date:20190529

Re: Review Request 70761: RANGER-2397: HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Ramesh Mani


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70761/#review215599
---


Ship it!




Ship It!

- Ramesh Mani


On May 30, 2019, 4:38 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70761/
> ---
> 
> (Updated May 30, 2019, 4:38 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh 
> Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2397
> https://issues.apache.org/jira/browse/RANGER-2397
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement:**
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> 
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider
> 
> **Solution:(provided by Junseung Hwang in the Jira)** :
> Hive already has an abstract class to prevent this kind of error, so the 
> patch just makes RangerHiveAuthorizerBase to extend AbstractHiveAuthorizer 
> instead of implementing HiveAuthorizer directly.
> 
> 
> Diffs
> -
> 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java
>  afc57b2e8 
> 
> 
> Diff: https://reviews.apache.org/r/70761/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Ranger build with this patch.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

[jira] [Commented] (RANGER-2397) HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Pradeep Agrawal (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16851509#comment-16851509
 ] 

Pradeep Agrawal commented on RANGER-2397:
-

Created RR : [https://reviews.apache.org/r/70761/diff/1#index_header]

> HiveServer2 fails to start with Hive Plugin for Ranger
> --
>
> Key: RANGER-2397
> URL: https://issues.apache.org/jira/browse/RANGER-2397
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Junseung Hwang
>Assignee: Pradeep Agrawal
>Priority: Major
>  Labels: patch, pull-request-available
> Fix For: 2.0.0
>
> Attachments: RANGER-2397.1.patch
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> {code:java}
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider{code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 70761: RANGER-2397: HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Pradeep Agrawal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70761/
---

Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh Mani, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2397
https://issues.apache.org/jira/browse/RANGER-2397


Repository: ranger


Description
---

**Problem Statement:**
HIVE-18777 added Authorization interface to support information_schema 
integration with external authorization, but it causes the bug with Hive Plugin 
for Ranger. Specifically, it causes the following error while starting 
HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.

java.lang.AbstractMethodError: 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider

**Solution:(provided by Junseung Hwang in the Jira)** :
Hive already has an abstract class to prevent this kind of error, so the patch 
just makes RangerHiveAuthorizerBase to extend AbstractHiveAuthorizer instead of 
implementing HiveAuthorizer directly.


Diffs
-

  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java
 afc57b2e8 


Diff: https://reviews.apache.org/r/70761/diff/1/


Testing
---

Tested Ranger build with this patch.


Thanks,

Pradeep Agrawal

[jira] [Assigned] (RANGER-2397) HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Pradeep Agrawal (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reassigned RANGER-2397:
---

Assignee: Pradeep Agrawal

> HiveServer2 fails to start with Hive Plugin for Ranger
> --
>
> Key: RANGER-2397
> URL: https://issues.apache.org/jira/browse/RANGER-2397
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Junseung Hwang
>Assignee: Pradeep Agrawal
>Priority: Major
>  Labels: patch, pull-request-available
> Fix For: 2.0.0
>
> Attachments: RANGER-2397.1.patch
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> {code:java}
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider{code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2450) Fix Failing HBase test cases

2019-05-29 Thread Pradeep Agrawal (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2450?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2450:

Fix Version/s: (was: 2.0.0)

> Fix Failing HBase test cases
> 
>
> Key: RANGER-2450
> URL: https://issues.apache.org/jira/browse/RANGER-2450
> Project: Ranger
>  Issue Type: Sub-task
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1899) Add reencryptEncryptedKey interface to RangerKMS and improve logs

2019-05-29 Thread Pradeep Agrawal (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-1899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-1899:

Fix Version/s: (was: 2.0.0)

> Add reencryptEncryptedKey interface to RangerKMS and improve logs
> -
>
> Key: RANGER-1899
> URL: https://issues.apache.org/jira/browse/RANGER-1899
> Project: Ranger
>  Issue Type: Bug
>  Components: kms, Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect 
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
> rotation, for improved security.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-2452) Release Ranger 2.0.0

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy reassigned RANGER-2452:


Assignee: Velmurugan Periasamy

> Release Ranger 2.0.0
> 
>
> Key: RANGER-2452
> URL: https://issues.apache.org/jira/browse/RANGER-2452
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Velmurugan Periasamy
>Assignee: Velmurugan Periasamy
>Priority: Major
> Fix For: 2.0.0
>
>
> Track release activities for Ranger 2.0.0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Release preparation for Apache Ranger 2.0.0

2019-05-29 Thread Velmurugan Periasamy

Ranger Dev community:

I've created https://issues.apache.org/jira/browse/RANGER-2452 to track Apache 
Ranger 2.0.0 release. 

