Re: Review Request 71718: RANGER-2635 : Backport hadoop-kms changes in ranger-kms
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71718/ --- (Updated Nov. 5, 2019, 2:33 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2635 https://issues.apache.org/jira/browse/RANGER-2635 Repository: ranger Description --- Backported hadoop-kms changes in ranger-kms to support hadoop 3.1 Diffs - kms/dev-support/findbugsExcludeFile.xml bc92ed7 kms/pom.xml 12c0002 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java ff2f6d9 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 053d7e4 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuditLogger.java PRE-CREATION kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java c818ce5 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSConfiguration.java 4bf2886 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java ae24e5b kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/SimpleKMSAuditLogger.java PRE-CREATION kms/src/main/resources/log4j-kmsaudit.properties cca6941 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSACLs.java 3ff48d0 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java ced8610 kms/src/test/resources/kms/kms-site.xml 5f2575a plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizerTest.java 647f431 pom.xml 2140028 Diff: https://reviews.apache.org/r/71718/diff/1/ Testing --- Tested all the operations related to ranger-kms Thanks, Fatima Khan
Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71713/ --- (Updated Nov. 5, 2019, 12:32 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-2616 https://issues.apache.org/jira/browse/RANGER-2616 Repository: ranger Description --- Currently when an encryption zone (EZ) key is rotated, it only takes effect on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key rotation, for improved security. Diffs (updated) - kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java 854c831 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 56d25d2 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java cdca8e1 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 2b85276 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java 24af81b kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 501ee30 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java bd35a6b kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 04daeee Diff: https://reviews.apache.org/r/71713/diff/2/ Changes: https://reviews.apache.org/r/71713/diff/1-2/ Testing --- Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ key rotation works fine. Thanks, Fatima Khan
Re: Review Request 71713: RANGER-2616: Add reencryptEncryptedKey, batch reencryption interface to KMS and improve logs
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71713/ --- (Updated Nov. 5, 2019, 6:53 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-2616 https://issues.apache.org/jira/browse/RANGER-2616 Repository: ranger Description --- Currently when an encryption zone (EZ) key is rotated, it only takes effect on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key rotation, for improved security. Diffs - kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/EagerKeyGeneratorKeyProviderCryptoExtension.java 854c831 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java 04cc984 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAudit.java 56d25d2 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java cdca8e1 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJSONReader.java 2b85276 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSServerJSONUtils.java 24af81b kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java 501ee30 kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java bd35a6b kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java 04daeee Diff: https://reviews.apache.org/r/71713/diff/1/ Testing --- Tested the CRUD operations related to keys and re-encrypt EDEKs after the EZ key rotation works fine. Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 10, 2019, 10:22 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/7/ Changes: https://reviews.apache.org/r/71565/diff/6-7/ Testing (updated) --- Getting the desired json { "data":{ "jvm":{ "JVM Machine Actual Name":"OpenJDK 64-Bit Server VM", "version":"25.222-b10", "JVM Machine Representation Name":"27693@fipl5", "Up time of JVM":9036, "JVM Vendor Name":"Private Build", "os.spec":"Linux, amd64, 4.15.0-65-generic", "os.vcpus":"4", "memory":{ "heapInit":"1073741824", "heapMax":"1024983040", "heapCommitted":"1024983040", "heapUsed":"245119288", "nonHeapInit":"2555904", "nonHeapMax":"662700032", "nonHeapCommitted":"101842944", "nonHeapUsed":"100077808", "memory_pool_usages":{ "PS Eden Space":{ "init":268435456, "used":206599792, "committed":260046848, "max":261619712 }, "PS Survivor Space":{ "init":44564480, "used":30648600, "committed":48758784, "max":48758784 }, "PS Old Gen":{ "init":716177408, "used":7870896, "committed":716177408, "max":716177408 } } } } } } Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 7, 2019, 5:47 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/6/ Testing (updated) --- Getting the desired json { "data": { "jvm": { "os.spec": "Linux, amd64, 4.15.0-65-generic", "os.vcpus": "4", "memory": { "heapInit": "1073741824", "heapMax": "1024983040", "heapCommitted": "1024983040", "heapUsed": "284762328", "nonHeapInit": "2555904", "nonHeapMax": "662700032", "nonHeapCommitted": "102694912", "nonHeapUsed": "98983000", "memory_pool_usages": { "PS Eden Space": { "init": 268435456, "used": 246715792, "committed": 260046848, "max": 261619712 }, "PS Survivor Space": { "init": 44564480, "used": 30075104, "committed": 48758784, "max": 48758784 }, "PS Old Gen": { "init": 716177408, "used": 7971432, "committed": 716177408, "max": 716177408 } } } }, "vm": { "JVM Machine Actual Name": "OpenJDK 64-Bit Server VM", "version": "25.222-b10", "JVM Machine Representation Name": "15526@fipl5", "Up time of JVM": 10414, "JVM Vendor Name": "Private Build" } } } Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 7, 2019, 12:03 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/6/ Changes: https://reviews.apache.org/r/71565/diff/5-6/ Testing --- Getting the desired json Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 7, 2019, 11:55 a.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerMetrics.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerMetricsUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/5/ Changes: https://reviews.apache.org/r/71565/diff/4-5/ Testing --- Getting the desired json Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 4, 2019, 1:28 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Changes --- Added license in RangerJVMMetricDef.java Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/4/ Changes: https://reviews.apache.org/r/71565/diff/3-4/ Testing --- Getting the desired json Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 4, 2019, 1:05 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/3/ Testing --- Getting the desired json Thanks, Fatima Khan
Re: Review Request 71565: RANGER-2589 : Introduce Ranger API to return Ranger's JVM resource status metric
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71565/ --- (Updated Oct. 4, 2019, 1:04 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2589 https://issues.apache.org/jira/browse/RANGER-2589 Repository: ranger Description --- Important JVM attributes can be returned via Ranger REST API : heap memory usage GC time # of open threads # of open file descriptors Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerJVMMetricDef.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/rest/MetricsREST.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/util/RangerJVMMetricUtil.java PRE-CREATION security-admin/src/main/resources/conf.dist/security-applicationContext.xml 672d4a6 Diff: https://reviews.apache.org/r/71565/diff/3/ Testing --- Getting the desired json Thanks, Fatima Khan
Re: Review Request 71563: RANGER-2597 :Allow auditor role user to get details of services and policies from public API
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71563/ --- (Updated Oct. 1, 2019, 12:16 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Selvamohan Neethiraj. Bugs: RANGER-2597 https://issues.apache.org/jira/browse/RANGER-2597 Repository: ranger Description --- Allow auditor role user to get details of services and policies from public API Diffs - security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 673902d Diff: https://reviews.apache.org/r/71563/diff/1/ Testing --- Auditor role user's are allowed to get details of services and policies from public API and forbidden from creating, updating and deleting the policies. Thanks, Fatima Khan
Re: Review Request 71495: RANGER-2570 : Handling the pop up of policy details on Ranger Access audit log row
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71495/ --- (Updated Sept. 19, 2019, 1:30 p.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-2570 https://issues.apache.org/jira/browse/RANGER-2570 Repository: ranger Description --- Issue on pop up of policy details of ranger access audit log row. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java ced9ea8 security-admin/src/main/webapp/scripts/models/RangerPolicy.js cd873b3 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js af024e2 security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js 31fc7c1 security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 6a1c7c2 Diff: https://reviews.apache.org/r/71495/diff/2/ Changes: https://reviews.apache.org/r/71495/diff/1-2/ Testing --- The policy details get popped up. Thanks, Fatima Khan
Review Request 71495: RANGER-2570 : Handling the pop up of policy details on Ranger Access audit log row
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71495/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-2570 https://issues.apache.org/jira/browse/RANGER-2570 Repository: ranger Description --- Issue on pop up of policy details of ranger access audit log row. Diffs - security-admin/src/main/java/org/apache/ranger/service/RangerDataHistService.java ced9ea8 security-admin/src/main/webapp/scripts/models/RangerPolicy.js cd873b3 Diff: https://reviews.apache.org/r/71495/diff/1/ Testing --- The policy details get popped up. Thanks, Fatima Khan
Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71015/ --- (Updated July 10, 2019, 10:59 a.m.) Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2490 https://issues.apache.org/jira/browse/RANGER-2490 Repository: ranger Description --- Add https support while using Solr API to upload config set Diffs (updated) - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java 02a3f6c Diff: https://reviews.apache.org/r/71015/diff/3/ Changes: https://reviews.apache.org/r/71015/diff/2-3/ Testing --- Tested Below Scenario in Ranger with https support 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set
