date:20180702

[jira] [Updated] (RANGER-1989) Ranger Admin may fail to start after enabling SSLHadoop GroupMapping

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1989:
-
Fix Version/s: 1.1.0

> Ranger Admin may fail to start after enabling SSLHadoop GroupMapping
> 
>
> Key: RANGER-1989
> URL: https://issues.apache.org/jira/browse/RANGER-1989
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.7.0
>Reporter: Hajime Osako
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2082-Adding-commons-io-jar-file-to-ews-lib-fo.patch
>
>
> Opening this Jira to request Ranger community to add commons-io-x.y.jar in 
> the classpath with default installation.
> Thank you.
>  
> After setting up Hadoop GroupMapping with 
> "hadoop.security.group.mapping.provider.ldap.bind.password.*file*" for HDFS 
> and YARN, Ranger Admin may fail to start if SSL is enabled.
> The following error is in catalina.out:
> {noformat}
> Exception in thread "main" java.lang.NoClassDefFoundError: 
> org/apache/commons/io/Charsets
> at 
> org.apache.hadoop.security.LdapGroupsMapping.extractPassword(LdapGroupsMapping.java:667)
> at 
> org.apache.hadoop.security.LdapGroupsMapping.setConf(LdapGroupsMapping.java:588)
> ...{noformat}
> This is because, in LdapGroupsMapping.setConf() above, if ".bind.password" is 
> empty, it tries to extract from ".bind.password.file" with extractPassword(), 
> and inside of this method org.apache.commons.io.Charsets is used, however, 
> commons-io.jar doesn't seem to be in the Ranger Admin classpath.
> h3. WORKAROUND:
> An example of workarounds is simply copying commons-io-x.y.jar, like below: 
> cp -p /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/lib/commons-io-2.4.jar 
> /usr/hdp/current/ranger-admin/ews/lib/



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2021) Ranger "Login Sessions" Audits impossible to browse due to 'rangerusersync'

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2021?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2021:
-
Fix Version/s: 1.1.0

> Ranger "Login Sessions" Audits impossible to browse due to 'rangerusersync'
> ---
>
> Key: RANGER-2021
> URL: https://issues.apache.org/jira/browse/RANGER-2021
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 0.7.0
>Reporter: Sean Roberts
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> RANGER-2021-RANGER-2064-Ranger-Usersync-should-use-c.patch, 
> RANGER-2021-Ranger-Login-Sessions-Audits-impossible-to-browse.patch, 
> screenshot-1.png
>
>
> "Ranger User Sync" logs into Ranger multiple times a second. This is with:
> {code}
> ranger.usersync.source.impl.class=org.apache.ranger.unixusersync.process.UnixUserGroupBuilder
> ranger.usersync.unix.backend=nss
> {code}
> The high number and rate of these sessions makes it impossible to use the 
> "Login Sessions" audit page:
> Further, it's adding a lot of extra requests and overhead to Ranger, Ranger 
> User Sync, and the backing database (e.g. MySQL).
> *The service should re-use its session rather than continual logins.*
> !screenshot-1.png|width=640!
> {code}
> $ rpm -qa *usersync*
> ranger_2_6_4_0_91-usersync-0.7.0.2.6.4.0-91.x86_64
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2095) Add unit tests for new read only admin-auditor/kms-auditor roles functionality

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2095:
-
Fix Version/s: 1.1.0

> Add unit tests for new read only admin-auditor/kms-auditor roles functionality
> --
>
> Key: RANGER-2095
> URL: https://issues.apache.org/jira/browse/RANGER-2095
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.1.0
>
> Attachments: RANGER-2095-master.patch
>
>
> Add unit tests for new read only admin-auditor/kms-auditor roles functionality



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2121) Ranger build using Docker is broken

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2121?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2121:
-
Fix Version/s: 1.1.0

> Ranger build using Docker is broken
> ---
>
> Key: RANGER-2121
> URL: https://issues.apache.org/jira/browse/RANGER-2121
> Project: Ranger
>  Issue Type: Bug
>  Components: build-infra
>Reporter: Don Bosco Durai
>Assignee: Don Bosco Durai
>Priority: Major
> Fix For: 1.1.0
>
>
> The maven package used by Ranger Dockerfile is no more available in Apache. 
> Need to upgrade it to the latest maven version.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2137) Service Creation Failure, if user is not present in ranger database

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2137:
-
Fix Version/s: 1.1.0

> Service Creation Failure, if user is not present in ranger database
> ---
>
> Key: RANGER-2137
> URL: https://issues.apache.org/jira/browse/RANGER-2137
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2137-master.patch
>
>
> Default policy creation fails, if user is not present in ranger which leads 
> to service creation failure.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2138) Add unit tests for org.apache.ranger.service package

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2138:
-
Fix Version/s: 1.1.0

> Add unit tests for org.apache.ranger.service package
> 
>
> Key: RANGER-2138
> URL: https://issues.apache.org/jira/browse/RANGER-2138
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2138.patch
>
>
> Add unit tests for org.apache.ranger.service package



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2123) Different error msg on backend/frontend login validation

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2123:
-
Fix Version/s: 1.1.0

> Different error msg on backend/frontend login validation
> 
>
> Key: RANGER-2123
> URL: https://issues.apache.org/jira/browse/RANGER-2123
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0
>Reporter: Daniel Voros
>Priority: Trivial
> Fix For: 1.1.0
>
>
> Leaving the pass empty will result in a JS error, while a wrong password will 
> get the server response:
> {code}
> The username or password you entered is incorrect..
> {code}
> vs
> {code}
> The username or password you entered is incorrect...
> {code}
> Lets go with a single '.' in both cases!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-2123) Different error msg on backend/frontend login validation

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy resolved RANGER-2123.
--
Resolution: Fixed

Committed - 
https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=282c1d55d9c5aab4611c3a859169b594c9180b0f

> Different error msg on backend/frontend login validation
> 
>
> Key: RANGER-2123
> URL: https://issues.apache.org/jira/browse/RANGER-2123
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0
>Reporter: Daniel Voros
>Priority: Trivial
> Fix For: 1.1.0
>
>
> Leaving the pass empty will result in a JS error, while a wrong password will 
> get the server response:
> {code}
> The username or password you entered is incorrect..
> {code}
> vs
> {code}
> The username or password you entered is incorrect...
> {code}
> Lets go with a single '.' in both cases!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2130) Ranger Admin - client-side control bypass

2018-07-02 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16530860#comment-16530860
 ] 

Velmurugan Periasamy commented on RANGER-2130:
--

Based on [~bosco]'s comments, this does not seem to be a real issue. Can this 
be closed? 

