[jira] [Commented] (RANGER-2976) User can not create external table in Hive Plugin

2020-08-30 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17187420#comment-17187420
 ] 

Pradeep Agrawal commented on RANGER-2976:
-

[~Symious]: If would able to let you know only after testing this patch. It may 
take time to get the env. and test.

> User can not create external table in Hive Plugin
> -
>
> Key: RANGER-2976
> URL: https://issues.apache.org/jira/browse/RANGER-2976
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Janus Chow
>Priority: Major
> Attachments: RANGER-2976.patch
>
>
> A user "userA" want's to create an external table on "hdfs://test/testDir" 
> via Hive Metastore installed Ranger Hive plugin. Permission information is as 
> follows.
> {code:java}
> # id userA
> uid=3044(userA) gid=3044(userA) groups=992(supergroup)
> # hadoop fs -ls hdfs://test
> drwxrwxr-x   - userB supergroup          0 2019-01-01 00:00 
> hdfs://test/testDir
> # hadoop fs -ls hdfs://test/testDir
> -rw-rw-r--   3 userB supergroup    100 2019-01-01 00:00 
> hdfs://test/testDir/part-0-db98bf17-bda6-4da9-9ea4-d7c75e8d995e-c000.snappy.parquet{code}
> When "userA" is trying to create an external table on "hdfs://test/testDir" 
> with the following command, 
> {code:java}
> spark.sql("create table userA_test USING org.apache.spark.sql.parquet OPTIONS 
> ( path = 'hdfs://test/testDir')")
> {code}
> Ranger denied the operation with the following error message.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException: 
> MetaException(message:Permission denied: user [userA] does not have [ALL] 
> privilege on [hdfs://test/testDir])
> {code}
> The reason is when Ranger is checking URI permission, it will check if the 
> user has FSAction.ALL on the URI if "userA" is not the owner of the HDFS 
> path, but HDFS file will not set the execution permission by default, so the 
> Ranger permission check will return false.
> I think in the getURIAccessType function in RangerHiveAuthorizer, we should 
> return FSAction.READ_WRITE instead of FSAction.ALL. For HDFS directory, 
> Hadoop will help us to add FSAction.EXECUTE when we are trying to do the 
> permission check, we can skip FSAction.EXECUTE here to work well with HDFS 
> files. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (RANGER-2976) User can not create external table in Hive Plugin

2020-08-30 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17187420#comment-17187420
 ] 

Pradeep Agrawal edited comment on RANGER-2976 at 8/31/20, 4:20 AM:
---

[~Symious]: If would able to let you know only after testing this patch. It may 
take time to get the env. and test. If possible please raise the review request.


was (Author: pradeep.agrawal):
[~Symious]: If would able to let you know only after testing this patch. It may 
take time to get the env. and test.

> User can not create external table in Hive Plugin
> -
>
> Key: RANGER-2976
> URL: https://issues.apache.org/jira/browse/RANGER-2976
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Janus Chow
>Priority: Major
> Attachments: RANGER-2976.patch
>
>
> A user "userA" want's to create an external table on "hdfs://test/testDir" 
> via Hive Metastore installed Ranger Hive plugin. Permission information is as 
> follows.
> {code:java}
> # id userA
> uid=3044(userA) gid=3044(userA) groups=992(supergroup)
> # hadoop fs -ls hdfs://test
> drwxrwxr-x   - userB supergroup          0 2019-01-01 00:00 
> hdfs://test/testDir
> # hadoop fs -ls hdfs://test/testDir
> -rw-rw-r--   3 userB supergroup    100 2019-01-01 00:00 
> hdfs://test/testDir/part-0-db98bf17-bda6-4da9-9ea4-d7c75e8d995e-c000.snappy.parquet{code}
> When "userA" is trying to create an external table on "hdfs://test/testDir" 
> with the following command, 
> {code:java}
> spark.sql("create table userA_test USING org.apache.spark.sql.parquet OPTIONS 
> ( path = 'hdfs://test/testDir')")
> {code}
> Ranger denied the operation with the following error message.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException: 
> MetaException(message:Permission denied: user [userA] does not have [ALL] 
> privilege on [hdfs://test/testDir])
> {code}
> The reason is when Ranger is checking URI permission, it will check if the 
> user has FSAction.ALL on the URI if "userA" is not the owner of the HDFS 
> path, but HDFS file will not set the execution permission by default, so the 
> Ranger permission check will return false.
> I think in the getURIAccessType function in RangerHiveAuthorizer, we should 
> return FSAction.READ_WRITE instead of FSAction.ALL. For HDFS directory, 
> Hadoop will help us to add FSAction.EXECUTE when we are trying to do the 
> permission check, we can skip FSAction.EXECUTE here to work well with HDFS 
> files. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2951) Ranger's Default Hive Policies do not include a database value wildcard in UI.

