Re: Review Request 63055: Audit log records for 'use dbName' and 'show databases' hive commands contain large number of tags
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63055/#review188244 --- Ship it! Ship It! - Alejandro Fernandez On Oct. 16, 2017, 11:20 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63055/ > --- > > (Updated Oct. 16, 2017, 11:20 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-1841 > https://issues.apache.org/jira/browse/RANGER-1841 > > > Repository: ranger > > > Description > --- > > When a Hive service is configured for tag-based authorization, the audit log > generated for ‘use dbName’ or 'show databases' command would contain all the > tags associated with: the database, all tables in the database, all the > columns in the database. The number of tags in this audit log could be too > many; and having such large number of tags in audit logs of 'use ' > command may not be useful. It will be better not to log tags in audit logs > for 'use ' commands. Policy-id recorded in the audit log can be used > to identity the tag, if a tag-based policy authorized the command. > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 9dea37a > > > Diff: https://reviews.apache.org/r/63055/diff/1/ > > > Testing > --- > > Tested with local VM > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 63055: Audit log records for 'use dbName' and 'show databases' hive commands contain large number of tags
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63055/#review188238 --- Ship it! Ship It! - Ramesh Mani On Oct. 16, 2017, 11:20 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63055/ > --- > > (Updated Oct. 16, 2017, 11:20 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-1841 > https://issues.apache.org/jira/browse/RANGER-1841 > > > Repository: ranger > > > Description > --- > > When a Hive service is configured for tag-based authorization, the audit log > generated for ‘use dbName’ or 'show databases' command would contain all the > tags associated with: the database, all tables in the database, all the > columns in the database. The number of tags in this audit log could be too > many; and having such large number of tags in audit logs of 'use ' > command may not be useful. It will be better not to log tags in audit logs > for 'use ' commands. Policy-id recorded in the audit log can be used > to identity the tag, if a tag-based policy authorized the command. > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 9dea37a > > > Diff: https://reviews.apache.org/r/63055/diff/1/ > > > Testing > --- > > Tested with local VM > > > Thanks, > > Abhay Kulkarni > >
Review Request 63055: Audit log records for 'use dbName' and 'show databases' hive commands contain large number of tags
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63055/ --- Review request for ranger, Madhan Neethiraj and Ramesh Mani. Bugs: RANGER-1841 https://issues.apache.org/jira/browse/RANGER-1841 Repository: ranger Description --- When a Hive service is configured for tag-based authorization, the audit log generated for ‘use dbName’ or 'show databases' command would contain all the tags associated with: the database, all tables in the database, all the columns in the database. The number of tags in this audit log could be too many; and having such large number of tags in audit logs of 'use ' command may not be useful. It will be better not to log tags in audit logs for 'use ' commands. Policy-id recorded in the audit log can be used to identity the tag, if a tag-based policy authorized the command. Diffs - hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java 9dea37a Diff: https://reviews.apache.org/r/63055/diff/1/ Testing --- Tested with local VM Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-1841) Audit log record for 'use dbName' hive command contains large number of tags
[ https://issues.apache.org/jira/browse/RANGER-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-1841: -- Assignee: Abhay Kulkarni > Audit log record for 'use dbName' hive command contains large number of tags > > > Key: RANGER-1841 > URL: https://issues.apache.org/jira/browse/RANGER-1841 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni > > When a Hive service is configured for tag-based authorization, the audit log > generated for ‘use dbName’ command would contain all the tags associated > with: the database, all tables in the database, all the columns in the > database. The number of tags in this audit log could be too many; and having > such large number of tags in audit logs of 'use ' command may not be > useful. It will be better not to log tags in audit logs for 'use ' > commands. Policy-id recorded in the audit log can be used to identity the > tag, if a tag-based policy authorized the command. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1841) Audit log record for 'use dbName' hive command contains large number of tags
Madhan Neethiraj created RANGER-1841: Summary: Audit log record for 'use dbName' hive command contains large number of tags Key: RANGER-1841 URL: https://issues.apache.org/jira/browse/RANGER-1841 Project: Ranger Issue Type: Bug Components: plugins Reporter: Madhan Neethiraj When a Hive service is configured for tag-based authorization, the audit log generated for ‘use dbName’ command would contain all the tags associated with: the database, all tables in the database, all the columns in the database. The number of tags in this audit log could be too many; and having such large number of tags in audit logs of 'use ' command may not be useful. It will be better not to log tags in audit logs for 'use ' commands. Policy-id recorded in the audit log can be used to identity the tag, if a tag-based policy authorized the command. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62483: Service should not be renamed if tagged service resources exist for it