> Ranger Admin - client-side control bypass
> -
>
> Key: RANGER-2130
> URL: https://issues.apache.org/jira/browse/RANGER-2130
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0
>Reporter: t oo
>Assignee: Nitin Galave
>Priority: Major
> Attachments: 0001-RANGER-2130.patch, Screen Shot 2018-06-11 at 
> 10.36.39 am.png, client_side_controls1.PNG, client_side_controls2.PNG
>
>
> *Risk/Issue summary finding*
> {code:java}
> Client-side Control Bypass (Ranger){code}
> *Risk/Issue summary description/detail*
> {code:java}
> The Apache Ranger application relies on client-side controls to restrict user 
> access to certain information and functionality. A user can bypass these 
> controls (by modifying client-side parameters or directly browsing to 
> specific API requests or resources) to view information without the required 
> authorisation.
> The attached screenshots show the "admin" user bypassing client-side controls 
> to modify their Role from "User" to "Admin". Whilst submitting this request 
> is unsuccessful and will not permanently change the user role, the GUI allows 
> access to sections that were previously hidden.{code}
> *Business impact / attack scenario*
> {code:java}
> Low privilege users with restricted access are able to view information that 
> is not intended for their viewing. As an example, the admin user can bypass 
> client side controls to view configuration details for the HIVE_RANGER_E2E 
> hive object. {code}
> *Recommendation*
> {code:java}
> Do not rely on client-side controls to restrict user access. Ensure that 
> server-side controls are in place to restrict unauthorised access to 
> sensitive information and APIs. {code}
>  
>  In the rangeradmin ui, on the users page, after clicking on a user. If you 
> edit the html on the site (ie in Chrome) you can remove the 'disabled' tag so 
> that the role of User becomes ungreyed out and you can change the role from 
> User to Admin!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2132) Add unit tests for org.apache.ranger.common package

2018-07-02 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16530858#comment-16530858
 ] 

Velmurugan Periasamy commented on RANGER-2132:
--

What is pending here? Can this be resolved? 

> Add unit tests for org.apache.ranger.common package
> ---
>
> Key: RANGER-2132
> URL: https://issues.apache.org/jira/browse/RANGER-2132
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.1.0
>
> Attachments: RANGER-2132-master-01.patch, 
> RANGER-2132-master-03.patch, RANGER-2132-master-04.patch, 
> RANGER-2132-master.patch
>
>
> Add unit tests for org.apache.ranger.common package



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2132) Add unit tests for org.apache.ranger.common package

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2132:
-
Fix Version/s: 1.1.0

> Add unit tests for org.apache.ranger.common package
> ---
>
> Key: RANGER-2132
> URL: https://issues.apache.org/jira/browse/RANGER-2132
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.1.0
>
> Attachments: RANGER-2132-master-01.patch, 
> RANGER-2132-master-03.patch, RANGER-2132-master-04.patch, 
> RANGER-2132-master.patch
>
>
> Add unit tests for org.apache.ranger.common package



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2133) Good coding practices for REST classes and unit tests

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2133:
-
Fix Version/s: 1.1.0

> Good coding practices for REST classes and unit tests
> -
>
> Key: RANGER-2133
> URL: https://issues.apache.org/jira/browse/RANGER-2133
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2133-Good-coding-practices-for-REST-classes-a.patch
>
>
> Good coding practices for REST classes and unit tests.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1664) Add-ons to support ADLS in Ranger Authorization Model

2018-07-02 Thread Balaji Ganesan (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16530811#comment-16530811
 ] 

Balaji Ganesan commented on RANGER-1664:


[~ankothap] How does this work exactly? Do we have a Ranger plugin for ADLS? 

> Add-ons to support ADLS in Ranger Authorization Model
> -
>
> Key: RANGER-1664
> URL: https://issues.apache.org/jira/browse/RANGER-1664
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Anandsagar Kothapalli
>Priority: Major
>
> Add-ons to support Azure Data Lakes (ADLS) in Ranger Authorization Model. 
> This will gives an option to add ADLS as Service in the Ranger. 
> In ranger-admin-site.xml the parameter to include is 
> ranger.supportedcomponents=tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,wasb,adls
>  
> This will add the ADLS ServiceDef along with other services to Ranger. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1899) Add reencryptEncryptedKey interface to RangerKMS and improve logs

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1899:
-
Fix Version/s: (was: 1.1.0)
   2.0.0

> Add reencryptEncryptedKey interface to RangerKMS and improve logs
> -
>
> Key: RANGER-1899
> URL: https://issues.apache.org/jira/browse/RANGER-1899
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 2.0.0
>
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect 
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
> rotation, for improved security.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1567) Base on RANGER-1540, we should provide the appropriate documentaion when the new version is released.

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1567:
-
Fix Version/s: (was: 1.1.0)

> Base on RANGER-1540, we should provide the appropriate documentaion when the 
> new version is released.
> -
>
> Key: RANGER-1567
> URL: https://issues.apache.org/jira/browse/RANGER-1567
> Project: Ranger
>  Issue Type: Bug
>  Components: documentation
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Major
>  Labels: patch
>
> Base on RANGER-1540, we should provide the appropriate documentaion when the 
> new version is released.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1566) Ranger User Guide on Wiki has outdated information

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1566:
-
Fix Version/s: (was: 1.1.0)

> Ranger User Guide on Wiki has outdated information
> --
>
> Key: RANGER-1566
> URL: https://issues.apache.org/jira/browse/RANGER-1566
> Project: Ranger
>  Issue Type: Improvement
>  Components: documentation
>Affects Versions: master
>Reporter: Anna Shaverdian
>Assignee: Anna Shaverdian
>Priority: Major
>
> On the Ranger wiki, the page "Ranger User Guide (work in progress)" is 
> outdated and has some incorrect information, (eg Ranger doesn't have a 
> Analytics tab).  
> It would be helpful to propose new material for this page, which will link to 
> the different key features in Ranger that are available in the "Release 
> Folders" section.
> New Ranger users may need to search through the different releases in 
> "Release Folders" to find the useful information on a topic.  But it might be 
> helpful to update this page to include some links to key features, and update 
> the material on this page.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1252) Policy lookup does not honor the case sensitivity flag of resources

