xasecure.audit.destination.hdfs.batch.filequeue.filespool.file.rollover.sec=300
( This will determine the JSON file size which will be copied to HDFS)
xasecure.audit.destination.hdfs.batch.filequeue.filespool.dir=/var/log/hadoop/audit/staging/spool
( This is the local staging directory for audit)
Thanks,
Ramesh Mani
kerberos
ticket renewal for Kafka UGI used for policy download and auditing.
Thanks,
Ramesh Mani
/73270/diff/2/
Changes: https://reviews.apache.org/r/73270/diff/1-2/
Testing
---
- Verified Kafka Plugin and auditing for it in Local VM and verified kerberos
ticket renewal for Kafka UGI used for policy download and auditing.
Thanks,
Ramesh Mani
tps://reviews.apache.org/r/73270/#review222783
---
On April 7, 2021, 6:17 p.m., Ramesh Mani wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> http
the calls.
2) chown -> Deny gets audited for the file not owned by the same user who runs
the command.
3) Addressed audit log for SuperUsers -> implemented denyUserAccess and
checkSuperUserPermissionWithContext
Thanks,
Ramesh Mani
y gets audited for the file not owned by the same user who runs
the command.
3) Addressed audit log for SuperUsers -> implemented denyUserAccess and
checkSuperUserPermissionWithContext
Thanks,
Ramesh Mani
pom.xml fe7812bd7
Diff: https://reviews.apache.org/r/73272/diff/1/
Testing
---
Testing done with local build and vm.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73274/#review222829
---
Ship it!
Ship It!
- Ramesh Mani
On April 14, 2021, 1:52 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73294/#review222851
---
Ship it!
Ship It!
- Ramesh Mani
On April 22, 2021, 3:33 p.m
, authorization failed for those users/ groups and
roles and this patch takes care of it
- verified by setting current role with "set role " within the same
Hive session.
- verified show roles and show current roles based on inclusion and exclusion
of user / groups and roles.
Thanks,
Ramesh Mani
ger also fetches the roles from ranger Plugin instead of
going to Ranger Admin. But I see that this can be simplified instead of using
getCurrentRolesFromRanger() call.
- Ramesh
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.ap
n the same
Hive session.
- verified show roles and show current roles based on inclusion and exclusion
of user / groups and roles.
Thanks,
Ramesh Mani
eviews.apache.org/r/73300/#review222871
---
On April 26, 2021, 8:25 p.m., Ramesh Mani wrote:
>
> ---
> This is an automatically generated e-mail. To re
n the same
Hive session.
- verified show roles and show current roles based on inclusion and exclusion
of user / groups and roles.
Thanks,
Ramesh Mani
can be null then you can have it as
this.otherAttrsMap = otherAttrsMap
- Ramesh Mani
On April 27, 2021, 10:42 p.m., Sailaja Polavarapu wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://re
having a filter for ROLE operations like SHOW ROLES, CREATE ROLE etc.
- Removed the default filter for SHOW_ROLEs operation as this audit was caused
by a bug in the role command auditing, so no need to have a default filter for
SHOW_ROLES to be removed.
Thanks,
Ramesh Mani
/RangerBasePlugin.java
Lines 201 (patched)
<https://reviews.apache.org/r/73327/#comment312094>
why we disable policy refresher by checking "disableTagRetriever"? Is it on
purpose?
Also should we do a WARNING that policy refresh / Tag refresh is disabled
for a plugin?
- Rame
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73312/#review222933
---
Ship it!
Ship It!
- Ramesh Mani
On April 29, 2021, 4:19 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7/#review222949
---
Ship it!
Ship It!
- Ramesh Mani
On May 5, 2021, 12:30 a.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73327/#review222951
---
Ship it!
Ship It!
- Ramesh Mani
On May 5, 2021, 3:47 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73338/#review222952
---
Ship it!
Ship It!
- Ramesh Mani
On May 6, 2021, 4:43 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73342/#review222988
---
Ship it!
Ship It!
- Ramesh Mani
On May 13, 2021, 9:48 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73350/#review222990
---
Ship it!
Ship It!
- Ramesh Mani
On May 12, 2021, 12:56 a.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73309/#review222991
---
Ship it!
Ship It!