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62483/#review188190 --- Ship it! Ship It! - Alejandro Fernandez On Oct. 16, 2017, 6:41 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62483/ > --- > > (Updated Oct. 16, 2017, 6:41 p.m.) > > > Review request for ranger and Madhan Neethiraj. > > > Bugs: RANGER-1795 > https://issues.apache.org/jira/browse/RANGER-1795 > > > Repository: ranger > > > Description > --- > > If a service is renamed in the presence of tagged service-resources that > refer to the service (through service-id), then a major discrepancy is > introduced in security+governance database. Therefore, it is necessary to > fail service update under these circumstances. > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java > 89c3326 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > e433f08 > security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java > 9859992 > security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 54226d9 > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java d3c22d7 > security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java > fa3c68e > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 76e5088 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml a212e59 > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > c51aa2e > security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java > 75cbdbd > security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java > 4eaca03 > security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java > d65a426 > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > 7c48d54 > > > Diff: https://reviews.apache.org/r/62483/diff/2/ > > > Testing > --- > > Ran all unit tests successfully. Tested with local VM. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 62483: Service should not be renamed if tagged service resources exist for it
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62483/ --- (Updated Oct. 16, 2017, 6:41 p.m.) Review request for ranger and Madhan Neethiraj. Changes --- Added forceRename option to force renaming of service Bugs: RANGER-1795 https://issues.apache.org/jira/browse/RANGER-1795 Repository: ranger Description --- If a service is renamed in the presence of tagged service-resources that refer to the service (through service-id), then a major discrepancy is introduced in security+governance database. Therefore, it is necessary to fail service update under these circumstances. Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 89c3326 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java e433f08 security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java 9859992 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 54226d9 security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java d3c22d7 security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java fa3c68e security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 76e5088 security-admin/src/main/resources/META-INF/jpa_named_queries.xml a212e59 security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java c51aa2e security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 75cbdbd security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java 4eaca03 security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java d65a426 security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 7c48d54 Diff: https://reviews.apache.org/r/62483/diff/2/ Changes: https://reviews.apache.org/r/62483/diff/1-2/ Testing --- Ran all unit tests successfully. Tested with local VM. Thanks, Abhay Kulkarni
Re: Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63030/#review188177 --- Ship it! Ship It! - Alejandro Fernandez On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63030/ > --- > > (Updated Oct. 16, 2017, 2:38 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1839 > https://issues.apache.org/jira/browse/RANGER-1839 > > > Repository: ranger > > > Description > --- > > The KNOXSSO service can configure an audience parameter to restrict the > audience of a given issued token. However, we can't enforce this check in > Ranger. This task is to add a new configuration parameter > "ranger.sso.audiences", which is a comma separated String of audiences, one > of which must be contained (if specified) in the received token. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 7cfe0be8 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java > 7706d9bf > > > Diff: https://reviews.apache.org/r/63030/diff/1/ > > > Testing > --- > > Tested that audience validation works correctly with KNOXSSO. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Comment Edited] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16206081#comment-16206081 ] Endre Kovacs edited comment on RANGER-1827 at 10/16/17 5:58 PM: performance chart with the new datapoints, but with trie enabled: [^performance-chart-trie-enabled.html] the whole test suite ran in 23 minutes on my 8 core mac book pro, compared to the 2 hours 29 minutes when trie was not enabled. was (Author: andrewsmith87): performance chart with the new datapoints, but with trie enabled. the whole test suite ran in 23 minutes on my 8 core mac book pro, compared to the 2 hours 29 minutes when trie was not enabled. > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart-trie-enabled.html, performance-chart.html, > policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1840) Hive UDF is not listed in the create policy screen