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1252:
-
Fix Version/s: (was: 1.1.0)

> Policy lookup does not honor the case sensitivity flag of resources
> ---
>
> Key: RANGER-1252
> URL: https://issues.apache.org/jira/browse/RANGER-1252
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.6.2
>Reporter: Yan
>Assignee: Yan
>Priority: Major
> Attachments: Ranger-1252.patch
>
>
> For case insensitive Hive db/table names, the public API's policy lookup does 
> not hit the case insensitive names. For instance, the following curl command:
> curl -iv -u admin:admin -H "Content-type:application/json" -X GET 
> http://11.22.33.444:6080/service/public/api/policy?databases=db1=table1
> returns different results from running the following command using different 
> cases in names:
> curl -iv -u admin:admin -H "Content-type:application/json" -X GET 
> http://11.22.33.444:6080/service/public/api/policy?databases=DB1=TABLE1
> if there exists such a Hive table db1/table1 in the metastore.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1395) LDAP group sync fails with InvalidNameException

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1395:
-
Fix Version/s: (was: 1.1.0)

> LDAP group sync fails with InvalidNameException
> ---
>
> Key: RANGER-1395
> URL: https://issues.apache.org/jira/browse/RANGER-1395
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 0.6.0, 0.7.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 1.0.0
>Reporter: Yan
>Priority: Major
> Attachments: ldap_2.patch
>
>
> Some LDAP servers throw exception on group search on posix user names that 
> are not full DNs. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1480) Implement plugin for Druid

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1480:
-
Fix Version/s: (was: 1.1.0)
   2.0.0

> Implement plugin for Druid
> --
>
> Key: RANGER-1480
> URL: https://issues.apache.org/jira/browse/RANGER-1480
> Project: Ranger
>  Issue Type: New Feature
>  Components: admin, plugins
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: 0001-RANGER-1480-Second-version-of-the-druid-plugin.patch
>
>
> Druid is a high-performance, column-oriented, distributed data store, which 
> has an extension mechanism to incorporate various functionalities, for 
> example an external authorization system - just like ranger.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1664) Add-ons to support ADLS in Ranger Authorization Model

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1664:
-
Fix Version/s: (was: 1.1.0)

> Add-ons to support ADLS in Ranger Authorization Model
> -
>
> Key: RANGER-1664
> URL: https://issues.apache.org/jira/browse/RANGER-1664
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Anandsagar Kothapalli
>Priority: Major
>
> Add-ons to support Azure Data Lakes (ADLS) in Ranger Authorization Model. 
> This will gives an option to add ADLS as Service in the Ranger. 
> In ranger-admin-site.xml the parameter to include is 
> ranger.supportedcomponents=tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,wasb,adls
>  
> This will add the ADLS ServiceDef along with other services to Ranger. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1780:
-
Fix Version/s: (was: 1.1.0)

> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 0.7.1
>Reporter: Alejandro Fernandez
>Assignee: Alejandro Fernandez
>Priority: Major
> Attachments: RANGER-1780.patch, ranger_summary.png
>
>
> AuditSummaryQueue already has logic to enable the summarization, but it 
> requires 2 events to have the exact same resource path (plus a couple of 
> other fields such as user, access type, access result, action, client ip, 
> session).
> This Jira is to add a config called 
> xasecure.audit.provider.summary.aggregate.level so that if it is set to 
> "directory" then 2 events can still be aggregated if they are files in the 
> same directory.
> If the config is not specified its default value will be "file" which 
> preserves the existing behavior.
> See [^ranger_summary.png] for screenshot on desired behavior.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1687) Atlas Resource based policy lists the 'Atlas types' JSON irrespective of the resource selected

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1687:
-
Fix Version/s: (was: 1.1.0)

> Atlas Resource based policy lists the 'Atlas types' JSON irrespective of the 
> resource selected
> --
>
> Key: RANGER-1687
> URL: https://issues.apache.org/jira/browse/RANGER-1687
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Sharmadha Sainath
>Assignee: Deepak Sharma
>Priority: Major
>
> Following are present in resource list for Atlas policy :
>  1.entity
>  2.type
>  3.taxonomy
>  4.term
>  5.operation
> For any resource selected and lookup made , following POST request is made :
> {code}
> http://rangerhost:6080/service/plugins/services/lookupResource/cl1_atlas
> {code}
> Response is the list of types in Atlas as JSON :
> {code}
> ["{\"results\":[\"hive_principal_type\",\"file_action\",\"hive_serde\",\"hive_order\",\"fs_permissions\",\"TaxonomyTerm\",\"falcon_process\",\"falcon_feed_replication\",\"DataSet\",\"falcon_feed_creation\",\"Process\",\"hive_table\",\"sqoop_dbdatastore\",\"hive_db\",\"storm_node\",\"hive_process\",\"hbase_column\",\"Referenceable\",\"falcon_feed\",\"hbase_table\",\"jms_topic\",\"storm_topology\",\"Infrastructure\",\"hbase_column_family\",\"storm_spout\",\"Asset\",\"hive_column\",\"kafka_topic\",\"hive_storagedesc\",\"hdfs_path\",\"sqoop_process\",\"hive_column_lineage\",\"storm_bolt\",\"falcon_cluster\",\"fs_path\"],\"count\":35,\"requestId\":\"pool-2-thread-9
>  - dbf4e4ea-bfd3-49a7-86a2-b381c905f7fd\"}"]
> {code}
> No other results are shown other than the above JSON.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1773) Update Ranger KMS REST APIs to incorporate enunciate documentation

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1773?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1773:
-
Fix Version/s: (was: 1.1.0)

