Re: Review Request 71718: RANGER-2635 : Backport hadoop-kms changes in ranger-kms

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71718/
---

(Updated Nov. 5, 2019, 2:33 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul 
Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2635
https://issues.apache.org/jira/browse/RANGER-2635


Repository: ranger


Description
---

Backported hadoop-kms changes in ranger-kms to support hadoop 3.1


Diffs
-

  kms/dev-support/findbugsExcludeFile.xml bc92ed7 
  kms/pom.xml 12c0002 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java 
ff2f6d9 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
053d7e4 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuditLogger.java 
PRE-CREATION 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
 c818ce5 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java 
4bf2886 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
ae24e5b 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/SimpleKMSAuditLogger.java
 PRE-CREATION 
  kms/src/main/resources/log4j-kmsaudit.properties cca6941 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSACLs.java 
3ff48d0 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
ced8610 
  kms/src/test/resources/kms/kms-site.xml 5f2575a 
  
plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizerTest.java
 647f431 
  pom.xml 2140028 


Diff: https://reviews.apache.org/r/71718/diff/1/


Testing
---

Tested all the operations related to ranger-kms


Thanks,

Fatima Khan

Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71713/
---

(Updated Nov. 5, 2019, 12:32 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul 
Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2616
https://issues.apache.org/jira/browse/RANGER-2616


Repository: ranger


Description
---

Currently when an encryption zone (EZ) key is rotated, it only takes effect on 
new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
rotation, for improved security.


Diffs (updated)
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java
 854c831 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
56d25d2 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
 cdca8e1 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 
2b85276 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java
 24af81b 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
501ee30 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
 bd35a6b 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
04daeee 


Diff: https://reviews.apache.org/r/71713/diff/2/

Changes: https://reviews.apache.org/r/71713/diff/1-2/


Testing
---

Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ 
key rotation works fine.


Thanks,

Fatima Khan

Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71713/
---

(Updated Nov. 5, 2019, 6:53 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul 
Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-2616
https://issues.apache.org/jira/browse/RANGER-2616


Repository: ranger


Description
---

Currently when an encryption zone (EZ) key is rotated, it only takes effect on 
new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key 
rotation, for improved security.


Diffs
-

  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java
 854c831 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 
56d25d2 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
 cdca8e1 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 
2b85276 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java
 24af81b 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 
501ee30 
  
kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
 bd35a6b 
  kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 
04daeee 


Diff: https://reviews.apache.org/r/71713/diff/1/


Testing
---

Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ 
key rotation works fine.


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 10, 2019, 10:22 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/7/

Changes: https://reviews.apache.org/r/71565/diff/6-7/


Testing (updated)
---

Getting the desired json
{
   "data":{
  "jvm":{
 "JVM Machine Actual Name":"OpenJDK 64-Bit Server VM",
 "version":"25.222-b10",
 "JVM Machine Representation Name":"27693@fipl5",
 "Up time of JVM":9036,
 "JVM Vendor Name":"Private Build",
 "os.spec":"Linux, amd64, 4.15.0-65-generic",
 "os.vcpus":"4",
 "memory":{
"heapInit":"1073741824",
"heapMax":"1024983040",
"heapCommitted":"1024983040",
"heapUsed":"245119288",
"nonHeapInit":"2555904",
"nonHeapMax":"662700032",
"nonHeapCommitted":"101842944",
"nonHeapUsed":"100077808",
"memory_pool_usages":{
   "PS Eden Space":{
  "init":268435456,
  "used":206599792,
  "committed":260046848,
  "max":261619712
   },
   "PS Survivor Space":{
  "init":44564480,
  "used":30648600,
  "committed":48758784,
  "max":48758784
   },
   "PS Old Gen":{
  "init":716177408,
  "used":7870896,
  "committed":716177408,
  "max":716177408
   }
}
 }
  }
   }
}


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 7, 2019, 5:47 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/6/


Testing (updated)
---

Getting the desired json
{
  "data": {
"jvm": {
  "os.spec": "Linux, amd64, 4.15.0-65-generic",
  "os.vcpus": "4",
  "memory": {
"heapInit": "1073741824",
"heapMax": "1024983040",
"heapCommitted": "1024983040",
"heapUsed": "284762328",
"nonHeapInit": "2555904",
"nonHeapMax": "662700032",
"nonHeapCommitted": "102694912",
"nonHeapUsed": "98983000",
"memory_pool_usages": {
  "PS Eden Space": {
"init": 268435456,
"used": 246715792,
"committed": 260046848,
"max": 261619712
  },
  "PS Survivor Space": {
"init": 44564480,
"used": 30075104,
"committed": 48758784,
"max": 48758784
  },
  "PS Old Gen": {
"init": 716177408,
"used": 7971432,
"committed": 716177408,
"max": 716177408
  }
}
  }
},
"vm": {
  "JVM Machine Actual Name": "OpenJDK 64-Bit Server VM",
  "version": "25.222-b10",
  "JVM Machine Representation Name": "15526@fipl5",
  "Up time of JVM": 10414,
  "JVM Vendor Name": "Private Build"
}
  }
}


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 7, 2019, 12:03 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/6/

Changes: https://reviews.apache.org/r/71565/diff/5-6/


Testing
---

Getting the desired json


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 7, 2019, 11:55 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs (updated)
-

  agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/5/

Changes: https://reviews.apache.org/r/71565/diff/4-5/


Testing
---

Getting the desired json


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 4, 2019, 1:28 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Changes
---

Added license in RangerJVMMetricDef.java


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/4/

Changes: https://reviews.apache.org/r/71565/diff/3-4/


Testing
---

Getting the desired json


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 4, 2019, 1:05 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/3/


Testing
---

Getting the desired json


Thanks,

Fatima Khan

Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71565/
---

(Updated Oct. 4, 2019, 1:04 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan 
Neethiraj.


Bugs: RANGER-2589
https://issues.apache.org/jira/browse/RANGER-2589


Repository: ranger


Description
---

Important JVM attributes can be returned via Ranger REST API : 

heap memory usage
GC time
# of open threads
# of open file descriptors


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java 
PRE-CREATION 
  security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
672d4a6 


Diff: https://reviews.apache.org/r/71565/diff/3/


Testing
---

Getting the desired json


Thanks,

Fatima Khan

Re: Review Request 71563: RANGER-2597 :Allow auditor role user to get details of services and policies from public API

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71563/
---

(Updated Oct. 1, 2019, 12:16 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj.


Bugs: RANGER-2597
https://issues.apache.org/jira/browse/RANGER-2597


Repository: ranger


Description
---

Allow auditor role user to get details of services and policies from public API


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
 673902d 


Diff: https://reviews.apache.org/r/71563/diff/1/


Testing
---

Auditor role user's are allowed to get details of services and policies from 
public API and forbidden from creating, updating and deleting the policies.


Thanks,

Fatima Khan

Re: Review Request 71495: RANGER-2570 : Handling the pop up of policy details on Ranger Access audit log row

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71495/
---

(Updated Sept. 19, 2019, 1:30 p.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-2570
https://issues.apache.org/jira/browse/RANGER-2570


Repository: ranger


Description
---

Issue on pop up of policy details of ranger access audit log row.


Diffs (updated)
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
 ced9ea8 
  security-admin/src/main/webapp/scripts/models/RangerPolicy.js cd873b3 
  security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js 
af024e2 
  
security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
 31fc7c1 
  security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 6a1c7c2 


Diff: https://reviews.apache.org/r/71495/diff/2/

Changes: https://reviews.apache.org/r/71495/diff/1-2/


Testing
---

The policy details get popped up.


Thanks,

Fatima Khan

Review Request 71495: RANGER-2570 : Handling the pop up of policy details on Ranger Access audit log row

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71495/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-2570
https://issues.apache.org/jira/browse/RANGER-2570


Repository: ranger


Description
---

Issue on pop up of policy details of ranger access audit log row.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java
 ced9ea8 
  security-admin/src/main/webapp/scripts/models/RangerPolicy.js cd873b3 


Diff: https://reviews.apache.org/r/71495/diff/1/


Testing
---

The policy details get popped up.


Thanks,

Fatima Khan

Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71015/
---

(Updated July 10, 2019, 10:59 a.m.)


Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2490
https://issues.apache.org/jira/browse/RANGER-2490


Repository: ranger


Description
---

Add https support while using Solr API to upload config set


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 02a3f6c 


Diff: https://reviews.apache.org/r/71015/diff/3/

Changes: https://reviews.apache.org/r/71015/diff/2-3/


Testing
---

Tested Below Scenario in Ranger with https support
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set

[Fatima Khan]

> On July 8, 2019, noon, Oliver Szabo wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
> > Line 309 (original), 313 (patched)
> > <https://reviews.apache.org/r/71015/diff/2/?file=2153883#file2153883line313>
> >
> > instead of concat strings multiple times you can do something like 
> > (with including the config name as well):
> > 
> > ```java
> > String protocol = "https" ? isSSLEnabled : "http"
> > String uploadConfigsUrl = 
> > String.format("%s://%s//admin/configs?action=UPLOAD=%s", protocol, 
> > baseUrl.toString(), solr_config_name)
> > ```
> 
> Fatima Khan wrote:
> Did u mean this 
> String protocol = isSSLEnabled ? "https": "http";
> String uploadConfigsUrl = 
> String.format("%s://%s/admin/configs?action=UPLOAD=", protocol, 
> baseUrl.toString());

Did u mean this 
String protocol = isSSLEnabled ? "https": "http";
String uploadConfigsUrl = 
String.format("%s://%s/admin/configs?action=UPLOAD=%s", protocol, 
baseUrl.toString(),solr_config_name);
postDataAndGetResponse(solrCloudClient,uploadConfigsUrl ,byteBuffer);


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71015/#review216415
---


On July 8, 2019, 6:51 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71015/
> ---
> 
> (Updated July 8, 2019, 6:51 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
> Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2490
> https://issues.apache.org/jira/browse/RANGER-2490
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add https support while using Solr API to upload config set
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
>  02a3f6c 
> 
> 
> Diff: https://reviews.apache.org/r/71015/diff/2/
> 
> 
> Testing
> ---
> 
> Tested Below Scenario in Ranger with https support
> 1.Solr configuration were uploaded successfully
> 2.Solr collections were created successfully
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set

[Fatima Khan]

> On July 8, 2019, noon, Oliver Szabo wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
> > Line 309 (original), 313 (patched)
> > <https://reviews.apache.org/r/71015/diff/2/?file=2153883#file2153883line313>
> >
> > instead of concat strings multiple times you can do something like 
> > (with including the config name as well):
> > 
> > ```java
> > String protocol = "https" ? isSSLEnabled : "http"
> > String uploadConfigsUrl = 
> > String.format("%s://%s//admin/configs?action=UPLOAD=%s", protocol, 
> > baseUrl.toString(), solr_config_name)
> > ```

Did u mean this 
String protocol = isSSLEnabled ? "https": "http";
String uploadConfigsUrl = 
String.format("%s://%s/admin/configs?action=UPLOAD=", protocol, 
baseUrl.toString());


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71015/#review216415
---


On July 8, 2019, 6:51 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71015/
> ---
> 
> (Updated July 8, 2019, 6:51 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
> Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2490
> https://issues.apache.org/jira/browse/RANGER-2490
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add https support while using Solr API to upload config set
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
>  02a3f6c 
> 
> 
> Diff: https://reviews.apache.org/r/71015/diff/2/
> 
> 
> Testing
> ---
> 
> Tested Below Scenario in Ranger with https support
> 1.Solr configuration were uploaded successfully
> 2.Solr collections were created successfully
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71015/
---

(Updated July 8, 2019, 6:51 a.m.)


Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2490
https://issues.apache.org/jira/browse/RANGER-2490


Repository: ranger


Description
---

Add https support while using Solr API to upload config set


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 02a3f6c 


Diff: https://reviews.apache.org/r/71015/diff/2/

Changes: https://reviews.apache.org/r/71015/diff/1-2/


Testing
---

Tested Below Scenario in Ranger with https support
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71015/
---

Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2490
https://issues.apache.org/jira/browse/RANGER-2490


Repository: ranger


Description
---

Add https support while using Solr API to upload config set


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 02a3f6c 


Diff: https://reviews.apache.org/r/71015/diff/1/


Testing
---

Tested Below Scenario in Ranger with https support
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)

[Fatima Khan]

> On June 26, 2019, 7:36 p.m., Oliver Szabo wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
> > Lines 309 (patched)
> > <https://reviews.apache.org/r/70932/diff/2/?file=2152058#file2152058line309>
> >
> > what about "https"?
> 
> Pradeep Agrawal wrote:
> I have created RANGER-2490

Yes we will be handling that in RANGER-2490


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70932/#review216158
-------


On June 27, 2019, 5:11 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70932/
> ---
> 
> (Updated June 27, 2019, 5:11 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
> Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2482
> https://issues.apache.org/jira/browse/RANGER-2482
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> We are using Solr config set API to Upload Configuration and to Create 
> Collection.
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
>  5ef354b 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java
>  8a417a0 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
>  PRE-CREATION 
>   pom.xml 5b1eb65 
>   src/main/assembly/solr_audit_conf.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/70932/diff/4/
> 
> 
> Testing
> ---
> 
> Tested Below Scenario in ranger
> 1.Solr configuration were uploaded successfully
> 2.Solr collections were created successfully
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70932/
---

(Updated June 27, 2019, 5:11 a.m.)


Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2482
https://issues.apache.org/jira/browse/RANGER-2482


Repository: ranger


Description
---

We are using Solr config set API to Upload Configuration and to Create 
Collection.


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 5ef354b 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java
 8a417a0 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 PRE-CREATION 
  pom.xml 5b1eb65 
  src/main/assembly/solr_audit_conf.xml PRE-CREATION 


Diff: https://reviews.apache.org/r/70932/diff/4/

Changes: https://reviews.apache.org/r/70932/diff/3-4/


Testing
---

Tested Below Scenario in ranger
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70932/
---

(Updated June 27, 2019, 5:11 a.m.)


Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Summary (updated)
-

Ranger-2482: use Solr API to upload config set (during bootstrapping)


Bugs: RANGER-2482
https://issues.apache.org/jira/browse/RANGER-2482


Repository: ranger


Description
---

We are using Solr config set API to Upload Configuration and to Create 
Collection.


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 5ef354b 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java
 8a417a0 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 PRE-CREATION 
  pom.xml 5b1eb65 
  src/main/assembly/solr_audit_conf.xml PRE-CREATION 


Diff: https://reviews.apache.org/r/70932/diff/3/

Changes: https://reviews.apache.org/r/70932/diff/2-3/


Testing
---

Tested Below Scenario in ranger
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Re: Review Request 70932: Ranger: use Solr API to upload config set (during bootstrapping)

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70932/
---

(Updated June 25, 2019, 10:18 a.m.)


Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2482
https://issues.apache.org/jira/browse/RANGER-2482


Repository: ranger


Description
---

We are using Solr config set API to Upload Configuration and to Create 
Collection.


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 5ef354b 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java
 8a417a0 
  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
 PRE-CREATION 
  pom.xml 5b1eb65 
  src/main/assembly/solr_audit_conf.xml PRE-CREATION 


Diff: https://reviews.apache.org/r/70932/diff/2/

Changes: https://reviews.apache.org/r/70932/diff/1-2/


Testing
---

Tested Below Scenario in ranger
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Review Request 70932: Ranger: use Solr API to upload config set (during bootstrapping)

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70932/
---

Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep 
Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-2482
https://issues.apache.org/jira/browse/RANGER-2482


Repository: ranger


Description
---

We are using Solr config set API to Upload Configuration and to Create 
Collection.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java
 8a417a0 
  pom.xml 5b1eb65 
  src/main/assembly/ranger_audits_new.xml PRE-CREATION 


Diff: https://reviews.apache.org/r/70932/diff/1/


Testing
---

Tested Below Scenario in ranger
1.Solr configuration were uploaded successfully
2.Solr collections were created successfully


Thanks,

Fatima Khan

Re: Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

[Fatima Khan]

> On Aug. 11, 2018, 5:20 a.m., bhavik patel wrote:
> > @fatima : I think similar changes also required for postgres database.

