date:20180226

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

2018-02-26 Thread Velmurugan Periasamy

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198311
---

security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql
Lines 1 (patched)

1] https://reviews.apache.org/r/65567/ is using the same DB patch # (030). 
Use the next available #.

2] Make this DB change available for other DB flavors 

3] Update consolidated DB schema script with the DB changes

security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
Lines 1124 (patched)

Fix PMD violations such as below..

```
[INFO] --- maven-pmd-plugin:3.7:check (default) @ security-admin-web ---
[INFO] PMD Failure: org.apache.ranger.biz.AssetMgr:1124 
Rule:UnusedLocalVariable Priority:3 Avoid unused local variables such as 
'vxUgsyncAuditInfo'..
[INFO] PMD Failure: org/apache/ranger/db/XXUgsyncAuditInfoDao.java:23 
Rule:UnusedImports Priority:4 Avoid unused imports such as 
'org.apache.ranger.entity.XXPluginInfo'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:22 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 'org.apache.commons.lang.StringUtils'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:23 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 
'org.apache.ranger.authorization.hadoop.constants.RangerHadoopConstants'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:28 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 
'org.apache.ranger.entity.XXAccessAudit'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:29 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXService'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:30 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 'org.apache.ranger.entity.XXServiceDef'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:32 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 'org.apache.ranger.view.VXAccessAudit'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:33 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 
'org.apache.ranger.view.VXAccessAuditList'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoService.java:41 Rule:UnusedImports 
Priority:4 Avoid unused imports such as 'java.util.Date'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:27 
Rule:UnusedImports Priority:4 Avoid unused imports such as 
'org.apache.ranger.entity.XXAccessAudit'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:29 
Rule:UnusedImports Priority:4 Avoid unused imports such as 
'org.apache.ranger.view.VXAccessAudit'.
[INFO] PMD Failure: 
org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java:30 
Rule:UnusedImports Priority:4 Avoid unused imports such as 
'org.apache.ranger.view.VXAccessAuditList'.
[INFO] PMD Failure: org/apache/ranger/view/VXLdapSyncSourceInfo.java:33 
Rule:UnusedImports Priority:4 Avoid unused imports such as 'java.util.List'.
[INFO] PMD Failure: org/apache/ranger/view/VXUgsyncAuditInfo.java:36 
Rule:UnusedImports Priority:4 Avoid unused imports such as 'java.util.List'.
```

- Velmurugan Periasamy

On Feb. 26, 2018, 11:56 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> ---
> 
> (Updated Feb. 26, 2018, 11:56 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Added code to support auditing for Ranger Usersync operations. This includes 
> auditing for all the sync sources (unix, file, and LDAP/AD) for every sync 
> interval. Also includes Rest API for showing these audits in Ranger UI.
> 
> 
> Diffs
> -
> 
>   
> security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b 
>   security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
> 4a02e26b 
>   security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
> db20a14a 
>

Re: Review Request 65567: RANGER-1972 : Ability to label policies, filter/search and show policies by labels

2018-02-26 Thread Pradeep Agrawal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65567/#review198315
---


Ship it!




Ship It!

- Pradeep Agrawal


On Feb. 14, 2018, 12:06 p.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65567/
> ---
> 
> (Updated Feb. 14, 2018, 12:06 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1972
> https://issues.apache.org/jira/browse/RANGER-1972
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Ranger Admin, need a feature to be able to group (for example by tenant 
> name or business unit) sets of policies with one or more labels that are 
> relevant to business. 
> Furthermore, Need to able to search policies on this additional set of 
> labels. This will be useful for export/import policies as well.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 
> 60daed9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  7583864 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> fa4f767 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 69f3768 
>   security-admin/db/mysql/patches/030-policy-labels-schema.sql PRE-CREATION 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 5abbcd0 
>   security-admin/db/oracle/patches/030-policy-labels-schema.sql PRE-CREATION 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 6dfc841 
>   security-admin/db/postgres/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d01 
>   security-admin/db/sqlanywhere/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> a2be2d4 
>   security-admin/db/sqlserver/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 
> 1b6f440 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 7aee433 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 92b0e03 
>   security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
> db20a14 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyLabelDao.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyLabelMapDao.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/entity/XXPolicyLabel.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/entity/XXPolicyLabelMap.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 9e4d799 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
>  5aec948 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
>  5d3af2f 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicy.java c73d42b 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicyLabel.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicyLabelList.java 
> PRE-CREATION 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf 
>   security-admin/src/main/webapp/scripts/models/RangerPolicy.js b5a274a 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> b71427c 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8fa7fca 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
> 5bf2296 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
> 542147f 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
> a01350b 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  ce295ff 
>   
> security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
>  914f271 
>   security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
> 90f44c1 
>   security-admin/src/main/webapp/styles/xa.css ee13655 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html
>  f8d1791 
>   security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 
> f298fd0 
>