> On July 8, 2019, noon, Oliver Szabo wrote: > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > > Line 309 (original), 313 (patched) > > <https://reviews.apache.org/r/71015/diff/2/?file=2153883#file2153883line313> > > > > instead of concat strings multiple times you can do something like > > (with including the config name as well): > > > > ```java > > String protocol = "https" ? isSSLEnabled : "http" > > String uploadConfigsUrl = > > String.format("%s://%s//admin/configs?action=UPLOAD=%s", protocol, > > baseUrl.toString(), solr_config_name) > > ``` > > Fatima Khan wrote: > Did u mean this > String protocol = isSSLEnabled ? "https": "http"; > String uploadConfigsUrl = > String.format("%s://%s/admin/configs?action=UPLOAD=", protocol, > baseUrl.toString()); Did u mean this String protocol = isSSLEnabled ? "https": "http"; String uploadConfigsUrl = String.format("%s://%s/admin/configs?action=UPLOAD=%s", protocol, baseUrl.toString(),solr_config_name); postDataAndGetResponse(solrCloudClient,uploadConfigsUrl ,byteBuffer); - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71015/#review216415 --- On July 8, 2019, 6:51 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71015/ > --- > > (Updated July 8, 2019, 6:51 a.m.) > > > Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-2490 > https://issues.apache.org/jira/browse/RANGER-2490 > > > Repository: ranger > > > Description > --- > > Add https support while using Solr API to upload config set > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > 02a3f6c > > > Diff: https://reviews.apache.org/r/71015/diff/2/ > > > Testing > --- > > Tested Below Scenario in Ranger with https support > 1.Solr configuration were uploaded successfully > 2.Solr collections were created successfully > > > Thanks, > > Fatima Khan > >
Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set
> On July 8, 2019, noon, Oliver Szabo wrote: > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > > Line 309 (original), 313 (patched) > > <https://reviews.apache.org/r/71015/diff/2/?file=2153883#file2153883line313> > > > > instead of concat strings multiple times you can do something like > > (with including the config name as well): > > > > ```java > > String protocol = "https" ? isSSLEnabled : "http" > > String uploadConfigsUrl = > > String.format("%s://%s//admin/configs?action=UPLOAD=%s", protocol, > > baseUrl.toString(), solr_config_name) > > ``` Did u mean this String protocol = isSSLEnabled ? "https": "http"; String uploadConfigsUrl = String.format("%s://%s/admin/configs?action=UPLOAD=", protocol, baseUrl.toString()); - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71015/#review216415 --- On July 8, 2019, 6:51 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71015/ > --- > > (Updated July 8, 2019, 6:51 a.m.) > > > Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-2490 > https://issues.apache.org/jira/browse/RANGER-2490 > > > Repository: ranger > > > Description > --- > > Add https support while using Solr API to upload config set > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > 02a3f6c > > > Diff: https://reviews.apache.org/r/71015/diff/2/ > > > Testing > --- > > Tested Below Scenario in Ranger with https support > 1.Solr configuration were uploaded successfully > 2.Solr collections were created successfully > > > Thanks, > > Fatima Khan > >
Re: Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71015/ --- (Updated July 8, 2019, 6:51 a.m.) Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2490 https://issues.apache.org/jira/browse/RANGER-2490 Repository: ranger Description --- Add https support while using Solr API to upload config set Diffs (updated) - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java 02a3f6c Diff: https://reviews.apache.org/r/71015/diff/2/ Changes: https://reviews.apache.org/r/71015/diff/1-2/ Testing --- Tested Below Scenario in Ranger with https support 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Review Request 71015: RANGER-2490:Add https support while using Solr API to upload config set
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71015/ --- Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2490 https://issues.apache.org/jira/browse/RANGER-2490 Repository: ranger Description --- Add https support while using Solr API to upload config set Diffs - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java 02a3f6c Diff: https://reviews.apache.org/r/71015/diff/1/ Testing --- Tested Below Scenario in Ranger with https support 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)
> On June 26, 2019, 7:36 p.m., Oliver Szabo wrote: > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > > Lines 309 (patched) > > <https://reviews.apache.org/r/70932/diff/2/?file=2152058#file2152058line309> > > > > what about "https"? > > Pradeep Agrawal wrote: > I have created RANGER-2490 Yes we will be handling that in RANGER-2490 - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70932/#review216158 ------- On June 27, 2019, 5:11 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70932/ > --- > > (Updated June 27, 2019, 5:11 a.m.) > > > Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep > Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-2482 > https://issues.apache.org/jira/browse/RANGER-2482 > > > Repository: ranger > > > Description > --- > > We are using Solr config set API to Upload Configuration and to Create > Collection. > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 5ef354b > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java > 8a417a0 > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > PRE-CREATION > pom.xml 5b1eb65 > src/main/assembly/solr_audit_conf.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/70932/diff/4/ > > > Testing > --- > > Tested Below Scenario in ranger > 1.Solr configuration were uploaded successfully > 2.Solr collections were created successfully > > > Thanks, > > Fatima Khan > >
Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70932/ --- (Updated June 27, 2019, 5:11 a.m.) Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2482 https://issues.apache.org/jira/browse/RANGER-2482 Repository: ranger Description --- We are using Solr config set API to Upload Configuration and to Create Collection. Diffs (updated) - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 5ef354b embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java 8a417a0 embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java PRE-CREATION pom.xml 5b1eb65 src/main/assembly/solr_audit_conf.xml PRE-CREATION Diff: https://reviews.apache.org/r/70932/diff/4/ Changes: https://reviews.apache.org/r/70932/diff/3-4/ Testing --- Tested Below Scenario in ranger 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Re: Review Request 70932: Ranger-2482: use Solr API to upload config set (during bootstrapping)
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70932/ --- (Updated June 27, 2019, 5:11 a.m.) Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Summary (updated) - Ranger-2482: use Solr API to upload config set (during bootstrapping) Bugs: RANGER-2482 https://issues.apache.org/jira/browse/RANGER-2482 Repository: ranger Description --- We are using Solr config set API to Upload Configuration and to Create Collection. Diffs (updated) - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 5ef354b embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java 8a417a0 embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java PRE-CREATION pom.xml 5b1eb65 src/main/assembly/solr_audit_conf.xml PRE-CREATION Diff: https://reviews.apache.org/r/70932/diff/3/ Changes: https://reviews.apache.org/r/70932/diff/2-3/ Testing --- Tested Below Scenario in ranger 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Re: Review Request 70932: Ranger: use Solr API to upload config set (during bootstrapping)
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70932/ --- (Updated June 25, 2019, 10:18 a.m.) Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2482 https://issues.apache.org/jira/browse/RANGER-2482 Repository: ranger Description --- We are using Solr config set API to Upload Configuration and to Create Collection. Diffs (updated) - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 5ef354b embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java 8a417a0 embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java PRE-CREATION pom.xml 5b1eb65 src/main/assembly/solr_audit_conf.xml PRE-CREATION Diff: https://reviews.apache.org/r/70932/diff/2/ Changes: https://reviews.apache.org/r/70932/diff/1-2/ Testing --- Tested Below Scenario in ranger 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Review Request 70932: Ranger: use Solr API to upload config set (during bootstrapping)
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70932/ --- Review request for ranger, Gautam Borad, Kevin Risden, Oliver Szabo, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-2482 https://issues.apache.org/jira/browse/RANGER-2482 Repository: ranger Description --- We are using Solr config set API to Upload Configuration and to Create Collection. Diffs - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBoostrapper.java 8a417a0 pom.xml 5b1eb65 src/main/assembly/ranger_audits_new.xml PRE-CREATION Diff: https://reviews.apache.org/r/70932/diff/1/ Testing --- Tested Below Scenario in ranger 1.Solr configuration were uploaded successfully 2.Solr collections were created successfully Thanks, Fatima Khan
Re: Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1
> On Aug. 11, 2018, 5:20 a.m., bhavik patel wrote: > > @fatima : I think similar changes also required for postgres database. @Bhavik Data type MEDIUMTEXT of mysql is equivalent to Text data type of postgress. Currently in postgress we use Text data type for content column in x_data_hist table. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68293/#review207108 --- On Aug. 10, 2018, 1:22 p.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68293/ > --- > > (Updated Aug. 10, 2018, 1:22 p.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2114 > https://issues.apache.org/jira/browse/RANGER-2114 > > > Repository: ranger > > > Description > --- > > An attempt to delete a service definition ends with: > > // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: > Data too long for column 'content' at row 1 > Error Code: 1406 > Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, > obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) > VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) > bind = [11 parameters bound] > > > Diffs > - > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba > security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION > > > Diff: https://reviews.apache.org/r/68293/diff/1/ > > > Testing > --- > > Tested the following > 1.In fresh install and upgrade scenario. > 2.Checked the data type of x_data_hist is changed from text to mediumtext. > > > Thanks, > > Fatima Khan > >
