Re: Review Request 72520: RANGER-2829: plugins to support super-users/groups, and audit-exclude-users/groups/roles via configurations

2020-05-18 Thread bhavik patel

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72520/#review220814
---


Ship it!




Ship It!

- bhavik patel


On May 17, 2020, 8:16 p.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72520/
> ---
> 
> (Updated May 17, 2020, 8:16 p.m.)
> 
> 
> Review request for ranger, Kishor Gollapalliwar, Abhay Kulkarni, Mehul 
> Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2829
> https://issues.apache.org/jira/browse/RANGER-2829
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Updated RangerBasePlugins to read super-users/groups and 
> audit-exclude-users/groups/roles from plugin config
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
>  89a31ccf6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
>  41b24920d 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
>  2567edb29 
> 
> 
> Diff: https://reviews.apache.org/r/72520/diff/1/
> 
> 
> Testing
> ---
> 
> - verified manually by using updated agents-common library
> - updated unit tests to read super-users/groups, 
> audit-exclude-users/groups/roles from plugin-config
> - verified that unit tests pass
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>



Re: Review Request 72500: RANGER-2823: RangerResouceTrie.copySubTree() does not set up TrieNode's child nodes correctly

2020-05-18 Thread bhavik patel

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72500/#review220813
---


Ship it!




Ship It!

- bhavik patel


On May 12, 2020, 4:51 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72500/
> ---
> 
> (Updated May 12, 2020, 4:51 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2823
> https://issues.apache.org/jira/browse/RANGER-2823
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger uses Trie object (instance of RangerResourceTrie class) to index 
> policies, tags and zones for efficient searching. The API to deep-copy Trie 
> object does not work correctly, as the information about the child nodes in a 
> TrieNode is not replicated correctly.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceTrie.java
>  e7d913c54 
> 
> 
> Diff: https://reviews.apache.org/r/72500/diff/1/
> 
> 
> Testing
> ---
> 
> Tested by exercising copying existing Trie object and asserting that copy 
> contains the same TrieNode hierarchy as original Trie.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>



Re: Review Request 72517: RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies

2020-05-18 Thread bhavik patel

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72517/#review220812
---


Ship it!




Ship It!

- bhavik patel


On May 16, 2020, 6:28 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72517/
> ---
> 
> (Updated May 16, 2020, 6:28 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2828
> https://issues.apache.org/jira/browse/RANGER-2828
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2828:RangerExportPolicy with resource filter fails to fetch policies
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 857a597 
> 
> 
> Diff: https://reviews.apache.org/r/72517/diff/2/
> 
> 
> Testing
> ---
> 
> Verified in local vm with curl
> curl -k -u admin:admin --verbose -X GET 
> 'http://172.25.34.170:6080/service/plugins/policies/exportJson?serviceName=c349_hive=SZ_SL:database=SZ_SL=hive=self_or_ancestor=full'
>  curl -k -u admin:admin --verbose -X GET 
> 'http://172.25.34.170:6080/service/plugins/policies/exportJson?serviceName=c349_hive=SZ_SL:database=SZ_SL=hive=self_or_ancestor'
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>



[jira] [Commented] (RANGER-2754) Update presto dependency and implement row/column level security

2020-05-18 Thread Bolke de Bruin (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17110094#comment-17110094
 ] 

Bolke de Bruin commented on RANGER-2754:


It's already fixed in master

> Update presto dependency and implement row/column level security
> 
>
> Key: RANGER-2754
> URL: https://issues.apache.org/jira/browse/RANGER-2754
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: master
>Reporter: Bolke de Bruin
>Assignee: Bolke de Bruin
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> RANGER-2754-v2.patch, RANGER-2754.patch
>
>
> 1. PrestoSql has changed its Security API hence the Ranger plugin has stopped 
> working for versions > ~321. 
> 2. Presto master now has row/column level security support



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2754) Update presto dependency and implement row/column level security

2020-05-18 Thread Palash Das (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17109963#comment-17109963
 ] 

Palash Das commented on RANGER-2754:


[~toopt4] 
This is bad news, does this mean that we have to stick to prestosql 331?

> Update presto dependency and implement row/column level security
> 
>
> Key: RANGER-2754
> URL: https://issues.apache.org/jira/browse/RANGER-2754
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: master
>Reporter: Bolke de Bruin
>Assignee: Bolke de Bruin
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> 0001-RANGER-2754-Upgrade-presto-dependency-and-improve-lo.patch, 
> RANGER-2754-v2.patch, RANGER-2754.patch
>
>
> 1. PrestoSql has changed its Security API hence the Ranger plugin has stopped 
> working for versions > ~321. 
> 2. Presto master now has row/column level security support



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2810) Kafka with Ranger plugin will fail

2020-05-18 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17109924#comment-17109924
 ] 

Pradeep Agrawal commented on RANGER-2810:
-

I am able to reproduce this issue in Ranger master branch code.

*Steps to reproduce quickly :* 

1) Change maxlife of a principal to 10 minute (default is 24hours)

2) Enable ranger plugin and restart kafka.

3) Wait for 10 minute and try to run producer/consumer commands.

4) Command will fail with below error:
{code:java}
ERROR [Producer clientId=console-producer] Connection to node -1 (host:port) 
failed authentication due to: Authentication failed during authentication due 
to invalid credentials with SASL mechanism GSSAPI 
(org.apache.kafka.clients.NetworkClient){code}
*Note:* Issue is reproducible only when  authorizer.class.name is set to 
"org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer". Its 
not reproducible when authorizer.class.name is set to 
"kafka.security.authorizer.AclAuthorizer"

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail

2020-05-18 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2810:

  Component/s: (was: audit)
   Ranger
Affects Version/s: 2.1.0
   master

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)