[jira] [Reopened] (RANGER-2041) Handle validations for passwords of admin accounts during ranger install.

[Fatima Amjad Khan (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan reopened RANGER-2041:
---

> Handle validations for passwords of admin accounts during ranger install.
> -
>
> Key: RANGER-2041
> URL: https://issues.apache.org/jira/browse/RANGER-2041
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.1
>
> Attachments: RANGER-2041.patch
>
>
> Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
> rangertagsync users are seeded users and they are configurable during the 
> install process. This task is to provide a facility to add validations to the 
> admin users password during ranger install. Python doesn’t support ‘ ` “ \ so 
> these characters will not be supported during update of default password of 
> seeded users in manual install.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-2043) Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs

[bhavik patel (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

bhavik patel reassigned RANGER-2043:


Assignee: bhavik patel  (was: Pradeep Agrawal)

> Ranger KMS KeyProvider and HSM KeyProvider should have more debug logs
> --
>
> Key: RANGER-2043
> URL: https://issues.apache.org/jira/browse/RANGER-2043
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.1.0
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66506: RANGER-2057: ranger-ugsync-default file not found and Log message

[Mehul Parikh]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66506/#review200789
---


Ship it!




Ship It!

- Mehul Parikh


On April 9, 2018, 12:06 p.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66506/
> ---
> 
> (Updated April 9, 2018, 12:06 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2057
> https://issues.apache.org/jira/browse/RANGER-2057
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement:** Below Error log message was seen as Ranger user-sync 
> code is trying to read config from ranger-ugsync-default-site.xml file which 
> doesn't exist. Usersync should read the config from ranger-ugsync-default.xml 
> file.
> 
> **Proposed Solution:** Change the file name ranger-ugsync-default-site.xml to 
> ranger-ugsync-default.xml
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
>  3efcb86 
> 
> 
> Diff: https://reviews.apache.org/r/66506/diff/1/
> 
> 
> Testing
> ---
> 
> **Ranger Admin installation :**
> Steps Performed (with patch) :
> 1. After mvn Build; untar the Ranger admin module and updated 
> install.properties for MySQL DB flavor.
> 2. Called setup.sh to install Ranger admin.
> 3. untar the Ranger usersync module and updated install.properties.
> 4. Called setup.sh to install Ranger usersync.
> 5. Started ranger admin and ranger usersync.
> 
> **Expected Behavior : **
> Ranger admin and usersync should start successfully, Ranger usersync log 
> should not have missing file related error messages.
> 
> **Actual Behavior : **
> Ranger admin and usersync started successfully, Ranger usersync log did not 
> have any error messages.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66513/#review200759
---


Ship it!




Ship It!

- Madhan Neethiraj


On April 9, 2018, 5:21 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66513/
> ---
> 
> (Updated April 9, 2018, 5:21 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2063
> https://issues.apache.org/jira/browse/RANGER-2063
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There are multiple table names in the audit record generated when an Hbase 
> resource containing a table is accessed.
> 
> 
> Diffs
> -
> 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
>  1dc06eb17 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
>  e705d9797 
> 
> 
> Diff: https://reviews.apache.org/r/66513/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with a 'scan' command on a local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66495: RANGER-2061: Add policy engine support to get summary user and group ACLs for a resource

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66495/#review200755
---


Ship it!




Ship It!

- Madhan Neethiraj


On April 8, 2018, 7:52 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66495/
> ---
> 
> (Updated April 8, 2018, 7:52 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2061
> https://issues.apache.org/jira/browse/RANGER-2061
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> It is useful to be able to retrieve user and group based Access Control Lists 
> from Ranger policies for a given resource. When, given the set of Ranger 
> policies,  permission cannot be determined statically, permission will be 
> flagged as CONDITIONAL.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
>  5febf956d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAbstractContextEnricher.java
>  f6e462ccc 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerContextEnricher.java
>  9d0b9852b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  d5d14a22d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
>  3b06f423f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  313a8a96f 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  5510f6ea3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineOptions.java
>  2bbdcede5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java
>  4e6ca2f62 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyItemEvaluator.java
>  cd7c3c1c4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  c539cc0dc 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  613a0017d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
>  bd61cfd0a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContextListener.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  725ed74d0 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
>  PRE-CREATION 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
>  325626a58 
>   agents-common/src/test/resources/log4j.xml 926f47ced 
>   agents-common/src/test/resources/policyengine/ACLResourceTags.json 
> PRE-CREATION 
>   agents-common/src/test/resources/policyengine/test_aclprovider_default.json 
> PRE-CREATION 
>   
> agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
> 11f31e317 
> 
> 
> Diff: https://reviews.apache.org/r/66495/diff/2/
> 
> 
> Testing
> ---
> 
> Developed and ran unit tests.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed

[Velmurugan Periasamy]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66513/#review200745
---


Ship it!