[ https://issues.apache.org/jira/browse/RANGER-1840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanjay Mishra updated RANGER-1840: -- Priority: Major (was: Minor) > Hive UDF is not listed in the create policy screen > -- > > Key: RANGER-1840 > URL: https://issues.apache.org/jira/browse/RANGER-1840 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.1 > Environment: Linux >Reporter: Sanjay Mishra > > The autocomplete for the udf does not list the UDF created in a hive > database. The policy if created anyways using the functions name is not > applied as expected. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1840) Hive UDF is not listed in the create policy screen
Sanjay Mishra created RANGER-1840: - Summary: Hive UDF is not listed in the create policy screen Key: RANGER-1840 URL: https://issues.apache.org/jira/browse/RANGER-1840 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 0.7.1 Environment: Linux Reporter: Sanjay Mishra The autocomplete for the udf does not list the UDF created in a hive database. The policy if created anyways using the functions name is not applied as expected. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1840) Hive UDF is not listed in the create policy screen
[ https://issues.apache.org/jira/browse/RANGER-1840?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sanjay Mishra updated RANGER-1840: -- Priority: Minor (was: Major) > Hive UDF is not listed in the create policy screen > -- > > Key: RANGER-1840 > URL: https://issues.apache.org/jira/browse/RANGER-1840 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.1 > Environment: Linux >Reporter: Sanjay Mishra >Priority: Minor > > The autocomplete for the udf does not list the UDF created in a hive > database. The policy if created anyways using the functions name is not > applied as expected. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1827: - Attachment: performance-chart-trie-enabled.html performance chart with the new datapoints, but with trie enabled. the whole test suite ran in 23 minutes on my 8 core mac book pro, compared to the 2 hours 29 minutes when trie was not enabled. > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart-trie-enabled.html, performance-chart.html, > policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63030/#review188136 --- Ship it! Ship It! - Velmurugan Periasamy On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63030/ > --- > > (Updated Oct. 16, 2017, 2:38 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1839 > https://issues.apache.org/jira/browse/RANGER-1839 > > > Repository: ranger > > > Description > --- > > The KNOXSSO service can configure an audience parameter to restrict the > audience of a given issued token. However, we can't enforce this check in > Ranger. This task is to add a new configuration parameter > "ranger.sso.audiences", which is a comma separated String of audiences, one > of which must be contained (if specified) in the received token. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 7cfe0be8 > > security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java > 7706d9bf > > > Diff: https://reviews.apache.org/r/63030/diff/1/ > > > Testing > --- > > Tested that audience validation works correctly with KNOXSSO. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Comment Edited] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16206027#comment-16206027 ] Endre Kovacs edited comment on RANGER-1827 at 10/16/17 3:03 PM: attached example performance chart [^performance-chart.html] with the additional datapoints executed with mvn clean test -Dtest=RangerPolicyEnginePerformanceTest -DargLine="-Xmx7g" was (Author: andrewsmith87): example performance chart with the additional datapoints executed with mvn clean test -Dtest=RangerPolicyEnginePerformanceTest -DargLine="-Xmx7g" > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart.html, policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16206027#comment-16206027 ] Endre Kovacs edited comment on RANGER-1827 at 10/16/17 2:59 PM: example performance chart with the additional datapoints executed with mvn clean test -Dtest=RangerPolicyEnginePerformanceTest -DargLine="-Xmx7g" was (Author: andrewsmith87): example performance chart with the additional datapoints > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart.html, policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1827: - Attachment: performance-chart.html example performance chart with the additional datapoints > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart.html, policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63030/ --- Review request for ranger. Bugs: RANGER-1839 https://issues.apache.org/jira/browse/RANGER-1839 Repository: ranger Description --- The KNOXSSO service can configure an audience parameter to restrict the audience of a given issued token. However, we can't enforce this check in Ranger. This task is to add a new configuration parameter "ranger.sso.audiences", which is a comma separated String of audiences, one of which must be contained (if specified) in the received token. Diffs - security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java 7cfe0be8 security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java 7706d9bf Diff: https://reviews.apache.org/r/63030/diff/1/ Testing --- Tested that audience validation works correctly with KNOXSSO. Thanks, Colm O hEigeartaigh