2020-08-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2951?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2951:

Fix Version/s: 3.0.0

> Ranger's Default Hive Policies  do not include a database value wildcard in 
> UI.
> ---
>
> Key: RANGER-2951
> URL: https://issues.apache.org/jira/browse/RANGER-2951
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-2951.patch
>
>
>  The default policies created for ranger when you install a new environment 
> that do not by default include the appropriate entries in the database field, 
> so that if you edit those policies you will get an error and will be required 
> to put something in that field.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2948) Ranger plugins to support a hook to register plugin chains

2020-08-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2948:

Fix Version/s: 3.0.0

> Ranger plugins to support a hook to register plugin chains
> --
>
> Key: RANGER-2948
> URL: https://issues.apache.org/jira/browse/RANGER-2948
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Reporter: Madhan Neethiraj
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 3.0.0
>
>
> Ranger plugins authorize access based on resource-based and 
> classification-based policies defined in a service. RangerBasePlugin 
> abstraction in plugins-common library deals with details of 
> retrieving/refreshing of policies/classifications from Ranger Admin, caching 
> retrieved policies/classifications, building policy-engine, etc. Enhancing 
> this abstraction to support additional plugins that can influence 
> authorization decision, for example by consulting another system, can help 
> address deployment specific needs.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2952) Not able remove services from Security zone

2020-08-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2952:

Fix Version/s: 3.0.0

> Not able remove services from Security zone
> ---
>
> Key: RANGER-2952
> URL: https://issues.apache.org/jira/browse/RANGER-2952
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-2952.patch
>
>
> Steps
> 1.Go to security zone tab.
> 2.Create a zone 'zone1' with 'cm_hdfs'.
> 3.Click on edit zone.
> 4.try to remove 'cm_hdfs'.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2977) ES Plugin communication may fail in secure env due to unavailability of core-site.xml

2020-08-28 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2977:
---

 Summary: ES Plugin communication may fail in secure env due to 
unavailability of core-site.xml
 Key: RANGER-2977
 URL: https://issues.apache.org/jira/browse/RANGER-2977
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 3.0.0


Similar issue was seen in Kafka and storm. Refer RANGER-2810



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2947.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

Commit links:

[https://github.com/apache/ranger/commit/d2eaba6739895fff34b6d6e492b66d27756a39b7]

[https://github.com/apache/ranger/commit/876d0bcb853cb46975b8c1b6953c748c2404ea8b]

> [Ranger][Policy Import] Usage of serviceType config while importing ranger 
> policy for any service
> -
>
> Key: RANGER-2947
> URL: https://issues.apache.org/jira/browse/RANGER-2947
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.1.0
>
>
> Observed that serviceType config is currently not used while importing a 
> ranger policy, so we can give any random value or a different service name 
> [from the service name to which import should happen] 
> *Solution*
> Added validation to check for serviceType provided in import policy to 
> it's service.  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2949:

Fix Version/s: (was: 3.0.0)
   2.1.0

> Upgrade Tomcat to 7.0.105
> -
>
> Key: RANGER-2949
> URL: https://issues.apache.org/jira/browse/RANGER-2949
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Minor
> Fix For: 2.1.0
>
>
> Upgrade Tomcat version to follow best practices



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2949) Upgrade Tomcat to 7.0.105

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2949:

Fix Version/s: (was: 2.1.0)
   3.0.0

> Upgrade Tomcat to 7.0.105
> -
>
> Key: RANGER-2949
> URL: https://issues.apache.org/jira/browse/RANGER-2949
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Minor
> Fix For: 3.0.0
>
>
> Upgrade Tomcat version to follow best practices



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2939) Search functionality with Cluster name is not working on Audit>>Access and Plugins tab

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2939:

Fix Version/s: 2.1.0

> Search functionality with Cluster name is not working on Audit>>Access and 
> Plugins tab
> --
>
> Key: RANGER-2939
> URL: https://issues.apache.org/jira/browse/RANGER-2939
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2939.patch
>
>
> Expected Result: Search functionality with cluster name should work on 
> Audit>>Access and Plugins tab 
> Actual Result: Search Functionality with cluster name is not working on 
> Audit>>Access and Plugins tab
> Steps to Reproduce: 
>  # Go to Audit>>Access Tab
>  # Search with Cluster Name : Cluster 1



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2925) Ranger UI - third party library version upgrades part 1

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2925:

Fix Version/s: 2.1.0

> Ranger UI - third party library version upgrades part 1
> ---
>
> Key: RANGER-2925
> URL: https://issues.apache.org/jira/browse/RANGER-2925
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2925.patch, 0002-RANGER-2925.patch
>
>
> In this we update backbone.js ,underscore.js,  require.js.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2922) Query info not included for solr query audits in Ranger

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2922:

Fix Version/s: 2.1.0

> Query info not included for solr query audits in Ranger
> ---
>
> Key: RANGER-2922
> URL: https://issues.apache.org/jira/browse/RANGER-2922
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2922-Added-code-to-audit-events-for-document-.patch, 
> 0001-RANGER-2922-Minor-change-of-moving-solr-plugin-initi.patch, solraudit.png
>
>
> For solr document level authorization, audit events don't include query 
> information.
> !solraudit.png!   