> Update Ranger KMS REST APIs to incorporate enunciate documentation
> --
>
> Key: RANGER-1773
> URL: https://issues.apache.org/jira/browse/RANGER-1773
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 0.7.1
>Reporter: Mehul Parikh
>Assignee: Mehul Parikh
>Priority: Major
>
> REST API docs for detailed pages of Ranger KMS are not coming from enunciate 
> plugin. Need to make changes in REST APIs of Ranger KMS to get that working. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1885) Remove implied grant for the administer queue permission for the Yarn plugin

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1885:
-
Fix Version/s: (was: 1.1.0)

> Remove implied grant for the administer queue permission for the Yarn plugin
> 
>
> Key: RANGER-1885
> URL: https://issues.apache.org/jira/browse/RANGER-1885
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
>Priority: Major
>
> This task is to remove the implied grant for the administer queue permission 
> for the Yarn plugin. Previously, the administer queue permission implied the 
> submit application permission. However, this implication can cause problems 
> when a user is denied the administer queue permission, but explicitly allowed 
> the submit application permission, as the administer queue negative 
> permission then overrides the positive submit application permission (see 
> https://issues.apache.org/jira/browse/RANGER-1339). The easiest fix is just 
> to remove the implied grant, so a user must be explicitly granted the submit 
> application permission in addition to administer queue.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1869) KMS has duplicated code from Hadoop KMS

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1869:
-
Fix Version/s: (was: 1.1.0)

> KMS has duplicated code from Hadoop KMS
> ---
>
> Key: RANGER-1869
> URL: https://issues.apache.org/jira/browse/RANGER-1869
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Affects Versions: 0.7.1
>Reporter: Zsombor Gegesy
>Assignee: Zsombor Gegesy
>Priority: Major
>  Labels: hadoop, kms
>
> Ranger KMS contains big chunk of code from Hadoop KMS, slightly altered to 
> implement necessary changes.
>  It seems that two thing changed in Ranger side : 
> * It is possible to customize the implementation for 'KMSACL'
> * It is possible to capture the originating IP address
> For the first, it would be better, if this code is up-streamed. For the 
> second, a servlet filter with a thread local variable would work perfectly.
> For Hadoop 3.0, the KMS module is evolved a bit, so the other solution, is to 
> copy - again - a lot of code, would be a bigger change.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1821) Logout does not work with RangerSSOAuthenticationFilter

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1821:
-
Fix Version/s: (was: 1.1.0)

> Logout does not work with RangerSSOAuthenticationFilter
> ---
>
> Key: RANGER-1821
> URL: https://issues.apache.org/jira/browse/RANGER-1821
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Reporter: Colm O hEigeartaigh
>Priority: Major
>
> Logout does not work with RangerSSOAuthenticationFilter (tested with Knox). 
> There are two issues that I can see:
> a) Logging out while the token is still valid (30s by default from Knox) just 
> logs the user back in again
> b) Logging out while the token is invalid (expired) redirects the user to the 
> user profile page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1823:
-
Fix Version/s: (was: 1.1.0)

> Allowed TRUNCATE and INSERT to partition table when the policy item is only 
> "SELECT"
> 
>
> Key: RANGER-1823
> URL: https://issues.apache.org/jira/browse/RANGER-1823
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 0.5.3, 0.7.1
>Reporter: Haihui Xu
>Assignee: Haihui Xu
>Priority: Major
> Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition 
> table when the policy item is only SELECT.patch, Screen Shot 2018-01-24 at 
> 12.59.55 PM.png, clipboard.png
>
>
> In beeline, useraa  create table hive_test, such as :  CREATE TABLE 
> hive_test(b string) PARTITIONED BY (a string); then  in ranger admin UI  add 
> a policy for userbb, the policy has only "SELECT"  of table hive_test;   in 
> beeline  userbb  execute "truncate table hive_test" / "insert into hive_test 
> partition(a=20171003) select 1 from hive_test"  is allowed.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2088) If not deltasync (Incremental Sync) enabled, getUsers is called too many times

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2088:
-
Fix Version/s: (was: 1.1.0)
   2.0.0

> If not deltasync (Incremental Sync) enabled, getUsers is called too many times
> --
>
> Key: RANGER-2088
> URL: https://issues.apache.org/jira/browse/RANGER-2088
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 0.7.0
>Reporter: Hajime Osako
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> *SYMPTOM*
>  With LDAP server which has hundreds of users and groups, Ranger Usersync 
> never finishes the initial sync or takes extremely long time, when Group 
> Search First & Enable User Search both are set to true.
>  The usersync.log shows similar to below repeatedly.
> {noformat}
> 19 Apr 2018 17:15:19 INFO LdapUserGroupBuilder [UnixUserSyncThread] - 
> Updating username for cn=x...
> {noformat}
>  
> *WORKAROUND:*
>  If deltasync (Incremental Sync) is enabled, do not see this symptom, because 
> LdapUserGroupBuilder calls getUsers() in the for loop, but 
> LdapDeltaUserGroupBuilder doesn't use this method in the loop in updateSink().
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2093) RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger

2018-07-02 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16530792#comment-16530792
 ] 

Velmurugan Periasamy commented on RANGER-2093:
--

[~rmani] - Moving this out of 1.1.0 and marking for 2.0.0. 

> RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger
> -
>
> Key: RANGER-2093
> URL: https://issues.apache.org/jira/browse/RANGER-2093
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, 1.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 2.0.0
>
>
> RangerHiveAuthorizer showPrivileges should show Hive Resources ACLs from 
> Ranger Policies Currently StandardSQLAuth ACLs is shown when the call is made 
> and this is misleading. 
> Proposal is to show privileges for a Hive Resource or  Hive Resource and 
> user/group from Ranger Policies when ranger plugin is enabled for hive.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2093) RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2093:
-
Fix Version/s: (was: 1.1.0)
   (was: 1.0.0)
   2.0.0

> RangerHiveAuthorizer showPrivileges should show Hive Objects ACLs from Ranger
> -
>
> Key: RANGER-2093
> URL: https://issues.apache.org/jira/browse/RANGER-2093
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, 1.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 2.0.0
>
>
> RangerHiveAuthorizer showPrivileges should show Hive Resources ACLs from 
> Ranger Policies Currently StandardSQLAuth ACLs is shown when the call is made 
> and this is misleading. 
> Proposal is to show privileges for a Hive Resource or  Hive Resource and 
> user/group from Ranger Policies when ranger plugin is enabled for hive.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-2100) REST API to get count of total services, policies, users, groups and various mapping

