Re: Review Request 72632: RANGER-2886: Exporting tag policies fails when 'polResource' query parameter is used

2020-06-30 Thread Ramesh Mani

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72632/#review221102
---


Ship it!




Ship It!

- Ramesh Mani


On June 30, 2020, 9:54 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72632/
> ---
> 
> (Updated June 30, 2020, 9:54 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Mehul Parikh, Ramesh Mani, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2886
> https://issues.apache.org/jira/browse/RANGER-2886
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Exporting tag policies fails when 'polResource' query parameter is used and 
> serviceName parameter is omitted
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> c6308eefe 
> 
> 
> Diff: https://reviews.apache.org/r/72632/diff/1/
> 
> 
> Testing
> ---
> 
> Ensures that REST API for exporting policies in JSON format with and without 
> serviceName and/or serviceType parameters works as expected.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>



Review Request 72632: RANGER-2886: Exporting tag policies fails when 'polResource' query parameter is used

2020-06-30 Thread Abhay Kulkarni

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72632/
---

Review request for ranger, Dineshkumar Yadav, Mehul Parikh, Ramesh Mani, and 
Velmurugan Periasamy.


Bugs: RANGER-2886
https://issues.apache.org/jira/browse/RANGER-2886


Repository: ranger


Description
---

Exporting tag policies fails when 'polResource' query parameter is used and 
serviceName parameter is omitted


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
c6308eefe 


Diff: https://reviews.apache.org/r/72632/diff/1/


Testing
---

Ensures that REST API for exporting policies in JSON format with and without 
serviceName and/or serviceType parameters works as expected.


Thanks,

Abhay Kulkarni



[jira] [Assigned] (RANGER-2886) Exporting tag policies fails when 'polResource' query parameter is used

2020-06-30 Thread Ramesh Mani (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani reassigned RANGER-2886:
---

Assignee: Abhay Kulkarni  (was: Dineshkumar Yadav)

> Exporting tag policies fails when 'polResource' query parameter is used
> ---
>
> Key: RANGER-2886
> URL: https://issues.apache.org/jira/browse/RANGER-2886
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Ramesh Mani
>Assignee: Abhay Kulkarni
>Priority: Major
>
> Exporting tag policies fails when 'polResource' query parameter is used



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (RANGER-2886) Exporting tag policies fails when 'polResource' query parameter is used

2020-06-30 Thread Ramesh Mani (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2886?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani reassigned RANGER-2886:
---

Assignee: Dineshkumar Yadav  (was: Abhay Kulkarni)

> Exporting tag policies fails when 'polResource' query parameter is used
> ---
>
> Key: RANGER-2886
> URL: https://issues.apache.org/jira/browse/RANGER-2886
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Ramesh Mani
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> Exporting tag policies fails when 'polResource' query parameter is used



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2864) Group creation is failing during import policy

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2864:

Fix Version/s: 2.1.0

> Group creation is failing during import policy
> --
>
> Key: RANGER-2864
> URL: https://issues.apache.org/jira/browse/RANGER-2864
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.1.0
>
>
> while creating a group during import policy, description field is null that 
> is leading to fail group creation.
>  As "descr" column in the table is not null for x_group in mysql.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2864) Group creation is failing during import policy

2020-06-30 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148569#comment-17148569
 ] 

Pradeep Agrawal commented on RANGER-2864:
-

Patch committed : 
[https://github.com/apache/ranger/commit/641ef11a2e45887d689c986b2584fd3ba4c9fcc5]

> Group creation is failing during import policy
> --
>
> Key: RANGER-2864
> URL: https://issues.apache.org/jira/browse/RANGER-2864
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> while creating a group during import policy, description field is null that 
> is leading to fail group creation.
>  As "descr" column in the table is not null for x_group in mysql.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed

2020-06-30 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148567#comment-17148567
 ] 

Pradeep Agrawal commented on RANGER-2855:
-

Patch committed : 
[https://github.com/apache/ranger/commit/a14b6d6aa57d6bc0026713e73750df716c65aa8f]

> import policy for ranger is not working properly if updateifexist parameter 
> is passed
> -
>
> Key: RANGER-2855
> URL: https://issues.apache.org/jira/browse/RANGER-2855
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.1.0
>
>
> *Problem Statement:*
> Currently, Import Policy API provide option to updateIfExist all policies of 
> given service but it update the non matching policy.
> *Current Imlementation* 
> 'updateIfExists' flag : API shall update existing policies with new policy 
> json based on either of the following conditions.
>  a) existing and new policy guid is matching
>  b) existing and new policy name, service and zone are matching
>  c) existing and new policy name and service are matching.
> If there is a policy which matches the resource, the policy should be updated 
> with the data provided.
> If there is no policy which matches the resource, a new policy should be 
> created with the data provided.
> *Proposed Solution :*
> Patch shall compare resource signature of existing policy with new policy 
> provide if it matches then update otherwise create new policy.
> *Behaviour of the Import API shall be:*
> 1) 'Override' flag : API shall delete all the policies of given target 
> service and shall create the new policies from the received json.
> 2) 'deleteIfExists' flag : API shall delete those existing policies which are 
> exactly matching after comparing with new policy based on their resources. 
> After deleting the existing policy, API shall create the new policy from the 
> given json file. 
> 3) 'updateIfExists' flag with polResource input : API shall delete all the 
> existing policies from target service of which resources are exactly matching 
> with given policies resources. 
> 4) 'updateIfExists' flag without resource input : API shall update existing 
> policies with new policy json based on following conditions.
>     a) existing and new policy should match by resource signature
> 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items 
> with the new policy of which resources will match exactly with available 
> policies.
> 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which 
> resources are exactly matching. update the policies which are matching else 
> will create the policy.
> If none of the cases are matching then API shall try to create the policy. 
> Policy creation validation will be done before creating the policy.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2855) import policy for ranger is not working properly if updateifexist parameter is passed