Requesting the community to resolve/update JIRAs marked for 2.0.0 so that 
release activities can be started. 2.0.0 release can be tentatively targeted in 
the next 2 weeks.  

Thank you,
Vel

Re: Review Request 70629: RANGER-2414: Enhancements to support roles in Ranger policies

2019-05-29 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70629/#review215596
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java
Lines 40 (patched)


Please consider adding "implements java.io.Serializable", to be consistent 
with other model classes - like RangerPolicy.



agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java
Lines 161 (patched)


Consider replacing with:
  return Objects.hash(name, isAdmin);



agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java
Lines 172 (patched)


Consider replacing #172 - #178 with the following:
  return Objects.equals(name, other.name) &&
 isAdmin == other.isAdmin;



agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
Line 80 (original), 80 (patched)


Instead of updating existing method, consider retaining existing method and 
add a method that take 'roles' parameter - to avoid breaking  
RangerPolicyEngine implementations (that might exist outside Ranger repo).



agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
Lines 1264 (patched)


Since 'owner' is not recognized, it will be simper to remove it from this 
method signature. This can be added if/when the usecase to support 'owner' is 
clear.



agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
Line 157 (original), 192 (patched)


One more '}' needed, for the opening '{' in #159?


- Madhan Neethiraj


On May 29, 2019, 10:47 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70629/
> ---
> 
> (Updated May 29, 2019, 10:47 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin 
> Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2414
> https://issues.apache.org/jira/browse/RANGER-2414
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Current Ranger policy model supports 
> authorization/column-masking/row-filtering for users/user-groups based on 
> various criteria like accessed-resource, resource-classifications, IP-address 
> and custom conditions. Given the wide-spread use of role-based authorization 
> in traditional enterprise applications (like RDBMS, J2EE), it will be very 
> useful for Ranger policy model to support 'roles' i.e. to be able to specify 
> authorization/column-masking/row-filtering for roles as well - in addition to 
> existing support for users and user-groups.
> 
> This patch provides an initial implementation of support for roles in Ranger.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  800b3c4f4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 
> 3cf509d7c 
>   agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java 
> PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
>  5316baea3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
>  9ed500c50 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
>  99b2ab357 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  eab2c238e 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
>  eafbde246 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  a57b39827 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
>  45231e739 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
>  47b4921ad 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  5400f71c4 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
>  a6e24c609 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
>  5a18226fe 
>

Re: Review Request 70629: RANGER-2414: Enhancements to support roles in Ranger policies

2019-05-29 Thread Abhay Kulkarni


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70629/
---

(Updated May 29, 2019, 10:47 p.m.)


Review request for ranger, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin 
Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Updated GUI. Tested with zones.


Bugs: RANGER-2414
https://issues.apache.org/jira/browse/RANGER-2414


Repository: ranger


Description
---

Current Ranger policy model supports authorization/column-masking/row-filtering 
for users/user-groups based on various criteria like accessed-resource, 
resource-classifications, IP-address and custom conditions. Given the 
wide-spread use of role-based authorization in traditional enterprise 
applications (like RDBMS, J2EE), it will be very useful for Ranger policy model 
to support 'roles' i.e. to be able to specify 
authorization/column-masking/row-filtering for roles as well - in addition to 
existing support for users and user-groups.

This patch provides an initial implementation of support for roles in Ranger.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 800b3c4f4 
  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 
3cf509d7c 
  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java 
PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
 5316baea3 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 9ed500c50 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineCache.java
 99b2ab357 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 eab2c238e 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceACLs.java
 eafbde246 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 a57b39827 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyItemEvaluator.java
 45231e739 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
 47b4921ad 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
 5400f71c4 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
 a6e24c609 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
 5a18226fe 
  agents-common/src/main/java/org/apache/ranger/plugin/store/RoleStore.java 
PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 c20ccded6 
  agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java 
e22249ac6 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java 
cbd2cb012 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerPolicyValidator.java
 e6d90a491 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyACLs.java
 e92a2e658 
  
agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
 5a47ba401 
  agents-common/src/test/resources/policyengine/test_aclprovider_default.json 
b4c4def85 
  
agents-common/src/test/resources/policyengine/test_policyengine_with_roles.json 
PRE-CREATION 
  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 769afb56a 
  security-admin/db/mysql/patches/041-create-role-schema.sql PRE-CREATION 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
9a9e36b09 
  security-admin/db/oracle/patches/041-create-role-schema.sql PRE-CREATION 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
df4201d89 
  security-admin/db/postgres/patches/041-create-role-schema.sql PRE-CREATION 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
a2d413743 
  security-admin/db/sqlanywhere/patches/041-create-role-schema.sql PRE-CREATION 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
1f3ccbf5d 
  security-admin/db/sqlserver/patches/041-create-role-schema.sql PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java 
921dc3736 
  security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 
f48a80387 
  security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
eef29b0dc 
  security-admin/src/main/java/org/apache/ranger/common/AppConstants.java 
039e4e8d5

[jira] [Updated] (RANGER-2111) Ranger HBase authorization should check for super user or admin privilege for HBase RSGroup operations

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2111:
-
Fix Version/s: (was: 2.0.0)

> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operations
> --
>
> Key: RANGER-2111
> URL: https://issues.apache.org/jira/browse/RANGER-2111
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: Ranger
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operations
> Following are the RSGroup operations in the MasterObserver hook that needs 
> SuperUser or Admin privilege
> AddRSGroup, RemoveRSGroup, BalanceRSGroup, RemoveServers, moveServers, 
> listRSGroups, moveServersAndTables, moveTables, getRSGroupInfo, 
> getRSGroupInfoOfTable, getRSGroupOfServer



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2088) If not deltasync (Incremental Sync) enabled, getUsers is called too many times

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2088:
-
Fix Version/s: (was: 2.0.0)

> If not deltasync (Incremental Sync) enabled, getUsers is called too many times
> --
>
> Key: RANGER-2088
> URL: https://issues.apache.org/jira/browse/RANGER-2088
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 0.7.0
>Reporter: Hajime Osako
>Assignee: Sailaja Polavarapu
>Priority: Major
>
> *SYMPTOM*
>  With LDAP server which has hundreds of users and groups, Ranger Usersync 
> never finishes the initial sync or takes extremely long time, when Group 
> Search First & Enable User Search both are set to true.
>  The usersync.log shows similar to below repeatedly.
> {noformat}
> 19 Apr 2018 17:15:19 INFO LdapUserGroupBuilder [UnixUserSyncThread] - 
> Updating username for cn=x...
> {noformat}
>  
> *WORKAROUND:*
>  If deltasync (Incremental Sync) is enabled, do not see this symptom, because 
> LdapUserGroupBuilder calls getUsers() in the for loop, but 
> LdapDeltaUserGroupBuilder doesn't use this method in the loop in updateSink().
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2111) Ranger HBase authorization should check for super user or admin privilege for HBase RSGroup operations

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2111:
-
Summary: Ranger HBase authorization should check for super user or admin 
privilege for HBase RSGroup operations  (was: Ranger HBase authorization should 
check for super user or admin privilege for HBase RSGroup operationsq)

> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operations
> --
>
> Key: RANGER-2111
> URL: https://issues.apache.org/jira/browse/RANGER-2111
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: Ranger
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
> Fix For: 2.0.0
>
>
> Ranger HBase authorization should check for super user or admin privilege for 
> HBase RSGroup operations
> Following are the RSGroup operations in the MasterObserver hook that needs 
> SuperUser or Admin privilege
> AddRSGroup, RemoveRSGroup, BalanceRSGroup, RemoveServers, moveServers, 
> listRSGroups, moveServersAndTables, moveTables, getRSGroupInfo, 
> getRSGroupInfoOfTable, getRSGroupOfServer



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2393) Document level authorization for solr

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2393:
-
Fix Version/s: (was: 2.0.0)

> Document level authorization for solr
> -
>
> Key: RANGER-2393
> URL: https://issues.apache.org/jira/browse/RANGER-2393
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
>
> Implement Ranger's solr plugin to support document level authorization. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2325) Implement ranger plugin for Ozone

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2325:
-
Fix Version/s: (was: 2.0.0)

> Implement ranger plugin for Ozone
> -
>
> Key: RANGER-2325
> URL: https://issues.apache.org/jira/browse/RANGER-2325
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins, Ranger
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
>
> Ozone is an object store in HDFS. Implement ranger plugin for authorization.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2397) HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16851275#comment-16851275
 ] 

Velmurugan Periasamy commented on RANGER-2397:
--

[~j5hw4n9] - thanks for reporting the issue. Could you please file a review 
request? Thanks. 