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2100?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy resolved RANGER-2100.
--
Resolution: Fixed

> REST API to get count of total services, policies, users, groups and various 
> mapping
> 
>
> Key: RANGER-2100
> URL: https://issues.apache.org/jira/browse/RANGER-2100
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Pradeep Agrawal
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2100.patch
>
>
> This API will get the details analytics for the following
>  * Count of Services created for each type of service
>  * Number of policies by Service Type along with Service Name: # of resource 
> policies, tag-based policies, masking policies, row filtering policies
>  * Number of Audit Events by Service Type: size of solr index, number of 
> denial events and number of access events
>  * Number of groups and users synced
>  * Policy DB type and version: MySQL, Oracle..
>  * Context enrichers: Number and type used.
>  * Count of Deny conditions for resources.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-2141) Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy resolved RANGER-2141.
--
Resolution: Fixed

> Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema
> ---
>
> Key: RANGER-2141
> URL: https://issues.apache.org/jira/browse/RANGER-2141
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.1.0
>Reporter: Mehul Parikh
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2141-master.patch
>
>
> As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
> need to add that in consolidated db schema. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2128) Implement SparkSQL plugin

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2128:
-
Fix Version/s: (was: 1.1.0)
   2.0.0

> Implement SparkSQL plugin
> -
>
> Key: RANGER-2128
> URL: https://issues.apache.org/jira/browse/RANGER-2128
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins, Ranger
>Affects Versions: 1.1.0
>Reporter: t oo
>Assignee: Kent Yao
>Priority: Major
> Fix For: 2.0.0
>
>
> Implement SparkSQL plugin



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2002) Ranger support for time based classifications and business terms from Apache Atlas

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2002:
-
Fix Version/s: (was: master)

> Ranger support for time based classifications and business terms from Apache 
> Atlas
> --
>
> Key: RANGER-2002
> URL: https://issues.apache.org/jira/browse/RANGER-2002
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.1.0
>
>
> Currently classifications and business glossary terms in Apache Atlas are 
> treated as being valid permanently in Ranger. There are use cases where such 
> classifications are time bound based on customer input (such as financial 
> information about earnings that is sensitive and restricted only until the 
> earnings release) (i.e) either be effective after a certain date/time and/or 
> expire after a specific date/time or valid only during an interval from a 
> start date/time to an end date/time
> Ranger policy engine needs to be able to recognize the start and end times 
> for tags/classifications received from Apache Atlas via tag sync and enforce 
> tag-based policies depending on attributes of the tags that represent its 
> validity period.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-2002) Ranger support for time based classifications and business terms from Apache Atlas

2018-07-02 Thread Abhay Kulkarni (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2002?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Abhay Kulkarni resolved RANGER-2002.

Resolution: Fixed

This is committed as a part of commit for RANGER-2000.

commit details: 

master:

https://git-wip-us.apache.org/repos/asf?p=ranger.git;a=commit;h=844315cdbc5e4589f5a4f873c33533d8f7bb014e

> Ranger support for time based classifications and business terms from Apache 
> Atlas
> --
>
> Key: RANGER-2002
> URL: https://issues.apache.org/jira/browse/RANGER-2002
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Currently classifications and business glossary terms in Apache Atlas are 
> treated as being valid permanently in Ranger. There are use cases where such 
> classifications are time bound based on customer input (such as financial 
> information about earnings that is sensitive and restricted only until the 
> earnings release) (i.e) either be effective after a certain date/time and/or 
> expire after a specific date/time or valid only during an interval from a 
> start date/time to an end date/time
> Ranger policy engine needs to be able to recognize the start and end times 
> for tags/classifications received from Apache Atlas via tag sync and enforce 
> tag-based policies depending on attributes of the tags that represent its 
> validity period.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67799: RANGER-2146: Tag attribute type needs to be initialized to a non-empty string

2018-07-02 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67799/#review205645
---


Ship it!




Ship It!

- Madhan Neethiraj


On July 2, 2018, 7:16 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67799/
> ---
> 
> (Updated July 2, 2018, 7:16 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2146
> https://issues.apache.org/jira/browse/RANGER-2146
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As a part of tagsync updates for handling Atlas V2 APIs, a regression was 
> introduced which set tag attribute type to an empty string when creating 
> service-tags structure from a AtlasEntityNotification object. When saving 
> attribute-definition to Oracle DB, this empty string tag was treated as a 
> null, which caused the database insert to fail (type column is defined as 
> non-null field in schema for x_tag_attr_def table).
> 
> As tag attribute type values are uninterpreted in Ranger, it is safe to set 
> attribute type to 'string' instead of to an empty string.
> 
> 
> Diffs
> -
> 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlasrest/RangerAtlasEntityWithTags.java
>  c31c73c9f 
> 
> 
> Diff: https://reviews.apache.org/r/67799/diff/1/
> 
> 
> Testing
> ---
> 
> Ran all unit tests successfully
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Updated] (RANGER-2143) Update Ranger authorizer for Atlas for new method added in authorization interface (ATLAS-2765)

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2143:
-
Fix Version/s: (was: master)
   1.1.0

> Update Ranger authorizer for Atlas for new method added in authorization 
> interface (ATLAS-2765)
> ---
>
> Key: RANGER-2143
> URL: https://issues.apache.org/jira/browse/RANGER-2143
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 1.0.0
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2143.patch
>
>
> Atlas authorizer interface was updated in ATLAS-2765 with addition of method 
> scrubSearchResults(). Ranger authorizer for Atlas should be updated to 
> implement this new method.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2145) Update service-def for Atlas to remove access-type entity-read-classification

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2145:
-
Fix Version/s: (was: master)
   1.1.0

> Update service-def for Atlas to remove access-type entity-read-classification
> -
>
> Key: RANGER-2145
> URL: https://issues.apache.org/jira/browse/RANGER-2145
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0
>Reporter: Madhan Neethiraj
>Assignee: Madhan Neethiraj
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2145.patch
>
>
> After recent changes in Atlas authorization (ATLAS-2765), access-type 
> 'entity-read-classification' is no more used. Hence service-def should be 
> updated to remove this access-type.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2085) Add resource lookup for entity-id in Atlas service