@Bhavik Data type MEDIUMTEXT of mysql is equivalent to Text data type of 
postgress. Currently in postgress we use Text data type for content column in 
x_data_hist table.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68293/#review207108
---


On Aug. 10, 2018, 1:22 p.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68293/
> ---
> 
> (Updated Aug. 10, 2018, 1:22 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2114
> https://issues.apache.org/jira/browse/RANGER-2114
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> An attempt to delete a service definition ends with:
>  
> // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
> Data too long for column 'content' at row 1
> Error Code: 1406
> Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
> obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
> VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
> bind = [11 parameters bound]
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba 
>   security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/68293/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the following
> 1.In fresh install and upgrade scenario.
> 2.Checked the data type of x_data_hist is changed from text to mediumtext.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68293/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2114
https://issues.apache.org/jira/browse/RANGER-2114


Repository: ranger


Description
---

An attempt to delete a service definition ends with:
 
// Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: 
Data too long for column 'content' at row 1
Error Code: 1406
Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, 
obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
bind = [11 parameters bound]


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba 
  security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION 


Diff: https://reviews.apache.org/r/68293/diff/1/


Testing
---

Tested the following
1.In fresh install and upgrade scenario.
2.Checked the data type of x_data_hist is changed from text to mediumtext.


Thanks,

Fatima Khan

Review Request 68031: RANGER-2138 : Add unit tests for org.apache.ranger.service package

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68031/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2138
https://issues.apache.org/jira/browse/RANGER-2138


Repository: ranger


Description
---

Add unit tests for org.apache.ranger.service package


Diffs
-

  
security-admin/src/test/java/org/apache/ranger/service/TestXAccessAuditService.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/service/TestXAssetService.java 
PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestXAuditMapService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestXGroupPermissionService.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/service/TestXGroupService.java 
PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestXGroupUserService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestXPermMapService.java 
PRE-CREATION 


Diff: https://reviews.apache.org/r/68031/diff/1/


Testing
---

Tested with below two type

1.eclipse->Run as->Junit Test
2.mvn test


Thanks,

Fatima Khan

Review Request 67687: RANGER-2138 : Add unit tests for org.apache.ranger.service package

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67687/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2138
https://issues.apache.org/jira/browse/RANGER-2138


Repository: ranger


Description
---

Add unit tests for org.apache.ranger.service package


Diffs
-

  
security-admin/src/test/java/org/apache/ranger/service/TestAuthSessionService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerAuditFields.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerDataHistService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceWithAssignedIdService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerTagResourceMapService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerTagService.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/TestRangerTransactionService.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/service/TestUserService.java 
PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/service/filter/TestRangerRESTAPIFilter.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/67687/diff/1/


Testing
---

Tested with below two type

1.eclipse->Run as->Junit Test
2.mvn test


Thanks,

Fatima Khan

Review Request 67319: RANGER-2113 : Improve error handling when of change password process gets killed.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67319/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2113
https://issues.apache.org/jira/browse/RANGER-2113


Repository: ranger


Description
---

Improve error handling when of change password process gets killed by exiting 
the setup.


Diffs
-

  security-admin/scripts/db_setup.py f123dff 
  security-admin/scripts/setup.sh 76baa4c 


Diff: https://reviews.apache.org/r/67319/diff/1/


Testing
---

1) Verified error handling : setup fails if x_db_version_h table has N as value 
for any of the 4 user's patch.

2) Also verified : Successfull installation of Ranger if patch values are 
cleared in x_db_version_h table.


Thanks,

Fatima Khan

Review Request 67181: RANGER-2106 : Keyadmin is not able to see 'Audit tab' and 'User tab' by default.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67181/
---

Review request for ranger.


Bugs: RANGER-2106
https://issues.apache.org/jira/browse/RANGER-2106


Repository: ranger


Description
---

Keyadmin user is not able to see audit and user tab by default when 
consolidated db schema executes.


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 23c3562 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql eb12d56 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
f60ad5c 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
91f7b7a 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
28c89dc 


Diff: https://reviews.apache.org/r/67181/diff/1/


Testing
---

Tested that Keyadmin gets by default access to users/groups tab and Audit tab


Thanks,

Fatima Khan

Review Request 67056: RANGER-2100 : REST API to get count of total services, policies, users, groups and various mapping.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67056/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2100
https://issues.apache.org/jira/browse/RANGER-2100


Repository: ranger


Description
---

This API will get the details analytics for the following
1. Count of Services created for each type of service
2. Number of policies by Service Types along with Service Name: # of resource 
policies, tag-based policies, masking policies, row filtering policies
3. Number of Audit Events by Service Type: size of solr index, number of denial 
events and number of access events
4. Number of groups and users synced
5. Policy DB type and version: MySQL, Oracle..
6. Context enrichers: Number and type used.
7. Count of Deny conditions for resources.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
c819ea4 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 2181913 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
 0f96453 
  
security-admin/src/main/java/org/apache/ranger/view/VXMetricPolicyWithServiceNameCount.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/view/VXMetricServiceNameCount.java
 PRE-CREATION 
  security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
28651cf 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
b1417d7 


Diff: https://reviews.apache.org/r/67056/diff/1/


Testing
---

Tested with all the combination of curl commands possible for analytics.


Thanks,

Fatima Khan

Re: Review Request 66867: RANGER-2083 : Restrict KMS audit events to KMS related users only

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66867/
---

(Updated May 9, 2018, 7:09 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2083
https://issues.apache.org/jira/browse/RANGER-2083


Repository: ranger


Description
---

Only Keyadmin and KMS Auditor role users should be able to see KMS related 
audit logs.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b7e045d 
  
security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
 7dcb074 
  security-admin/src/main/webapp/scripts/utils/XAEnums.js 6e101bf 
  security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b3da7b5 


Diff: https://reviews.apache.org/r/66867/diff/3/

Changes: https://reviews.apache.org/r/66867/diff/2-3/


Testing
---

Testing done by checking that only Keyadmin and KMS Auditor role users are be 
able to see KMS related audit logs.


Thanks,

Fatima Khan

Re: Review Request 66867: RANGER-2083 : Restrict KMS audit events to KMS related users only

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66867/
---

(Updated May 7, 2018, 9:29 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Summary (updated)
-

RANGER-2083 : Restrict KMS audit events to KMS related users only 


Bugs: RANGER-2083
https://issues.apache.org/jira/browse/RANGER-2083


Repository: ranger


Description
---

Only Keyadmin and KMS Auditor role users should be able to see KMS related 
audit logs.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b7e045d 
  
security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
 7dcb074 
  security-admin/src/main/webapp/scripts/utils/XAEnums.js 6e101bf 
  security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b3da7b5 


Diff: https://reviews.apache.org/r/66867/diff/2/

Changes: https://reviews.apache.org/r/66867/diff/1-2/


Testing
---

Testing done by checking that only Keyadmin and KMS Auditor role users are be 
able to see KMS related audit logs.


Thanks,

Fatima Khan

Review Request 66867: RANGER-2083 : Resctict KMS audit events to KMS related users only

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66867/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2083
https://issues.apache.org/jira/browse/RANGER-2083


Repository: ranger


Description
---

Only Keyadmin and KMS Auditor role users should be able to see KMS related 
audit logs.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java a0477fb 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
 5cbe47a 
  
security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 
4c8ed83 
  
security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java
 7dcb074 


Diff: https://reviews.apache.org/r/66867/diff/1/


Testing
---

Testing done by checking that only Keyadmin and KMS Auditor role users are be 
able to see KMS related audit logs.


Thanks,

Fatima Khan

Review Request 66796: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66796/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2041
https://issues.apache.org/jira/browse/RANGER-2041


Repository: ranger


Description
---

We are making default password mandatory during fresh ranger install.


Diffs
-

  security-admin/scripts/db_setup.py 2cbe665 
  security-admin/scripts/dba_script.py 4a57bba 
  security-admin/scripts/setup.sh 45bc918 


Diff: https://reviews.apache.org/r/66796/diff/1/


Testing
---

Tested the validation for all password combinations in manual install.


Thanks,

Fatima Khan

Re: Review Request 66684: RANGER-2070 : Ranger Storm service creation fails

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66684/
---

(Updated April 19, 2018, 2:34 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2070
https://issues.apache.org/jira/browse/RANGER-2070


Repository: ranger


Description
---

In latest ranger when tried to enable plugin for Storm, ranger service creation 
fails. 
Found below in Ranger-Admin logs.