[jira] [Updated] (RANGER-1839) Add the ability to specify SSO token audiences
[ https://issues.apache.org/jira/browse/RANGER-1839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-1839: Attachment: 0001-RANGER-1839-Add-the-ability-to-specify-SSO-token-aud.patch > Add the ability to specify SSO token audiences > -- > > Key: RANGER-1839 > URL: https://issues.apache.org/jira/browse/RANGER-1839 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Colm O hEigeartaigh >Assignee: Colm O hEigeartaigh >Priority: Minor > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1839-Add-the-ability-to-specify-SSO-token-aud.patch > > > The KNOXSSO service can configure an audience parameter to restrict the > audience of a given issued token. However, we can't enforce this check in > Ranger. This task is to add a new configuration parameter > "ranger.sso.audiences", which is a comma separated String of audiences, one > of which must be contained (if specified) in the received token. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1838) Refactor Jisql dependencies
[ https://issues.apache.org/jira/browse/RANGER-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16205867#comment-16205867 ] Pradeep Agrawal commented on RANGER-1838: - Patch committed in ranger master branch: https://github.com/apache/ranger/commit/6014e64a0fcfe957f4a0ee7e52cc29139b63ac92 Patch committed in ranger-0.7 branch: https://github.com/apache/ranger/commit/49f874fcf430eff8ec57e1864202f6c1d06eeef2 > Refactor Jisql dependencies > --- > > Key: RANGER-1838 > URL: https://issues.apache.org/jira/browse/RANGER-1838 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1838-master.patch > > > Jisql dependencies need to be revisited, not required dependencies can be > removed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1832) Export REST API should return exact matching results if polResource param is provided
[ https://issues.apache.org/jira/browse/RANGER-1832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16205862#comment-16205862 ] Pradeep Agrawal commented on RANGER-1832: - Patch committed to Ranger master branch: https://github.com/apache/ranger/commit/a98dc785a61ee9bbb1cdb4f8caac5a87dd163ed1 Patch committed to ranger-0.7 branch: https://github.com/apache/ranger/commit/8fe42a8d4d8969f759a9c8655dc5c188663436ca > Export REST API should return exact matching results if polResource param is > provided > - > > Key: RANGER-1832 > URL: https://issues.apache.org/jira/browse/RANGER-1832 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0, 1.0.0, 0.7.1 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1832-master-2.patch, RANGER-1832-master.patch > > > Currently, Export REST API returns partial matching results also even if > polResource param is provided. > Use Case : > 1) Create a ranger hdfs policy with resource path /tmp/abcdefg > 2) Call REST API to export policy for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor; > ER: REST call should not return policy for resource /tmp/abcdefg > AR: REST call is returning policy for resource /tmp/abcdefg -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 63016: RANGER-1838: Refactor Jisql dependencies
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63016/#review188128 --- Ship it! Ship It! - Velmurugan Periasamy On Oct. 16, 2017, 4:51 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63016/ > --- > > (Updated Oct. 16, 2017, 4:51 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1838 > https://issues.apache.org/jira/browse/RANGER-1838 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Ranger code is having CSVFormatter class which is > using javacsv API. Since JiSQL code is not using CSVFormatter class so its > dependency on javacsv API can be removed. > > **Proposed Solution:** Remove formatData method implementation from > CSVFormatter class. > Remove dependency of javacsv API from pom.xml and distribution of javacsv API > can be removed from admin-web.xml and kms.xml > > > Diffs > - > > jisql/pom.xml efb1dff > jisql/src/main/java/org/apache/util/outputformatter/CSVFormatter.java > 158e25c > jisql/src/main/java/org/apache/util/sql/Jisql.java cf5f2c4 > src/main/assembly/admin-web.xml 0e97818 > src/main/assembly/kms.xml 1d7116a > > > Diff: https://reviews.apache.org/r/63016/diff/1/ > > > Testing > --- > > **Steps performed for Ranger-admin(with patch):** > 1. Created Build with patch and untar the build. > 2. Opened install.properties and provided db configuration in > install.properties > 3. Called setup.sh > > **Expected Behavior:** > Ranger-admin installation should finish successfully. > > **Actual Behavior:** > Ranger-admin Installation finished successfully. > > -- > **Steps performed for Ranger-KMS(with patch):** > 1. Created Build with patch and untar the build. > 2. Opened install.properties and provided db configuration in > install.properties > 3. Called setup.sh > > **Expected Behavior:** > Ranger-KMS installation should finish successfully. > > **Actual Behavior:** > Ranger-KMS Installation finished successfully. > > --- > **NOTE:** Below steps have been tested for all db flavor. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62710/#review188127 --- In addition to comment above, here are some initial remarks: a) We should update to 1.99.7 as it is the latest version b) getLinkList/getJobList are not implemented in SqoopClient. c) There is a problem with the Sqoop REST API that I haven't been able to figure out. "http://localhost:12000/sqoop/v1/connectors; returns a 404 with 1.99.7 (but http://localhost:12000/sqoop/v1/connector/kafka-connector works fine), so I can't get "Test Connection" to work. Same goes for the v1/jobs + v1/links mentioned in the REST API. d) It was not picking up conf/ranger-sqoop-security.xml + hence the plugin wasn't working. I had to copy ranger-sqoop-security.xml to the root directory of the Sqoop installation. Any idea why this is? e) After changing the policy in Ranger and having it synced down, it only "applies" once I exited the sqoop shell and restarted it. Any idea why this is? I guess it is caching the old policy somehow? - Colm O hEigeartaigh On Oct. 12, 2017, 9:02 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62710/ > --- > > (Updated Oct. 12, 2017, 9:02 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and Velmurugan Periasamy. > > > Bugs: RANGER-1810 > https://issues.apache.org/jira/browse/RANGER-1810 > > > Repository: ranger > > > Description > --- > > Apache Sqoop is a tool designed for efficiently transferring bulk data > between Apache Hadoop and structured datastores such as relational databases. > You can use Sqoop to import data from external structured datastores into > Hadoop Distributed File System or related systems like Hive and HBase. > Conversely, Sqoop can be used to extract data from Hadoop and export it to > external structured datastores such as relational databases and enterprise > data warehouses.It successfully graduated from the Incubator in March of 2012 > and is now a Top-Level Apache project. > The Ranger will further expand the influence in the hadoop ecosystem if it > supports sqoop authorization. So we should develop sqoop plugin to enable, > monitor and manage apache Sqoop2. > > Our test specialists have rigorously tested this feature. > > > Diffs > - > > agents-common/scripts/enable-agent.sh d31a264 > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 9463ab8 > agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json > PRE-CREATION > plugin-sqoop/.gitignore PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION > plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION > plugin-sqoop/pom.xml PRE-CREATION > plugin-sqoop/scripts/install.properties PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java > PRE-CREATION > > plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java > PRE-CREATION > pom.xml 3958014 > ranger-sqoop-plugin-shim/.gitignore PRE-CREATION > ranger-sqoop-plugin-shim/pom.xml PRE-CREATION > > ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java > PRE-CREATION > src/main/assembly/admin-web.xml 0e97818 > src/main/assembly/plugin-sqoop.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/62710/diff/2/ > > > Testing > --- > > Our test specialists have rigorously tested this feature. > > > Thanks, > > Qiang Zhang > >
Re: Review Request 63025: RANGER-1832: Export REST API should return exact matching results if polResource param is provided
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63025/#review188126 --- Ship it! Ship It! - Velmurugan Periasamy On Oct. 16, 2017, 11:25 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63025/ > --- > > (Updated Oct. 16, 2017, 11:25 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1832 > https://issues.apache.org/jira/browse/RANGER-1832 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Patch submitted in RR: > https://reviews.apache.org/r/62969/ does not cover the change to > distinguish the case of partial or full policy resource match which is the > actual requirement of RANGER-1832. > > **Proposed Solution:** > To address the same I am going to introduce another request param > "resourceMatch" which can have value "partial" or "full". > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 90e5383 > > > Diff: https://reviews.apache.org/r/63025/diff/1/ > > > Testing > --- > > **Steps Performed (with patch):** > 1. After mvn Build; untar the Ranger module and updated install.properties > for MySQL DB flavor. > 2. Called setup.sh to execute Ranger setup script. > 3. Started Ranger admin. > > **Steps for HDFS service:** > 1. Created a hdfs service 'source_hadoop'. > 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg > 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd > 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: > /tmp/abcd/file.txt > 5. Called below given REST API to export policies for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor=full; > > **Expected Behavior:** > Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which > are having resource /tmp/abcd and /tmp/abcd/file.txt respectively. > > **Actual Behavior:** > Returned JSON response was having only two policies(hdfs_policy2 and > hdfs_policy3). > > > > **Steps for HIVE service:** > 1. Created a hive service 'source_hive'. > 2. Created a ranger hive policy(hive_policy1) with > resource:database=default123,table=,column= > 3. Created a ranger hive policy(hive_policy2) with > resource:database=default,table=,column= > 4. Created a ranger hive datamask policy(hive_policy3) with > resource:database=default,table=table1,column=column1 > 5. Created a ranger hive rowlevel filter policy(hive_policy4) with > resource:database=default,table=table2 > 6. Called below given REST API to export policies for > resource:database=default > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive=default:database=default=hive=self_or_ancestor=full; > > **Expected Behavior:** > Above REST should return three policies(hive_policy2, hive_policy3 and > hive_policy4). > > **Actual Behavior:** > Returned JSON response was having only three policies(hive_policy2, > hive_policy3 and hive_policy4). > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 61021: RANGER-1672:Ranger supports plugin to enable, monitor and manage apache kylin