- Ramesh Mani
On April 29, 2021, 1:32 p.m
/authorizer/RangerKafkaAuthorizer.java
Line 176 (original), 231 (patched)
<https://reviews.apache.org/r/73344/#comment312161>
can resourcePattern() be null. please check
- Ramesh Mani
On May 18, 2021, 4:16 a.m., Chia-Ping Tsai
/PropertiesUtil.java
Lines 324 (patched)
<https://reviews.apache.org/r/73360/#comment312162>
Nit pick: consider doing this
logger.debug("PropertiesUtil:[" + keyStr + "][" +
(keyStr.contains("password") ? "****" : props.get(keyStr)) + &qu
hanks,
Ramesh Mani
e.org/r/73361/diff/1-2/
Testing
---
- Verified in local VM read opertions with and without audit filter for READ
operation.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73360/#review223015
---
Ship it!
Ship It!
- Ramesh Mani
On May 20, 2021, 12:15 p.m
Diffs
-
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAuditPolicyEvaluator.java
108856fcf
Diff: https://reviews.apache.org/r/73367/diff/1/
Testing
---
Verified in local VM for audit filter to filter out Allow and deny request in
Hive.
Thanks,
Ramesh
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73378/#review223052
---
Ship it!
Ship It!
- Ramesh Mani
On May 26, 2021, 3:03 p.m
audit related to it.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73389/#review223072
---
Ship it!
Ship It!
- Ramesh Mani
On May 27, 2021, 6:55 p.m
.
- Verified YARN and HDFS fallback and audit related to it.
- Fixed failing Unit test based on this change.
Thanks,
Ramesh Mani
YARN and HDFS fallback and audit related to it.
- Fixed failing Unit test based on this change.
Thanks,
Ramesh Mani
is will enable other plugins to use similar service admin
check for any ROLE based command authorization check.
Thanks,
Ramesh Mani
tomatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71899/#review222568
-------
On Jan. 27, 2021, 9:19 p.m., Ramesh Mani wrote:
>
> ---
> This is an au
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73410/#review223141
---
Ship it!
Ship It!
- Ramesh Mani
On June 7, 2021, 11:39 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73420/#review223145
---
Ship it!
Ship It!
- Ramesh Mani
On June 14, 2021, 4:07 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73420/#review223146
---
Ship it!
Ship It!
- Ramesh Mani
On June 14, 2021, 5:11 p.m
rence overall.
- Ramesh
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71899/#review223148
---
On June 5, 2021, 7:48 a.m., Ramesh Mani
f this
occurance.
plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoResourceManager.java
Line 109 (original), 109 (patched)
<https://reviews.apache.org/r/73424/#comment312258>
<== instead of ==>
- Ramesh Mani
O
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73424/#review223160
---
Ship it!
Ship It!
- Ramesh Mani
On June 16, 2021, 6:09 a.m
> On June 15, 2021, 9:59 p.m., Ramesh Mani wrote:
> > plugin-presto/src/main/java/org/apache/ranger/services/presto/client/PrestoResourceManager.java
> > Line 44 (original), 44 (patched)
> > <https://reviews.apache.org/r/73424/diff/1/?file=2250920#file2250920line44>
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73425/#review223172
---
Ship it!
Ship It!
- Ramesh Mani
On June 16, 2021, 10:29 p.m
authentication call for the
first download and if there are no changes only 304 response will be there.
There won't be any 401 kerberos authentication call each time when downloads
are happening.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73454/#review223214
---
Ship it!
Ship It!
- Ramesh Mani
On July 12, 2021, 10:55 p.m
ranger-examples/distro/src/main/assembly/sample-client.xml 953cc1dce
Diff: https://reviews.apache.org/r/73457/diff/1/
Testing
---
Verified in local vm all testing a passing.
Thanks,
Ramesh Mani
,
Ramesh Mani
h tag download, so that
cookie is preserved and used for subsequent calls.
Thanks,
Ramesh Mani
roles command
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73487/#review223270
---
Ship it!
Ship It!
- Ramesh Mani
On July 27, 2021, 4:46 a.m
> On June 16, 2021, 6:33 a.m., Ramesh Mani wrote:
> > Ship It!
>
> Naoki Takezoe wrote:
> Hmm... Looks like this hasn't been applied yet. Was my patch wrong again?
Patch applied to master branch. Thanks!
- Ramesh
---
/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
43fddd34e
Diff: https://reviews.apache.org/r/73493/diff/1/
Testing
---
- Verified in local VM "SHOW ROLES" command in beeline.
Thanks,
Ramesh Mani
unauthorised user
Thanks,
Ramesh Mani
missing in
authorization request. ( Alter Table Set Owner)
- Verified the commands which are newly added for which authorization was not
defined in ranger ( Alter Materialized view )
- Verified all the command running the test suite.