> HiveServer2 fails to start with Hive Plugin for Ranger
> --
>
> Key: RANGER-2397
> URL: https://issues.apache.org/jira/browse/RANGER-2397
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Junseung Hwang
>Priority: Major
>  Labels: patch, pull-request-available
> Fix For: 2.0.0
>
> Attachments: RANGER-2397.1.patch
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> {code:java}
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider{code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2397) HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2397:
-
Fix Version/s: 2.0.0

> HiveServer2 fails to start with Hive Plugin for Ranger
> --
>
> Key: RANGER-2397
> URL: https://issues.apache.org/jira/browse/RANGER-2397
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Junseung Hwang
>Priority: Major
>  Labels: patch, pull-request-available
> Fix For: 2.0.0
>
> Attachments: RANGER-2397.1.patch
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> {code:java}
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider{code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2397) HiveServer2 fails to start with Hive Plugin for Ranger

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2397:
-
Fix Version/s: (was: 1.2.0)

> HiveServer2 fails to start with Hive Plugin for Ranger
> --
>
> Key: RANGER-2397
> URL: https://issues.apache.org/jira/browse/RANGER-2397
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Junseung Hwang
>Priority: Major
>  Labels: patch, pull-request-available
> Attachments: RANGER-2397.1.patch
>
>  Time Spent: 40m
>  Remaining Estimate: 0h
>
> HIVE-18777 added Authorization interface to support information_schema 
> integration with external authorization, but it causes the bug with Hive 
> Plugin for Ranger. Specifically, it causes the following error while starting 
> HiveServer2 with the Hive Plugin, and blocks HiveServer2 to start.
> {code:java}
> java.lang.AbstractMethodError: 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getHivePolicyProvider()Lorg/apache/hadoop/hive/ql/security/authorization/plugin/HivePolicyProvider{code}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2208) Code improvement to fetch User/Group information and Service Config details

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2208:
-
Fix Version/s: (was: 1.2.0)
   1.2.1

> Code improvement to fetch User/Group information and Service Config details
> ---
>
> Key: RANGER-2208
> URL: https://issues.apache.org/jira/browse/RANGER-2208
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Major
> Fix For: 0.7.2, 2.0.0, 1.1.1, 1.2.1
>
> Attachments: RANGER-2208-ranger-07-1.patch, RANGER-2208.patch, 
> RANGER-2208_ranger-0.7.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2252) Permission "Kafka Admin" should not be part of Topic resource in Ranger Kafka resource definition

2019-05-29 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16851255#comment-16851255
 ] 

Velmurugan Periasamy commented on RANGER-2252:
--

[~rmani] - looks like this is committed. Can this be resolved? 

> Permission "Kafka Admin" should not be part of Topic resource in Ranger Kafka 
> resource definition 
> --
>
> Key: RANGER-2252
> URL: https://issues.apache.org/jira/browse/RANGER-2252
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0
>Reporter: Ramesh Mani
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: 
> 0001-RANGER-2252-Permission-Kafka-Admin-should-not-be-par.patch
>
>
> Permission "Kafka Admin" should not be part of Topic resource in Ranger Kafka 
> resource definition. Only "Cluster" resource should be having this permission.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2417) Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas Ranger Plugin

2019-05-29 Thread Velmurugan Periasamy (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16851241#comment-16851241
 ] 

Velmurugan Periasamy commented on RANGER-2417:
--

[~nixonrodrigues] - anything else pending on this? I see this is already 
committed. 