Review Request 68293: RANGER-2114 : Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68293/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2114 https://issues.apache.org/jira/browse/RANGER-2114 Repository: ranger Description --- An attempt to delete a service definition ends with: // Internal Exception: com.mysql.jdbc.MysqlDataTruncation: Data truncation: Data too long for column 'content' at row 1 Error Code: 1406 Call: INSERT INTO x_data_hist (action, content, CREATE_TIME, from_time, obj_class_type, obj_guid, obj_id, obj_name, to_time, UPDATE_TIME, version) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) bind = [11 parameters bound] Diffs - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 9d200ba security-admin/db/mysql/patches/034-x_data_histContentSize.sql PRE-CREATION Diff: https://reviews.apache.org/r/68293/diff/1/ Testing --- Tested the following 1.In fresh install and upgrade scenario. 2.Checked the data type of x_data_hist is changed from text to mediumtext. Thanks, Fatima Khan
Review Request 68031: RANGER-2138 : Add unit tests for org.apache.ranger.service package
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68031/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2138 https://issues.apache.org/jira/browse/RANGER-2138 Repository: ranger Description --- Add unit tests for org.apache.ranger.service package Diffs - security-admin/src/test/java/org/apache/ranger/service/TestXAccessAuditService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXAssetService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXAuditMapService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXGroupPermissionService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXGroupService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXGroupUserService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestXPermMapService.java PRE-CREATION Diff: https://reviews.apache.org/r/68031/diff/1/ Testing --- Tested with below two type 1.eclipse->Run as->Junit Test 2.mvn test Thanks, Fatima Khan
Review Request 67687: RANGER-2138 : Add unit tests for org.apache.ranger.service package
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67687/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2138 https://issues.apache.org/jira/browse/RANGER-2138 Repository: ranger Description --- Add unit tests for org.apache.ranger.service package Diffs - security-admin/src/test/java/org/apache/ranger/service/TestAuthSessionService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerAuditFields.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerDataHistService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerPluginActivityLogger.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceWithAssignedIdService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerTagResourceMapService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerTagService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestRangerTransactionService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/TestUserService.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/service/filter/TestRangerRESTAPIFilter.java PRE-CREATION Diff: https://reviews.apache.org/r/67687/diff/1/ Testing --- Tested with below two type 1.eclipse->Run as->Junit Test 2.mvn test Thanks, Fatima Khan
Review Request 67319: RANGER-2113 : Improve error handling when of change password process gets killed.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67319/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2113 https://issues.apache.org/jira/browse/RANGER-2113 Repository: ranger Description --- Improve error handling when of change password process gets killed by exiting the setup. Diffs - security-admin/scripts/db_setup.py f123dff security-admin/scripts/setup.sh 76baa4c Diff: https://reviews.apache.org/r/67319/diff/1/ Testing --- 1) Verified error handling : setup fails if x_db_version_h table has N as value for any of the 4 user's patch. 2) Also verified : Successfull installation of Ranger if patch values are cleared in x_db_version_h table. Thanks, Fatima Khan
Review Request 67181: RANGER-2106 : Keyadmin is not able to see 'Audit tab' and 'User tab' by default.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67181/ --- Review request for ranger. Bugs: RANGER-2106 https://issues.apache.org/jira/browse/RANGER-2106 Repository: ranger Description --- Keyadmin user is not able to see audit and user tab by default when consolidated db schema executes. Diffs - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 23c3562 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql eb12d56 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql f60ad5c security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 91f7b7a security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 28c89dc Diff: https://reviews.apache.org/r/67181/diff/1/ Testing --- Tested that Keyadmin gets by default access to users/groups tab and Audit tab Thanks, Fatima Khan
Review Request 67056: RANGER-2100 : REST API to get count of total services, policies, users, groups and various mapping.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67056/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2100 https://issues.apache.org/jira/browse/RANGER-2100 Repository: ranger Description --- This API will get the details analytics for the following 1. Count of Services created for each type of service 2. Number of policies by Service Types along with Service Name: # of resource policies, tag-based policies, masking policies, row filtering policies 3. Number of Audit Events by Service Type: size of solr index, number of denial events and number of access events 4. Number of groups and users synced 5. Policy DB type and version: MySQL, Oracle.. 6. Context enrichers: Number and type used. 7. Count of Deny conditions for resources. Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java c819ea4 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 2181913 security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java 0f96453 security-admin/src/main/java/org/apache/ranger/view/VXMetricPolicyWithServiceNameCount.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/VXMetricServiceNameCount.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 28651cf security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b1417d7 Diff: https://reviews.apache.org/r/67056/diff/1/ Testing --- Tested with all the combination of curl commands possible for analytics. Thanks, Fatima Khan
Re: Review Request 66867: RANGER-2083 : Restrict KMS audit events to KMS related users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66867/ --- (Updated May 9, 2018, 7:09 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2083 https://issues.apache.org/jira/browse/RANGER-2083 Repository: ranger Description --- Only Keyadmin and KMS Auditor role users should be able to see KMS related audit logs. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b7e045d security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 7dcb074 security-admin/src/main/webapp/scripts/utils/XAEnums.js 6e101bf security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b3da7b5 Diff: https://reviews.apache.org/r/66867/diff/3/ Changes: https://reviews.apache.org/r/66867/diff/2-3/ Testing --- Testing done by checking that only Keyadmin and KMS Auditor role users are be able to see KMS related audit logs. Thanks, Fatima Khan
Re: Review Request 66867: RANGER-2083 : Restrict KMS audit events to KMS related users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66867/ --- (Updated May 7, 2018, 9:29 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Summary (updated) - RANGER-2083 : Restrict KMS audit events to KMS related users only Bugs: RANGER-2083 https://issues.apache.org/jira/browse/RANGER-2083 Repository: ranger Description --- Only Keyadmin and KMS Auditor role users should be able to see KMS related audit logs. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b7e045d security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 7dcb074 security-admin/src/main/webapp/scripts/utils/XAEnums.js 6e101bf security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b3da7b5 Diff: https://reviews.apache.org/r/66867/diff/2/ Changes: https://reviews.apache.org/r/66867/diff/1-2/ Testing --- Testing done by checking that only Keyadmin and KMS Auditor role users are be able to see KMS related audit logs. Thanks, Fatima Khan
Review Request 66867: RANGER-2083 : Resctict KMS audit events to KMS related users only
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66867/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2083 https://issues.apache.org/jira/browse/RANGER-2083 Repository: ranger Description --- Only Keyadmin and KMS Auditor role users should be able to see KMS related audit logs. Diffs - security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java a0477fb security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java 5cbe47a security-admin/src/main/java/org/apache/ranger/service/XAccessAuditService.java 4c8ed83 security-admin/src/main/java/org/apache/ranger/solr/SolrAccessAuditsService.java 7dcb074 Diff: https://reviews.apache.org/r/66867/diff/1/ Testing --- Testing done by checking that only Keyadmin and KMS Auditor role users are be able to see KMS related audit logs. Thanks, Fatima Khan
Review Request 66796: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66796/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2041 https://issues.apache.org/jira/browse/RANGER-2041 Repository: ranger Description --- We are making default password mandatory during fresh ranger install. Diffs - security-admin/scripts/db_setup.py 2cbe665 security-admin/scripts/dba_script.py 4a57bba security-admin/scripts/setup.sh 45bc918 Diff: https://reviews.apache.org/r/66796/diff/1/ Testing --- Tested the validation for all password combinations in manual install. Thanks, Fatima Khan
Re: Review Request 66684: RANGER-2070 : Ranger Storm service creation fails