2018-04-07 09:48:53,132 [http-bio-6080-exec-4] INFO  
apache.ranger.security.web.filter.RangerKRBAuthenticationFilter 
(RangerKRBAuthenticationFilter.java:220) - Logged into Ranger as = 
storm-rangerstorm
2018-04-07 09:48:53,136 [http-bio-6080-exec-4] INFO  
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:84) - Request 
failed. loginId=null, logMessage=Bad Credentials
javax.ws.rs.WebApplicationException
at 
org.apache.ranger.common.RESTErrorUtil.generateRESTException(RESTErrorUtil.java:77)
at 
org.apache.ranger.biz.RangerBizUtil.blockAuditorRoleUser(RangerBizUtil.java:1637)
at org.apache.ranger.biz.UserMgr.addUserRole(UserMgr.java:981)
at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:167)
at 
org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke()
at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669)
at 
org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$f11ad8ab.createUser()
at 
org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2225)


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java acdfd2e 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ad806fb 
  security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 307f435 


Diff: https://reviews.apache.org/r/66684/diff/2/

Changes: https://reviews.apache.org/r/66684/diff/1-2/


Testing
---

1.Storm Service is getting created
2.Auditor and KMS Auditor Role user are blocked from the respective Api's


Thanks,

Fatima Khan

Review Request 66684: RANGER-2070 : Ranger Storm service creation fails

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66684/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2070
https://issues.apache.org/jira/browse/RANGER-2070


Repository: ranger


Description
---

In latest ranger when tried to enable plugin for Storm, ranger service creation 
fails. 
Found below in Ranger-Admin logs.

2018-04-07 09:48:53,132 [http-bio-6080-exec-4] INFO  
apache.ranger.security.web.filter.RangerKRBAuthenticationFilter 
(RangerKRBAuthenticationFilter.java:220) - Logged into Ranger as = 
storm-rangerstorm
2018-04-07 09:48:53,136 [http-bio-6080-exec-4] INFO  
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:84) - Request 
failed. loginId=null, logMessage=Bad Credentials
javax.ws.rs.WebApplicationException
at 
org.apache.ranger.common.RESTErrorUtil.generateRESTException(RESTErrorUtil.java:77)
at 
org.apache.ranger.biz.RangerBizUtil.blockAuditorRoleUser(RangerBizUtil.java:1637)
at org.apache.ranger.biz.UserMgr.addUserRole(UserMgr.java:981)
at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:167)
at 
org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke()
at 
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at 
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669)
at 
org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$f11ad8ab.createUser()
at 
org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2225)


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java acdfd2e 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ad806fb 


Diff: https://reviews.apache.org/r/66684/diff/1/


Testing
---

1.Storm Service is getting created
2.Auditor and KMS Auditor Role user are blocked from the respective Api's


Thanks,

Fatima Khan

Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66304/
---

(Updated April 7, 2018, 12:27 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2041
https://issues.apache.org/jira/browse/RANGER-2041


Repository: ranger


Description
---

Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
rangertagsync users are seeded users and they are configurable during the 
install process. This task is to provide a facility to add validations to the 
admin users password during ranger install.Python doesn’t support ‘ " \ ` so 
these characters will not be supported during update of default password of 
seeded users in manual install.


Diffs (updated)
-

  security-admin/scripts/changepasswordutil.py 95bd613 
  security-admin/scripts/db_setup.py 83ccc32 
  security-admin/scripts/dba_script.py d5eaaf0 
  security-admin/scripts/install.properties 8128678 
  security-admin/scripts/setup.sh f79a79e 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
 e7a4035 


Diff: https://reviews.apache.org/r/66304/diff/2/

Changes: https://reviews.apache.org/r/66304/diff/1-2/


Testing
---

Tested the validation for all password combinations.


Thanks,

Fatima Khan

Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.

[Fatima Khan]

> On April 4, 2018, 5:36 a.m., Qiang Zhang wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
> > Lines 149-151 (patched)
> > <https://reviews.apache.org/r/66304/diff/1/?file=1989008#file1989008line149>
> >
> > The code does not check the length of the newPassword variable.

The regular expression has the validation in which the length of passsword 
should be minimum 8 characters.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66304/#review200422
---


On April 4, 2018, 6:43 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66304/
> ---
> 
> (Updated April 4, 2018, 6:43 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2041
> https://issues.apache.org/jira/browse/RANGER-2041
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
> rangertagsync users are seeded users and they are configurable during the 
> install process. This task is to provide a facility to add validations to the 
> admin users password during ranger install.Python doesn’t support ‘ " \ ` so 
> these characters will not be supported during update of default password of 
> seeded users in manual install.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/dba_script.py d5eaaf0 
>   security-admin/scripts/install.properties 8128678 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
>  e7a4035 
> 
> 
> Diff: https://reviews.apache.org/r/66304/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the validation for all password combinations.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66304/
---

(Updated April 4, 2018, 6:43 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2041
https://issues.apache.org/jira/browse/RANGER-2041


Repository: ranger


Description (updated)
---

Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
rangertagsync users are seeded users and they are configurable during the 
install process. This task is to provide a facility to add validations to the 
admin users password during ranger install.Python doesn’t support ‘ " \ ` so 
these characters will not be supported during update of default password of 
seeded users in manual install.


Diffs
-

  security-admin/scripts/dba_script.py d5eaaf0 
  security-admin/scripts/install.properties 8128678 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
 e7a4035 


Diff: https://reviews.apache.org/r/66304/diff/1/


Testing
---

Tested the validation for all password combinations.


Thanks,

Fatima Khan

Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66304/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2041
https://issues.apache.org/jira/browse/RANGER-2041


Repository: ranger


Description
---

Currently, when Ranger is installed admin,keyadmin, rangerusersync, 
rangertagsync users are seeded users and they are configurable during the 
install process. This task is to provide a facility to add validations to the 
admin users password during ranger install.


Diffs
-

  security-admin/scripts/dba_script.py d5eaaf0 
  security-admin/scripts/install.properties 8128678 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
 e7a4035 


Diff: https://reviews.apache.org/r/66304/diff/1/


Testing
---

Tested the validation for all password combinations.


Thanks,

Fatima Khan

Re: Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66281/
---

(Updated April 3, 2018, 5:23 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-2036
https://issues.apache.org/jira/browse/Ranger-2036


Repository: ranger


Description
---

>From UI : Auditor and KMS Auditor role users should be able to export policies 
>to Excel and CSV ONLY FROM Reports page.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 
  security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
95ee3c7 
  security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 
3bd098d 


Diff: https://reviews.apache.org/r/66281/diff/1/


Testing
---

Tested that Auditor and KMS Auditor role users are able to download Excel and 
CSV only from report page


Thanks,

Fatima Khan

Re: Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66301/
---

(Updated April 3, 2018, 5:23 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2040
https://issues.apache.org/jira/browse/RANGER-2040


Repository: ranger


Description
---

Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups 
metric collection for Auditor Role.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java 
f1e18e5 
  
security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java 
345465d 


Diff: https://reviews.apache.org/r/66301/diff/1/


Testing
---

Tested that in user/groups metric collection we are getting Auditor role users.


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
---

(Updated April 3, 2018, 5:22 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2039
https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
---

Currently by default users having Keyadmin or KMS auditor role doesn't get 
access to Audits tab in Ranger UI, but ideally it should have audit access 
right so that when we login through keyadmin and KMS Auditor we should be able 
to view the KMS related audits and user/groups tab.


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/


Testing
---

Tested the by creating Auditor and KMS Auditor role user's get default access 
to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

[Fatima Khan]

> On April 2, 2018, 5:40 a.m., Pradeep Agrawal wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
> > Lines 88 (patched)
> > <https://reviews.apache.org/r/66279/diff/1/?file=1987381#file1987381line88>
> >
> > Is it okay to continue the flow if either of them is null

Yes even if any one of the module object is null then it will go as per the 
flow and if both module's object is null then it will log an a warning and exit.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200275
---


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> ---
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
> https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access 
> to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
---

(Updated April 2, 2018, 7:39 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2039
https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
---

Currently by default users having Keyadmin or KMS auditor role doesn't get 
access to Audits tab in Ranger UI, but ideally it should have audit access 
right so that when we login through keyadmin and KMS Auditor we should be able 
to view the KMS related audits and user/groups tab.


Diffs (updated)
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/

Changes: https://reviews.apache.org/r/66279/diff/1-2/


Testing
---

Tested the by creating Auditor and KMS Auditor role user's get default access 
to users/groups tab and Audit tab


Thanks,

Fatima Khan

Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66301/
---

Review request for ranger.


Bugs: RANGER-2040
https://issues.apache.org/jira/browse/RANGER-2040


Repository: ranger


Description
---

Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups 
metric collection for Auditor Role.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java 
f1e18e5 
  
security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java 
345465d 


Diff: https://reviews.apache.org/r/66301/diff/1/


Testing
---

Tested that in user/groups metric collection we are getting Auditor role users.