Re: Review Request 65777: RANGER-1967 - Kafka 1.0 support

2018-02-26 Thread Qiang Zhang



> On 二月 26, 2018, 4:30 p.m., Colm O hEigeartaigh wrote:
> > > JaasContext context = JaasContext.load(Type.SERVER, new 
> > > ListenerName("KafkaServer"), configs);
> > 
> > Should "KafkaServer" be configurable here?
> > 
> > Apart from that looks good to me - have you tested the plugin with a Kafka 
> > 1.0.0 deployment?

We configure listeners in server.properties as following:
listeners=SASL_PLAINTEXT://HDC90:9092

In order to above function, I write following code and execute succefully:
String listeners = (String)configs.get("listeners");
...
JaasContext jaasContext = JaasContext.load(JaasContext.Type.SERVER, new 
ListenerName(listeners.split(":")[0]), configs);

ListenerName("KafkaServer")

"KafkaServer" should equal to SASL_PLAINTEXT.


- Qiang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65777/#review198284
---


On 二月 24, 2018, 10:08 a.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65777/
> ---
> 
> (Updated 二月 24, 2018, 10:08 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1967
> https://issues.apache.org/jira/browse/RANGER-1967
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The API changes are not too big, however running Kafka in embedded mode 
> turned out to be a bit trickier beast. I had to add a couple of new flags, 
> otherwise it would wait for 2 other broker to join.
>  The commit also contains logging changes, even a test log4j configuration, 
> just to make the debugging easier.
> 
> 
> Diffs
> -
> 
>   agents-audit/pom.xml 4fa44c5f 
>   plugin-kafka/pom.xml f644646b 
>   
> plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  b3d5a74d 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java
>  4ea39ed7 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
>  fb541cd3 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
>  fb0a2c0f 
>   plugin-kafka/src/test/resources/log4j.properties PRE-CREATION 
>   pom.xml fa1d1c7b 
>   ranger-kafka-plugin-shim/pom.xml f1aeee6f 
> 
> 
> Diff: https://reviews.apache.org/r/65777/diff/2/
> 
> 
> Testing
> ---
> 
> Unit & local tests
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

Re: Review Request 65567: RANGER-1972 : Ability to label policies, filter/search and show policies by labels

2018-02-26 Thread Velmurugan Periasamy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65567/#review198313
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Feb. 14, 2018, 12:06 p.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65567/
> ---
> 
> (Updated Feb. 14, 2018, 12:06 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1972
> https://issues.apache.org/jira/browse/RANGER-1972
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In Ranger Admin, need a feature to be able to group (for example by tenant 
> name or business unit) sets of policies with one or more labels that are 
> relevant to business. 
> Furthermore, Need to able to search policies on this additional set of 
> labels. This will be useful for export/import policies as well.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 
> 60daed9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
>  7583864 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
> fa4f767 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 69f3768 
>   security-admin/db/mysql/patches/030-policy-labels-schema.sql PRE-CREATION 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 5abbcd0 
>   security-admin/db/oracle/patches/030-policy-labels-schema.sql PRE-CREATION 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 6dfc841 
>   security-admin/db/postgres/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d01 
>   security-admin/db/sqlanywhere/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> a2be2d4 
>   security-admin/db/sqlserver/patches/030-policy-labels-schema.sql 
> PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 
> 1b6f440 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 7aee433 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 92b0e03 
>   security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
> db20a14 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyLabelDao.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/db/XXPolicyLabelMapDao.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/entity/XXPolicyLabel.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/entity/XXPolicyLabelMap.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 9e4d799 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyLabelsService.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
>  5aec948 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java
>  5d3af2f 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicy.java c73d42b 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicyLabel.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/view/VXPolicyLabelList.java 
> PRE-CREATION 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf 
>   security-admin/src/main/webapp/scripts/models/RangerPolicy.js b5a274a 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> b71427c 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js 8fa7fca 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyDetail.js 
> 5bf2296 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
> 542147f 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
> a01350b 
>   
> security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
>  ce295ff 
>   
> security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
>  914f271 
>   security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
> 90f44c1 
>   security-admin/src/main/webapp/styles/xa.css ee13655 
>   
> security-admin/src/main/webapp/templates/policies/RangerPolicyDetail_tmpl.html
>  f8d1791 
>   security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html 
> f298fd0 
>

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

2018-02-26 Thread Sailaja Polavarapu



> On Feb. 23, 2018, 9:51 p.m., Zsombor Gegesy wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
> > Lines 184 (patched)
> > 
> >
> > On error, why don't you set 'isUpdateSinkSucc = false' ?

