Re: Review Request 72685: RANGER-2912: ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72685/#review221260 --- Ship it! Ship It! - Pradeep Agrawal On July 16, 2020, 3:44 a.m., ru jia wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72685/ > --- > > (Updated July 16, 2020, 3:44 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-2912 > https://issues.apache.org/jira/browse/RANGER-2912 > > > Repository: ranger > > > Description > --- > > Audit for ES cann't work on none-security mode now, need more condition > judgements. > > > Diffs > - > > > agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java > 384d1a0 > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java > 57d4735 > > security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java > 1c1ff4e > > > Diff: https://reviews.apache.org/r/72685/diff/1/ > > > Testing > --- > > Compilation pass and already tested on none-security cluster > > > Thanks, > > ru jia > >
Review Request 72693: RANGER-2918:Ranger Audit for HBase does not capture predicates
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72693/ --- Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. Bugs: RANGER-2918 https://issues.apache.org/jira/browse/RANGER-2918 Repository: ranger Description --- RANGER-2918:Ranger Audit for HBase does not capture predicates Diffs - hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseConstants.java PRE-CREATION hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java c50a192 Diff: https://reviews.apache.org/r/72693/diff/1/ Testing --- Verified in Local vm - Get and Scan commands have various predicates and this all will be printed in ranger audit where command Strings are stored Thanks, Ramesh Mani
[jira] [Created] (RANGER-2918) Ranger Audit for HBase does not capture predicates
Ramesh Mani created RANGER-2918: --- Summary: Ranger Audit for HBase does not capture predicates Key: RANGER-2918 URL: https://issues.apache.org/jira/browse/RANGER-2918 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 2.1.0 Reporter: Ramesh Mani Assignee: Ramesh Mani Fix For: 2.1.0 Ranger Audit for HBase does not capture predicates -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index
Pradeep Agrawal created RANGER-2917: --- Summary: Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index Key: RANGER-2917 URL: https://issues.apache.org/jira/browse/RANGER-2917 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`
[ https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2909. - Resolution: Information Provided > Authorization support for atlas `entity-label` and `entity-business metadata` > - > > Key: RANGER-2909 > URL: https://issues.apache.org/jira/browse/RANGER-2909 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: ranger-2.0 >Reporter: Nityananda Gohain >Assignee: Pradeep Agrawal >Priority: Major > > We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but > we wanted authorisation for `entity-labels` and `entity-business-metadata` > that comes with new version of Atlas i.e Atlas 2.0.0. > # We tried building ranger from the master branch, but authorisation for > roles which were attached to policies was not working (authorisation for > users and groups attached to policies was working) > # Since the above didn’t work we tried building ranger from the specific > commit where the patch to support authorisation for labels and > business-metadata was added > [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb] > , the same problem appeared here i.e authorisation for roles attached to > policies was not working > # Finally, we added the patches to Ranger 2.0.0 > ## Applied the patches > [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825] > , > [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93] > ## After building and running ranger I had to manually delete the entry from > `x_db_version_h` table i.e `J10034` and then restart ranger to apply the > patch by running `db_setup.py`. Even after applying the patch, the changes > are not reflected. i.e(No option for `entity-label` and > `entity-business-metadata` (have also checked `x_access_type_def` table and > entity-label and entity-business-metadata was not present) > What will be the best way to move forward to support authorisation for > `labels` and `business-metadata` where authorisation policies work with roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)