Thanks,

Fatima Khan

Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66281/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-2036
https://issues.apache.org/jira/browse/Ranger-2036


Repository: ranger


Description
---

>From UI : Auditor and KMS Auditor role users should be able to export policies 
>to Excel and CSV ONLY FROM Reports page.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 
  security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
95ee3c7 
  security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 
3bd098d 


Diff: https://reviews.apache.org/r/66281/diff/1/


Testing
---

Tested that Auditor and KMS Auditor role users are able to download Excel and 
CSV only from report page


Thanks,

Fatima Khan

Review Request 66280: RANGER-2038 : Handle validations for Auditor role users for Grant/revoke actions as well

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66280/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2038
https://issues.apache.org/jira/browse/RANGER-2038


Repository: ranger


Description
---

Handle validations for Auditor role users for Grant/revoke actions as well


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 


Diff: https://reviews.apache.org/r/66280/diff/1/


Testing
---

Verified that user having Auditor role is not able to create or update policy


Thanks,

Fatima Khan

Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2039
https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
---

Currently by default users having Keyadmin or KMS auditor role doesn't get 
access to Audits tab in Ranger UI, but ideally it should have audit access 
right so that when we login through keyadmin and KMS Auditor we should be able 
to view the KMS related audits and user/groups tab.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/1/


Testing
---

Tested the by creating Auditor and KMS Auditor role user's get default access 
to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger Admin users

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/
---

(Updated March 13, 2018, 1:43 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Summary (updated)
-

RANGER 1948 : Support for Read-only Ranger Admin users


Bugs: RANGER-1948
https://issues.apache.org/jira/browse/RANGER-1948


Repository: ranger


Description
---

This Jira is to cater to need of Auditor roles in Ranger Admin.  

We can introduce Auditor Roles for both the Administrator Roles in Ranger 
Admin. 
* Auditor (Readonly privileges from current Admin role user )
* KMS Auditor (Readonly privileges from current Keydmin role user )


Diffs (updated)
-

  security-admin/scripts/rolebasedusersearchutil.py d651461 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ecde444 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
  security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
  security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
e31e9d7 
  security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
bcf9080 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 d3a28f7 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
 6951cbd 
  security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
4227d85 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
87da9a0 
  security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f 
  unixauthservice/scripts/install.properties be8723c 


Diff: https://reviews.apache.org/r/65914/diff/5/

Changes: https://reviews.apache.org/r/65914/diff/4-5/


Testing
---

Tested scenario's:
1.Tested admin user is able to create User role user.
2.Tested admin user is able to create Auditor role user.
3.Tested admin user is not able to create kms auditor role user.
4.Tested keyadmin user is able to create kms auditor.
5.Tested auditor is able to only view policies, users, services and audits.
6.Tested kms auditor is able to only view policies, users, services, audits and 
keys.
7.Tested auditor is able to see permission tab but kms auditor should not see 
permission tab.
8.Auditor role users are  not allowed to import/export policies
9.Verified syncing of users from auditor role :: if we add them in properties 
install.properties of usersync during initial start of usersync.Property value 
in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName


Thanks,

Fatima Khan

Re: Review Request 66036: RANGER-1496 : Excel/csv exported file should have complete details of the policy

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66036/
---

(Updated March 13, 2018, 12:04 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-1496
https://issues.apache.org/jira/browse/RANGER-1496


Repository: ranger


Description
---

If export of the policy is done from the Reports page in excel/csv format then 
we are not showing info like Isaudit enabled, delegate admin and row filter and 
masking condition etc .
Add following fields in exported excel / csv files : 

* policyType
* delegateAdmin
* isRecursiveValue
* isExcludesValue
* serviceName
* description
* isAuditEnabled
* conditionKeyValue
* policyConditionTypeValue
* maskingInfo
* filterExpr
* policyLabel


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ecde444 


Diff: https://reviews.apache.org/r/66036/diff/1/


Testing
---

Tested and validated the exported Excel.
Tested and validated the exported CSV.


Thanks,

Fatima Khan

Review Request 66036: RANGER-1496 : Excel/csv exported file should have complete details of the policy

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66036/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-1496
https://issues.apache.org/jira/browse/Ranger-1496


Repository: ranger


Description
---

If export of the policy is done from the Reports page in excel/csv format then 
we are not showing info like Isaudit enabled, delegate admin and row filter and 
masking condition etc .
Add following fields in exported excel / csv files : 

* policyType
* delegateAdmin
* isRecursiveValue
* isExcludesValue
* serviceName
* description
* isAuditEnabled
* conditionKeyValue
* policyConditionTypeValue
* maskingInfo
* filterExpr
* policyLabel


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ecde444 


Diff: https://reviews.apache.org/r/66036/diff/1/


Testing
---

Tested and validated the exported Excel.
Tested and validated the exported CSV.


Thanks,

Fatima Khan

Re: Review Request 65978: RANGER-2013 : Restrict updation of user source

[Fatima Khan]

> On March 8, 2018, 11:12 a.m., Velmurugan Periasamy wrote:
> > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
> > Line 360 (original), 360 (patched)
> > <https://reviews.apache.org/r/65978/diff/3/?file=1972508#file1972508line360>
> >
> > With this approach, update is not retricted, but actually succeeds. Any 
> > particular reason?

user sync source is of int datatype which shall have default value ‘0’. 
Whenever user is not sending user sync source but still want to update the 
other fields, in that case if existing sync source is 1 then we can’t know the 
new sync source value 0 is explicitly set by user or not. so because of this 
case if we want to fail then user need to know the existing sync source and 
sending of sync source shall be mandatory irrespective of whether he intend to 
update sync source or not.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/#review198874
-------


On March 8, 2018, 7:18 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/65978/
> ---
> 
> (Updated March 8, 2018, 7:18 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2013
> https://issues.apache.org/jira/browse/RANGER-2013
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Improvise validation in user profile to handle retention of original user 
> source.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
> 
> 
> Diff: https://reviews.apache.org/r/65978/diff/3/
> 
> 
> Testing
> ---
> 
> Tested and validated the update user Api.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/
---

(Updated March 8, 2018, 11:31 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-1948
https://issues.apache.org/jira/browse/Ranger-1948


Repository: ranger


Description
---

This Jira is to cater to need of Auditor roles in Ranger Admin.  

We can introduce Auditor Roles for both the Administrator Roles in Ranger 
Admin. 
* Auditor (Readonly privileges from current Admin role user )
* KMS Auditor (Readonly privileges from current Keydmin role user )


Diffs (updated)
-

  security-admin/scripts/rolebasedusersearchutil.py d651461 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38 
  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ecde444 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
  security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 
  security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
e31e9d7 
  security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
0e99be1 
  security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
bcf9080 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 d3a28f7 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 
9c19bb0 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
 6951cbd 
  security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
4227d85 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
87da9a0 
  unixauthservice/scripts/install.properties be8723c 


Diff: https://reviews.apache.org/r/65914/diff/3/

Changes: https://reviews.apache.org/r/65914/diff/2-3/


Testing
---

Tested scenario's:
1.Tested admin user is able to create User role user.
2.Tested admin user is able to create Auditor role user.
3.Tested admin user is not able to create kms auditor role user.
4.Tested keyadmin user is able to create kms auditor.
5.Tested auditor is able to only view policies, users, services and audits.
6.Tested kms auditor is able to only view policies, users, services, audits and 
keys.
7.Tested auditor is able to see permission tab but kms auditor should not see 
permission tab.
8.Auditor role users are  not allowed to import/export policies
9.Verified syncing of users from auditor role :: if we add them in properties 
install.properties of usersync during initial start of usersync.Property value 
in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName


Thanks,

Fatima Khan

Re: Review Request 65978: RANGER-2013 : Restrict updation of user source

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

(Updated March 8, 2018, 7:18 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/3/

Changes: https://reviews.apache.org/r/65978/diff/2-3/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

Re: Review Request 65978: RANGER-2013 : Restrict updation of user source

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

(Updated March 8, 2018, 6:54 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/2/

Changes: https://reviews.apache.org/r/65978/diff/1-2/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

Review Request 65978: RANGER-2013 : Restrict updation of user source

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65978/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2013
https://issues.apache.org/jira/browse/RANGER-2013


Repository: ranger


Description
---

Improvise validation in user profile to handle retention of original user 
source.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa 


Diff: https://reviews.apache.org/r/65978/diff/1/


Testing
---

Tested and validated the update user Api.


