"totalCount": 1,
"resultSize": 1,
"sortType": "asc",
"sortBy": "resourceId",
"queryTimeMS": 1710869881240,
"resourceList": [
{
"id": 2,
"guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986829922,
"updateTime": 1708247930089,
"version": 3,
"serviceName": "hive",
"resourceElements": {
"database": {
"values": [
"db1"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"tbl1"
],
"isExcludes": false,
"isRecursive": false
}
},
"associatedTags": [
{
"id": 2,
"guid": "a1d21642-3f4c-4557-9226-372d3dce5a64",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986831329,
"updateTime": 1707986831556,
"type": "PII_NAME",
"owner": 0,
"attributes": {
"lastname": "stark"
}
}
]
}
]
}

Validated service/tags/resources/paginated api with resourceElements and 
tagNames for freestext resource search and multiple tagNames search 
respectively.


Thanks,

Anand Nadar

[jira] [Commented] (RANGER-3831) Add support of pegasus to ranger

2024-03-20 Thread kirby zhou (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-3831?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17828657#comment-17828657
 ] 

kirby zhou commented on RANGER-3831:


pegasus have done its work.

[https://github.com/apache/incubator-pegasus/issues/1054]

Could anyone do some work to merge this definition into ranger-admin ?

> Add support of pegasus to ranger
> 
>
> Key: RANGER-3831
> URL: https://issues.apache.org/jira/browse/RANGER-3831
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, plugins
>Affects Versions: 3.0.0
>Reporter: kirby zhou
>Priority: Major
> Attachments: ranger-servicedef-pegasus.json
>
>
> Apache Pegasus is A horizontally scalable, strongly consistent and 
> high-performance key-value store.
> It now have ACLs and SASL, but do not related to ranger.
> I suggest to add support to it.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74941: RANGER-4749: Tag api to get serviceResource by resource. Getting list of associated tags in resources/paginated api's response.

2024-03-20 Thread Anand Nadar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74941/
---

(Updated March 20, 2024, 8:14 a.m.)


Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, 
Siddhesh Phatak, and Subhrat Chaudhary.


Bugs: RANGER-4749
https://issues.apache.org/jira/browse/RANGER-4749


Repository: ranger


Description
---

Created new tag api which will get the service resource by comparing the 
resouse signature of the resource from request. (GET - 
service/tags/resource/service/{serviceName}/resource)
Added list of tagNames to the resource/paginated api which will return all the 
tagNames which are associated with the resource.
Added freetext search on resource, and multiple search of tagNames in 
service/tags/resources/paginated api - 
1 - service/tags/resources/paginated?tagServiceName=hive=Cust_
2 - 
service/tags/resources/paginated?tagServiceName=hive=SSN=PII_NAME


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java
 716a1a9ea 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResourceWithTags.java
 PRE-CREATION 
  agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java 
f9f80c9ac 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
b0fad0aea 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java a472fe131 
  security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
c816ad229 
  security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 09d771565 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceWithTagsServiceBase.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/RangerServiceResourceWithTagsList.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestTagDBStore.java 
d6ebbc54d 
  security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
98d87bc0a 


Diff: https://reviews.apache.org/r/74941/diff/3/

Changes: https://reviews.apache.org/r/74941/diff/2-3/


Testing (updated)
---

Validated GET - service/tags/resource/service/{serviceName}/resource with 
postive and negative case.
Sample URL - 
/service/tags/resource/service/hive8/resource?resource:column=NAME:column.isExcludes=false:column.isRecursive=true:database=HR-DB:database.isExcludes=false:database.isRecursive=true:table=EMPLOYEE:table.isExcludes=false:table.isRecursive=true:database=HR-DB2

The values of resource can be multiple - 
resource:database=db1:database=db2
For isExcludes and isRecursive there will be a subkey - 
resource:database.isExcludes=false:databasase.isRecursive=true

Validated response of service/tags/resources/paginated api 
Sample response
{
"startIndex": 0,
"pageSize": 5,
"totalCount": 1,
"resultSize": 1,
"sortType": "asc",
"sortBy": "resourceId",
"queryTimeMS": 1710869881240,
"resourceList": [
{
"id": 2,
"guid": "3bc097ea-0685-48ea-84c2-ca02518f7738",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986829922,
"updateTime": 1708247930089,
"version": 3,
"serviceName": "hive",
"resourceElements": {
"database": {
"values": [
"db1"
],
"isExcludes": false,
"isRecursive": false
},
"column": {
"values": [
"*"
],
"isExcludes": false,
"isRecursive": false
},
"table": {
"values": [
"tbl1"
],
"isExcludes": false,
"isRecursive": false
}
},
"associatedTags": [
{
"id": 2,
"guid": "a1d21642-3f4c-4557-9226-372d3dce5a64",
"isEnabled": true,
"createdBy": "Admin",
"updatedBy": "Admin",
"createTime": 1707986831329,
"updateTime": 1707986831556,
"type": "PII_NAME",
"owner": 0,
"attributes": {
"lastname": "stark"
}
}
]
}
]
}

Validated service/tags/resources/paginated api with resourceElements and 
tagNames for freestext resource search and multiple tagNames search 
respectively.


Thanks,

Anand Nadar

[jira] [Created] (RANGER-4753) Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33

2024-03-20 Thread Pradeep Agrawal (Jira) 
Pradeep Agrawal created RANGER-4753:
---

 Summary: Upgrade Spring Security to 5.7.12 and spring framework to 
5.3.33
 Key: RANGER-4753
 URL: https://issues.apache.org/jira/browse/RANGER-4753
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 3.0.0


Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4753) Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33

2024-03-20 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-4753:

Description: Upgrade Spring Security to 5.7.12 and spring framework to 
5.3.33  (was: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32)

> Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33
> 
>
> Key: RANGER-4753
> URL: https://issues.apache.org/jira/browse/RANGER-4753
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 3.0.0
>
>
> Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33



--
This message was sent by Atlassian Jira
(v8.20.10#820010)