> Set Atlas Entity owner to RangerAccessResource ownerUser attribute for Atlas 
> Ranger Plugin
> --
>
> Key: RANGER-2417
> URL: https://issues.apache.org/jira/browse/RANGER-2417
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2417.patch
>
>
> Set Atlas Entity owner value to RangerAccessResource ownerUser attribute for 
> Atlas Ranger Plugin. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2425) Enhance ranger hive plugin to support sql role commands

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2425:
-
Fix Version/s: (was: 2.0.0)

> Enhance ranger hive plugin to support sql role commands
> ---
>
> Key: RANGER-2425
> URL: https://issues.apache.org/jira/browse/RANGER-2425
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
>
> As an extension to https://issues.apache.org/jira/browse/RANGER-2414, enhance 
> ranger hive plugin to support sql role commands:
> [https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-UsersandRoles]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70758: RANGER-2451 :- Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Madhan Neethiraj


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70758/#review215586
---


Ship it!




Ship It!

- Madhan Neethiraj


On May 29, 2019, 7:33 p.m., Nixon Rodrigues wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70758/
> ---
> 
> (Updated May 29, 2019, 7:33 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Ramesh Mani.
> 
> 
> Bugs: RANGER-2451
> https://issues.apache.org/jira/browse/RANGER-2451
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Atlas plugin was working due to "java.lang.ClassCastException: 
> java.util.Collections$EmptySet"  when  security zone is created for Atlas 
> service.
> 
> This patch fixes the issue of ClassCastException.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  eab2c238e 
> 
> 
> Diff: https://reviews.apache.org/r/70758/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Atlas ranger authorization for types / entity for read/create/updates 
> when security zone created for atlas services.
> 
> 
> Thanks,
> 
> Nixon Rodrigues
> 
>

Review Request 70758: RANGER-2451 :- Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Nixon Rodrigues


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70758/
---

Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
Pradeep Agrawal, and Ramesh Mani.


Bugs: RANGER-2451
https://issues.apache.org/jira/browse/RANGER-2451


Repository: ranger


Description
---

Atlas plugin was working due to "java.lang.ClassCastException: 
java.util.Collections$EmptySet"  when  security zone is created for Atlas 
service.

This patch fixes the issue of ClassCastException.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 eab2c238e 


Diff: https://reviews.apache.org/r/70758/diff/1/


Testing
---

Tested Atlas ranger authorization for types / entity for read/create/updates 
when security zone created for atlas services.


Thanks,

Nixon Rodrigues

[jira] [Updated] (RANGER-2452) Release Ranger 2.0.0

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2452:
-
Fix Version/s: 2.0.0

> Release Ranger 2.0.0
> 
>
> Key: RANGER-2452
> URL: https://issues.apache.org/jira/browse/RANGER-2452
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Reporter: Velmurugan Periasamy
>Priority: Major
> Fix For: 2.0.0
>
>
> Track release activities for Ranger 2.0.0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Nixon Rodrigues (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues updated RANGER-2451:

Attachment: (was: RANGER-2085.patch)

> Atlas plugin is not working when security zone is created for Atlas service 
> in Ranger Admin.
> 
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: RANGER-2451.patch
>
>
>    Description: 
> Steps - 
>  1.Go to security zone page in Ranger UI.
>  2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
>  4.Go to Atlas UI and login.
>  5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 - 
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request: 
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast 
> to java.util.List
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
>         at 
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
>         at 
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Nixon Rodrigues (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues updated RANGER-2451:

Attachment: RANGER-2451.patch

> Atlas plugin is not working when security zone is created for Atlas service 
> in Ranger Admin.
> 
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
> Attachments: RANGER-2451.patch
>
>
>    Description: 
> Steps - 
>  1.Go to security zone page in Ranger UI.
>  2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
>  4.Go to Atlas UI and login.
>  5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 - 
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request: 
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast 
> to java.util.List
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
>         at 
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
>         at 
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Nixon Rodrigues (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nixon Rodrigues updated RANGER-2451:

Attachment: RANGER-2085.patch

> Atlas plugin is not working when security zone is created for Atlas service 
> in Ranger Admin.
> 
>
> Key: RANGER-2451
> URL: https://issues.apache.org/jira/browse/RANGER-2451
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Assignee: Nixon Rodrigues
>Priority: Major
>
>    Description: 
> Steps - 
>  1.Go to security zone page in Ranger UI.
>  2.Create a security zone for atlas services with resources.
> {noformat}
> type-category resources
> type-category : *
> type : *
> entity-type resources
> entity-type : *
> entity-classification : *
> entity : *
> atlas-service resources
> atlas-service : *, atlas-service
> relationship-type resources
> end-one-entity-classification : *
> end-two-entity : *
> end-two-entity-type : *
> relationship-type : *
> end-two-entity-classification : *
> end-one-entity-type : *
> end-one-entity : *
> {noformat}
> 3.Save the security zone.
>  4.Go to Atlas UI and login.
>  5.Check the application.logs of Atlas.
> {code:java}
> 2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 - 
> 01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request: 
> e361746af898b07c (ExceptionMapperUtil:32)
> java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast 
> to java.util.List
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
>         at 
> org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
>         at 
> org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
>         at 
> org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2452) Release Ranger 2.0.0