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2855:

Fix Version/s: 2.1.0

> import policy for ranger is not working properly if updateifexist parameter 
> is passed
> -
>
> Key: RANGER-2855
> URL: https://issues.apache.org/jira/browse/RANGER-2855
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.1.0
>
>
> *Problem Statement:*
> Currently, Import Policy API provide option to updateIfExist all policies of 
> given service but it update the non matching policy.
> *Current Imlementation* 
> 'updateIfExists' flag : API shall update existing policies with new policy 
> json based on either of the following conditions.
>  a) existing and new policy guid is matching
>  b) existing and new policy name, service and zone are matching
>  c) existing and new policy name and service are matching.
> If there is a policy which matches the resource, the policy should be updated 
> with the data provided.
> If there is no policy which matches the resource, a new policy should be 
> created with the data provided.
> *Proposed Solution :*
> Patch shall compare resource signature of existing policy with new policy 
> provide if it matches then update otherwise create new policy.
> *Behaviour of the Import API shall be:*
> 1) 'Override' flag : API shall delete all the policies of given target 
> service and shall create the new policies from the received json.
> 2) 'deleteIfExists' flag : API shall delete those existing policies which are 
> exactly matching after comparing with new policy based on their resources. 
> After deleting the existing policy, API shall create the new policy from the 
> given json file. 
> 3) 'updateIfExists' flag with polResource input : API shall delete all the 
> existing policies from target service of which resources are exactly matching 
> with given policies resources. 
> 4) 'updateIfExists' flag without resource input : API shall update existing 
> policies with new policy json based on following conditions.
>     a) existing and new policy should match by resource signature
> 5) 'mergeIfExists' flag : API shall merge the existing policy's policy-items 
> with the new policy of which resources will match exactly with available 
> policies.
> 6) 'deleteIfExists' flag and 'updateIfExists' : delete the policies of which 
> resources are exactly matching. update the policies which are matching else 
> will create the policy.
> If none of the cases are matching then API shall try to create the policy. 
> Policy creation validation will be done before creating the policy.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2545) Migrate Ranger Logging to slf4j framework

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2545:

Fix Version/s: (was: 2.1.0)

> Migrate Ranger Logging to slf4j framework
> -
>
> Key: RANGER-2545
> URL: https://issues.apache.org/jira/browse/RANGER-2545
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
> Attachments: 
> 0001-RANGER-2545-Migrate-Ranger-Logging-to-slf4j-framewor.patch
>
>
> Ranger has direct references to Log4j1.
> As a result, systems which have moved over to using log4j2, logback etc via 
> slf4j as a facade end up requiring multiple logging configuration files. One 
> log4j1 config file for ranger, and another for the rest of the component.
> Would be useful to move to slf4j or some other logging facade.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2863) Ranger UI Improvement.

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2863:

Fix Version/s: 2.1.0

> Ranger UI Improvement.
> --
>
> Key: RANGER-2863
> URL: https://issues.apache.org/jira/browse/RANGER-2863
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2863.patch, 0002-RANGER-2863.patch, 
> 0003-RANGER-2863.patch, display1.png, display2.png
>
>
> UI Improvement
> 1 . Added sidebar for all page. This will make navigation between various 
> repositories a lot easier



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2810.
-
Resolution: Information Provided

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, 
> image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


Re: Review Request 72617: RANGER-2872: The Ranger authentication group permission of the ES does not take effect.

2020-06-30 Thread bhavik patel

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72617/#review221097
---


Ship it!




Ship It!

- bhavik patel


On June 24, 2020, 8:34 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72617/
> ---
> 
> (Updated June 24, 2020, 8:34 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Colm 
> O hEigeartaigh, Gautam Borad, Jayendra Parab, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Sailaja Polavarapu, Velmurugan Periasamy, Qiang Zhang, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2872
> https://issues.apache.org/jira/browse/RANGER-2872
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement:** In Elastic search plugin group ACL is not working.  
> When a user is in a group and user is not added in the ranger elasticsearch 
> policy but group is added in the policy then user request to elasticsearch 
> API fails. 
> 
> **Proposed Solution:** Currently groups value null is being passed in 
> checkPermission method, hence user's group should be loaded from hadoop ugi 
> for the logged in user.
> 
> 
> Diffs
> -
> 
>   
> plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
>  f5201cec4 
> 
> 
> Diff: https://reviews.apache.org/r/72617/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>



[jira] [Commented] (RANGER-2863) Ranger UI Improvement.

2020-06-30 Thread Nitin Galave (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148483#comment-17148483
 ] 

Nitin Galave commented on RANGER-2863:
--

Committed to [Apache 
Master|https://github.com/apache/ranger/commit/8ed113f424d0054b364cc6bd5874225d6f2011ba]
 branch

> Ranger UI Improvement.
> --
>
> Key: RANGER-2863
> URL: https://issues.apache.org/jira/browse/RANGER-2863
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: 0001-RANGER-2863.patch, 0002-RANGER-2863.patch, 
> 0003-RANGER-2863.patch, display1.png, display2.png
>
>
> UI Improvement
> 1 . Added sidebar for all page. This will make navigation between various 
> repositories a lot easier



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-30 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2810:
--
Attachment: 0001-kafka-authorizer-ticket-expired-fix.patch

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, 
> image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)