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2085:
-
Fix Version/s: (was: master)
   1.1.0

> Add resource lookup for entity-id in Atlas service
> --
>
> Key: RANGER-2085
> URL: https://issues.apache.org/jira/browse/RANGER-2085
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2085.1.patch, RANGER-2085.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2084) Support for service-specific audit configuration in Ranger plugin

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2084:
-
Fix Version/s: (was: master)
   1.1.0

> Support for service-specific audit configuration in Ranger plugin
> -
>
> Key: RANGER-2084
> URL: https://issues.apache.org/jira/browse/RANGER-2084
> Project: Ranger
>  Issue Type: Bug
>  Components: audit, plugins
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.1.0
>
>
> If Ranger plugin is required to host more than one Ranger services, it is 
> required to support a different audit configuration for each hosted Ranger 
> service. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67694: RANGER-2139: UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files

2018-07-02 Thread Velmurugan Periasamy



> On June 21, 2018, 7:44 p.m., Velmurugan Periasamy wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
> > Lines 543 (patched)
> > 
> >
> > MD5 is not recommended anymore.
> 
> Allen Wittenauer wrote:
> Agree that MD5 shouldn't be used for security purposes, but that isn't 
> the use case here.  Instead, it is only used to generate a simple checksum.  
> Using a more complex (and therefore more CPU intensive) hashing function 
> doesn't have much value.  If someone were to replace /etc/passwd with a file 
> that had an MD5 collision (the reason why MD5 shouldn't be used in the 
> majority of use cases) it would defeat the purpose; this code is only 
> triggered when the MD5s do not match.
> 
> Velmurugan Periasamy wrote:
> It is a good idea to use something like sha256Hex, so that source code 
> analysis tools such as coverity/fortify do not flag md5Hex usage as 
> vulnerable.
> 
> Cetin Sahin wrote:
> Dear Velmurugan and Allen,
> 
> Thanks for your comments. I also do not think using MD5 impose any 
> security risk in this context, but I will be happy to replace the digestion 
> algorithm with a more stronger one if you think it is really necessary. At 
> first place, I was more concerned about the performance rather than the 
> security of /etc/passwd or /etc/group files. If UnixUserGroupBuilder checks 
> the update too frequently (which is configurable in the Ranger context), 
> using more secure digestion algoritm like SHA256 will be computationally 
> heavier without any additional functional benefits.

Thanks Cetin. Sorry for the delayed response. I agree it would be 
computationally heavier, my suggestion is to go with that anyway since 
Coverity/Fortify scans might flag any MD5 usage as potential issue.


- Velmurugan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67694/#review205204
---


On June 21, 2018, 7:16 p.m., Cetin Sahin wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67694/
> ---
> 
> (Updated June 21, 2018, 7:16 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2139
> https://issues.apache.org/jira/browse/RANGER-2139
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fixed the update detection issue on consecutive updates in 
> UnixUserGroupBuilder. The update detection logic is improved by verifying the 
> checksums in addition to last modification time.
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  ddab6294a 
> 
> 
> Diff: https://reviews.apache.org/r/67694/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Applied the patch to the master branch and verified that all unit tests 
> passed successfully.
> 
> 
> Thanks,
> 
> Cetin Sahin
> 
>

[jira] [Updated] (RANGER-2074) Update netty version in ranger kms package

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2074:
-
Fix Version/s: (was: master)
   1.1.0

> Update netty version in ranger kms package
> --
>
> Key: RANGER-2074
> URL: https://issues.apache.org/jira/browse/RANGER-2074
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Affects Versions: 1.0.0
>Reporter: Velmurugan Periasamy
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 1.1.0
>
>
> Netty version needs to be updated to 3.10.5 in ranger kms package.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2073) Good coding practices for usersync, tagsync, ldap tool configuration.

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2073:
-
Fix Version/s: (was: master)
   1.1.0

> Good coding practices for usersync, tagsync, ldap tool configuration.
> -
>
> Key: RANGER-2073
> URL: https://issues.apache.org/jira/browse/RANGER-2073
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger, tagsync, usersync
>Affects Versions: 1.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 1.1.0
>
>
> Good coding practices for usersync, tagsync, ldap tool configuration.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2069) group id below than 500 is not getting syncd

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2069:
-
Fix Version/s: (was: master)
   1.1.0

> group id below than 500 is not getting syncd
> 
>
> Key: RANGER-2069
> URL: https://issues.apache.org/jira/browse/RANGER-2069
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Sailaja Polavarapu
>Priority: Critical
> Fix For: 1.1.0
>
>
> change the default value for min group ID to 0 instead of 500



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2062) Update jQuery version

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2062?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2062:
-
Fix Version/s: (was: master)
   1.1.0

> Update jQuery version
> -
>
> Key: RANGER-2062
> URL: https://issues.apache.org/jira/browse/RANGER-2062
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2062.patch
>
>
> Currently, we are using v1.10.2 jQuery version. We can update to v3.3.1 
> jQuery's latest stable version and their dependencies.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2070) Ranger Storm service creation fails

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2070:
-
Fix Version/s: (was: master)
   1.1.0

> Ranger Storm service creation fails
> ---
>
> Key: RANGER-2070
> URL: https://issues.apache.org/jira/browse/RANGER-2070
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2070.patch
>
>
> {code:java}
> In latest ranger when tried to enable plugin for Storm, ranger service 
> creation fails. 
> Found below in Ranger-Admin logs.
> 2018-04-07 09:48:53,132 [http-bio-6080-exec-4] INFO  
> apache.ranger.security.web.filter.RangerKRBAuthenticationFilter 
> (RangerKRBAuthenticationFilter.java:220) - Logged into Ranger as = 
> storm-rangerstorm
> 2018-04-07 09:48:53,136 [http-bio-6080-exec-4] INFO  
> org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:84) - Request 
> failed. loginId=null, logMessage=Bad Credentials
> javax.ws.rs.WebApplicationException
> at 
> org.apache.ranger.common.RESTErrorUtil.generateRESTException(RESTErrorUtil.java:77)
> at 
> org.apache.ranger.biz.RangerBizUtil.blockAuditorRoleUser(RangerBizUtil.java:1637)
> at org.apache.ranger.biz.UserMgr.addUserRole(UserMgr.java:981)
> at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:167)
> at 
> org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke()
> at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669)
> at 
> org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$f11ad8ab.createUser()
> at 
> org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2225)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2056) Good coding practices for KMS and unixauth