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.

2020-08-13 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2950:
---

 Summary: Upgrade Spring framework and Spring Security libraries.
 Key: RANGER-2950
 URL: https://issues.apache.org/jira/browse/RANGER-2950
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.1.0






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2950:

Affects Version/s: (was: 2.1.0)

> Upgrade Spring framework and Spring Security libraries.
> ---
>
> Key: RANGER-2950
> URL: https://issues.apache.org/jira/browse/RANGER-2950
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2950) Upgrade Spring framework and Spring Security libraries.

2020-08-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2950?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2950:

Fix Version/s: (was: 2.1.0)

> Upgrade Spring framework and Spring Security libraries.
> ---
>
> Key: RANGER-2950
> URL: https://issues.apache.org/jira/browse/RANGER-2950
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2931) Fix PMD Error of RANGER-2922

2020-07-29 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17167310#comment-17167310
 ] 

Pradeep Agrawal commented on RANGER-2931:
-

[~spolavarapu] : Can you review the changes ?

> Fix PMD Error of RANGER-2922
> 
>
> Key: RANGER-2931
> URL: https://issues.apache.org/jira/browse/RANGER-2931
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2931-Fix-PMD-Error-of-RANGER-2922.patch
>
>
> Fix PMD Error of RANGER-2922 which has a blank if statement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release

2020-07-29 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2930:

Attachment: 0001-RANGER-2930-Change-atlas-version-to-2.1.0.patch

> Change atlas version to 2.1.0 for Ranger 2.1.0 release
> --
>
> Key: RANGER-2930
> URL: https://issues.apache.org/jira/browse/RANGER-2930
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2930-Change-atlas-version-to-2.1.0.patch
>
>
> Change atlas version to 2.1.0 for Ranger 2.1.0 release



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2931) Fix PMD Error of RANGER-2922

2020-07-29 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2931:

Attachment: 0001-RANGER-2931-Fix-PMD-Error-of-RANGER-2922.patch

> Fix PMD Error of RANGER-2922
> 
>
> Key: RANGER-2931
> URL: https://issues.apache.org/jira/browse/RANGER-2931
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2931-Fix-PMD-Error-of-RANGER-2922.patch
>
>
> Fix PMD Error of RANGER-2922 which has a blank if statement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2931) Fix PMD Error of RANGER-2922

2020-07-29 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2931:
---

 Summary: Fix PMD Error of RANGER-2922
 Key: RANGER-2931
 URL: https://issues.apache.org/jira/browse/RANGER-2931
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.1.0


Fix PMD Error of RANGER-2922 which has a blank if statement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release

2020-07-28 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2930:
---

 Summary: Change atlas version to 2.1.0 for Ranger 2.1.0 release
 Key: RANGER-2930
 URL: https://issues.apache.org/jira/browse/RANGER-2930
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.1.0


Change atlas version to 2.1.0 for Ranger 2.1.0 release



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2930) Change atlas version to 2.1.0 for Ranger 2.1.0 release

2020-07-28 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17166802#comment-17166802
 ] 

Pradeep Agrawal commented on RANGER-2930:
-

[~madhan] : Please confirm. 

> Change atlas version to 2.1.0 for Ranger 2.1.0 release
> --
>
> Key: RANGER-2930
> URL: https://issues.apache.org/jira/browse/RANGER-2930
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
>
> Change atlas version to 2.1.0 for Ranger 2.1.0 release



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2926) Issue in setting up Audit Log with ElasticSearch

2020-07-27 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165746#comment-17165746
 ] 

Pradeep Agrawal commented on RANGER-2926:
-

[~bdasari] : Are you able to insert the same data manually via curl request to 
your ES index ? 