Thanks,
Ramesh Mani
)
- Verified all the command running the test suite.
Thanks,
Ramesh Mani
which are newly added for which authorization was not
defined in ranger ( Alter Materialized view )
- Verified all the command running the test suite.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73516/#review223336
---
Ship it!
Ship It!
- Ramesh Mani
On Aug. 15, 2021, 6:30 a.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73517/#review223341
---
Ship it!
Ship It!
- Ramesh Mani
On Aug. 14, 2021, 6:59 p.m
8621f73e2
Diff: https://reviews.apache.org/r/73486/diff/2/
Changes: https://reviews.apache.org/r/73486/diff/1-2/
Testing
---
- Verified set current roles command
- Verified get current roles command
Thanks,
Ramesh Mani
commands for which input outpout HiveObject
context will be empty, but still authorization will be done. Hence an
excludelist will be checked.
- Verified in local VM for those commands.
Thanks,
Ramesh Mani
started fine.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73574/#review223459
---
Ship it!
Ship It!
- Ramesh Mani
On Sept. 8, 2021, 4:23 p.m
thout db's
presence
- Verified commands Drop table if exists or Drop table if
exists with and without db/tables presence.
- Behavior should same as how hive handle this commands with Ranger.
Thanks,
Ramesh Mani
Dear Ranger Community members,
There are many features and fixes done in Apache Ranger Project since the
release of Apache Ranger 2.1.0. These features enhance the quality and
improve the user experience of Apache Ranger overall.
Some of the key enhancements/features in this release are
s how hive handle this commands with Ranger.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73587/#review223495
---
Ship it!
Ship It!
- Ramesh Mani
On Sept. 17, 2021, 6:12 p.m
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73588/#review223496
---
Ship it!
Ship It!
- Ramesh Mani
On Sept. 17, 2021, 9:45 p.m
Dear Ranger Community members,
This is the reminder to give your opinion on Apache Ranger Release 2.2.0.
Thanks,
Ramesh
On Tue, Sep 14, 2021 at 2:48 PM Ramesh Mani wrote:
> Dear Ranger Community members,
>
>
>
> There are many features and fixes done in Apache Ranger Pr
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73281/#review223527
---
Ship it!
Ship It!
- Ramesh Mani
On Sept. 21, 2021, 7:18 a.m
-
pom.xml 3b739349b
Diff: https://reviews.apache.org/r/73610/diff/1/
Testing
---
Verified in local VM running the build.
Thanks,
Ramesh Mani
README.txt
Diffs
-
NOTICE.txt b315087c9
README.txt fce972ab1
docs/NOTICE 24e4e687f
Diff: https://reviews.apache.org/r/73611/diff/1/
Testing
---
- This is for the Apache Release 2.2.0 release effort sub task.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73283/#review223537
---
Ship it!
Ship It!
- Ramesh Mani
On Sept. 27, 2021, 6:59 a.m
unixauthnative/pom.xml 93054a007
unixauthpam/pom.xml 754835c17
unixauthservice/pom.xml 2a06dea40
Diff: https://reviews.apache.org/r/73613/diff/1/
Testing
---
Verified the build in centos7
Thanks,
Ramesh Mani
.
Diffs
-
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
2ae9379ba
Diff: https://reviews.apache.org/r/73615/diff/1/
Testing
---
Verified in local VM
Thanks,
Ramesh Mani
xes.
>
> Thank you Ramesh for driving 2.2.0 release.
>
> Madhan
>
>
>
> On 9/20/21, 8:48 AM, "Ramesh Mani" wrote:
>
> Dear Ranger Community members,
>
> This is the reminder to give your opinion on Apache Ranger Release
> 2.2.0.
>
> Th
Dear Rangers,
Apache Ranger 2.2.0 release candidate #0 is now available for a vote within
the dev community. Links to the release artifacts are given below. Please
review and vote.
The vote will be open for at least 72 hours or until necessary votes are
reached.
[ ] +1 approve
[ ] +0 no opini
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73625/#review223555
---
Ship it!
Ship It!
- Ramesh Mani
On Oct. 1, 2021, 7:10 p.m
/authorization/hive/authorizer/RangerHiveAuthorizer.java
9dfbc9bdf
Diff: https://reviews.apache.org/r/73630/diff/1/
Testing
---
- Verified in local VM running spark jobs to invoke GET_TABLES/GET_SCHEMAS
commands.