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66684/ --- (Updated April 19, 2018, 2:34 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2070 https://issues.apache.org/jira/browse/RANGER-2070 Repository: ranger Description --- In latest ranger when tried to enable plugin for Storm, ranger service creation fails. Found below in Ranger-Admin logs. 2018-04-07 09:48:53,132 [http-bio-6080-exec-4] INFO apache.ranger.security.web.filter.RangerKRBAuthenticationFilter (RangerKRBAuthenticationFilter.java:220) - Logged into Ranger as = storm-rangerstorm 2018-04-07 09:48:53,136 [http-bio-6080-exec-4] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:84) - Request failed. loginId=null, logMessage=Bad Credentials javax.ws.rs.WebApplicationException at org.apache.ranger.common.RESTErrorUtil.generateRESTException(RESTErrorUtil.java:77) at org.apache.ranger.biz.RangerBizUtil.blockAuditorRoleUser(RangerBizUtil.java:1637) at org.apache.ranger.biz.UserMgr.addUserRole(UserMgr.java:981) at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:167) at org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke() at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669) at org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$f11ad8ab.createUser() at org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2225) Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java acdfd2e security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ad806fb security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 307f435 Diff: https://reviews.apache.org/r/66684/diff/2/ Changes: https://reviews.apache.org/r/66684/diff/1-2/ Testing --- 1.Storm Service is getting created 2.Auditor and KMS Auditor Role user are blocked from the respective Api's Thanks, Fatima Khan
Review Request 66684: RANGER-2070 : Ranger Storm service creation fails
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66684/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2070 https://issues.apache.org/jira/browse/RANGER-2070 Repository: ranger Description --- In latest ranger when tried to enable plugin for Storm, ranger service creation fails. Found below in Ranger-Admin logs. 2018-04-07 09:48:53,132 [http-bio-6080-exec-4] INFO apache.ranger.security.web.filter.RangerKRBAuthenticationFilter (RangerKRBAuthenticationFilter.java:220) - Logged into Ranger as = storm-rangerstorm 2018-04-07 09:48:53,136 [http-bio-6080-exec-4] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:84) - Request failed. loginId=null, logMessage=Bad Credentials javax.ws.rs.WebApplicationException at org.apache.ranger.common.RESTErrorUtil.generateRESTException(RESTErrorUtil.java:77) at org.apache.ranger.biz.RangerBizUtil.blockAuditorRoleUser(RangerBizUtil.java:1637) at org.apache.ranger.biz.UserMgr.addUserRole(UserMgr.java:981) at org.apache.ranger.biz.UserMgr.createUser(UserMgr.java:167) at org.apache.ranger.biz.UserMgr$$FastClassBySpringCGLIB$$3bbcf0cf.invoke() at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:669) at org.apache.ranger.biz.UserMgr$$EnhancerBySpringCGLIB$$f11ad8ab.createUser() at org.apache.ranger.biz.XUserMgr.createServiceConfigUser(XUserMgr.java:2225) Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java acdfd2e security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ad806fb Diff: https://reviews.apache.org/r/66684/diff/1/ Testing --- 1.Storm Service is getting created 2.Auditor and KMS Auditor Role user are blocked from the respective Api's Thanks, Fatima Khan
Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66304/ --- (Updated April 7, 2018, 12:27 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2041 https://issues.apache.org/jira/browse/RANGER-2041 Repository: ranger Description --- Currently, when Ranger is installed admin,keyadmin, rangerusersync, rangertagsync users are seeded users and they are configurable during the install process. This task is to provide a facility to add validations to the admin users password during ranger install.Python doesn’t support ‘ " \ ` so these characters will not be supported during update of default password of seeded users in manual install. Diffs (updated) - security-admin/scripts/changepasswordutil.py 95bd613 security-admin/scripts/db_setup.py 83ccc32 security-admin/scripts/dba_script.py d5eaaf0 security-admin/scripts/install.properties 8128678 security-admin/scripts/setup.sh f79a79e security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java e7a4035 Diff: https://reviews.apache.org/r/66304/diff/2/ Changes: https://reviews.apache.org/r/66304/diff/1-2/ Testing --- Tested the validation for all password combinations. Thanks, Fatima Khan
Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.
> On April 4, 2018, 5:36 a.m., Qiang Zhang wrote: > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java > > Lines 149-151 (patched) > > <https://reviews.apache.org/r/66304/diff/1/?file=1989008#file1989008line149> > > > > The code does not check the length of the newPassword variable. The regular expression has the validation in which the length of passsword should be minimum 8 characters. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66304/#review200422 --- On April 4, 2018, 6:43 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66304/ > --- > > (Updated April 4, 2018, 6:43 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: RANGER-2041 > https://issues.apache.org/jira/browse/RANGER-2041 > > > Repository: ranger > > > Description > --- > > Currently, when Ranger is installed admin,keyadmin, rangerusersync, > rangertagsync users are seeded users and they are configurable during the > install process. This task is to provide a facility to add validations to the > admin users password during ranger install.Python doesn’t support ‘ " \ ` so > these characters will not be supported during update of default password of > seeded users in manual install. > > > Diffs > - > > security-admin/scripts/dba_script.py d5eaaf0 > security-admin/scripts/install.properties 8128678 > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java > e7a4035 > > > Diff: https://reviews.apache.org/r/66304/diff/1/ > > > Testing > --- > > Tested the validation for all password combinations. > > > Thanks, > > Fatima Khan > >
Re: Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66304/ --- (Updated April 4, 2018, 6:43 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2041 https://issues.apache.org/jira/browse/RANGER-2041 Repository: ranger Description (updated) --- Currently, when Ranger is installed admin,keyadmin, rangerusersync, rangertagsync users are seeded users and they are configurable during the install process. This task is to provide a facility to add validations to the admin users password during ranger install.Python doesn’t support ‘ " \ ` so these characters will not be supported during update of default password of seeded users in manual install. Diffs - security-admin/scripts/dba_script.py d5eaaf0 security-admin/scripts/install.properties 8128678 security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java e7a4035 Diff: https://reviews.apache.org/r/66304/diff/1/ Testing --- Tested the validation for all password combinations. Thanks, Fatima Khan
Review Request 66304: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66304/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2041 https://issues.apache.org/jira/browse/RANGER-2041 Repository: ranger Description --- Currently, when Ranger is installed admin,keyadmin, rangerusersync, rangertagsync users are seeded users and they are configurable during the install process. This task is to provide a facility to add validations to the admin users password during ranger install. Diffs - security-admin/scripts/dba_script.py d5eaaf0 security-admin/scripts/install.properties 8128678 security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java e7a4035 Diff: https://reviews.apache.org/r/66304/diff/1/ Testing --- Tested the validation for all password combinations. Thanks, Fatima Khan
Re: Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66281/ --- (Updated April 3, 2018, 5:23 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-2036 https://issues.apache.org/jira/browse/Ranger-2036 Repository: ranger Description --- >From UI : Auditor and KMS Auditor role users should be able to export policies >to Excel and CSV ONLY FROM Reports page. Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 95ee3c7 security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 3bd098d Diff: https://reviews.apache.org/r/66281/diff/1/ Testing --- Tested that Auditor and KMS Auditor role users are able to download Excel and CSV only from report page Thanks, Fatima Khan
Re: Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66301/ --- (Updated April 3, 2018, 5:23 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2040 https://issues.apache.org/jira/browse/RANGER-2040 Repository: ranger Description --- Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role. Diffs - security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java f1e18e5 security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java 345465d Diff: https://reviews.apache.org/r/66301/diff/1/ Testing --- Tested that in user/groups metric collection we are getting Auditor role users. Thanks, Fatima Khan
Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66279/ --- (Updated April 3, 2018, 5:22 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2039 https://issues.apache.org/jira/browse/RANGER-2039 Repository: ranger Description --- Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab. Diffs - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION Diff: https://reviews.apache.org/r/66279/diff/2/ Testing --- Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab Thanks, Fatima Khan
Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor
> On April 2, 2018, 5:40 a.m., Pradeep Agrawal wrote: > > security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java > > Lines 88 (patched) > > <https://reviews.apache.org/r/66279/diff/1/?file=1987381#file1987381line88> > > > > Is it okay to continue the flow if either of them is null Yes even if any one of the module object is null then it will go as per the flow and if both module's object is null then it will log an a warning and exit. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66279/#review200275 --- On April 2, 2018, 7:39 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66279/ > --- > > (Updated April 2, 2018, 7:39 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: RANGER-2039 > https://issues.apache.org/jira/browse/RANGER-2039 > > > Repository: ranger > > > Description > --- > > Currently by default users having Keyadmin or KMS auditor role doesn't get > access to Audits tab in Ranger UI, but ideally it should have audit access > right so that when we login through keyadmin and KMS Auditor we should be > able to view the KMS related audits and user/groups tab. > > > Diffs > - > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 0634776 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 70f4bcc > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > d59788c > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > f67f109 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 > > security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/66279/diff/2/ > > > Testing > --- > > Tested the by creating Auditor and KMS Auditor role user's get default access > to users/groups tab and Audit tab > > > Thanks, > > Fatima Khan > >
Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66279/ --- (Updated April 2, 2018, 7:39 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2039 https://issues.apache.org/jira/browse/RANGER-2039 Repository: ranger Description --- Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab. Diffs (updated) - security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 70f4bcc security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql d59788c security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql f67f109 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java PRE-CREATION Diff: https://reviews.apache.org/r/66279/diff/2/ Changes: https://reviews.apache.org/r/66279/diff/1-2/ Testing --- Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab Thanks, Fatima Khan
Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66301/ --- Review request for ranger. Bugs: RANGER-2040 https://issues.apache.org/jira/browse/RANGER-2040 Repository: ranger Description --- Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role. Diffs - security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java f1e18e5 security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java 345465d Diff: https://reviews.apache.org/r/66301/diff/1/ Testing --- Tested that in user/groups metric collection we are getting Auditor role users. Thanks, Fatima Khan
Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66281/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-2036 https://issues.apache.org/jira/browse/Ranger-2036 Repository: ranger Description --- >From UI : Auditor and KMS Auditor role users should be able to export policies >to Excel and CSV ONLY FROM Reports page. Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 95ee3c7 security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 3bd098d Diff: https://reviews.apache.org/r/66281/diff/1/ Testing --- Tested that Auditor and KMS Auditor role users are able to download Excel and CSV only from report page Thanks, Fatima Khan
Review Request 66280: RANGER-2038 : Handle validations for Auditor role users for Grant/revoke actions as well
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66280/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2038 https://issues.apache.org/jira/browse/RANGER-2038 Repository: ranger Description --- Handle validations for Auditor role users for Grant/revoke actions as well Diffs - security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 Diff: https://reviews.apache.org/r/66280/diff/1/ Testing --- Verified that user having Auditor role is not able to create or update policy Thanks, Fatima Khan
Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66279/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2039 https://issues.apache.org/jira/browse/RANGER-2039 Repository: ranger Description --- Currently by default users having Keyadmin or KMS auditor role doesn't get access to Audits tab in Ranger UI, but ideally it should have audit access right so that when we login through keyadmin and KMS Auditor we should be able to view the KMS related audits and user/groups tab. Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java PRE-CREATION Diff: https://reviews.apache.org/r/66279/diff/1/ Testing --- Tested the by creating Auditor and KMS Auditor role user's get default access to users/groups tab and Audit tab Thanks, Fatima Khan
Re: Review Request 65914: RANGER 1948 : Support for Read-only Ranger Admin users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/ --- (Updated March 13, 2018, 1:43 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Summary (updated) - RANGER 1948 : Support for Read-only Ranger Admin users Bugs: RANGER-1948 https://issues.apache.org/jira/browse/RANGER-1948 Repository: ranger Description --- This Jira is to cater to need of Auditor roles in Ranger Admin. We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin. * Auditor (Readonly privileges from current Admin role user ) * KMS Auditor (Readonly privileges from current Keydmin role user ) Diffs (updated) - security-admin/scripts/rolebasedusersearchutil.py d651461 security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7 security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080 security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 229863e security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0 security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 4a8d88f unixauthservice/scripts/install.properties be8723c Diff: https://reviews.apache.org/r/65914/diff/5/ Changes: https://reviews.apache.org/r/65914/diff/4-5/ Testing --- Tested scenario's: 1.Tested admin user is able to create User role user. 2.Tested admin user is able to create Auditor role user. 3.Tested admin user is not able to create kms auditor role user. 4.Tested keyadmin user is able to create kms auditor. 5.Tested auditor is able to only view policies, users, services and audits. 6.Tested kms auditor is able to only view policies, users, services, audits and keys. 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab. 8.Auditor role users are not allowed to import/export policies 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName Thanks, Fatima Khan
Re: Review Request 66036: RANGER-1496 : Excel/csv exported file should have complete details of the policy
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66036/ --- (Updated March 13, 2018, 12:04 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-1496 https://issues.apache.org/jira/browse/RANGER-1496 Repository: ranger Description --- If export of the policy is done from the Reports page in excel/csv format then we are not showing info like Isaudit enabled, delegate admin and row filter and masking condition etc . Add following fields in exported excel / csv files : * policyType * delegateAdmin * isRecursiveValue * isExcludesValue * serviceName * description * isAuditEnabled * conditionKeyValue * policyConditionTypeValue * maskingInfo * filterExpr * policyLabel Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 Diff: https://reviews.apache.org/r/66036/diff/1/ Testing --- Tested and validated the exported Excel. Tested and validated the exported CSV. Thanks, Fatima Khan
Review Request 66036: RANGER-1496 : Excel/csv exported file should have complete details of the policy
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66036/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-1496 https://issues.apache.org/jira/browse/Ranger-1496 Repository: ranger Description --- If export of the policy is done from the Reports page in excel/csv format then we are not showing info like Isaudit enabled, delegate admin and row filter and masking condition etc . Add following fields in exported excel / csv files : * policyType * delegateAdmin * isRecursiveValue * isExcludesValue * serviceName * description * isAuditEnabled * conditionKeyValue * policyConditionTypeValue * maskingInfo * filterExpr * policyLabel Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 Diff: https://reviews.apache.org/r/66036/diff/1/ Testing --- Tested and validated the exported Excel. Tested and validated the exported CSV. Thanks, Fatima Khan
Re: Review Request 65978: RANGER-2013 : Restrict updation of user source
> On March 8, 2018, 11:12 a.m., Velmurugan Periasamy wrote: > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > > Line 360 (original), 360 (patched) > > <https://reviews.apache.org/r/65978/diff/3/?file=1972508#file1972508line360> > > > > With this approach, update is not retricted, but actually succeeds. Any > > particular reason? user sync source is of int datatype which shall have default value ‘0’. Whenever user is not sending user sync source but still want to update the other fields, in that case if existing sync source is 1 then we can’t know the new sync source value 0 is explicitly set by user or not. so because of this case if we want to fail then user need to know the existing sync source and sending of sync source shall be mandatory irrespective of whether he intend to update sync source or not. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65978/#review198874 ------- On March 8, 2018, 7:18 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65978/ > --- > > (Updated March 8, 2018, 7:18 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Sailaja Polavarapu. > > > Bugs: RANGER-2013 > https://issues.apache.org/jira/browse/RANGER-2013 > > > Repository: ranger > > > Description > --- > > Improvise validation in user profile to handle retention of original user > source. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa > > > Diff: https://reviews.apache.org/r/65978/diff/3/ > > > Testing > --- > > Tested and validated the update user Api. > > > Thanks, > > Fatima Khan > >
Re: Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/ --- (Updated March 8, 2018, 11:31 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-1948 https://issues.apache.org/jira/browse/Ranger-1948 Repository: ranger Description --- This Jira is to cater to need of Auditor roles in Ranger Admin. We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin. * Auditor (Readonly privileges from current Admin role user ) * KMS Auditor (Readonly privileges from current Keydmin role user ) Diffs (updated) - security-admin/scripts/rolebasedusersearchutil.py d651461 security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38 security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7 security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 0e99be1 security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080 security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52 security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 9c19bb0 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0 unixauthservice/scripts/install.properties be8723c Diff: https://reviews.apache.org/r/65914/diff/3/ Changes: https://reviews.apache.org/r/65914/diff/2-3/ Testing --- Tested scenario's: 1.Tested admin user is able to create User role user. 2.Tested admin user is able to create Auditor role user. 3.Tested admin user is not able to create kms auditor role user. 4.Tested keyadmin user is able to create kms auditor. 5.Tested auditor is able to only view policies, users, services and audits. 6.Tested kms auditor is able to only view policies, users, services, audits and keys. 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab. 8.Auditor role users are not allowed to import/export policies 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName Thanks, Fatima Khan
Re: Review Request 65978: RANGER-2013 : Restrict updation of user source