Ship It!

- Velmurugan Periasamy


On April 9, 2018, 5:21 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66513/
> ---
> 
> (Updated April 9, 2018, 5:21 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2063
> https://issues.apache.org/jira/browse/RANGER-2063
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There are multiple table names in the audit record generated when an Hbase 
> resource containing a table is accessed.
> 
> 
> Diffs
> -
> 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
>  1dc06eb17 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
>  e705d9797 
> 
> 
> Diff: https://reviews.apache.org/r/66513/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with a 'scan' command on a local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Review Request 66513: RANGER-2063:Audit log shows multiple table names when only one table is accessed

[Abhay Kulkarni]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66513/
---

Review request for ranger, Madhan Neethiraj, Ramesh Mani, and Velmurugan 
Periasamy.


Bugs: RANGER-2063
https://issues.apache.org/jira/browse/RANGER-2063


Repository: ranger


Description
---

There are multiple table names in the audit record generated when an Hbase 
resource containing a table is accessed.


Diffs
-

  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseAuditHandlerImpl.java
 1dc06eb17 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerHBaseResource.java
 e705d9797 


Diff: https://reviews.apache.org/r/66513/diff/1/


Testing
---

Tested with a 'scan' command on a local VM


Thanks,

Abhay Kulkarni

[jira] [Assigned] (RANGER-2063) Audit log shows multiple table names when only one table is accessed

[Abhay Kulkarni (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni reassigned RANGER-2063:
--

Assignee: Abhay Kulkarni

> Audit log shows multiple table names when only one table is accessed
> 
>
> Key: RANGER-2063
> URL: https://issues.apache.org/jira/browse/RANGER-2063
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> There are multiple table names in the audit record generated when an Hbase 
> resource containing a table is accessed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2063) Audit log shows multiple table names when only one table is accessed

[Abhay Kulkarni (JIRA)]

Abhay Kulkarni created RANGER-2063:
--

 Summary: Audit log shows multiple table names when only one table 
is accessed
 Key: RANGER-2063
 URL: https://issues.apache.org/jira/browse/RANGER-2063
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: master
Reporter: Abhay Kulkarni
 Fix For: master, 1.1.0


There are multiple table names in the audit record generated when an Hbase 
resource containing a table is accessed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66504/
---

(Updated April 9, 2018, 2:55 p.m.)


Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Updated Description and Testing done section


Bugs: RANGER-2058
https://issues.apache.org/jira/browse/RANGER-2058


Repository: ranger


Description (updated)
---

**Problem Statement:** Ranger can not communicate to ssl enabled Postgres server


**Proposed Solution:**
To connect to a SSL Enabled Postgres Server JDBC connection string could be :
=>For validating CA: 
"jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true=verify-ca".
=>For Non validating CA: 
"jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true".

The 'ssl=true' property is added to the JDBC URL to attempt to communicate via 
SSL. 
The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to 
bypass certificate validation.
The 'sslmode=verify-ca' property is set to connect only if the Postgres server 
trust certificate is available. If user wants to connect using truststore then 
he can configure truststore files(certificate information for the postgres  
server and client both). 
---
Following properties of install.properties file can be used to provide the SSL 
config options, keystore and truststore path to connect to SSL enabled Postgres 
server:

db_ssl_enabled=
db_ssl_required=
db_ssl_verifyServerCertificate=
db_ssl_auth_type=
javax_net_ssl_keyStore=
javax_net_ssl_keyStorePassword=
javax_net_ssl_trustStore=
javax_net_ssl_trustStorePassword=
---
**Rules:**
1. if [db_ssl_enabled=true] then ranger admin/kms JDBC URL will attempt to 
communicate to postgres via SSL.
2. if [db_ssl_enabled=true and [db_ssl_required=false and 
db_ssl_verifyServerCertificate=false]] then JDBC url will have parameter 
'sslfactory=org.postgresql.ssl.NonValidatingFactory' in it and CA validation 
will be skipped.
3. if [db_ssl_enabled=true and [db_ssl_required=true or 
db_ssl_verifyServerCertificate=true]] then JDBC url will have parameter 
'sslmode=verify-ca' in it and CA validation will be mandatory. 
   3.1) if [db_ssl_auth_type=1-way] then User have to provide the certificate 
and password through truststore 
properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword) 
   3.2) if [db_ssl_auth_type=2-way] then User have to provide the keystore and 
password through keystore 
properties(javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword) and CA 
certificate and password through truststore 
properties(javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword).