Thanks,
Ramesh Mani
);
create materialized view if not exists av as select * from a;
create materialized view if not exists av as select * from a;
drop materialized view if exists av;
drop materialized view if exists av;
Thanks,
Ramesh Mani
Dear Rangers,
Since there were some major issues we identified in ranger2.2.0 and being
addressed, we are going to have a new release candidate #1 soon for voting.
Thank you for the support.
Regards,
Ramesh
On Thu, Sep 30, 2021 at 10:18 AM Ramesh Mani wrote:
>
> Dear Rangers,
>
reverted patch in LOCAL vm
Thanks,
Ramesh Mani
-
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
dd758e9f0
Diff: https://reviews.apache.org/r/73647/diff/1/
Testing
---
- Verified in local VM "Alter Table set owner user|role
.
Thanks,
Ramesh Mani
/
Changes: https://reviews.apache.org/r/73647/diff/1-2/
Testing
---
- Verified in local VM "Alter Table set owner user|role
.
Thanks,
Ramesh Mani
/AbstractRangerAuditWriter.java
b5967e4f7
agents-audit/src/main/java/org/apache/ranger/audit/utils/RangerJSONAuditWriter.java
f46e0a578
Diff: https://reviews.apache.org/r/73651/diff/1/
Testing
---
- Verified in local vm with HDFS and HIVE service logs
Thanks,
Ramesh Mani
Dear Rangers,
Apache Ranger 2.2.0 release candidate #1 is now available for a vote within
the dev community. Links to the release artifacts are given below. Please
review and vote.
The vote will be open for at least 72 hours or until necessary votes are
reached.
[ ] +1 approve
[ ] +0 no opini
candidate #2. Thank you all for
the support.
Thanks,
Ramesh
On Wed, Oct 13, 2021 at 2:11 PM Ramesh Mani wrote:
> Dear Rangers,
>
> Apache Ranger 2.2.0 release candidate #1 is now available for a vote
> within the dev community. Links to the release artifacts are given below.
> Pl
://reviews.apache.org/r/73651/diff/1-2/
Testing
---
- Verified in local vm with HDFS and HIVE service logs
Thanks,
Ramesh Mani
/assembly/plugin-solr.xml 3dbaa9cff
distro/src/main/assembly/plugin-sqoop.xml c8fcab5c2
Diff: https://reviews.apache.org/r/73660/diff/1/
Testing
---
- Verified in local build the plugins tar file has the htrace jar added as
dependency.
Thanks,
Ramesh Mani
-support/ranger-docker/scripts/ranger.sh 04ac7cb4b
distro/src/main/assembly/knox-agent.xml c1f16d62f
Diff: https://reviews.apache.org/r/73665/diff/1/
Testing
---
- Verified by bringing up docker image with knox in a container.
Thanks,
Ramesh Mani
ally generated e-mail. To reply, visit:
https://reviews.apache.org/r/73660/#review223648
---
On Oct. 21, 2021, 2:28 a.m., Ramesh Mani wrote:
>
> ---
> This is an automatical
Dear Rangers,
Apache Ranger 2.2.0 release candidate #2 is now available for a vote within
the dev community. Links to the release artifacts are given below. Please
review and vote.
The vote will be open for at least 72 hours or until necessary votes are
reached.
[ ] +1 approve
[ ] +0 no opini
.
Thanks,
Ramesh Mani
:
Four +1 votes from the following PMC members:
- Madhan Neethiraj
- Abhay Kulkarni
- Shailaja Polavarapu
- Ramesh Mani
Two +1 votes from the following committers/contributors:
- Vishal Suvagia
- Mehul Parikh
Voting thread:
https://lists.apache.org/api/atom.lua?mid
/confluence/display/RANGER/Release+Folders
2) Updated Ranger API Docs in https://ranger.apache.org/apidocs/index.html
3) This patch to update the Release information in Apache Ranger Home page
https://ranger.apache.org/
Thanks,
Ramesh Mani
,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73678/#review223722
---
Ship it!
Ship It!
- Ramesh Mani
On Nov. 2, 2021, 2:05 a.m
://reviews.apache.org/r/73695/diff/1-2/
Testing
---
- Verified in local vm HIVE commmand with URL in them.
- Verified in Unit test.
Thanks,
Ramesh Mani
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73724/#review223762
---
Ship it!
Ship It!
- Ramesh Mani
On Nov. 22, 2021, 7:51 p.m
501 - 600 of 2107 matches
Mail list logo