Re: Review Request 72673: RANGER-2908: Upgrade jackson version to 2.10.3

2020-07-13 Thread Kishor Gollapalliwar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72673/
---

(Updated July 14, 2020, 6:52 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nixon 
Rodrigues, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.


Bugs: RANGER-2908
https://issues.apache.org/jira/browse/RANGER-2908


Repository: ranger


Description
---

Upgrade jackson version to 2.10.3


Diffs
-

  pom.xml 2b7e1db14 


Diff: https://reviews.apache.org/r/72673/diff/1/


Testing
---

Tested Done:
1.Enforcement for HDFS, HBASE, HIVE, YARN, KNOX, KAFKA, ATLAS.
2.Tested enforcement for Zone policy
3.Tested CRUD for Service,Policy,Zone.
4.Tested CRUD for User,group and role.
5.Ranger Tag sync for Hive and enforcement.
6.Tested Ranger KMS by creating keys, rollover from UI.
7.Tested Ranger Usersync.


Thanks,

Kishor Gollapalliwar

Re: Review Request 72670: RANGER-2772: Fix regression introduced by earlier patch for applyPolicy REST API

2020-07-13 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72670/#review221204
---




security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Lines 1762 (patched)


Consider making line# #1762 - #1764 a little easier to read. Is this about 
checking value of PARAM_MERGE_IF_EXISTS for "true" vs "false"?


- Madhan Neethiraj


On July 14, 2020, 12:24 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72670/
> ---
> 
> (Updated July 14, 2020, 12:24 a.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2772
> https://issues.apache.org/jira/browse/RANGER-2772
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> applyPolicy() semantics implies that it is equivalent to createPolicy() with 
> 'mergeIfExists' set to value "true". However, a regression was introduced by 
> a patch for RANGER-2772 which violates this implication; 'mergeIfExists' is 
> presumed to be set to "false" by default. This leads to applyPolicy() to 
> implement updatePolicy() semantics when it's target is an existing policy.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 3422e436b 
> 
> 
> Diff: https://reviews.apache.org/r/72670/diff/1/
> 
> 
> Testing
> ---
> 
> Verified that default value of 'mergeIfExists' is set up correctly in all 
> (two) contexts.
> 1. When it is used from createPolicy(), and
> 2. When it is invoked through REST API.
> 
> Verified that legacy code using applyPolicy REST API is not broken.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 72670: RANGER-2772: Fix regression introduced by earlier patch for applyPolicy REST API

2020-07-13 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72670/
---

(Updated July 14, 2020, 12:24 a.m.)


Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2772
https://issues.apache.org/jira/browse/RANGER-2772


Repository: ranger


Description (updated)
---

applyPolicy() semantics implies that it is equivalent to createPolicy() with 
'mergeIfExists' set to value "true". However, a regression was introduced by a 
patch for RANGER-2772 which violates this implication; 'mergeIfExists' is 
presumed to be set to "false" by default. This leads to applyPolicy() to 
implement updatePolicy() semantics when it's target is an existing policy.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
3422e436b 


Diff: https://reviews.apache.org/r/72670/diff/1/


Testing (updated)
---

Verified that default value of 'mergeIfExists' is set up correctly in all (two) 
contexts.
1. When it is used from createPolicy(), and
2. When it is invoked through REST API.

Verified that legacy code using applyPolicy REST API is not broken.


Thanks,

Abhay Kulkarni

Re: Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III

2020-07-13 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72674/#review221203
---


Ship it!




Ship It!

