Re: Review Request 72693: RANGER-2918:Ranger Audit for HBase does not capture predicates

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72693/#review221267
---


Ship it!




Ship It!

- Madhan Neethiraj


On July 20, 2020, 5:43 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72693/
> ---
> 
> (Updated July 20, 2020, 5:43 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2918
> https://issues.apache.org/jira/browse/RANGER-2918
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2918:Ranger Audit for HBase does not capture predicates
> 
> 
> Diffs
> -
> 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseConstants.java
>  PRE-CREATION 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  c50a192 
> 
> 
> Diff: https://reviews.apache.org/r/72693/diff/2/
> 
> 
> Testing
> ---
> 
> Verified in Local vm
>  - Get and Scan commands have various predicates and this all will be printed 
> in ranger audit where command Strings are stored
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

Re: Review Request 72693: RANGER-2918:Ranger Audit for HBase does not capture predicates

[Ramesh Mani]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72693/
---

(Updated July 20, 2020, 5:43 a.m.)


Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.


Changes
---

Fixed review comments


Bugs: RANGER-2918
https://issues.apache.org/jira/browse/RANGER-2918


Repository: ranger


Description
---

RANGER-2918:Ranger Audit for HBase does not capture predicates


Diffs (updated)
-

  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseConstants.java
 PRE-CREATION 
  
hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
 c50a192 


Diff: https://reviews.apache.org/r/72693/diff/2/

Changes: https://reviews.apache.org/r/72693/diff/1-2/


Testing
---

Verified in Local vm
 - Get and Scan commands have various predicates and this all will be printed 
in ranger audit where command Strings are stored


Thanks,

Ramesh Mani

[jira] [Commented] (RANGER-2200) Add-ons to support WASB in Ranger Authorization Model - Doesn't enforce

[gaozhan ding (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-2200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160884#comment-17160884
 ] 

gaozhan ding commented on RANGER-2200:
--

[~rmani] Is there a manual for me to support WASB in Ranger Authorization Model.

> Add-ons to support WASB in Ranger Authorization Model - Doesn't enforce
> ---
>
> Key: RANGER-2200
> URL: https://issues.apache.org/jira/browse/RANGER-2200
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.7.0
>Reporter: Abhishek Sakhuja
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 0.7.0
>
>
> Earlier given solution:
> _"Add-ons to support WASB in Ranger Authorization Model. This will gives an 
> option to add WASB as Service in the Ranger._ 
>  _In ranger-admin-site.xml the parameter to include is 
> ranger.supportedcomponents=tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,wasb_
>  
>  _This will add the WASB ServiceDef along with other services to Ranger."_
> But this solution doesn't enforce any WASB rules added in Ranger 0.7.0. It 
> more over looks like a template added to Ranger for WASB which doesn't 
> enforce any rules.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72693: RANGER-2918:Ranger Audit for HBase does not capture predicates

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72693/#review221264
---


Fix it, then Ship it!





hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
Lines 1003 (patched)


consider movnig #1003 and #1150 into getCommandString() method, to avoid 
duplicates


- Madhan Neethiraj


On July 18, 2020, 11:17 p.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72693/
> ---
> 
> (Updated July 18, 2020, 11:17 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-2918
> https://issues.apache.org/jira/browse/RANGER-2918
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-2918:Ranger Audit for HBase does not capture predicates
> 
> 
> Diffs
> -
> 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/HbaseConstants.java
>  PRE-CREATION 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  c50a192 
> 
> 
> Diff: https://reviews.apache.org/r/72693/diff/1/
> 
> 
> Testing
> ---
> 
> Verified in Local vm
>  - Get and Scan commands have various predicates and this all will be printed 
> in ranger audit where command Strings are stored
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>

[jira] [Resolved] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode

[Pradeep Agrawal (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2912.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/0fa3ef5497bc563e0ff80e9696fdb1bc309d7fe1]

> ranger and plugins will throw GSSAPI error when write audit log to 
> ElasticSearch when cluster running on none security mode
> ---
>
> Key: RANGER-2912
> URL: https://issues.apache.org/jira/browse/RANGER-2912
> Project: Ranger
>  Issue Type: Bug
>  Components: audit, plugins, Ranger
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-issue-fix-for-es-audit.patch
>
>
> user and password default set to 'NONE' when connect to ES, but ranger-audit 
> and plugins doesn't handle String 'NONE',  and will try to get subject from 
> ENV for both sec and none sec mode.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 72685: RANGER-2912: ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72685/#review221260
---


Ship it!




Ship It!

- Pradeep Agrawal


On July 16, 2020, 3:44 a.m., ru jia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72685/
> ---
> 
> (Updated July 16, 2020, 3:44 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2912
> https://issues.apache.org/jira/browse/RANGER-2912
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Audit for ES cann't work on none-security mode now, need more condition 
> judgements.
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java
>  384d1a0 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/ElasticSearchIndexBootStrapper.java
>  57d4735 
>   
> security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchMgr.java
>  1c1ff4e 
> 
> 
> Diff: https://reviews.apache.org/r/72685/diff/1/
> 
> 
> Testing
> ---
> 
> Compilation pass and already tested on none-security cluster
> 
> 
> Thanks,
> 
> ru jia
> 
>