**Note:**
Ranger application and jisql utility should know from where to pick the 
certificates which can be set in the System properties like this :
-Djavax.net.ssl.keyStore=path_to_keystore_file
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=path_to_truststore_file
-Djavax.net.ssl.trustStorePassword=password


Diffs
-

  kms/scripts/db_setup.py a431b60 
  kms/scripts/dba_script.py bcd4aa2 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca 
  security-admin/scripts/db_setup.py b8664d2 
  security-admin/scripts/dba_script.py 69fff41 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
edd9d36 


Diff: https://reviews.apache.org/r/66504/diff/1/


Testing (updated)
---

**Steps Performed(with patch):**
Installed Postgres and enabled SSL with the help of doc : 
https://www.postgresql.org/docs/9.5/static/ssl-tcp.html

Untar ranger-admin from Build having changes of proposed patch.
Provided ranger db root and admin db details in install.properties.
Provided values for below properties of install.properties file.
db_ssl_enabled=true
db_ssl_required=true
db_ssl_verifyServerCertificate=true
db_ssl_auth_type=1-way
javax_net_ssl_keyStore=/root/keystore
javax_net_ssl_keyStorePassword=secret
javax_net_ssl_trustStore=/root/truststore
javax_net_ssl_trustStorePassword=secret

Executed setup.sh script.

Tried to start ranger admin service.

**Expected behaviour :** Ranger admin should start normally and User should 
able to see Dashboard page after login.

**Actual behaviour :** Ranger admin was started and was able to login and see 
Ranger UI.

**Note :** 
Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and 
two-way ssl configurations.
Tried below combination of SSL properties also with different ranger db 
combination to install ranger admin and ranger kms.

db_ssl_enabled|db_ssl_required|db_ssl_verifyServerCertificate|db_ssl_auth_type|javax_net_ssl_keyStore
   javax_net_ssl_trustStore
TRUETRUETRUE2-way   providedprovided
TRUETRUETRUE2-way   providednot provided
TRUETRUETRUE2-way   not providedprovided

Review Request 66509: RANGER-2060 : Knox proxy with knox-sso is not working for ranger

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66509/
---

Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja Polavarapu, 
and Velmurugan Periasamy.


Bugs: RANGER-2060
https://issues.apache.org/jira/browse/RANGER-2060


Repository: ranger


Description
---

Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
Ranger and Knox.

If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
knox2.abc.com.

If Ranger load-balancer URL is used in the knox topology for knox-proxy ui.xml, 
redirected url gets corrupted as:
knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger

Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
Ranger to login.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKRBAuthenticationFilter.java
 ec6d78d 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 22ba524 


Diff: https://reviews.apache.org/r/66509/diff/1/


Testing
---

Verified Knox-SSO and Knox-Proxy authentication to be working for Ranger-Admin 
in simple and kerberos enabled environments.


Thanks,

Vishal Suvagia

[jira] [Assigned] (RANGER-2060) Knox proxy with knox-sso is not working for ranger

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia reassigned RANGER-2060:
--

Assignee: Vishal Suvagia

> Knox proxy with knox-sso is not working for ranger
> --
>
> Key: RANGER-2060
> URL: https://issues.apache.org/jira/browse/RANGER-2060
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Deepak Sharma
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 1.1.0, 1.0.1
>
> Attachments: RANGER-2060.patch
>
>
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
> Ranger and Knox.
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
> ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
> knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
> knox2.abc.com.
> If Ranger load-balancer URL is used in the knox topology for knox-proxy 
> ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
> Ranger to login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2060) Knox proxy with knox-sso is not working for ranger

[Velmurugan Periasamy (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2060:
-
Reporter: Deepak Sharma  (was: Vishal Suvagia)

> Knox proxy with knox-sso is not working for ranger
> --
>
> Key: RANGER-2060
> URL: https://issues.apache.org/jira/browse/RANGER-2060
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Deepak Sharma
>Priority: Major
> Fix For: 1.1.0, 1.0.1
>
> Attachments: RANGER-2060.patch
>
>
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
> Ranger and Knox.
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
> ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
> knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
> knox2.abc.com.
> If Ranger load-balancer URL is used in the knox topology for knox-proxy 
> ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
> Ranger to login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Request to add me as a contributor

[Velmurugan Periasamy]

Hi Vishal ­ I have added you as contributor. Thank you. Welcome to Ranger
community. 