> Issue in setting up Audit Log with ElasticSearch 
> -
>
> Key: RANGER-2926
> URL: https://issues.apache.org/jira/browse/RANGER-2926
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Bhanu
>Priority: Major
>
> Hi,
> We are using Ranger 2.1.0.
> Trying to setup AuditLog with ElasticSearch Server having version 7.0.1
> We have configured the Ranger with all details but there is an error that is 
> keep on coming as below. Please let me know where we are going wrong here. We 
> have tried recreating the index multiple times with all below parameters
> 2020-07-27T13:08:35.233Z ERROR org.apache.ranger.audit.queue.AuditBatchQueue0 
> org.apache.ranger.audit.provider.BaseAuditHandler Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;2: type is missing;
>  at org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
>  at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
>  at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
>  at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
>  at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
>  at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
>  at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
>  at java.base/java.lang.Thread.run(Thread.java:834)
> 2020-07-27T13:08:35.233Z WARN org.apache.ranger.audit.queue.AuditBatchQueue0 
> org.apache.ranger.audit.provider.BaseAuditHandler failed to log audit event: 
> \{"repoType":17,"repo":"prestostg-tkg","reqUser":"bdasari","evtTime":"2020-07-27
>  
> 13:08:35.102","resource":"hive_stg/ref_maritz","resType":"schema","action":"select","result":1,"agent":"presto","policy":21,"enforcer":"ranger-acl","agentHost":"coordinator2-694c5dbbb6-msh58","logType":"RangerAudit","id":"f733c835-c9ee-4507-b917-9eb822303d2b-792211","seq_num":1584423,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"","policy_version":148},
>  errorMessage=
> 2020-07-27T13:08:35.233Z WARN org.apache.ranger.audit.queue.AuditBatchQueue0 
> org.apache.ranger.audit.provider.BaseAuditHandler Log failure count: 4 in 
> past 01:30.003 minutes; 792212 during process lifetime



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2901) Remove libfb303 thrift library from Ranger dependency

2020-07-24 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2901:

Fix Version/s: (was: 2.1.0)

> Remove libfb303 thrift library from Ranger dependency
> -
>
> Key: RANGER-2901
> URL: https://issues.apache.org/jira/browse/RANGER-2901
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
>
> Remove libfb303 thrift library from Ranger dependency.  This library is used 
> in ranger hive plugin as a lookup feature dependency. This is not needed 
> anymore.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2911) ES plugin missing implemention for some ES request

2020-07-23 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2911.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

[https://github.com/apache/ranger/commit/ad06828d2d0b31731e02247a29bba65b9c9f2cef]

> ES plugin missing implemention for some ES request  
> 
>
> Key: RANGER-2911
> URL: https://issues.apache.org/jira/browse/RANGER-2911
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Blocker
> Fix For: 2.1.0
>
> Attachments: 0001-Add-ES-Plugin-Request-support.patch
>
>
> If a policy set resource to a specific index or string with wildcard like 
> 'index*', and has been given all permission for user1, ES plugin will deny 
> the request from user1 if the request is not matched in code.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index

2020-07-22 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2917:

Description: 
Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" when 
plugin is enabled for ranger_audit index.

When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's 
audit log index), there will be recursive audit log getting generated for 
audits logs that are getting in this collection.

This JIRA will address 

1) recursive audit log done by service user "elasticsearch" in the ranger_audit 
index.

2) provide a configuration parameter to add service users to exclude from audit 
log for "ranger_audit" index. This is in case if customer users are used as 
service user in Elasticsearch process.

> Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is 
> enabled for ranger_audits index
> ---
>
> Key: RANGER-2917
> URL: https://issues.apache.org/jira/browse/RANGER-2917
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch
>
>
> Avoid recursive audit log in Elasticsearch Plugin by user "elasticsearch" 
> when plugin is enabled for ranger_audit index.
> When Elasticsearch Plugin in enabled in the index "ranger_audits" ( ranger's 
> audit log index), there will be recursive audit log getting generated for 
> audits logs that are getting in this collection.
> This JIRA will address 
> 1) recursive audit log done by service user "elasticsearch" in the 
> ranger_audit index.
> 2) provide a configuration parameter to add service users to exclude from 
> audit log for "ranger_audit" index. This is in case if customer users are 
> used as service user in Elasticsearch process.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index

2020-07-22 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2917:

Attachment: 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch

> Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is 
> enabled for ranger_audits index
> ---
>
> Key: RANGER-2917
> URL: https://issues.apache.org/jira/browse/RANGER-2917
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2917-Avoid-recursive-audit-log-in-ES-Plugin-b.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2919) Source policies gets deleted after importing policy with deleteifexists parameter

2020-07-22 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2919:

Attachment: 0001-RANGER-2919.patch

> Source policies gets deleted after importing policy with deleteifexists 
> parameter
> -
>
> Key: RANGER-2919
> URL: https://issues.apache.org/jira/browse/RANGER-2919
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Attachments: 0001-RANGER-2919.patch
>
>
> Steps to Reproduce: 
> 1. Create 2 Hbase service i.e. hbase1 and hbase2, 
> 2. Create some policies in service - hbase1
> 3. perform policy import from source service - hbase1 to target service - 
> hbase2
> 4. Policies from service - hbase1 gets successfully imported to service - 
> hbase2 as per deleteifexist parameter feature
> 5. After import, Policies from source service - hbase1 also gets deleted



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2895) Replace c3p0 connection pool with HikariCP, upgrading MySQL connector

2020-07-20 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17160974#comment-17160974
 ] 

Pradeep Agrawal commented on RANGER-2895:
-

[~RickyMa] : We will not take this patch for 2.1.0 release as its testing is 
not possible in available time frame. We will revisit this later.