If the actual update or sync fails then we are marking as false already. But if 
just the audit request fails, I don't want to force the sync even if there are 
no changes to the sync files and hence didn't set the flag to false.


- Sailaja


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/#review198210
---


On Feb. 26, 2018, 11:56 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65739/
> ---
> 
> (Updated Feb. 26, 2018, 11:56 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Added code to support auditing for Ranger Usersync operations. This includes 
> auditing for all the sync sources (unix, file, and LDAP/AD) for every sync 
> interval. Also includes Rest API for showing these audits in Ranger UI.
> 
> 
> Diffs
> -
> 
>   
> security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b 
>   security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
> 4a02e26b 
>   security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
> db20a14a 
>   security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java 
> PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a 
>   
> security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
>  460c7fda 
>   
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
> PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
> PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
> PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
> PRE-CREATION 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd 
>   security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
>  2852b320 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
>  18366ef1 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
>  6b2648d9 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
>  PRE-CREATION 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
>  PRE-CREATION 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java
>  PRE-CREATION 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
>  PRE-CREATION 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
>  713c8688 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  864d884d 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  60ce08d1 
>   ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 
> 494efc21 
> 
> 
> Diff: https://reviews.apache.org/r/65739/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
> 2. Also tested with incremental sync enabled for AD sync source.
> 3. Tested the Rest API for showing audits in Ranger UI.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

2018-02-26 Thread Sailaja Polavarapu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
---

(Updated Feb. 26, 2018, 11:56 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

Incorporated review comments and fixed minor bugs found during testing. Also 
added one missing sql file for db changes


Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985


Repository: ranger


Description
---

Added code to support auditing for Ranger Usersync operations. This includes 
auditing for all the sync sources (unix, file, and LDAP/AD) for every sync 
interval. Also includes Rest API for showing these audits in Ranger UI.


Diffs (updated)
-

  security-admin/db/mysql/patches/030-create-schema-for-usersync-audit-info.sql 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d2 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b 
  security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
4a02e26b 
  security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
db20a14a 
  security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3f 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243a 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 460c7fda 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bfd 
  security-admin/src/main/resources/META-INF/persistence.xml 20f5bbac 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 2852b320 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 18366ef1 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 6b2648d9 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java 
PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
 713c8688 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 864d884d 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 60ce08d1 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 
494efc21 


Diff: https://reviews.apache.org/r/65739/diff/2/

Changes: https://reviews.apache.org/r/65739/diff/1-2/


Testing
---

1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.


Thanks,

Sailaja Polavarapu

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

2018-02-26 Thread Sailaja Polavarapu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65739/
---

(Updated Feb. 26, 2018, 11:52 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

Incorporated review comments and fixed minor bugs found during testing. Also 
added one missing sql file for db changes


Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985


Repository: ranger


Description
---

Added code to support auditing for Ranger Usersync operations. This includes 
auditing for all the sync sources (unix, file, and LDAP/AD) for every sync 
interval. Also includes Rest API for showing these audits in Ranger UI.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 034053d 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8 
  security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
4a02e26 
  security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java 
db20a14 
  security-admin/src/main/java/org/apache/ranger/db/XXUgsyncAuditInfoDao.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 3c274e3 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java a07c243 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 460c7fd 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfoList.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
PRE-CREATION 
  security-admin/src/main/resources/META-INF/jpa_named_queries.xml 786b4bf 
  security-admin/src/main/resources/META-INF/persistence.xml 20f5bba 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 2852b32 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 18366ef 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 6b2648d 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java 
PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
 PRE-CREATION 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
 713c868 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 864d884 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 60ce08d 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSink.java 
494efc2 


Diff: https://reviews.apache.org/r/65739/diff/1/


Testing
---

1. Tested with different types of sync sources (Unix, File, and LDAP/AD)
2. Also tested with incremental sync enabled for AD sync source.
3. Tested the Rest API for showing audits in Ranger UI.