From:  vishal suvagia 
Reply-To:  "dev@ranger.apache.org" 
Date:  Monday, April 9, 2018 at 7:35 AM
To:  Ranger 
Subject:  Request to add me as a contributor

Hi,   I would like to contribute to Apache Ranger project.
   Request to kindly add me as a contributor for Apache Ranger.   My
full-name is Vishal Suvagia and email-id is vishalsuva...@yahoo.com. and
Apache-ID is vishalsuvagia.

Thanks and Regards,
Vishal Suvagia.

Review Request 66506: RANGER-2057: ranger-ugsync-default file not found and Log message

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66506/
---

Review request for ranger.


Bugs: RANGER-2057
https://issues.apache.org/jira/browse/RANGER-2057


Repository: ranger


Description
---

**Problem Statement:** Below Error log message was seen as Ranger user-sync 
code is trying to read config from ranger-ugsync-default-site.xml file which 
doesn't exist. Usersync should read the config from ranger-ugsync-default.xml 
file.

**Proposed Solution:** Change the file name ranger-ugsync-default-site.xml to 
ranger-ugsync-default.xml


Diffs
-

  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 3efcb86 


Diff: https://reviews.apache.org/r/66506/diff/1/


Testing
---

**Ranger Admin installation :**
Steps Performed (with patch) :
1. After mvn Build; untar the Ranger admin module and updated 
install.properties for MySQL DB flavor.
2. Called setup.sh to install Ranger admin.
3. untar the Ranger usersync module and updated install.properties.
4. Called setup.sh to install Ranger usersync.
5. Started ranger admin and ranger usersync.

**Expected Behavior : **
Ranger admin and usersync should start successfully, Ranger usersync log should 
not have missing file related error messages.

**Actual Behavior : **
Ranger admin and usersync started successfully, Ranger usersync log did not 
have any error messages.


Thanks,

Pradeep Agrawal

Request to add me as a contributor

[vishal suvagia]

Hi,   I would like to contribute to Apache Ranger project.
   Request to kindly add me as a contributor for Apache Ranger.   My full-name 
is Vishal Suvagia and email-id is vishalsuva...@yahoo.com. and Apache-ID is 
vishalsuvagia.

Thanks and Regards,
Vishal Suvagia.

Request to kindly add me as a contributor in Apache Ranger project

[vishal suvagia]

Hi,   I would like to contribute to Apache Ranger project. Request to kindly 
add me                          
vishal suvagia

[jira] [Commented] (RANGER-2060) Knox proxy with knox-sso is not working for ranger

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16430376#comment-16430376
 ] 

Vishal Suvagia commented on RANGER-2060:


Request to kindly review the attached patch.

> Knox proxy with knox-sso is not working for ranger
> --
>
> Key: RANGER-2060
> URL: https://issues.apache.org/jira/browse/RANGER-2060
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Vishal Suvagia
>Priority: Major
> Fix For: 1.1.0, 1.0.1
>
> Attachments: RANGER-2060.patch
>
>
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
> Ranger and Knox.
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
> ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
> knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
> knox2.abc.com.
> If Ranger load-balancer URL is used in the knox topology for knox-proxy 
> ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
> Ranger to login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2060) Knox proxy with knox-sso is not working for ranger

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2060:
---
Attachment: RANGER-2060.patch