> Replace c3p0 connection pool with HikariCP, upgrading MySQL connector
> -
>
> Key: RANGER-2895
> URL: https://issues.apache.org/jira/browse/RANGER-2895
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Reporter: RickyMa
>Priority: Major
> Attachments: 
> 0001-RANGER-2895-Replace-c3p0-connection-pool-with-Hikari.patch
>
>  Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> We should replace c3p0 with 
> [HikariCP|[https://github.com/brettwooldridge/HikariCP]]. HikariCP is much 
> faster and less error prone. HikariCP is more popular with 13.2k+ stars on 
> its github. There were no more new commits since Nov 18, 2019 in 
> [c3p0|[https://github.com/swaldman/c3p0/commits/master]].
> [MySQL connector|[https://github.com/mysql/mysql-connector-j]] should be 
> upgraded to the latest stable versions as well to include many essential 
> bugfixes.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode

2020-07-19 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2912.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/0fa3ef5497bc563e0ff80e9696fdb1bc309d7fe1]

> ranger and plugins will throw GSSAPI error when write audit log to 
> ElasticSearch when cluster running on none security mode
> ---
>
> Key: RANGER-2912
> URL: https://issues.apache.org/jira/browse/RANGER-2912
> Project: Ranger
>  Issue Type: Bug
>  Components: audit, plugins, Ranger
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-issue-fix-for-es-audit.patch
>
>
> user and password default set to 'NONE' when connect to ES, but ranger-audit 
> and plugins doesn't handle String 'NONE',  and will try to get subject from 
> ENV for both sec and none sec mode.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2917) Avoid recursive audit log in ES Plugin by user elasticsearch when plugin is enabled for ranger_audits index

2020-07-18 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2917:
---

 Summary: Avoid recursive audit log in ES Plugin by user 
elasticsearch when plugin is enabled for ranger_audits index
 Key: RANGER-2917
 URL: https://issues.apache.org/jira/browse/RANGER-2917
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`

2020-07-18 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2909.
-
Resolution: Information Provided

> Authorization support for atlas `entity-label` and `entity-business metadata`
> -
>
> Key: RANGER-2909
> URL: https://issues.apache.org/jira/browse/RANGER-2909
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: ranger-2.0
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Major
>
> We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but 
> we wanted authorisation for `entity-labels` and `entity-business-metadata` 
> that comes with new version of Atlas i.e Atlas 2.0.0.
>  # We tried building ranger from the master branch, but authorisation for 
> roles which were attached to policies was not working (authorisation for 
> users and groups attached to policies was working)
>  # Since the above didn’t work we tried building ranger from the specific 
> commit where the patch to support authorisation for labels and  
> business-metadata was added 
> [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb]
>   , the same problem appeared here i.e authorisation for roles attached to 
> policies was not working
>  # Finally, we added the patches to  Ranger 2.0.0
>  ## Applied the patches  
> [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
>  , 
> [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
>  ## After building and running ranger I had to manually delete the entry from 
> `x_db_version_h` table i.e `J10034` and then restart ranger to apply the 
> patch by running `db_setup.py`. Even after applying the patch, the changes 
> are not reflected. i.e(No option for `entity-label` and 
> `entity-business-metadata`  (have also checked `x_access_type_def` table and 
> entity-label and entity-business-metadata was not present)
> What will be the best way to move forward to support authorisation for 
> `labels` and `business-metadata` where authorisation policies work with roles.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2901) Remove libfb303 thrift library from Ranger dependency

2020-07-16 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159689#comment-17159689
 ] 

Pradeep Agrawal commented on RANGER-2901:
-

[~rmani] : Please close the RR : [https://reviews.apache.org/r/72657/]

> Remove libfb303 thrift library from Ranger dependency
> -
>
> Key: RANGER-2901
> URL: https://issues.apache.org/jira/browse/RANGER-2901
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
> Fix For: 2.1.0
>
>
> Remove libfb303 thrift library from Ranger dependency.  This library is used 
> in ranger hive plugin as a lookup feature dependency. This is not needed 
> anymore.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2751) SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto (Prestosql 310) - Policy synch up not happening

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2751:

Fix Version/s: (was: 2.1.0)