2019-05-29 Thread Velmurugan Periasamy (JIRA)

Velmurugan Periasamy created RANGER-2452:


 Summary: Release Ranger 2.0.0
 Key: RANGER-2452
 URL: https://issues.apache.org/jira/browse/RANGER-2452
 Project: Ranger
  Issue Type: Task
  Components: Ranger
Reporter: Velmurugan Periasamy


Track release activities for Ranger 2.0.0



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2374) Add refresh access type to allow sharing policies between Hive and Impala

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2374:
-
Fix Version/s: 2.0.0

> Add refresh access type to allow sharing policies between Hive and Impala
> -
>
> Key: RANGER-2374
> URL: https://issues.apache.org/jira/browse/RANGER-2374
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Fredy Wijaya
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: 
> 0001-RANGER-2374-Add-refresh-access-type-to-hive-service-.patch, 
> 0002-RANGER-2374-Add-refresh-access-type-to-hive-service-.patch
>
>
> Impala requires REFRESH for certain statements, such as INVALIDATE METADATA 
> and REFRESH. Adding "refresh" access type in the Hive service definition 
> allows policy sharing between Hive and Impala. Since Hive doesn't support 
> REFRESH, when used in Hive, it will be a no-op.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (RANGER-2374) Add refresh access type to allow sharing policies between Hive and Impala

2019-05-29 Thread Velmurugan Periasamy (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy reassigned RANGER-2374:


Assignee: Ramesh Mani

> Add refresh access type to allow sharing policies between Hive and Impala
> -
>
> Key: RANGER-2374
> URL: https://issues.apache.org/jira/browse/RANGER-2374
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Fredy Wijaya
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: 
> 0001-RANGER-2374-Add-refresh-access-type-to-hive-service-.patch, 
> 0002-RANGER-2374-Add-refresh-access-type-to-hive-service-.patch
>
>
> Impala requires REFRESH for certain statements, such as INVALIDATE METADATA 
> and REFRESH. Adding "refresh" access type in the Hive service definition 
> allows policy sharing between Hive and Impala. Since Hive doesn't support 
> REFRESH, when used in Hive, it will be a no-op.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2451) Atlas plugin is not working when security zone is created for Atlas service in Ranger Admin.

2019-05-29 Thread Nixon Rodrigues (JIRA)

Nixon Rodrigues created RANGER-2451:
---

 Summary: Atlas plugin is not working when security zone is created 
for Atlas service in Ranger Admin.
 Key: RANGER-2451
 URL: https://issues.apache.org/jira/browse/RANGER-2451
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Reporter: Nixon Rodrigues
Assignee: Nixon Rodrigues


   Description: 
Steps - 
 1.Go to security zone page in Ranger UI.
 2.Create a security zone for atlas services with resources.
{noformat}
type-category resources
type-category : *
type : *

entity-type resources
entity-type : *
entity-classification : *
entity : *

atlas-service resources
atlas-service : *, atlas-service

relationship-type resources
end-one-entity-classification : *
end-two-entity : *
end-two-entity-type : *
relationship-type : *
end-two-entity-classification : *
end-one-entity-type : *
end-one-entity : *
{noformat}
3.Save the security zone.
 4.Go to Atlas UI and login.
 5.Check the application.logs of Atlas.
{code:java}
2019-05-27 12:26:55,508 ERROR - [pool-2-thread-7 - 
01480084-282d-4686-8220-84aa8d233252:] ~ Error handling a request: 
e361746af898b07c (ExceptionMapperUtil:32)
java.lang.ClassCastException: java.util.Collections$EmptySet cannot be cast to 
java.util.List
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromSingleResource(RangerPolicyEngineImpl.java:1768)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.convertFromAccessResource(RangerPolicyEngineImpl.java:1757)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.getMatchedZoneName(RangerPolicyEngineImpl.java:1636)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.zoneAwareAccessEvaluationWithNoAudit(RangerPolicyEngineImpl.java:1240)
        at 
org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl.evaluatePolicies(RangerPolicyEngineImpl.java:463)
        at 
org.apache.ranger.plugin.service.RangerBasePlugin.isAccessAllowed(RangerBasePlugin.java:450)
        at 
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.checkAccess(RangerAtlasAuthorizer.java:415)
        at 
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:378)
        at 
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:148)
        at 
org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer.isAccessAllowed(RangerAtlasAuthorizer.java:145)
        at 
org.apache.atlas.authorize.AtlasAuthorizationUtils.isAccessAllowed(AtlasAuthorizationUtils.java:127)