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2056?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2056:
-
Fix Version/s: (was: master)
   1.1.0

> Good coding practices for KMS and unixauth
> --
>
> Key: RANGER-2056
> URL: https://issues.apache.org/jira/browse/RANGER-2056
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> RANGER-2056-Good-coding-practices-for-KMS-and-unixau.patch
>
>
> Good coding practices for KMS and unixauth



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2059) Write unit tests for export/import functionality

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2059?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2059:
-
Fix Version/s: (was: master)
   1.1.0

> Write unit tests for export/import functionality
> 
>
> Key: RANGER-2059
> URL: https://issues.apache.org/jira/browse/RANGER-2059
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2059-master.patch
>
>
> Write unit tests for export/import functionality.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2031) Good coding practice in Ranger recommended by static code analysis

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2031:
-
Fix Version/s: (was: master)
   1.1.0

> Good coding practice in Ranger recommended by static code analysis
> --
>
> Key: RANGER-2031
> URL: https://issues.apache.org/jira/browse/RANGER-2031
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.1.0
>
>
> Fix code issues in Ranger recommended by static code analysis



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2029) Ranger Kafka default policy creation improvement.

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2029?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2029:
-
Fix Version/s: (was: master)
   1.1.0

> Ranger Kafka default policy creation improvement.
> -
>
> Key: RANGER-2029
> URL: https://issues.apache.org/jira/browse/RANGER-2029
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> RANGER-2029-Ranger-Kafka-default-policy-creation-imp.patch
>
>
> Ranger Kafka default policy creation improvement.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1939) Simplify Maven dependencies and assembly specification for hdfs plugin module

2018-07-02 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16530401#comment-16530401
 ] 

Velmurugan Periasamy commented on RANGER-1939:
--

[~abhayk] - Any update on this? I don't see this is committed. Is this still 
required? If not, can this be closed? 

> Simplify Maven dependencies and assembly specification for hdfs plugin module
> -
>
> Key: RANGER-1939
> URL: https://issues.apache.org/jira/browse/RANGER-1939
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
>
> There are two issues with the Maven POM files for Ranger's hdfs plugin module.
> 1. There are overlapping and sometimes conflicting versions of libraries on 
> which hdfs plugin code depends. Conflicts arise partly because some of the 
> libraries packaged with hdfs plugin module are already exist in hdfs 
> component and have different versions.
> 2. assembly specification for hdfs plugin module uses DependencySets - a 
> construct which is confusing and hard to get right. They also clutter up 
> build output log with spurious messages. It is desirable to use FileSets 
> which are easier to understand and straightforward to specify in an assembly 
> spec.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1946) if args.length=2 will case java.lang.ArrayIndexOutOfBoundsException in HdfsClient.class

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1946:
-
Fix Version/s: (was: master)

> if args.length=2 will case java.lang.ArrayIndexOutOfBoundsException in 
> HdfsClient.class
> ---
>
> Key: RANGER-1946
> URL: https://issues.apache.org/jira/browse/RANGER-1946
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Minor
> Attachments: 
> 0001-RANGER-1946-if-args.length-2-will-case-java.lang.Arr.patch
>
>
> "if args.length=2 "   the following code 
> "String fileNameToMatch = (args.length == 2 ? null : args[2]);"
> will case java.lang.ArrayIndexOutOfBoundsException in HdfsClient.class
> Chang from  "if (args.length < 2)  "  to "if (args.length < 3) "



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1918) Optimize logic and remove unnecessary temporary variables in YarnClient.class

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1918:
-
Fix Version/s: (was: master)

> Optimize logic and remove unnecessary temporary variables in YarnClient.class
> -
>
> Key: RANGER-1918
> URL: https://issues.apache.org/jira/browse/RANGER-1918
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Major
>
> 1.We have already determined the logic of the response! = Null and 
> response.getStatus ()! = 200 in the getQueueResponse method, and do not need 
> to be evaluated in the run method of the getQueueResponse method. Move 
> "response.close ();" into the getQueueResponse method.
> 2.There is no necessary to create so many useless temporary variables "String 
> errMsg = errMessage;"
>  just use errMessage is better practice.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1759) Ranger KMS and Ranger Admin startup failed at credentialapi.buildks with java.lang.NoClassDefFoundError: org/codehaus/stax2/XMLInputFactory2

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1759:
-
Fix Version/s: (was: 0.7.1)
   (was: master)

> Ranger KMS and Ranger Admin startup failed at credentialapi.buildks with 
> java.lang.NoClassDefFoundError: org/codehaus/stax2/XMLInputFactory2
> 
>
> Key: RANGER-1759
> URL: https://issues.apache.org/jira/browse/RANGER-1759
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Ankita Sinha
>Assignee: Ankita Sinha
>Priority: Major
> Attachments: RANGER-1759_07.patch, RANGER-1759_master.patch
>
>
> Ranger KMS and Ranger Admin startup failed with  
> java.lang.NoClassDefFoundError: org/codehaus/stax2/XMLInputFactory2.
> {code}
> Exception in thread "main" java.lang.NoClassDefFoundError: 
> org/codehaus/stax2/XMLInputFactory2
>   at 
> org.apache.ranger.credentialapi.CredentialReader.getDecryptedString(CredentialReader.java:38)
>   at 
> org.apache.ranger.credentialapi.buildks.createCredential(buildks.java:88)
>   at org.apache.ranger.credentialapi.buildks.main(buildks.java:40)
> Caused by: java.lang.ClassNotFoundException: 
> org.codehaus.stax2.XMLInputFactory2
>   at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>   at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>   at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
>   at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>   ... 3 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1552) Ranger usersync or ranger kms not able to communicate to ranger admin and no exception or error seen in the ranger user sync or kms logs.