> SSL enabled Apache Ranger (2.1.0) not working with SSL enabled Presto 
> (Prestosql 310) - Policy synch up not happening 
> --
>
> Key: RANGER-2751
> URL: https://issues.apache.org/jira/browse/RANGER-2751
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.1.0
>Reporter: sajai
>Priority: Major
>
> *Facing the below error when trying to integrate Apache Ranger with Prestosql 
> (310 version).*
> *Both Ranger and Presto is working independently, but the Presto policies 
> from Ranger are not downloading/refreshing. Couldn't find the policies 
> downloaded in Ranger web ui in Audits/Plugin tab. Also if we remove SSL from 
> Ranger side it starts working fine. Issue is only when SSL is enabled in 
> Ranger, then Presto inot working with Ranger,*
> 2020-03-04T07:50:59.600-0600 ERROR Thread-91 
> org.apache.ranger.plugin.util.PolicyRefresher 
> PolicyRefresher(serviceName=presto-catalogs-dev): failed to refresh policies. 
> Will continue to use last known version of policies (-1)
> java.lang.IllegalArgumentException: TrustManager is not specified
> *ranger-2.1.0-SNAPSHOT-admin/install.properties:-*
> db_root_user=root
> db_root_password=Sqlpwd@123
> db_host=localhost
> db_name=ranger
> db_user=rangeradmin
> db_password=Rangerpwd@123
> rangerAdmin_password=Rangerpwd@123
> rangerTagsync_password=Rangerpwd@123
> rangerUsersync_password=Rangerpwd@123
> keyadmin_password=Rangerpwd@123
> policymgr_external_url=https://hostname_ranger:6182
> policymgr_http_enabled=false
> policymgr_https_keystore_file=/opt/iss_cert/clientcert.jks
> policymgr_https_keystore_keyalias=
> policymgr_https_keystore_password=31b17532aeb4fb5ba3af2bae850567
> unix_user=ranger
> unix_user_pwd=Rangerpwd@123
> unix_group=ranger
> #LDAP|ACTIVE_DIRECTORY|UNIX|NONE
> authentication_method=LDAP
> xa_ldap_url=ldaps://hostname_ldapserver:636
> xa_ldap_userDNpattern=uid=\{0},OU=xxx,DC=xx,DC=,DC=COM
> xa_ldap_groupSearchBase=DC=xxx,DC=ccc,DC=COM
> xa_ldap_groupSearchFilter=(member=cn=\{0},OU=xxx,DC=xx,DC=,DC=COM)
> xa_ldap_groupRoleAttribute=cn
> xa_ldap_base_dn=DC=xx,DC=,DC=COM
> xa_ldap_bind_dn=CN=XXX,OU=XX,DC=xx,DC=,DC=COM
> xa_ldap_bind_password=uBLRzVJK
> xa_ldap_referral=follow
> xa_ldap_userSearchFilter=(uid=\{0})
> *With the above values,able to start ranger with SSL and LDAP enabled and 
> also able to login succesfully with both unix admin credentials and also with 
> ldap credentials.*
>  
> *ranger-2.1.0-SNAPSHOT-presto-plugin/install.properties:-*
> POLICY_MGR_URL=https:/hostname_ranger:6182
> REPOSITORY_NAME=presto-catalogs-dev
> *# You do not need use SSL between agent and security admin tool, please 
> leave these sample value as it is.*
> SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
> SSL_KEYSTORE_PASSWORD=none
> SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
> SSL_TRUSTSTORE_PASSWORD=none
> *keep blank if component user is default*
> CUSTOM_USER=
> *keep blank if component group is default*
> CUSTOM_GROUP=
>  
> *presto-server-310/etc/config.properties:-*
> coordinator=true
> node-scheduler.include-coordinator=true
> http-server.http.enabled=false
> node.internal-address-source=FQDN
> node.internal-address=hostname_presto
> internal-communication.https.required=true
> internal-communication.https.keystore.path=/opt/iss_cert/clientcert.jks
> internal-communication.https.keystore.key=31b17532aeb4fb5ba3af2bae850567
> discovery-server.enabled=true
> discovery.uri=https://hostname_presto:8443
> http-server.authentication.type=PASSWORD,CERTIFICATE
> http-server.https.enabled=true
> http-server.https.port=8443
> http-server.https.keystore.path=/opt/iss_cert/clientcert.jks
> http-server.https.keystore.key=31b17532aeb4fb5ba3af2bae850567



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2693) Authorize new Hive Operations in RangerHiveAuthorizer

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2693:

Fix Version/s: (was: 2.1.0)

> Authorize new Hive Operations in RangerHiveAuthorizer
> -
>
> Key: RANGER-2693
> URL: https://issues.apache.org/jira/browse/RANGER-2693
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Minor
>
> Authorize new Hive Operations in RangerHiveAuthorizer. 
> Following operations are newly added and ranger should authorize those.
>  CREATE_SCHEDULED_QUERY
> ALTER_SCHEDULED_QUERY
> DROP_SCHEDULED_QUERY