> Knox proxy with knox-sso is not working for ranger
> --
>
> Key: RANGER-2060
> URL: https://issues.apache.org/jira/browse/RANGER-2060
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Vishal Suvagia
>Priority: Major
> Fix For: 1.1.0, 1.0.1
>
> Attachments: RANGER-2060.patch
>
>
> Knox proxy with Knox-SSO is not working in a case when HA is enabled for both 
> Ranger and Knox.
> If Ranger-HA url is rangerha.abc.com:6080 with individual Ranger hosts as 
> ranger1.abc.com:6080 and ranger2.abc.com:6080 with Knox hosted on  
> knoxha.abc.com:8443 and individual knox hosts as knox1.abc.com and 
> knox2.abc.com.
> If Ranger load-balancer URL is used in the knox topology for knox-proxy 
> ui.xml, redirected url gets corrupted as:
> knoxha.abc.com:8443/gateway/?originalUrl=https://knoxha.abc.com:8443,%20knox1.abc.com:8443/gateway//ranger
> Additionally: Individually enabling Knox-SSO gives 401-Unauthorized error for 
> Ranger to login.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 66504: RANGER-2058: Add SSL enabled Postgres support in Ranger Admin

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66504/
---

Review request for ranger, bhavik patel, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-2058
https://issues.apache.org/jira/browse/RANGER-2058


Repository: ranger


Description
---

**Problem Statement:** Ranger can not communicate to ssl enabled Postgres server


**Proposed Solution:**
To connect to a SSL Enabled Postgres Server JDBC connection string could be : 
"jdbc:postgresql://127.0.0.1:3306/ranger?ssl=true=verify-ca".
The 'ssl=true' property is added to the JDBC URL to attempt to communicate via 
SSL. 
The 'sslfactory=org.postgresql.ssl.NonValidatingFactory' property is set to 
bypass certificate validation.
The 'sslmode=verify-ca' property is set to connect only if the Postgres server 
trust certificate is available. If user want to connect using truststore then 
he can configure truststore files(certificate information for the postgres  
server and client both). 
Ranger application and jisql utility should know from where to pick the 
certificates which can be set in the System properties like this :
-Djavax.net.ssl.keyStore=path_to_keystore_file
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=path_to_truststore_file
-Djavax.net.ssl.trustStorePassword=password


Following properties of install.properties file can be use to provide the SSL 
config options, keystore and truststore path to connect to SSL enabled Postgres 
server:


db_ssl_enabled=false
db_ssl_required=false
db_ssl_verifyServerCertificate=false
javax_net_ssl_keyStore=/etc/postgres/keystore
javax_net_ssl_keyStorePassword=secret
javax_net_ssl_trustStore=/etc/postgres/truststore
javax_net_ssl_trustStorePassword=secret


Diffs
-

  kms/scripts/db_setup.py a431b60 
  kms/scripts/dba_script.py bcd4aa2 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java 12585ca 
  security-admin/scripts/db_setup.py b8664d2 
  security-admin/scripts/dba_script.py 69fff41 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
edd9d36 


Diff: https://reviews.apache.org/r/66504/diff/1/


Testing
---

**Steps Performed(with patch):**
1. Installed Postgres and enabled SSL with the help of doc : 

Untar ranger-admin from Build having changes of proposed patch.
Provided ranger db root and admin db details in install.properties.
Provided values for below properties of install.properties file.
db_ssl_enabled=true
db_ssl_required=true
db_ssl_verifyServerCertificate=true
javax_net_ssl_keyStore=/root/keystore
javax_net_ssl_keyStorePassword=secret
javax_net_ssl_trustStore=/root/truststore
javax_net_ssl_trustStorePassword=secret

Executed setup.sh script.

Tried to start ranger admin service.

**Expected behaviour :** Ranger admin should start normally and User should 
able to see Dashboard page after login.

**Actual behaviour :** Ranger admin was started and was able to login and see 
Ranger UI.

**Note :** 
Tested Ranger admin and Ranger kms on SSL enabled Postgres with one-way and 
two-way ssl configurations.
Tried below combination of SSL properties also with different ranger db 
combination to install ranger admin and ranger kms.

db_ssl_enabled | db_ssl_required | db_ssl_verifyServerCertificate
true   |true |true
true   |true |false
true   |false|true
true   |false|false


Thanks,

Pradeep Agrawal

[jira] [Commented] (RANGER-2041) Handle validations for passwords of admin accounts during ranger install.