> On Sept. 27, 2017, 9:33 a.m., pengjianhua wrote: > > The https://issues.apache.org/jira/browse/KYLIN-2703 I submitted had been > > resolved. Our test experts have rigorously tested this issue. At the same > > time the Kyligence company which is Apache kylin's main contributor will > > soon use this feature. > > Colm O hEigeartaigh wrote: > When will Kylin 2.2.0 be released? If we merge a dependency on a SNAPSHOT > version in Ranger, we can't release Ranger until Kylin is released. Do you > have any documentation on how to set up a simple test-scenario? > > pengjianhua wrote: > Ok. The Kylin 2.2.0 will be released in late October. > > Qiang Zhang wrote: > Ok. I am writing install guide for the feature. > > Qiang Zhang wrote: > Hi Colm, Can you tell me how to build a document patch? Thanks! I'm not sure what you mean by "document patch". What do you want to do exactly? - Colm --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61021/#review186391 --- On Sept. 27, 2017, 9:19 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61021/ > --- > > (Updated Sept. 27, 2017, 9:19 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, > Selvamohan Neethiraj, sam rome, and Velmurugan Periasamy. > > > Bugs: RANGER-1672 > https://issues.apache.org/jira/browse/RANGER-1672 > > > Repository: ranger > > > Description > --- > > Ranger supports plugin to enable, monitor and manage apache kylin > > > Diffs > - > > agents-common/scripts/enable-agent.sh d31a264 > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 9463ab8 > > agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java > 58cdd35 > agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json > PRE-CREATION > plugin-kylin/.gitignore PRE-CREATION > plugin-kylin/conf/ranger-kylin-audit-changes.cfg PRE-CREATION > plugin-kylin/conf/ranger-kylin-audit.xml PRE-CREATION > plugin-kylin/conf/ranger-kylin-security-changes.cfg PRE-CREATION > plugin-kylin/conf/ranger-kylin-security.xml PRE-CREATION > plugin-kylin/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION > plugin-kylin/conf/ranger-policymgr-ssl.xml PRE-CREATION > plugin-kylin/pom.xml PRE-CREATION > plugin-kylin/scripts/install.properties PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java > PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/services/kylin/RangerServiceKylin.java > PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java > PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinResourceMgr.java > PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinCubeResponse.java > PRE-CREATION > > plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinProjectResponse.java > PRE-CREATION > pom.xml 3958014 > ranger-kylin-plugin-shim/.gitignore PRE-CREATION > ranger-kylin-plugin-shim/pom.xml PRE-CREATION > > ranger-kylin-plugin-shim/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java > PRE-CREATION > src/main/assembly/admin-web.xml 0e97818 > src/main/assembly/plugin-kylin.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/61021/diff/3/ > > > Testing > --- > > Tested > > > Thanks, > > Qiang Zhang > >
Review Request 63025: RANGER-1832: Export REST API should return exact matching results if polResource param is provided
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63025/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1832 https://issues.apache.org/jira/browse/RANGER-1832 Repository: ranger Description --- **Problem Statement:** Patch submitted in RR: https://reviews.apache.org/r/62969/ does not cover the change to distinguish the case of partial or full policy resource match which is the actual requirement of RANGER-1832. **Proposed Solution:** To address the same I am going to introduce another request param "resourceMatch" which can have value "partial" or "full". Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 90e5383 Diff: https://reviews.apache.org/r/63025/diff/1/ Testing --- **Steps Performed (with patch):** 1. After mvn Build; untar the Ranger module and updated install.properties for MySQL DB flavor. 2. Called setup.sh to execute Ranger setup script. 3. Started Ranger admin. **Steps for HDFS service:** 1. Created a hdfs service 'source_hadoop'. 2. Created a ranger hdfs policy(hdfs_policy1) with resource path /tmp/abcdefg 3. Created a ranger hdfs policy(hdfs_policy2) with resource path: /tmp/abcd 4. Created a ranger hdfs policy(hdfs_policy3) with resource path: /tmp/abcd/file.txt 5. Called below given REST API to export policies for resource path: /tmp/abcd http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor=full; **Expected Behavior:** Above REST should return two policies(hdfs_policy2 and hdfs_policy3) which are having resource /tmp/abcd and /tmp/abcd/file.txt respectively. **Actual Behavior:** Returned JSON response was having only two policies(hdfs_policy2 and hdfs_policy3). **Steps for HIVE service:** 1. Created a hive service 'source_hive'. 2. Created a ranger hive policy(hive_policy1) with resource:database=default123,table=,column= 3. Created a ranger hive policy(hive_policy2) with resource:database=default,table=,column= 4. Created a ranger hive datamask policy(hive_policy3) with resource:database=default,table=table1,column=column1 5. Created a ranger hive rowlevel filter policy(hive_policy4) with resource:database=default,table=table2 6. Called below given REST API to export policies for resource:database=default http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hive=default:database=default=hive=self_or_ancestor=full; **Expected Behavior:** Above REST should return three policies(hive_policy2, hive_policy3 and hive_policy4). **Actual Behavior:** Returned JSON response was having only three policies(hive_policy2, hive_policy3 and hive_policy4). Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-1832) Export REST API should return exact matching results if polResource param is provided