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2629) Service disabled should not use the last known version of policies

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2629:

Fix Version/s: (was: 2.1.0)

> Service disabled should not use the last known version of policies
> --
>
> Key: RANGER-2629
> URL: https://issues.apache.org/jira/browse/RANGER-2629
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.0.0
>Reporter: Peng Xing
>Assignee: Peng Xing
>Priority: Major
>  Labels: patch
> Attachments: 
> 0001-RANGER-2629-Service-disabled-should-not-use-the-last.patch
>
>
> When service is disabled, the plugins should use an empty policy instead of 
> the last known version of policies.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2329) [Hive Plugin] show databases denied although user has access to some databases

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2329:

Fix Version/s: (was: 1.2.1)
   (was: 1.1.1)
   (was: 1.0.1)

> [Hive Plugin] show databases denied although user has access to some databases
> --
>
> Key: RANGER-2329
> URL: https://issues.apache.org/jira/browse/RANGER-2329
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.0.0, 1.2.0
>Reporter: peng bo
>Priority: Major
>  Labels: patch
> Attachments: RANGER-2329.patch, 
> show-databases-permission-denied-ranger1.1.0.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> a. assign select permission to user1 for database A with table * and hive 
> Column *
> b. login user1 by beeline 
> c. type 'show databases', error shows 
> Error: Error while compiling statement: FAILED: HiveAccessControlException 
> Permission denied: user [hadoop] does not have [USE] privilege on [*] 
> (state=42000,code=4)
> The cause:
> It seems to be a regression introduced by 
> [RANGER-1766|https://issues.apache.org/jira/browse/RANGER-1766]: 
> {code:java}
> public class RangerHiveResource extends RangerAccessResourceImpl {
>   public RangerHiveResource(HiveObjectType objectType, String 
> databaseorUrl, String tableOrUdf, String column) {
> case DATABASE:
> +if (databaseorUrl == null) {
> +   databaseorUrl = "*";
> +}
> {code}
> This code applies on "show databases" as well which prevents the according 
> RangerPolicyEvaluator from being returned.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2640) Implement SHOW ROLE GRANT in Hive ranger plugin

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2640:

Fix Version/s: (was: 2.1.0)

> Implement SHOW ROLE GRANT in Hive ranger plugin
> ---
>
> Key: RANGER-2640
> URL: https://issues.apache.org/jira/browse/RANGER-2640
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Attachments: 
> 0001-RANGER-2640-Implement-SHOW-ROLE-GRANT-in-Hive-ranger.patch
>
>
> Implement SHOW ROLE GRANT in Hive ranger plugin



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2492) In setup.sh, there is no uniform way to get python execution path through PYTHON_COMMAND_INVOKER

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2492:

Fix Version/s: (was: 1.2.1)

> In setup.sh, there is no uniform way to get python execution path through 
> PYTHON_COMMAND_INVOKER
> 
>
> Key: RANGER-2492
> URL: https://issues.apache.org/jira/browse/RANGER-2492
> Project: Ranger
>  Issue Type: Bug
>  Components: kms
>Affects Versions: 1.1.1, 1.2.1
>Reporter: sishu.yss
>Priority: Major
>
> In setup.sh, there is no uniform way to get python execution path through 
> PYTHON_COMMAND_INVOKER;



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2865) Add ALL WITH GRANT access type to Kudu

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2865?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2865:

Fix Version/s: (was: 2.1.0)

> Add ALL WITH GRANT access type to Kudu
> --
>
> Key: RANGER-2865
> URL: https://issues.apache.org/jira/browse/RANGER-2865
> Project: Ranger
>  Issue Type: Task
>  Components: plugins
>Reporter: Attila Bukor
>Priority: Major
> Attachments: 0001-RANGER-2865-Add-ALL-WITH-GRANT-to-Kudu-service.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-1942) Disable xmlparser and configEdit API in Solr for Audit setup

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-1942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-1942:

Fix Version/s: (was: 0.7.2)

> Disable xmlparser and configEdit API in Solr for Audit setup
> 
>
> Key: RANGER-1942
> URL: https://issues.apache.org/jira/browse/RANGER-1942
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: Kevin Risden
>Priority: Major
>
> AMBARI-22273 addresses this for Ambari Infra Solr. Ranger should do its best 
> to protect users from using a config that could be an issue. Solr 5.5.5, 
> 6.6.2, and 7.1.0 all fix the below issues.
> A fix for Ranger would be to set the following in solrconfig.xml. Another 
> could be to make sure that the documentation for Ranger -> Solr ensures that 
> recommended versions are used.
> {code:xml}
> 
> {code}
> From https://lucene.apache.org/solr/news.html
> * Fix for a 0-day exploit (CVE-2017-12629), details: 
> https://s.apache.org/FJDl. RunExecutableListener has been disabled by default 
> (can be enabled by -Dsolr.enableRunExecutableListener=true) and resolving 
> external entities in the XML query parser (defType=xmlparser or {!xmlparser 
> ... }) is disabled by default.
> * Fix for CVE-2017-7660: Security Vulnerability in secure inter-node 
> communication in Apache Solr, details: https://s.apache.org/APTY