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65978/ --- (Updated March 8, 2018, 7:18 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2013 https://issues.apache.org/jira/browse/RANGER-2013 Repository: ranger Description --- Improvise validation in user profile to handle retention of original user source. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa Diff: https://reviews.apache.org/r/65978/diff/3/ Changes: https://reviews.apache.org/r/65978/diff/2-3/ Testing --- Tested and validated the update user Api. Thanks, Fatima Khan
Re: Review Request 65978: RANGER-2013 : Restrict updation of user source
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65978/ --- (Updated March 8, 2018, 6:54 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2013 https://issues.apache.org/jira/browse/RANGER-2013 Repository: ranger Description --- Improvise validation in user profile to handle retention of original user source. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa Diff: https://reviews.apache.org/r/65978/diff/2/ Changes: https://reviews.apache.org/r/65978/diff/1-2/ Testing --- Tested and validated the update user Api. Thanks, Fatima Khan
Review Request 65978: RANGER-2013 : Restrict updation of user source
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65978/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-2013 https://issues.apache.org/jira/browse/RANGER-2013 Repository: ranger Description --- Improvise validation in user profile to handle retention of original user source. Diffs - security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa Diff: https://reviews.apache.org/r/65978/diff/1/ Testing --- Tested and validated the update user Api. Thanks, Fatima Khan
Review Request 65914: Ranger 1948 : Support for Read-only Ranger Admin users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-1948 https://issues.apache.org/jira/browse/Ranger-1948 Repository: ranger Description --- This Jira is to cater to need of Auditor roles in Ranger Admin. We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin. * Auditor (Readonly privileges from current Admin role user ) * KMS Auditor (Readonly privileges from current Keydmin role user ) Diffs - security-admin/scripts/rolebasedusersearchutil.py d651461 security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38 security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b713d12 security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7 security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 0e99be1 security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080 security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52 security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 9c19bb0 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 9a9604f security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0 unixauthservice/scripts/install.properties 88bce69 Diff: https://reviews.apache.org/r/65914/diff/1/ Testing --- Tested scenario's: 1.Tested admin user is able to create User role user. 2.Tested admin user is able to create Auditor role user. 3.Tested admin user is not able to create kms auditor role user. 4.Tested keyadmin user is able to create kms auditor. 5.Tested auditor is able to only view policies, users, services and audits. 6.Tested kms auditor is able to only view policies, users, services, audits and keys. 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab. 8.Auditor role users are not allowed to import/export policies 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= _ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:u:userName_KEY_ADMIN_AUDITOR:g:groupName_ADMIN_AUDITOR:g:groupName Thanks, Fatima Khan
Review Request 65831: RANGER-1998 : Add ability to specify passwords for admin accounts during ranger install only.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65831/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-1998 https://issues.apache.org/jira/browse/RANGER-1998 Repository: ranger Description --- 1] Currently, when Ranger is installed admin, keyadmin, rangerusersync, rangertagsync users are seeded users and they are not configurable during the install process. This task is to provide a facility to specify the admin users password during ranger install. 2] This feature can only be used once, for changing the admin user password for more than one time, users can use Ranger UI or using change password utility. Diffs - security-admin/scripts/db_setup.py 25b004a security-admin/scripts/install.properties 49d2baa security-admin/scripts/setup.sh b68347a tagsync/scripts/install.properties e2e3ecd tagsync/scripts/setup.py 9712e8c tagsync/scripts/updatetagadminpassword.py 2c89e83 unixauthservice/scripts/install.properties 88bce69 unixauthservice/scripts/setup.py 5ae9123 unixauthservice/scripts/updatepolicymgrpassword.py 574ce3b Diff: https://reviews.apache.org/r/65831/diff/1/ Testing --- Verified creation of seeded users with given passwords during ranger install. Logged in to ranger using those passwords and verified all functionality provided for those users. Thanks, Fatima Khan
Review Request 65829: Improvement on permission module for listing modules
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65829/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-1993 https://issues.apache.org/jira/browse/RANGER-1993 Repository: ranger Description --- 1.On permission listing page, if there are many users/group added in modules and we do partial search then it gives pagination even when number of modules are 7. 2.On Policy Listing Page, we don't have partial search for users and groups. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java 7583864 security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java 57cc694 Diff: https://reviews.apache.org/r/65829/diff/1/ Testing --- 1.Tested on permission listing module: to show proper results even after applying filters. 2.Tested for all allowed filters on policy listing page, verified results after applying filters for user's name and group name . Thanks, Fatima Khan
Review Request 65729: RANGER-1982 : Improve Error handling in analytical metrics of ranger admin and ranger kms
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65729/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: RANGER-1982 https://issues.apache.org/jira/browse/RANGER-1982 Repository: ranger Description --- Improve Error handling in analytical metrics of ranger admin and ranger kms Diffs - embeddedwebserver/scripts/ranger-admin-services.sh e902f73 kms/scripts/ranger-kms c279bc1 Diff: https://reviews.apache.org/r/65729/diff/1/ Testing --- Tested with all the combination of commands possible for analytics metric. Thanks, Fatima Khan
Re: Review Request 62713: RANGER 1818: Good coding practice in Ranger recommended by static code analysis
> On Oct. 2, 2017, 5:44 p.m., Alejandro Fernandez wrote: > > unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java > > Line 117 (original), 117 (patched) > > <https://reviews.apache.org/r/62713/diff/1/?file=1841324#file1841324line117> > > > > Put a space after the "," This patch has been committed. Will get that improvement in next patch - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62713/#review186857 --- On Sept. 30, 2017, 10:17 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62713/ > --- > > (Updated Sept. 30, 2017, 10:17 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1818 > https://issues.apache.org/jira/browse/RANGER-1818 > > > Repository: ranger > > > Description > --- > > Good coding practice in Ranger recommended by static code analysis on the > last commit made.Instead of printing the entire object we are printing only > the error message that gives clear information about the error. > > > Diffs > - > > > unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java > 0b3d2e6 > > unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java > 20ced89 > > > Diff: https://reviews.apache.org/r/62713/diff/1/ > > > Testing > --- > > 1.Tested SSO Authentication > 2.Junit test was successful > > > Thanks, > > Fatima Khan > >
Re: Review Request 62709: RANGER-1817 : Audit to Solr fails to log when the number of columns are in large number
> On Sept. 30, 2017, 4:24 p.m., Ramesh Mani wrote: > > security-admin/contrib/solr_for_audit_setup/conf/managed-schema > > Lines 32 (patched) > > <https://reviews.apache.org/r/62709/diff/1/?file=1841268#file1841268line32> > > > > We need to have a default value for this config in ranger, which can be > > overridden. > > > > Default can be a much less value say 100, which can be rendered on UI > > without any performance issue. Currently we are not exposing any properties in Ranger. This will be a new feature. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62709/#review186786 ------- On Sept. 30, 2017, 6:26 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62709/ > --- > > (Updated Sept. 30, 2017, 6:26 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and > Velmurugan Periasamy. > > > Bugs: RANGER-1817 > https://issues.apache.org/jira/browse/RANGER-1817 > > > Repository: ranger > > > Description > --- > > Audit to Solr fails to log when the number of columns are in large number. > This is due to Solr has a hard limit on solr.StrField and if this string is > exceeding max length 32766, it throws exception which causes the audit to > fail. To overcome this we need to trip this in Audit records and the best > place to do it is in solr schema for ranger-audits. > > For this we need to change the file managed_schema in ranger and commit it to > zookeeper. > Change required in the managed_schema file is, find the following in the > managed_schema file and add this param to limit the length to 2500 max. > > > Diffs > - > > security-admin/contrib/solr_for_audit_setup/conf/managed-schema ee1d894 > > > Diff: https://reviews.apache.org/r/62709/diff/1/ > > > Testing > --- > > 1.Tested Ranger installation > 2.Junit test was successful > > > Thanks, > > Fatima Khan > >
Review Request 62713: RANGER 1818: Good coding practice in Ranger recommended by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62713/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1818 https://issues.apache.org/jira/browse/RANGER-1818 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on the last commit made.Instead of printing the entire object we are printing only the error message that gives clear information about the error. Diffs - unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java 0b3d2e6 unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java 20ced89 Diff: https://reviews.apache.org/r/62713/diff/1/ Testing --- 1.Tested SSO Authentication 2.Junit test was successful Thanks, Fatima Khan
Review Request 61728: RANGER-1727 : Restrict password change request of external users