Thanks,

Fatima Khan

Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65914/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-1948
https://issues.apache.org/jira/browse/Ranger-1948


Repository: ranger


Description
---

This Jira is to cater to need of Auditor roles in Ranger Admin.  

We can introduce Auditor Roles for both the Administrator Roles in Ranger 
Admin. 
* Auditor (Readonly privileges from current Admin role user )
* KMS Auditor (Readonly privileges from current Keydmin role user )


Diffs
-

  security-admin/scripts/rolebasedusersearchutil.py d651461 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 
  security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38 
  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 
  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
ecde444 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 
  security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f 
  security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 
  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 
  security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b713d12 
  security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java 
e31e9d7 
  security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 
0e99be1 
  security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java 
bcf9080 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 d3a28f7 
  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 
9c19bb0 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 9a9604f 
  
security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
 6951cbd 
  security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 
4227d85 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
87da9a0 
  unixauthservice/scripts/install.properties 88bce69 


Diff: https://reviews.apache.org/r/65914/diff/1/


Testing
---

Tested scenario's:
1.Tested admin user is able to create User role user.
2.Tested admin user is able to create Auditor role user.
3.Tested admin user is not able to create kms auditor role user.
4.Tested keyadmin user is able to create kms auditor.
5.Tested auditor is able to only view policies, users, services and audits.
6.Tested kms auditor is able to only view policies, users, services, audits and 
keys.
7.Tested auditor is able to see permission tab but kms auditor should not see 
permission tab.
8.Auditor role users are  not allowed to import/export policies
9.Verified syncing of users from auditor role :: if we add them in properties 
install.properties of usersync during initial start of usersync.Property value 
in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= 
_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName


Thanks,

Fatima Khan

Review Request 65831: RANGER-1998 : Add ability to specify passwords for admin accounts during ranger install only.

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65831/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-1998
https://issues.apache.org/jira/browse/RANGER-1998


Repository: ranger


Description
---

1] Currently, when Ranger is installed admin, keyadmin, rangerusersync, 
rangertagsync users are seeded users and they are not configurable during the 
install process. This task is to provide a facility to specify the admin users 
password during ranger install.
2] This feature can only be used once, for changing the admin user password for 
more than one time, users can use Ranger UI or using change password utility.


Diffs
-

  security-admin/scripts/db_setup.py 25b004a 
  security-admin/scripts/install.properties 49d2baa 
  security-admin/scripts/setup.sh b68347a 
  tagsync/scripts/install.properties e2e3ecd 
  tagsync/scripts/setup.py 9712e8c 
  tagsync/scripts/updatetagadminpassword.py 2c89e83 
  unixauthservice/scripts/install.properties 88bce69 
  unixauthservice/scripts/setup.py 5ae9123 
  unixauthservice/scripts/updatepolicymgrpassword.py 574ce3b 


Diff: https://reviews.apache.org/r/65831/diff/1/


Testing
---

Verified creation of seeded users with given passwords during ranger install.
Logged in to ranger using those passwords and verified all functionality 
provided for those users.


Thanks,

Fatima Khan

Review Request 65829: Improvement on permission module for listing modules

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65829/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-1993
https://issues.apache.org/jira/browse/RANGER-1993


Repository: ranger


Description
---

1.On permission listing page, if there are many users/group added in modules 
and we do partial search then it gives pagination even when number of modules 
are 7.
2.On Policy Listing Page, we don't have partial search for users and groups.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
 7583864 
  
security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
 57cc694 


Diff: https://reviews.apache.org/r/65829/diff/1/


Testing
---

1.Tested on permission listing module: to show proper results even after 
applying filters.
2.Tested for all allowed filters on policy listing page, verified results after 
applying filters for user's name and group name  .


Thanks,

Fatima Khan

Review Request 65729: RANGER-1982 : Improve Error handling in analytical metrics of ranger admin and ranger kms

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65729/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-1982
https://issues.apache.org/jira/browse/RANGER-1982


Repository: ranger


Description
---

Improve Error handling in analytical metrics of ranger admin and ranger kms


Diffs
-

  embeddedwebserver/scripts/ranger-admin-services.sh e902f73 
  kms/scripts/ranger-kms c279bc1 


Diff: https://reviews.apache.org/r/65729/diff/1/


Testing
---

Tested with all the combination of commands possible for analytics metric.


Thanks,

Fatima Khan

Re: Review Request 62713: RANGER 1818: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

> On Oct. 2, 2017, 5:44 p.m., Alejandro Fernandez wrote:
> > unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
> > Line 117 (original), 117 (patched)
> > <https://reviews.apache.org/r/62713/diff/1/?file=1841324#file1841324line117>
> >
> > Put a space after the ","

This patch has been committed.  Will get that improvement in next patch


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62713/#review186857
---


On Sept. 30, 2017, 10:17 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62713/
> ---
> 
> (Updated Sept. 30, 2017, 10:17 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1818
> https://issues.apache.org/jira/browse/RANGER-1818
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.Instead of printing the entire object we are printing only 
> the error message that gives clear information about the error.
> 
> 
> Diffs
> -
> 
>   
> unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java
>  0b3d2e6 
>   
> unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
>  20ced89 
> 
> 
> Diff: https://reviews.apache.org/r/62713/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Tested SSO Authentication
> 2.Junit test was successful
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 62709: RANGER-1817 : Audit to Solr fails to log when the number of columns are in large number

[Fatima Khan]

> On Sept. 30, 2017, 4:24 p.m., Ramesh Mani wrote:
> > security-admin/contrib/solr_for_audit_setup/conf/managed-schema
> > Lines 32 (patched)
> > <https://reviews.apache.org/r/62709/diff/1/?file=1841268#file1841268line32>
> >
> > We need to have a default value for this config in ranger, which can be 
> > overridden.
> > 
> > Default can be a much less value say 100, which can be rendered on UI 
> > without any performance issue.

Currently we are not exposing any properties in Ranger. This will be a new 
feature.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62709/#review186786
-------


On Sept. 30, 2017, 6:26 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62709/
> ---
> 
> (Updated Sept. 30, 2017, 6:26 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1817
> https://issues.apache.org/jira/browse/RANGER-1817
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Audit to Solr fails to log when the number of columns are in large number. 
> This is due to Solr has a hard limit on solr.StrField and if this string is 
> exceeding max length 32766, it throws exception which causes the audit to 
> fail. To overcome this we need to trip this in Audit records and the best 
> place to do it is in solr schema for ranger-audits.
> 
> For this we need to change the file managed_schema in ranger and commit it to 
> zookeeper.
> Change required in the managed_schema file is, find the following in the 
> managed_schema file and add this param to limit the length to 2500 max.
> 
> 
> Diffs
> -
> 
>   security-admin/contrib/solr_for_audit_setup/conf/managed-schema ee1d894 
> 
> 
> Diff: https://reviews.apache.org/r/62709/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Tested Ranger installation
> 2.Junit test was successful
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Review Request 62713: RANGER 1818: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62713/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1818
https://issues.apache.org/jira/browse/RANGER-1818


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on the last 
commit made.Instead of printing the entire object we are printing only the 
error message that gives clear information about the error.


Diffs
-

  
unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java
 0b3d2e6 
  
unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
 20ced89 


Diff: https://reviews.apache.org/r/62713/diff/1/


Testing
---

1.Tested SSO Authentication
2.Junit test was successful


Thanks,

Fatima Khan

Review Request 61728: RANGER-1727 : Restrict password change request of external users

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61728/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1727
https://issues.apache.org/jira/browse/RANGER-1727


Repository: ranger


Description
---

Restricted the external user's password change request from ranger api
Problem Statement:
External users password is authenticated by their sync source and ranger 
database doesnt have the external users password so there is no point in giving 
the external user access to change password


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 


Diff: https://reviews.apache.org/r/61728/diff/1/


Testing
---

1.Verified that external users are not allowed to change their password with 
ranger api


Thanks,

Fatima Khan

Review Request 62709: RANGER-1817 : Audit to Solr fails to log when the number of columns are in large number

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62709/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Velmurugan Periasamy.