File Attachments (updated)


0001-RANGER-1985-Incorporated-review-comments-and-fixed-m.patch
  
https://reviews.apache.org/media/uploaded/files/2018/02/26/a4e53893-358a-436d-8837-cc3273527363__0001-RANGER-1985-Incorporated-review-comments-and-fixed-m.patch


Thanks,

Sailaja Polavarapu

Re: Review Request 65777: RANGER-1967 - Kafka 1.0 support

2018-02-26 Thread Colm O hEigeartaigh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65777/#review198284
---



> JaasContext context = JaasContext.load(Type.SERVER, new 
> ListenerName("KafkaServer"), configs);

Should "KafkaServer" be configurable here?

Apart from that looks good to me - have you tested the plugin with a Kafka 
1.0.0 deployment?

- Colm O hEigeartaigh


On Feb. 24, 2018, 10:08 a.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65777/
> ---
> 
> (Updated Feb. 24, 2018, 10:08 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1967
> https://issues.apache.org/jira/browse/RANGER-1967
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The API changes are not too big, however running Kafka in embedded mode 
> turned out to be a bit trickier beast. I had to add a couple of new flags, 
> otherwise it would wait for 2 other broker to join.
>  The commit also contains logging changes, even a test log4j configuration, 
> just to make the debugging easier.
> 
> 
> Diffs
> -
> 
>   agents-audit/pom.xml 4fa44c5f 
>   plugin-kafka/pom.xml f644646b 
>   
> plugin-kafka/src/main/java/org/apache/ranger/authorization/kafka/authorizer/RangerKafkaAuthorizer.java
>  b3d5a74d 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java
>  4ea39ed7 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
>  fb541cd3 
>   
> plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
>  fb0a2c0f 
>   plugin-kafka/src/test/resources/log4j.properties PRE-CREATION 
>   pom.xml fa1d1c7b 
>   ranger-kafka-plugin-shim/pom.xml f1aeee6f 
> 
> 
> Diff: https://reviews.apache.org/r/65777/diff/2/
> 
> 
> Testing
> ---
> 
> Unit & local tests
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

[jira] [Updated] (RANGER-1982) Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms

2018-02-26 Thread Fatima Amjad Khan (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-1982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-1982:
--
Attachment: 0001-RANGER-1982-V2.patch

> Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms
> -
>
> Key: RANGER-1982
> URL: https://issues.apache.org/jira/browse/RANGER-1982
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: 0001-RANGER-1982-V2.patch, RANGER-1982.patch
>
>
> Improve Error handling in analytical metrics of ranger admin and ranger kms



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1982) Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms

2018-02-26 Thread Fatima Amjad Khan (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-1982?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-1982:
--
Attachment: (was: RANGER-1982-V2.patch)

> Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms
> -
>
> Key: RANGER-1982
> URL: https://issues.apache.org/jira/browse/RANGER-1982
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 1.0.0
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.0
>
> Attachments: RANGER-1982.patch
>
>
> Improve Error handling in analytical metrics of ranger admin and ranger kms



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65793: RANGER-1991 : fix errors detected by static code analysis

2018-02-26 Thread Colm O hEigeartaigh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65793/#review198280
---



+   String key = (String) entry.getKey();
+   String value = (String) 
entry.getValue();
+   if (RANGER_SECTION_NAME.equals(value)) {
+   
rangerInternalPropertyKeys.add(key);
}

You could move the "key" part here into the if statement.

+   logger.error("Error creating user: 
"+vXUser.getName(),ex);

Add spaces around "=" and ","

- Colm O hEigeartaigh


On Feb. 24, 2018, 4:19 p.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65793/
> ---
> 
> (Updated Feb. 24, 2018, 4:19 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1991
> https://issues.apache.org/jira/browse/RANGER-1991
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> FindBugs/SpotBug detects a couple of problems with the code base:
> * Incorrect class casting - in XXServiceDef.equals
> * Unnecessary NPE checks - for variables which is known to be non-null (for 
> example, because in other places a method is called on that object). In 
> ServiceREST.java PublicAPIs.java, ServiceUtil.java and independently in 
> XUserMgr.java
> * Collection.contains method call which is never true - in 
> ServiceDBStore.validatePolicyItems for policyItem.getAccesses().contains("") 
> - because getAccesses doesn't store String objects
> * Making public partially initialized objects in 
> HadoopConfigHolder.initResourceMap()
> * Calling toString on array, which is not too readable
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/client/HadoopConfigHolder.java
>  fd925aa4 
>   
> hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
>  46f92ecb 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 7aee4336 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java cecb3f8b 
>   security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java 
> 92b0e031 
>   security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
> e82d33d3 
>   security-admin/src/main/java/org/apache/ranger/entity/XXServiceDef.java 
> 3d496831 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java 
> 7818eb59 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 9e4d799b 
> 
> 
> Diff: https://reviews.apache.org/r/65793/diff/1/
> 
> 
> Testing
> ---
> 
> Tested locally
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