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61728/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1727 https://issues.apache.org/jira/browse/RANGER-1727 Repository: ranger Description --- Restricted the external user's password change request from ranger api Problem Statement: External users password is authenticated by their sync source and ranger database doesnt have the external users password so there is no point in giving the external user access to change password Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 Diff: https://reviews.apache.org/r/61728/diff/1/ Testing --- 1.Verified that external users are not allowed to change their password with ranger api Thanks, Fatima Khan
Review Request 62709: RANGER-1817 : Audit to Solr fails to log when the number of columns are in large number
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62709/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1817 https://issues.apache.org/jira/browse/RANGER-1817 Repository: ranger Description --- Audit to Solr fails to log when the number of columns are in large number. This is due to Solr has a hard limit on solr.StrField and if this string is exceeding max length 32766, it throws exception which causes the audit to fail. To overcome this we need to trip this in Audit records and the best place to do it is in solr schema for ranger-audits. For this we need to change the file managed_schema in ranger and commit it to zookeeper. Change required in the managed_schema file is, find the following in the managed_schema file and add this param to limit the length to 2500 max. Diffs - security-admin/contrib/solr_for_audit_setup/conf/managed-schema ee1d894 Diff: https://reviews.apache.org/r/62709/diff/1/ Testing --- 1.Tested Ranger installation 2.Junit test was successful Thanks, Fatima Khan
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
Hi Abhay, I will look into it. On 28-Sep-2017 8:48 pm, "Abhay Kulkarni"wrote: Contributors/Committers, Please review and fix as appropriate. Thanks! -Abhay On 9/28/17, 12:43 AM, "scan-ad...@coverity.com" wrote: > >Hi, > >Please find the latest report on new defect(s) introduced to Apache >Ranger found with Coverity Scan. > >1 new defect(s) introduced to Apache Ranger found with Coverity Scan. >6 defect(s), reported by Coverity Scan earlier, were marked fixed in the >recent build analyzed by Coverity Scan. > >New defect(s) Reported-by: Coverity Scan >Showing 1 of 1 defect(s) > > >** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) > > >__ >__ >*** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >385if (oldUserProfile != null && password != null >386&& >password.equals(hiddenPasswordString)) { >387vXPortalUser.setPassword( oldUserProfile.getPassword()); >388} >389 else if(password != null){ >390 validatePassword(vXUser); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >391 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >392 >vXPortalUser.setPassword(oldUserProfile.getPassword()); >393 } >394 else if(oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) >395 { >396vXPortalUser.setPassword(password); >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >444} >445 >446// TODO I've to get the transaction log from here. >447// There is nothing to log anything in XXUser so far. >448vXUser = xUserService.updateResource(vXUser); >449vXUser.setUserRoleList(roleList); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >450 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) { >451vXUser.setPassword(password); >452 } >453 else if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >454 vXUser.setPassword(oldUserProfile.getPassword()); >455 } > > >__ >__ >To view the defects in Coverity Scan visit, >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG >asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t >e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B >gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D > >To manage Coverity Scan email notifications for >"akulka...@hortonworks.com", click >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB >PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC >D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ >KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D >
Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62538/ --- (Updated Sept. 26, 2017, 1:39 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Update rr based on Colm's review comment Bugs: RANGER-1806 https://issues.apache.org/jira/browse/RANGER-1806 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.RoleBasedUserSearchUtil.java 2.TestRoleBasedUserSearchUtil.java Diffs (updated) - security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java 0459be6 security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java 83eab7a Diff: https://reviews.apache.org/r/62538/diff/2/ Changes: https://reviews.apache.org/r/62538/diff/1-2/ Testing --- 1.Tested SSO Authentication 2.Junit test was successful Thanks, Fatima Khan
Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis
> On Sept. 25, 2017, 2:08 p.m., Colm O hEigeartaigh wrote: > > Why not just change the existing for loops to use > > "roleSysAdminMap.entrySet()" instead of adding an Iterator? > > Fatima Khan wrote: > In coverity scan, we had got FB.WMI_WRONG_MAP_ITERATOR issue. To solve > this i used roleSysAdminMap.entrySet(), if we use Iterator, then we might get > the same coverity issue. > > Colm O hEigeartaigh wrote: > I don't understand, the diff for this issue shows Iterator being used and > not entrySet? Apologies I will update the patch and review request. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62538/#review186118 ------- On Sept. 25, 2017, 10:44 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62538/ > --- > > (Updated Sept. 25, 2017, 10:44 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1806 > https://issues.apache.org/jira/browse/RANGER-1806 > > > Repository: ranger > > > Description > --- > > Good coding practice in Ranger recommended by static code analysis on > 1.RoleBasedUserSearchUtil.java > 2.TestRoleBasedUserSearchUtil.java > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > 0459be6 > > security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java > 83eab7a > > > Diff: https://reviews.apache.org/r/62538/diff/1/ > > > Testing > --- > > 1.Tested SSO Authentication > 2.Junit test was successful > > > Thanks, > > Fatima Khan > >
Re: Review Request 62538: Good coding practice in Ranger recommended by static code analysis
> On Sept. 25, 2017, 2:08 p.m., Colm O hEigeartaigh wrote: > > Why not just change the existing for loops to use > > "roleSysAdminMap.entrySet()" instead of adding an Iterator? In coverity scan, we had got FB.WMI_WRONG_MAP_ITERATOR issue. To solve this i used roleSysAdminMap.entrySet(), if we use Iterator, then we might get the same coverity issue. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62538/#review186118 --- On Sept. 25, 2017, 10:44 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62538/ > --- > > (Updated Sept. 25, 2017, 10:44 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1806 > https://issues.apache.org/jira/browse/RANGER-1806 > > > Repository: ranger > > > Description > --- > > Good coding practice in Ranger recommended by static code analysis on > 1.RoleBasedUserSearchUtil.java > 2.TestRoleBasedUserSearchUtil.java > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > 0459be6 > > security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java > 83eab7a > > > Diff: https://reviews.apache.org/r/62538/diff/1/ > > > Testing > --- > > 1.Tested SSO Authentication > 2.Junit test was successful > > > Thanks, > > Fatima Khan > >
Review Request 62567: RANGER-1727 : Ranger allows user to change an external user's password with 'null' old password
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62567/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1727 https://issues.apache.org/jira/browse/RANGER-1727 Repository: ranger Description --- Ranger allows user to change an external user's password with 'null' old password Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java cc81029 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 447aebb security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java d0fb3dc Diff: https://reviews.apache.org/r/62567/diff/1/ Testing --- 1.External user is not able to change the password using ranger Api's (same as ui). 2.Verified all the existing unit tests are passing. 3.Verified password change feature for internal users. Thanks, Fatima Khan
Review Request 62538: Good coding practice in Ranger recommended by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62538/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1806 https://issues.apache.org/jira/browse/RANGER-1806 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.RoleBasedUserSearchUtil.java 2.TestRoleBasedUserSearchUtil.java Diffs - security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java 0459be6 security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java 83eab7a Diff: https://reviews.apache.org/r/62538/diff/1/ Testing --- 1.Tested SSO Authentication 2.Junit test was successful Thanks, Fatima Khan
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
Hi Abhay, I will take care of all issues related to RoleBasedUserSearchUtil.java and TestRoleBasedUserSearchUtil.java. *Thanks & Regards ,* *Fatima Khan* On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarni <akulka...@hortonworks.com> wrote: > Contributors/Committers, > > Please review and fix as appropriate. > > Thanks! > > On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> > wrote: > > > > >Hi, > > > >Please find the latest report on new defect(s) introduced to Apache > >Ranger found with Coverity Scan. > > > >9 new defect(s) introduced to Apache Ranger found with Coverity Scan. > >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the > >recent build analyzed by Coverity Scan. > > > >New defect(s) Reported-by: Coverity Scan > >Showing 9 of 9 defect(s) > > > > > >** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > >/security-admin/src/main/java/org/apache/ranger/patch/ > cliutil/RoleBasedUse > >rSearchUtil.java: 159 in > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOnRol > >e(java.util.List)() > > > > > >___ > ___ > >__ > >*** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > >/security-admin/src/main/java/org/apache/ranger/patch/ > cliutil/RoleBasedUse > >rSearchUtil.java: 159 in > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOnRol > >e(java.util.List)() > >153 } > >154 } > >155 } > >156 if (MapUtils.isEmpty( > >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) && > >MapUtils.isEmpty(roleUserMap)) { > >157 System.out.println("users > >with given user role are not there"); > >158 logger.error("users with > >given user role are not there"); > >>>> CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > >>>> > >>>>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOn > >>>>Role(List) invokes System.exit(...), which shuts down the entire > >>>>virtual machine. > >159 System.exit(1); > >160 } else { > >161 if > >(!MapUtils.isEmpty(roleSysAdminMap)) { > >162 for (String key : > >roleSysAdminMap.keySet()) { > >163 > >System.out.println(roleSysAdminMap.get(key) + " : " + key); > >164 } > > > >** CID 167208: Incorrect expression (USELESS_CALL) > > > > > >___ > ___ > >__ > >*** CID 167208: Incorrect expression (USELESS_CALL) > >/security-admin/src/test/java/org/apache/ranger/patch/ > cliutil/TestRoleBase > >dUserSearchUtil.java: 89 in > >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil. > TestGetUsersBa > >sedOnRole()() > >83 > >84 > >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao); > >85 > >Mockito.when(xXPortalUserDao.findByRole(RangerConstants. > ROLE_SYS_ADMIN)).t > >henReturn(listXXPortalUser); > >86 > >87 > >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList); > >88 > >>>> CID 167208: Incorrect expression (USELESS_CALL) > >>>> Calling > >>>>"(org.apache.ranger.db.RangerDaoManager)org.mockito. > Mockito.verify(daoM > >>>>gr).getXXPortalUser()" is only useful for its return value, which is > >>>>ignored. > >89Mockito.verify(daoMgr).getXXPortalUser(); > >90 > >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ > ADMIN) > >; > >91 > >92} catch(Exception e) { > >93fail("test failed due to: " + e.getMessage()); > >94} > > > >** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) > >/knox-agent/src/test/java/org/apache/ranger/services/ > knox/RangerAdminClien > >tImpl.java: 63 in > >org.apache.ranger.ser
Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role
> On Sept. 14, 2017, 6:12 a.m., Ramesh Mani wrote: > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > > Lines 217 (patched) > > <https://reviews.apache.org/r/61553/diff/3/?file=1820100#file1820100line217> > > > > if UserRole is going to be not null > > do UserRole.equalsIgnoreCase(existingRole.get(0)). Verify similar check > > and correct it where ever needed. userRole is a utility parameter and it can be null. In the main method, i have checked it against not null and the flow is different for null and not null. UserRole.equalsIgnoreCase(existingRole.get(0)) will execute only when userRole is not null. - Fatima --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61553/#review185372 ------- On Sept. 14, 2017, 4:33 a.m., Fatima Khan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61553/ > --- > > (Updated Sept. 14, 2017, 4:33 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan > Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1730 > https://issues.apache.org/jira/browse/RANGER-1730 > > > Repository: ranger > > > Description > --- > > Actual : > Provide utility to list user according to role. > > Expected : > Utility to list users for the given role based on thier authorization > > > Diffs > - > > security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION > > security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java > PRE-CREATION > > security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java > PRE-CREATION > src/main/assembly/admin-web.xml cb1aad2 > > > Diff: https://reviews.apache.org/r/61553/diff/3/ > > > Testing > --- > > Tested on Simple against all roles > Tested on Secure against all roles > > > Thanks, > > Fatima Khan > >
Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61553/ --- (Updated Sept. 15, 2017, 10:17 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1730 https://issues.apache.org/jira/browse/RANGER-1730 Repository: ranger Description --- Actual : Provide utility to list user according to role. Expected : Utility to list users for the given role based on thier authorization Diffs (updated) - security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java PRE-CREATION src/main/assembly/admin-web.xml cb1aad2 Diff: https://reviews.apache.org/r/61553/diff/4/ Changes: https://reviews.apache.org/r/61553/diff/3-4/ Testing --- Tested on Simple against all roles Tested on Secure against all roles Thanks, Fatima Khan
Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61553/ --- (Updated Sept. 14, 2017, 4:33 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1730 https://issues.apache.org/jira/browse/RANGER-1730 Repository: ranger Description --- Actual : Provide utility to list user according to role. Expected : Utility to list users for the given role based on thier authorization Diffs (updated) - security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java PRE-CREATION src/main/assembly/admin-web.xml cb1aad2 Diff: https://reviews.apache.org/r/61553/diff/3/ Changes: https://reviews.apache.org/r/61553/diff/2-3/ Testing --- Tested on Simple against all roles Tested on Secure against all roles Thanks, Fatima Khan
Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61553/ --- (Updated Aug. 24, 2017, 4:31 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Added Unit test for RoleBaseUserSearchUtil.java Bugs: RANGER-1730 https://issues.apache.org/jira/browse/RANGER-1730 Repository: ranger Description --- Actual : Provide utility to list user according to role. Expected : Utility to list users for the given role based on thier authorization Diffs (updated) - security-admin/scripts/rolebaseusersearchutil.py PRE-CREATION security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBaseUserSearchUtil.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/VXUserRole.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/VXUserRoleList.java PRE-CREATION security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBaseUserSearchUtil.java PRE-CREATION Diff: https://reviews.apache.org/r/61553/diff/2/ Changes: https://reviews.apache.org/r/61553/diff/1-2/ Testing --- Tested on Simple against all roles Tested on Secure against all roles Thanks, Fatima Khan
Re: Review Request 61691: RANGER-1736 : Good coding practice in Ranger recommended by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61691/ --- (Updated Aug. 16, 2017, 2:03 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Summary (updated) - RANGER-1736 : Good coding practice in Ranger recommended by static code analysis Bugs: RANGER-1736 https://issues.apache.org/jira/browse/RANGER-1736 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.UserMgr.java 2.XUserMgr.java 3.TestXUserMgr.java 4.LdapPolicyMgrUserGroupBuilder.java Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5a5335a security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 601af14 ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java c39cc57 Diff: https://reviews.apache.org/r/61691/diff/1/ Testing --- 1.Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side. 2.Verified unix authentication and usersync. 3.Junit test was successful Thanks, Fatima Khan
Re: Review Request 61692: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis *
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61692/ --- (Updated Aug. 16, 2017, 1:59 p.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1736 https://issues.apache.org/jira/browse/RANGER-1736 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.UserMgr.java 2.XUserMgr.java 3.TestXUserMgr.java 4.LdapPolicyMgrUserGroupBuilder.java Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java f27bfc1 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 676b1e3 security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 6e6be72 ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 9548ed4 Diff: https://reviews.apache.org/r/61692/diff/1/ Testing --- 1.Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side. 2.Verified unix authentication and usersync. 3.Junit test was successful Thanks, Fatima Khan
Review Request 61692: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis *
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61692/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1705 https://issues.apache.org/jira/browse/RANGER-1705 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.UserMgr.java 2.XUserMgr.java 3.TestXUserMgr.java 4.LdapPolicyMgrUserGroupBuilder.java Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java f27bfc1 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 676b1e3 security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 6e6be72 ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 9548ed4 Diff: https://reviews.apache.org/r/61692/diff/1/ Testing --- 1.Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side. 2.Verified unix authentication and usersync. 3.Junit test was successful Thanks, Fatima Khan
Review Request 61691: RANGER-1705 : Good coding practice in Ranger recommended by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61691/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1705 https://issues.apache.org/jira/browse/RANGER-1705 Repository: ranger Description --- Good coding practice in Ranger recommended by static code analysis on 1.UserMgr.java 2.XUserMgr.java 3.TestXUserMgr.java 4.LdapPolicyMgrUserGroupBuilder.java Diffs - security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java c1145e7 security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5a5335a security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 601af14 ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java c39cc57 Diff: https://reviews.apache.org/r/61691/diff/1/ Testing --- 1.Verified when ranger-admin connect to LDAP server than users are synchronised form there they got same role which is specified in usersync-side. 2.Verified unix authentication and usersync. 3.Junit test was successful Thanks, Fatima Khan
Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61553/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-1730 https://issues.apache.org/jira/browse/RANGER-1730 Repository: ranger Description --- Actual : Provide utility to list user according to role. Expected : Utility to list users for the given role based on thier authorization Diffs - security-admin/scripts/rolebaseusersearchutil.py PRE-CREATION security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBaseUserSearchUtil.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/VXUserRole.java PRE-CREATION security-admin/src/main/java/org/apache/ranger/view/VXUserRoleList.java PRE-CREATION Diff: https://reviews.apache.org/r/61553/diff/1/ Testing --- Tested on Simple against all roles Tested on Secure against all roles Thanks, Fatima Khan
Re: Request to make me contributor in Apache Ranger
Thanks a lot, Madhan. On 26-Jun-2017 1:13 pm, "Madhan Neethiraj" <mad...@apache.org> wrote: > Fatima, > > Done. Welcome to Apache Ranger community! > > Thanks, > Madhan > > > > > On 6/23/17, 6:11 AM, "Fatima Khan" <fatimakhan4...@gmail.com> wrote: > > Rangers: > > As I have been involved in the Apache Ranger project for a while now, > Can > you please add me as a contributor to the project ? > > > > *Thanks & Regards ,* > > *Fatima Khan* > > > >