Bugs: RANGER-1817
https://issues.apache.org/jira/browse/RANGER-1817


Repository: ranger


Description
---

Audit to Solr fails to log when the number of columns are in large number. This 
is due to Solr has a hard limit on solr.StrField and if this string is 
exceeding max length 32766, it throws exception which causes the audit to fail. 
To overcome this we need to trip this in Audit records and the best place to do 
it is in solr schema for ranger-audits.

For this we need to change the file managed_schema in ranger and commit it to 
zookeeper.
Change required in the managed_schema file is, find the following in the 
managed_schema file and add this param to limit the length to 2500 max.


Diffs
-

  security-admin/contrib/solr_for_audit_setup/conf/managed-schema ee1d894 


Diff: https://reviews.apache.org/r/62709/diff/1/


Testing
---

1.Tested Ranger installation
2.Junit test was successful


Thanks,

Fatima Khan

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[Fatima Khan]

Hi Abhay,
 I will look into it.


On 28-Sep-2017 8:48 pm, "Abhay Kulkarni"  wrote:

Contributors/Committers,

Please review and fix as appropriate.

Thanks!
-Abhay

On 9/28/17, 12:43 AM, "scan-ad...@coverity.com" 
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>6 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 1 of 1 defect(s)
>
>
>** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>
>
>__
>__
>*** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>385if (oldUserProfile != null && password != null
>386&& 
>password.equals(hiddenPasswordString))
{
>387vXPortalUser.setPassword(
oldUserProfile.getPassword());
>388}
>389 else if(password != null){
>390 validatePassword(vXUser);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>391 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>392
>vXPortalUser.setPassword(oldUserProfile.getPassword());
>393 }
>394 else if(oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP)
>395 {
>396vXPortalUser.setPassword(password);
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>444}
>445
>446// TODO I've to get the transaction log from here.
>447// There is nothing to log anything in XXUser so
far.
>448vXUser = xUserService.updateResource(vXUser);
>449vXUser.setUserRoleList(roleList);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>450 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP) {
>451vXUser.setPassword(password);
>452 }
>453 else if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>454 vXUser.setPassword(oldUserProfile.getPassword());
>455 }
>
>
>__
>__
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG
>asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t
>e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B
>gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D
>
>To manage Coverity Scan email notifications for
>"akulka...@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB
>PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC
>D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ
>KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D
>

Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62538/
---

(Updated Sept. 26, 2017, 1:39 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

Update rr based on Colm's review comment


Bugs: RANGER-1806
https://issues.apache.org/jira/browse/RANGER-1806


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.RoleBasedUserSearchUtil.java
2.TestRoleBasedUserSearchUtil.java


Diffs (updated)
-

  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 0459be6 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
 83eab7a 


Diff: https://reviews.apache.org/r/62538/diff/2/

Changes: https://reviews.apache.org/r/62538/diff/1-2/


Testing
---

1.Tested SSO Authentication
2.Junit test was successful


Thanks,

Fatima Khan

Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

> On Sept. 25, 2017, 2:08 p.m., Colm O hEigeartaigh wrote:
> > Why not just change the existing for loops to use 
> > "roleSysAdminMap.entrySet()" instead of adding an Iterator?
> 
> Fatima Khan wrote:
> In coverity scan, we had got FB.WMI_WRONG_MAP_ITERATOR issue. To solve 
> this i used roleSysAdminMap.entrySet(), if we use Iterator, then we might get 
> the same coverity issue.
> 
> Colm O hEigeartaigh wrote:
> I don't understand, the diff for this issue shows Iterator being used and 
> not entrySet?

Apologies I will update the patch and review request.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62538/#review186118
-------


On Sept. 25, 2017, 10:44 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62538/
> ---
> 
> (Updated Sept. 25, 2017, 10:44 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1806
> https://issues.apache.org/jira/browse/RANGER-1806
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice in Ranger recommended by static code analysis on
> 1.RoleBasedUserSearchUtil.java
> 2.TestRoleBasedUserSearchUtil.java
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  0459be6 
>   
> security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
>  83eab7a 
> 
> 
> Diff: https://reviews.apache.org/r/62538/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Tested SSO Authentication
> 2.Junit test was successful
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

> On Sept. 25, 2017, 2:08 p.m., Colm O hEigeartaigh wrote:
> > Why not just change the existing for loops to use 
> > "roleSysAdminMap.entrySet()" instead of adding an Iterator?

In coverity scan, we had got FB.WMI_WRONG_MAP_ITERATOR issue. To solve this i 
used roleSysAdminMap.entrySet(), if we use Iterator, then we might get the same 
coverity issue.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62538/#review186118
---


On Sept. 25, 2017, 10:44 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62538/
> ---
> 
> (Updated Sept. 25, 2017, 10:44 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1806
> https://issues.apache.org/jira/browse/RANGER-1806
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice in Ranger recommended by static code analysis on
> 1.RoleBasedUserSearchUtil.java
> 2.TestRoleBasedUserSearchUtil.java
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  0459be6 
>   
> security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
>  83eab7a 
> 
> 
> Diff: https://reviews.apache.org/r/62538/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Tested SSO Authentication
> 2.Junit test was successful
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Review Request 62567: RANGER-1727 : Ranger allows user to change an external user's password with 'null' old password

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62567/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1727
https://issues.apache.org/jira/browse/RANGER-1727


Repository: ranger


Description
---

Ranger allows user to change an external user's password with 'null' old 
password


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java cc81029 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 447aebb 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java d0fb3dc 


Diff: https://reviews.apache.org/r/62567/diff/1/


Testing
---

1.External user is not able to change the password using ranger Api's (same as 
ui).
2.Verified all the existing unit tests are passing.
3.Verified password change feature for internal users.


Thanks,

Fatima Khan

Review Request 62538: Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62538/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1806
https://issues.apache.org/jira/browse/RANGER-1806


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.RoleBasedUserSearchUtil.java
2.TestRoleBasedUserSearchUtil.java


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 0459be6 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
 83eab7a 


Diff: https://reviews.apache.org/r/62538/diff/1/


Testing
---

1.Tested SSO Authentication
2.Junit test was successful


Thanks,

Fatima Khan

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[Fatima Khan]

Hi Abhay,
I will take care of all issues related to RoleBasedUserSearchUtil.java
and TestRoleBasedUserSearchUtil.java.


*Thanks & Regards ,*

*Fatima Khan*

On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarni <akulka...@hortonworks.com>
wrote:

> Contributors/Committers,
>
> Please review and fix as appropriate.
>
> Thanks!
>
> On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com>
> wrote:
>
> >
> >Hi,
> >
> >Please find the latest report on new defect(s) introduced to Apache
> >Ranger found with Coverity Scan.
> >
> >9 new defect(s) introduced to Apache Ranger found with Coverity Scan.
> >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> >recent build analyzed by Coverity Scan.
> >
> >New defect(s) Reported-by: Coverity Scan
> >Showing 9 of 9 defect(s)
> >
> >
> >** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> >/security-admin/src/main/java/org/apache/ranger/patch/
> cliutil/RoleBasedUse
> >rSearchUtil.java: 159 in
> >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOnRol
> >e(java.util.List)()
> >
> >
> >___
> ___
> >__
> >*** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> >/security-admin/src/main/java/org/apache/ranger/patch/
> cliutil/RoleBasedUse
> >rSearchUtil.java: 159 in
> >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOnRol
> >e(java.util.List)()
> >153 }
> >154 }
> >155 }
> >156 if (MapUtils.isEmpty(
> >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) &&
> >MapUtils.isEmpty(roleUserMap)) {
> >157 System.out.println("users
> >with given user role are not there");
> >158 logger.error("users with
> >given user role are not there");
> >>>> CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> >>>>
> >>>>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOn
> >>>>Role(List) invokes System.exit(...), which shuts down the entire
> >>>>virtual machine.
> >159 System.exit(1);
> >160 } else {
> >161 if
> >(!MapUtils.isEmpty(roleSysAdminMap)) {
> >162 for (String key :
> >roleSysAdminMap.keySet()) {
> >163
> >System.out.println(roleSysAdminMap.get(key) + " : " + key);
> >164 }
> >
> >** CID 167208:  Incorrect expression  (USELESS_CALL)
> >
> >
> >___
> ___
> >__
> >*** CID 167208:  Incorrect expression  (USELESS_CALL)
> >/security-admin/src/test/java/org/apache/ranger/patch/
> cliutil/TestRoleBase
> >dUserSearchUtil.java: 89 in
> >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.
> TestGetUsersBa
> >sedOnRole()()
> >83
> >84
> >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
> >85
> >Mockito.when(xXPortalUserDao.findByRole(RangerConstants.
> ROLE_SYS_ADMIN)).t
> >henReturn(listXXPortalUser);
> >86
> >87
> >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
> >88
> >>>> CID 167208:  Incorrect expression  (USELESS_CALL)
> >>>> Calling
> >>>>"(org.apache.ranger.db.RangerDaoManager)org.mockito.
> Mockito.verify(daoM
> >>>>gr).getXXPortalUser()" is only useful for its return value, which is
> >>>>ignored.
> >89Mockito.verify(daoMgr).getXXPortalUser();
> >90
> >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_
> ADMIN)
> >;
> >91
> >92} catch(Exception e) {
> >93fail("test failed due to: " + e.getMessage());
> >94}
> >
> >** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >/knox-agent/src/test/java/org/apache/ranger/services/
> knox/RangerAdminClien
> >tImpl.java: 63 in
> >org.apache.ranger.ser

Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

[Fatima Khan]

> On Sept. 14, 2017, 6:12 a.m., Ramesh Mani wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
> > Lines 217 (patched)
> > <https://reviews.apache.org/r/61553/diff/3/?file=1820100#file1820100line217>
> >
> > if UserRole is going to be not null 
> > do UserRole.equalsIgnoreCase(existingRole.get(0)). Verify similar check 
> > and correct it where ever needed.

userRole is a utility parameter and it can be null. In the main method, i have 
checked it against not null and the flow is different for null and not null. 
UserRole.equalsIgnoreCase(existingRole.get(0)) will execute only when userRole 
is not null.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/#review185372
-------


On Sept. 14, 2017, 4:33 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61553/
> ---
> 
> (Updated Sept. 14, 2017, 4:33 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1730
> https://issues.apache.org/jira/browse/RANGER-1730
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Actual :
> Provide utility to list user according to role.
> 
> Expected :
> Utility to list users for the given role based on thier authorization
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  PRE-CREATION 
>   
> security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml cb1aad2 
> 
> 
> Diff: https://reviews.apache.org/r/61553/diff/3/
> 
> 
> Testing
> ---
> 
> Tested on Simple against all roles
> Tested on Secure against all roles
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/
---

(Updated Sept. 15, 2017, 10:17 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1730
https://issues.apache.org/jira/browse/RANGER-1730


Repository: ranger


Description
---

Actual :
Provide utility to list user according to role.

Expected :
Utility to list users for the given role based on thier authorization


Diffs (updated)
-

  security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
 PRE-CREATION 
  src/main/assembly/admin-web.xml cb1aad2 


Diff: https://reviews.apache.org/r/61553/diff/4/

Changes: https://reviews.apache.org/r/61553/diff/3-4/


Testing
---

Tested on Simple against all roles
Tested on Secure against all roles


Thanks,

Fatima Khan

Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/
---

(Updated Sept. 14, 2017, 4:33 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1730
https://issues.apache.org/jira/browse/RANGER-1730


Repository: ranger


Description
---

Actual :
Provide utility to list user according to role.

Expected :
Utility to list users for the given role based on thier authorization


Diffs (updated)
-

  security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
 PRE-CREATION 
  src/main/assembly/admin-web.xml cb1aad2 


Diff: https://reviews.apache.org/r/61553/diff/3/

Changes: https://reviews.apache.org/r/61553/diff/2-3/


Testing
---

Tested on Simple against all roles
Tested on Secure against all roles


Thanks,

Fatima Khan

Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/
---

(Updated Aug. 24, 2017, 4:31 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
---

Added Unit test for RoleBaseUserSearchUtil.java


Bugs: RANGER-1730
https://issues.apache.org/jira/browse/RANGER-1730


Repository: ranger


Description
---

Actual :
Provide utility to list user according to role.

Expected :
Utility to list users for the given role based on thier authorization


Diffs (updated)
-

  security-admin/scripts/rolebaseusersearchutil.py PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBaseUserSearchUtil.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUserRole.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUserRoleList.java 
PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBaseUserSearchUtil.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/61553/diff/2/

Changes: https://reviews.apache.org/r/61553/diff/1-2/


Testing
---

Tested on Simple against all roles
Tested on Secure against all roles


Thanks,

Fatima Khan

Re: Review Request 61691: RANGER-1736 : Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61691/
---

(Updated Aug. 16, 2017, 2:03 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Summary (updated)
-

RANGER-1736 : Good coding practice in Ranger recommended by static code analysis


Bugs: RANGER-1736
https://issues.apache.org/jira/browse/RANGER-1736


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.UserMgr.java
2.XUserMgr.java
3.TestXUserMgr.java
4.LdapPolicyMgrUserGroupBuilder.java


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5a5335a 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 601af14 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 c39cc57 


Diff: https://reviews.apache.org/r/61691/diff/1/


Testing
---

1.Verified when ranger-admin connect to LDAP server than users are synchronised 
form there they got same role which is specified in usersync-side.
2.Verified unix authentication and usersync.
3.Junit test was successful


Thanks,

Fatima Khan

Re: Review Request 61692: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis *

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61692/
---

(Updated Aug. 16, 2017, 1:59 p.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1736
https://issues.apache.org/jira/browse/RANGER-1736


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.UserMgr.java
2.XUserMgr.java
3.TestXUserMgr.java
4.LdapPolicyMgrUserGroupBuilder.java


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java f27bfc1 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 676b1e3 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 6e6be72 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 9548ed4 


Diff: https://reviews.apache.org/r/61692/diff/1/


Testing
---

1.Verified when ranger-admin connect to LDAP server than users are synchronised 
form there they got same role which is specified in usersync-side.
2.Verified unix authentication and usersync.
3.Junit test was successful


Thanks,

Fatima Khan

Review Request 61692: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis *

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61692/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1705
https://issues.apache.org/jira/browse/RANGER-1705


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.UserMgr.java
2.XUserMgr.java
3.TestXUserMgr.java
4.LdapPolicyMgrUserGroupBuilder.java


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java f27bfc1 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 676b1e3 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 6e6be72 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 9548ed4 


Diff: https://reviews.apache.org/r/61692/diff/1/


Testing
---

1.Verified when ranger-admin connect to LDAP server than users are synchronised 
form there they got same role which is specified in usersync-side.
2.Verified unix authentication and usersync.
3.Junit test was successful


Thanks,

Fatima Khan

Review Request 61691: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61691/
---

Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1705
https://issues.apache.org/jira/browse/RANGER-1705


Repository: ranger


Description
---

Good coding practice in Ranger recommended by static code analysis on
1.UserMgr.java
2.XUserMgr.java
3.TestXUserMgr.java
4.LdapPolicyMgrUserGroupBuilder.java


Diffs
-

  security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5a5335a 
  security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 601af14 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 c39cc57 


Diff: https://reviews.apache.org/r/61691/diff/1/


Testing
---

1.Verified when ranger-admin connect to LDAP server than users are synchronised 
form there they got same role which is specified in usersync-side.
2.Verified unix authentication and usersync.
3.Junit test was successful


Thanks,

Fatima Khan

Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

[Fatima Khan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1730
https://issues.apache.org/jira/browse/RANGER-1730


Repository: ranger


Description
---

Actual :
Provide utility to list user according to role.

Expected :
Utility to list users for the given role based on thier authorization


Diffs
-

  security-admin/scripts/rolebaseusersearchutil.py PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBaseUserSearchUtil.java
 PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUserRole.java 
PRE-CREATION 
  security-admin/src/main/java/org/apache/ranger/view/VXUserRoleList.java 
PRE-CREATION 


Diff: https://reviews.apache.org/r/61553/diff/1/


Testing
---

Tested on Simple against all roles
Tested on Secure against all roles


Thanks,

Fatima Khan

Re: Request to make me contributor in Apache Ranger

[Fatima Khan]

Thanks a lot, Madhan.

On 26-Jun-2017 1:13 pm, "Madhan Neethiraj" <mad...@apache.org> wrote:

> Fatima,
>
> Done. Welcome to Apache Ranger community!
>
> Thanks,
> Madhan
>
>
>
>
> On 6/23/17, 6:11 AM, "Fatima Khan" <fatimakhan4...@gmail.com> wrote:
>
> Rangers:
>
> As I have been involved in the Apache Ranger project for a while now,
> Can
> you please add me as a contributor to the project ?
>
>
>
> *Thanks & Regards ,*
>
> *Fatima Khan*
>
>
>
>