- Madhan Neethiraj


On July 13, 2020, 9:58 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72674/
> ---
> 
> (Updated July 13, 2020, 9:58 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2858
> https://issues.apache.org/jira/browse/RANGER-2858
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Permission is granted  for 'any' access for a non-empty resource if any 
> policy in any security zone allows permission. Only the policies in the 
> security zone for the accessed resource should be considered for 
> authorization in such scenario.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
>  dbdb78048 
> 
> 
> Diff: https://reviews.apache.org/r/72674/diff/1/
> 
> 
> Testing
> ---
> 
> Tested for hive service, by exercising 'use ' command using 
> beeline. Verified that only the policies in the security zone which contains 
> resource  are evaluated for access.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Review Request 72674: RANGER-2858: 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies - Part III

2020-07-13 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72674/
---

Review request for ranger, Dineshkumar Yadav, Madhan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2858
https://issues.apache.org/jira/browse/RANGER-2858


Repository: ranger


Description
---

Permission is granted  for 'any' access for a non-empty resource if any policy 
in any security zone allows permission. Only the policies in the security zone 
for the accessed resource should be considered for authorization in such 
scenario.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 dbdb78048 


Diff: https://reviews.apache.org/r/72674/diff/1/


Testing
---

Tested for hive service, by exercising 'use ' command using beeline. 
Verified that only the policies in the security zone which contains resource 
 are evaluated for access.


Thanks,

Abhay Kulkarni

[jira] [Commented] (RANGER-2908) Upgrade jackson version to 2.10.3

2020-07-13 Thread Kishor Gollapalliwar (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17156883#comment-17156883
 ] 

Kishor Gollapalliwar commented on RANGER-2908:
--

Created Review request: [https://reviews.apache.org/r/72673/]

> Upgrade jackson version to 2.10.3
> -
>
> Key: RANGER-2908
> URL: https://issues.apache.org/jira/browse/RANGER-2908
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
>
> Upgrade jackson version to 2.10.3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-2908) Upgrade jackson version to 2.10.3

2020-07-13 Thread Kishor Gollapalliwar (Jira) 
Kishor Gollapalliwar created RANGER-2908:


 Summary: Upgrade jackson version to 2.10.3
 Key: RANGER-2908
 URL: https://issues.apache.org/jira/browse/RANGER-2908
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Reporter: Kishor Gollapalliwar


Upgrade jackson version to 2.10.3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (RANGER-2908) Upgrade jackson version to 2.10.3

2020-07-13 Thread Kishor Gollapalliwar (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kishor Gollapalliwar reassigned RANGER-2908:


Assignee: Kishor Gollapalliwar

> Upgrade jackson version to 2.10.3
> -
>
> Key: RANGER-2908
> URL: https://issues.apache.org/jira/browse/RANGER-2908
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
>
> Upgrade jackson version to 2.10.3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml

2020-07-13 Thread Pradeep Agrawal (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17156700#comment-17156700
 ] 

Pradeep Agrawal commented on RANGER-2907:
-

[~sneethiraj] : Shall attached patch resolve the issue. I have not tested this 
patch as I don't have an env to test the patch.

> Ranger Plugin is not using default TrustManager if a trustmanager is not 
> specified in ranger-policymgr-ssl.xml
> --
>
> Key: RANGER-2907
> URL: https://issues.apache.org/jira/browse/RANGER-2907
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Selvamohan Neethiraj
>Assignee: Selvamohan Neethiraj
>Priority: Critical
> Attachments: 
> 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch
>
>
> When a CA certified certificate is used by Ranger Admin, the RangerPlugin 
> should be able to use the default cacerts (from JVM) without having to 
> configure it manually.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml

2020-07-13 Thread Pradeep Agrawal (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2907:

Attachment: 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch

> Ranger Plugin is not using default TrustManager if a trustmanager is not 
> specified in ranger-policymgr-ssl.xml
> --
>
> Key: RANGER-2907
> URL: https://issues.apache.org/jira/browse/RANGER-2907
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Selvamohan Neethiraj
>Assignee: Selvamohan Neethiraj
>Priority: Critical
> Attachments: 
> 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch
>
>
> When a CA certified certificate is used by Ranger Admin, the RangerPlugin 
> should be able to use the default cacerts (from JVM) without having to 
> configure it manually.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-13 Thread rujia (Jira) 


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17156685#comment-17156685
 ] 

rujia commented on RANGER-2891:
---

this interface has been deleted since presto version 331, so we need not impl 
it any more 

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-13 Thread rujia (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia resolved RANGER-2891.
---
Resolution: Won't Fix

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)