[jira] [Commented] (RANGER-1967) The Ranger support the Kafka 1.0.0

2018-02-26 Thread Qiang Zhang (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16376731#comment-16376731
 ] 

Qiang Zhang commented on RANGER-1967:
-

[~coheigea], I understand your thoughts. The ranger includes more than ten 
plugins. This proposal will cause lots of application problems. Such as: the 
user has Kafka 0.10.x and sqoop2. He hopes to used Kafka plugin and sqoop 
plugin for Ranger. We will have no corresponding ranger version to satisfy this 
scenario.

> The Ranger support the Kafka 1.0.0
> --
>
> Key: RANGER-1967
> URL: https://issues.apache.org/jira/browse/RANGER-1967
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: newbie, patch
> Attachments: RANGER-1967-2.patch, RANGER-1967.patch
>
>
> Now the Ranger don't support the Kafka 1.0.0. We should support the Kafka 
> 1.0.0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1967) The Ranger support the Kafka 1.0.0

2018-02-26 Thread Colm O hEigeartaigh (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-1967?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16376690#comment-16376690
 ] 

Colm O hEigeartaigh commented on RANGER-1967:
-

Hi [~zhangqiang2],

We (the Ranger team) discussed a similar issue for Hadoop (where upgrading to 
Hadoop 3.0.0 meant that support was dropped for 2.x). It was felt that we 
should not have multiple plugin versions but instead users who want support for 
an older plugin version can just get it from an older Ranger release. If users 
want support for Kafka 0.10.x they can just get the plugin from Ranger 0.7.1.

Colm.

> The Ranger support the Kafka 1.0.0
> --
>
> Key: RANGER-1967
> URL: https://issues.apache.org/jira/browse/RANGER-1967
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: newbie, patch
> Attachments: RANGER-1967-2.patch, RANGER-1967.patch
>
>
> Now the Ranger don't support the Kafka 1.0.0. We should support the Kafka 
> 1.0.0.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-1992) Ranger Read Wrong INode Information

2018-02-26 Thread chuanjie.duan (JIRA)

chuanjie.duan created RANGER-1992:
-

 Summary: Ranger Read Wrong INode Information
 Key: RANGER-1992
 URL: https://issues.apache.org/jira/browse/RANGER-1992
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Reporter: chuanjie.duan


hdfs dfs -ls /user/hive/warehouse/dataswap.db/

drwxrwx---   - cim_beta_db dataswap          0 2018-02-26 09:49 
/user/hive/warehouse/dataswap.db/test

 

hdfs dfs -ls /user/hive/warehouse/dataswap.db/test

ls: Permission denied: user=cim_beta_db, access=EXECUTE, 
inode="/user/hive/warehouse/dataswap.db/test":{color:#FF}dataswap{color}:dataswap:drwxrwx---

 

user should be cim_beta_db



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

Re: Review Request 65567: RANGER-1972 : Ability to label policies, filter/search and show policies by labels

Re: Review Request 65777: RANGER-1967 - Kafka 1.0 support

Re: Review Request 65567: RANGER-1972 : Ability to label policies, filter/search and show policies by labels

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

Re: Review Request 65739: RANGER-1985: Auditing for Ranger usersync operations

Re: Review Request 65777: RANGER-1967 - Kafka 1.0 support

[jira] [Updated] (RANGER-1982) Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms

[jira] [Updated] (RANGER-1982) Error Improvement for Analytics Metric of Ranger Admin and Ranger Kms

Re: Review Request 65793: RANGER-1991 : fix errors detected by static code analysis

[jira] [Commented] (RANGER-1967) The Ranger support the Kafka 1.0.0

[jira] [Commented] (RANGER-1967) The Ranger support the Kafka 1.0.0

[jira] [Created] (RANGER-1992) Ranger Read Wrong INode Information

14 matches

Site Navigation

Mail list logo

Footer information