[Fatima Amjad Khan (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16430126#comment-16430126
 ] 

Fatima Amjad Khan commented on RANGER-2041:
---

Committed on [master 
|https://github.com/apache/ranger/commit/c8f67ce7c9314867b6481ee10e82ed19b15f37e8
 ]

> Handle validations for passwords of admin accounts during ranger install.
> -
>
> Key: RANGER-2041
> URL: https://issues.apache.org/jira/browse/RANGER-2041
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.1
>
> Attachments: RANGER-2041.patch
>
>
> Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
> rangertagsync users are seeded users and they are configurable during the 
> install process. This task is to provide a facility to add validations to the 
> admin users password during ranger install. Python doesn’t support ‘ ` “ \ so 
> these characters will not be supported during update of default password of 
> seeded users in manual install.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 66499: RANGER-2062: Update jQuery version

[Nitin Galave]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66499/
---

Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and 
Velmurugan Periasamy.


Bugs: RANGER-2062
https://issues.apache.org/jira/browse/RANGER-2062


Repository: ranger


Description
---

Currently, we are using v1.10.2 jQuery version. We can update to v3.3.1 
jQuery's latest stable version and their dependencies.


Diffs
-

  security-admin/src/main/webapp/index.html 909dbeb 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/animated-overlay.gif
 d441f75ebfbdf26a265dfccd670120d25c0a341c 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_flat_0_aa_40x100.png
 4743d097e113d529cde4bf0d631f58628f9efd06 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_flat_75_ff_40x100.png
 ca779e35d80700d99e6bb5b54d9dbabf46827fce 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_55_fbf9ee_1x400.png
 664038172ae06863108ee1731aac596863b44933 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_65_ff_1x400.png
 d3277b5e96a47e3e8364682d3ea30abb3cb1d7fc 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_75_dadada_1x400.png
 7eda20a5976a72088b0706f05ed49f5a5e04ca53 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_75_e6e6e6_1x400.png
 f4d86b963e90b5663fd2c3e9f88f4641a06928ba 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_glass_95_fef1ec_1x400.png
 8500938dc41e87842f06c8f93b5836033feff799 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-bg_highlight-soft_75_cc_1x100.png
 4795f6973736b7afc605ea3fed919b0d8a3f7f8f 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_22_256x240.png
 c7dab3120628e3bbddb13c20d5bd8de65453ec9d 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_2e83ff_256x240.png
 e04e87a76bffb4c17567ba3644110e6bcaf6c05d 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_454545_256x240.png
 825ce7bf07b540a90293f33df26df989a7de0194 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_88_256x240.png
 e2d9f906b767f43a1617ac3c9e7efbbb027f98c8 
  
security-admin/src/main/webapp/libs/bower/jquery-ui/css/images/ui-icons_cd0a0a_256x240.png
 b13299903c2de9d0bcc91d4dcaa81a7258ae4d92 
  security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery-ui.css 572ed8a 
  security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery-ui.min.css 
b8b6f0a 
  security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery.ui.theme.css 
19e5839 
  security-admin/src/main/webapp/libs/bower/jquery-ui/js/jquery-ui.min.js 
82bbb67 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery-1.10.2.js c5c6482 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.3.1.js 
PRE-CREATION 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.3.1.min.js 
PRE-CREATION 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery-migrate.js 942cb8b 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery-migrate.min.js 
eb3ecb1 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery.js c5c6482 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery.min.js 29b3a2c 
  security-admin/src/main/webapp/libs/bower/jquery/js/jquery.min.map 7dc9c7d 
  security-admin/src/main/webapp/libs/bower/tag-it/js/tag-it.js 3adcf4c 
  security-admin/src/main/webapp/libs/bower/tag-it/js/tag-it.min.js fd6140c 
  
security-admin/src/main/webapp/libs/bower/x-editable/js/bootstrap-editable.min.js
 a994677 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_44_256x240.png
 PRE-CREATION 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_55_256x240.png
 PRE-CREATION 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_777620_256x240.png
 PRE-CREATION 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_77_256x240.png
 PRE-CREATION 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_cc_256x240.png
 PRE-CREATION 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/images/ui-icons_ff_256x240.png
 4f624bb2b193750f1a5b36c8c307168c6681a861 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui-1.10.3.custom.css
 e94c054 
  
security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui-1.10.3.custom.min.css
 20ac327 
  security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui.css 
PRE-CREATION 
  security-admin/src/main/webapp/libs/other/jquery-ui/css/jquery-ui.min.css 
PRE-CREATION 
  security-admin/src/main/webapp/libs/other/jquery-ui/js/jquery-1.9.1.js 
e2c203f