[ https://issues.apache.org/jira/browse/RANGER-1832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-1832: Attachment: RANGER-1832-master-2.patch > Export REST API should return exact matching results if polResource param is > provided > - > > Key: RANGER-1832 > URL: https://issues.apache.org/jira/browse/RANGER-1832 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0, 1.0.0, 0.7.1 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1832-master-2.patch, RANGER-1832-master.patch > > > Currently, Export REST API returns partial matching results also even if > polResource param is provided. > Use Case : > 1) Create a ranger hdfs policy with resource path /tmp/abcdefg > 2) Call REST API to export policy for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor; > ER: REST call should not return policy for resource /tmp/abcdefg > AR: REST call is returning policy for resource /tmp/abcdefg -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1832) Export REST API should return exact matching results if polResource param is provided
[ https://issues.apache.org/jira/browse/RANGER-1832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16205677#comment-16205677 ] Pradeep Agrawal commented on RANGER-1832: - Reopening this issue to distinguish the case of partial or full policy resource value which is the actual requirement of this JIRA. To fix the same I am going to introduce another request param "resourceMatch" which can have "partial" or "full" value. > Export REST API should return exact matching results if polResource param is > provided > - > > Key: RANGER-1832 > URL: https://issues.apache.org/jira/browse/RANGER-1832 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0, 1.0.0, 0.7.1 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1832-master.patch > > > Currently, Export REST API returns partial matching results also even if > polResource param is provided. > Use Case : > 1) Create a ranger hdfs policy with resource path /tmp/abcdefg > 2) Call REST API to export policy for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor; > ER: REST call should not return policy for resource /tmp/abcdefg > AR: REST call is returning policy for resource /tmp/abcdefg -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Reopened] (RANGER-1832) Export REST API should return exact matching results if polResource param is provided
[ https://issues.apache.org/jira/browse/RANGER-1832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal reopened RANGER-1832: - > Export REST API should return exact matching results if polResource param is > provided > - > > Key: RANGER-1832 > URL: https://issues.apache.org/jira/browse/RANGER-1832 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0, 1.0.0, 0.7.1 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1832-master.patch > > > Currently, Export REST API returns partial matching results also even if > polResource param is provided. > Use Case : > 1) Create a ranger hdfs policy with resource path /tmp/abcdefg > 2) Call REST API to export policy for resource path: /tmp/abcd > http://localhost:6080/service/plugins/policies/exportJson?serviceName=source_hadoop=/tmp/abcd:path=/tmp/abcd=hdfs=self_or_ancestor; > ER: REST call should not return policy for resource /tmp/abcdefg > AR: REST call is returning policy for resource /tmp/abcdefg -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1827: - Attachment: 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1827: - Attachment: (was: 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch) > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/ --- (Updated Oct. 16, 2017, 8:32 a.m.) Review request for ranger. Changes --- added missing runWith junit annotation Bugs: RANGER-1827 https://issues.apache.org/jira/browse/RANGER-1827 Repository: ranger Description --- created a microbenchmark for the policy evaluation engine Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java 25f533476 ranger-tools/pom.xml ff37fb3eb ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java e6095cba2 ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java PRE-CREATION ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java PRE-CREATION ranger-tools/src/test/resources/log4j.properties 4ea9d854e ranger-tools/src/test/resources/testdata/performance-chart.template PRE-CREATION ranger-tools/src/test/resources/testdata/single-policy-template.json PRE-CREATION ranger-tools/src/test/resources/testdata/single-request-template.json PRE-CREATION Diff: https://reviews.apache.org/r/62850/diff/6/ Changes: https://reviews.apache.org/r/62850/diff/5-6/ Testing --- A parameterized JUnit test that tests the performance of RangerPolicyEngine under increasing load of number of policies and concurrent calls. a cross product of the input parameters are generated and fed into the test method. This microbenchmark includes a warm-up phase so that any of the JIT performance optimizations happen before the measurement of the policy engine's performance. File Attachments 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch Thanks, Endre Zoltan Kovacs
[jira] [Resolved] (RANGER-1835) The installer of the security admin should not repeatedly add a user to the same group.