{code}





--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70697: RANGER-2437:Update grant/revoke error message to provide more information about the principal type

2019-05-29 Thread Velmurugan Periasamy


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70697/#review215583
---


Ship it!




Ship It!

- Velmurugan Periasamy


On May 21, 2019, 5:56 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70697/
> ---
> 
> (Updated May 21, 2019, 5:56 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Fredy Wijaya, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2437
> https://issues.apache.org/jira/browse/RANGER-2437
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2437:Update grant/revoke error message to provide more information 
> about the principal type
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 0e7cd8f 
> 
> 
> Diff: https://reviews.apache.org/r/70697/diff/1/
> 
> 
> Testing
> ---
> 
> Testing done in Local VM
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

[jira] [Commented] (RANGER-2450) Fix Failing HBase test cases

2019-05-29 Thread Pradeep Agrawal (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2450?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16850845#comment-16850845
 ] 

Pradeep Agrawal commented on RANGER-2450:
-

If Ranger Hbase test cases are enabled then Ranger build fails with stack-trace 
given here: 

[https://gist.github.com/pradeepagrawal8184/798bd00df71797ae74fe7aa4d53f3017]

> Fix Failing HBase test cases
> 
>
> Key: RANGER-2450
> URL: https://issues.apache.org/jira/browse/RANGER-2450
> Project: Ranger
>  Issue Type: Sub-task
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.0.0
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (RANGER-2449) if service part of zone is not present then null pointer exception is thrown

2019-05-29 Thread Nikhil Purbhe (JIRA)



 [ 
https://issues.apache.org/jira/browse/RANGER-2449?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nikhil Purbhe resolved RANGER-2449.
---
Resolution: Fixed

> if service part of zone is not present then null pointer exception is thrown
> 
>
> Key: RANGER-2449
> URL: https://issues.apache.org/jira/browse/RANGER-2449
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: master
>
>
> if service part of zone is not present then null pointer exception is thrown



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (RANGER-2449) if service part of zone is not present then null pointer exception is thrown

2019-05-29 Thread Nikhil Purbhe (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16850782#comment-16850782
 ] 

Nikhil Purbhe edited comment on RANGER-2449 at 5/29/19 12:03 PM:
-

patch committed on 
[master|https://github.com/apache/ranger/commit/abfdb0893f3cd50ced6941d059c08fb82380f598]


was (Author: nikhil@1):
patch committed on 
[master|https://github.com/apache/ranger/commit/abfdb0893f3cd50ced6941d059c08fb82380f598]]

> if service part of zone is not present then null pointer exception is thrown
> 
>
> Key: RANGER-2449
> URL: https://issues.apache.org/jira/browse/RANGER-2449
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: master
>
>
> if service part of zone is not present then null pointer exception is thrown



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2449) if service part of zone is not present then null pointer exception is thrown

2019-05-29 Thread Nikhil Purbhe (JIRA)



[ 
https://issues.apache.org/jira/browse/RANGER-2449?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16850782#comment-16850782
 ] 

Nikhil Purbhe commented on RANGER-2449:
---

patch committed on 
[master|https://github.com/apache/ranger/commit/abfdb0893f3cd50ced6941d059c08fb82380f598]]

> if service part of zone is not present then null pointer exception is thrown
> 
>
> Key: RANGER-2449
> URL: https://issues.apache.org/jira/browse/RANGER-2449
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Nikhil Purbhe
>Priority: Major
> Fix For: master
>
>
> if service part of zone is not present then null pointer exception is thrown



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

37 matches

Mail list logo