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1552:
-
Fix Version/s: (was: master)
   2.0.0

> Ranger usersync or ranger kms not able to communicate to ranger admin and no 
> exception or error seen in the ranger user sync or kms logs.
> -
>
> Key: RANGER-1552
> URL: https://issues.apache.org/jira/browse/RANGER-1552
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0, 0.6.2
>Reporter: Madhavi Amirneni
>Assignee: Madhavi Amirneni
>Priority: Minor
> Fix For: 2.0.0
>
> Attachments: RANGER-1552-handle-create-keystore-error.patch
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Ranger usersync or ranger kms not able to communicate to ranger admin because 
> there was an error during the keystore creation and information was logged or 
> exception thrown for the error. This occurred because the default 
> communication between ranger admin and Ranger usersync or ranger kms is SSL 
> enabled.  
> When ranger is installed through ambari, a connection failed alert is 
> displayed regarding this. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2087) Use qualifiedName first to figure out HDFS path, clusterName and Ranger service-name from Atlas Hdfs entity

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2087:
-
Fix Version/s: (was: master)
   1.1.0

> Use qualifiedName first to figure out HDFS path, clusterName and Ranger 
> service-name from Atlas Hdfs entity
> ---
>
> Key: RANGER-2087
> URL: https://issues.apache.org/jira/browse/RANGER-2087
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.1.0
>
>
> Tagsync uses a mapper class to map Atlas Entity to Ranger Service Resource 
> for each of the components supported by Atlas. All mappers except Hdfs mapper 
> first parse distinguished-name of Atlas Entity to build Ranger Service 
> Resource. Hdfs mapper needs to work the same way.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2089) Update scala library version for tagsync to be the same as in Atlas

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2089:
-
Fix Version/s: (was: master)
   1.1.0

> Update scala library version for tagsync to be the same as in Atlas
> ---
>
> Key: RANGER-2089
> URL: https://issues.apache.org/jira/browse/RANGER-2089
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.1.0
>
>
> Update scala-libary.jar version from 2.11.8 to 2.11.12 to be compatible with 
> Atlas.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2098) improvement in ranger policy timezones and keeping validation at both ranger server and UI end consistent.

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2098:
-
Fix Version/s: (was: master)
   1.1.0

> improvement in ranger policy timezones and keeping validation at both ranger 
> server and UI end consistent.
> --
>
> Key: RANGER-2098
> URL: https://issues.apache.org/jira/browse/RANGER-2098
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nikhil Purbhe
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 
> RANGER-2098-improvement-in-ranger-policy-timezones-a.patch
>
>
> Improvement in ranger policy timezones and keeping validation at both ranger 
> server and UI consistent.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2111) Ranger HBase authorization should check for super user or admin privilege for HBase RSGroup operationsq

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2111:
-
Fix Version/s: (was: master)
   2.0.0

> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operationsq
> ---
>
> Key: RANGER-2111
> URL: https://issues.apache.org/jira/browse/RANGER-2111
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: Ranger
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
> Fix For: 2.0.0
>
>
> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operations
> Following are the RSGroup operations in the MasterObserver hook that needs 
> SuperUser or Admin privilege
> AddRSGroup, RemoveRSGroup, BalanceRSGroup, RemoveServers, moveServers, 
> listRSGroups, moveServersAndTables, moveTables, getRSGroupInfo, 
> getRSGroupInfoOfTable, getRSGroupOfServer



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 67799: RANGER-2146: Tag attribute type needs to be initialized to a non-empty string

2018-07-02 Thread Abhay Kulkarni


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67799/
---

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-2146
https://issues.apache.org/jira/browse/RANGER-2146


Repository: ranger


Description
---

As a part of tagsync updates for handling Atlas V2 APIs, a regression was 
introduced which set tag attribute type to an empty string when creating 
service-tags structure from a AtlasEntityNotification object. When saving 
attribute-definition to Oracle DB, this empty string tag was treated as a null, 
which caused the database insert to fail (type column is defined as non-null 
field in schema for x_tag_attr_def table).

As tag attribute type values are uninterpreted in Ranger, it is safe to set 
attribute type to 'string' instead of to an empty string.


Diffs
-

  
tagsync/src/main/java/org/apache/ranger/tagsync/source/atlasrest/RangerAtlasEntityWithTags.java
 c31c73c9f 


Diff: https://reviews.apache.org/r/67799/diff/1/


Testing
---

Ran all unit tests successfully


Thanks,

Abhay Kulkarni

[jira] [Created] (RANGER-2147) Release Ranger 1.1.0

2018-07-02 Thread Velmurugan Periasamy (JIRA)

Velmurugan Periasamy created RANGER-2147:


 Summary: Release Ranger 1.1.0
 Key: RANGER-2147
 URL: https://issues.apache.org/jira/browse/RANGER-2147
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Velmurugan Periasamy
Assignee: Velmurugan Periasamy


Track release activities for Ranger 1.1.0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2147) Release Ranger 1.1.0

2018-07-02 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2147?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2147:
-
Fix Version/s: 1.1.0

> Release Ranger 1.1.0
> 
>
> Key: RANGER-2147
> URL: https://issues.apache.org/jira/browse/RANGER-2147
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Velmurugan Periasamy
>Assignee: Velmurugan Periasamy
>Priority: Major
> Fix For: 1.1.0
>
>
> Track release activities for Ranger 1.1.0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2146) Tag attribute type needs to be initialized to a non-empty string

2018-07-02 Thread Abhay Kulkarni (JIRA)

Abhay Kulkarni created RANGER-2146:
--

 Summary: Tag attribute type needs to be initialized to a non-empty 
string
 Key: RANGER-2146
 URL: https://issues.apache.org/jira/browse/RANGER-2146
 Project: Ranger
  Issue Type: Bug
  Components: tagsync
Affects Versions: 0.7.1, 1.0.0, master
Reporter: Abhay Kulkarni
Assignee: Abhay Kulkarni
 Fix For: master, 1.1.0


As a part of tagsync updates for handling Atlas V2 APIs, a regression was 
introduced which set tag attribute type to an empty string when creating 
service-tags structure from a AtlasEntityNotification object. When saving 
attribute-definition to Oracle DB, this empty string tag was treated as a null, 
which caused the database insert to fail (type column is defined as non-null 
field in schema for x_tag_attr_def table).

As tag attribute type values are uninterpreted in Ranger, it is safe to set 
attribute type to 'string' instead of to an empty string.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

63 matches

Mail list logo