[ https://issues.apache.org/jira/browse/RANGER-1835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua resolved RANGER-1835. -- Resolution: Fixed Fix Version/s: master 1.0.0 > The installer of the security admin should not repeatedly add a user to the > same group. > --- > > Key: RANGER-1835 > URL: https://issues.apache.org/jira/browse/RANGER-1835 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.7.1 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Labels: patch > Fix For: 1.0.0, master > > Attachments: > 0001-RANGER-1835-The-installer-of-the-security-admin-shou.patch > > > The installer of the security admin will repeatedly add a user to the same > group if the user exists and the user belongs to the group. The installer > should check whether the user belongs to the group before adding user to > group. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1829) RangerPolicy should use equals() to check equal for object of resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyI
[ https://issues.apache.org/jira/browse/RANGER-1829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16205487#comment-16205487 ] peng.jianhua commented on RANGER-1829: -- Hi [~abhayk] and [~rmani], I agree with [~bosco]'s opinion. These codes did not express the real logic. They were the wrong code. Do we not really need to modify them? > RangerPolicy should use equals() to check equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems > --- > > Key: RANGER-1829 > URL: https://issues.apache.org/jira/browse/RANGER-1829 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Attachments: > 0001-RANGER-1829-RangerPolicy-should-use-equals-to-check-.patch > > > When RangerPolicy check the equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems, > it uses the "==" operator. > But it should not use "==", use "equals()" is correctly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Issue Comment Deleted] (RANGER-1829) RangerPolicy should use equals() to check equal for object of resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowF
[ https://issues.apache.org/jira/browse/RANGER-1829?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1829: - Comment: was deleted (was: Hi [~abhayk] and [~rmani], I agree with [~bosco]'s opinion. These codes did not express the real logic. They were the wrong code. Do we not really need to modify them?) > RangerPolicy should use equals() to check equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems > --- > > Key: RANGER-1829 > URL: https://issues.apache.org/jira/browse/RANGER-1829 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Attachments: > 0001-RANGER-1829-RangerPolicy-should-use-equals-to-check-.patch > > > When RangerPolicy check the equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems, > it uses the "==" operator. > But it should not use "==", use "equals()" is correctly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1829) RangerPolicy should use equals() to check equal for object of resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyI
[ https://issues.apache.org/jira/browse/RANGER-1829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16205486#comment-16205486 ] peng.jianhua commented on RANGER-1829: -- Hi [~abhayk] and [~rmani], I agree with [~bosco]'s opinion. These codes did not express the real logic. They were the wrong code. Do we not really need to modify them? > RangerPolicy should use equals() to check equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems > --- > > Key: RANGER-1829 > URL: https://issues.apache.org/jira/browse/RANGER-1829 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: master >Reporter: Qiang Zhang >Assignee: Qiang Zhang >Priority: Minor > Attachments: > 0001-RANGER-1829-RangerPolicy-should-use-equals-to-check-.patch > > > When RangerPolicy check the equal for object of > resources/policyItems/denyPolicyItems/allowExceptions/denyExceptions/dataMaskPolicyItems/rowFilterPolicyItems, > it uses the "==" operator. > But it should not use "==", use "equals()" is correctly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