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2868) RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2868:

Fix Version/s: (was: 2.1.0)

> RangerKMS ERROR: Hadoop KMS could not be started with Oracle19 runs
> ---
>
> Key: RANGER-2868
> URL: https://issues.apache.org/jira/browse/RANGER-2868
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Dhaval B. SHAH
>Assignee: Dhaval B. SHAH
>Priority: Major
> Attachments: RANGER-2868.patch
>
>
> Facing below type casting error in catalina.out when Ranger KMs is configure 
> to use Oracle 19.
> {code:java}
> [EL Warning]: 2020-06-17 
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class 
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is 
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed 
> module of loader 'app')[EL Warning]: 2020-06-17 
> 10:15:57.5--UnitOfWork(629597660)--java.lang.ClassCastException: class 
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is 
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed 
> module of loader 'app')[EL Warning]: 2020-06-17 
> 10:15:57.508--UnitOfWork(629597660)--java.lang.ClassCastException: class 
> java.lang.String cannot be cast to class oracle.sql.CLOB (java.lang.String is 
> in module java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed 
> module of loader 'app')java.lang.ClassCastException: class java.lang.String 
> cannot be cast to class oracle.sql.CLOB (java.lang.String is in module 
> java.base of loader 'bootstrap'; oracle.sql.CLOB is in unnamed module of 
> loader 'app') at 
> org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:184)
>  at 
> org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:92)
>  at 
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:740)
>  at 
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:655)
>  at 
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558)
>  at 
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:77)
>  at 
> org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:188)
>  at 
> org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:168)
>  at 
> org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:402)
>  at 
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165)
>  at 
> org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180)
>  at 
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489)
>  at 
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80)
>  at 
> org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90)
>  at 
> org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301)
>  at 
> org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
>  at 
> org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899) 
> at 
> org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798)
>  at 
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
>  at 
> org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85)
>  at 
> org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896)
>  at 
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804)
>  at 
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786)
>  at 
> org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737)
>  at 
> org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226)
>  at 
> org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:125)
>  at 
> 

[jira] [Updated] (RANGER-1964) java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-1964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-1964:

Fix Version/s: (was: 0.7.1)

> java.lang.NoClassDefFoundError: org/apache/kafka/common/network/LoginType
> -
>
> Key: RANGER-1964
> URL: https://issues.apache.org/jira/browse/RANGER-1964
> Project: Ranger
>  Issue Type: Wish
>  Components: Ranger
>Reporter: Ronald van de Kuil
>Priority: Trivial
>
> Hi, I have Kafka nicely working with Ranger and I noticed that there is an 
> warning during startup. It does not impact the functioning of Kafka as far as 
> I can see. I would like to keep the logs tidy, ... so, that, ... amaze, 
> amaze, nobody ever haves to worry unnecessarily. For this I raised  
> KAFKA-6338.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2782) Upgrade log4j dependency

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2782:

Fix Version/s: (was: 2.1.0)

> Upgrade log4j dependency
> 
>
> Key: RANGER-2782
> URL: https://issues.apache.org/jira/browse/RANGER-2782
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Bolke de Bruin
>Assignee: Bolke de Bruin
>Priority: Blocker
> Attachments: 
> 0001-RANGER-2782-Upgrade-log4j-to-a-supported-version.patch
>
>
> The current log4j version in ranger is end of life and contains critical 
> security Vulnerabilities
> CVE-2019-17571



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2428) Populate Ranger ACL summary for roles

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2428?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2428:

Fix Version/s: (was: master)

> Populate Ranger ACL summary for roles
> -
>
> Key: RANGER-2428
> URL: https://issues.apache.org/jira/browse/RANGER-2428
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
>
> Ranger provides a concise summary of permissions represented by Ranger 
> policies for users and groups. With support for Roles in Ranger, computing 
> and providing similar information for roles is needed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2673) Build Python based Rest Api client for Ranger

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2673:

Fix Version/s: (was: master)

> Build Python based Rest Api client for Ranger
> -
>
> Key: RANGER-2673
> URL: https://issues.apache.org/jira/browse/RANGER-2673
> Project: Ranger
>  Issue Type: Task
>  Components: Ranger
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Deepak Sharma
>Priority: Major
>
> It is good to have Python based API client for Ranger.
> Decision to be made before starting on this work:
> 1) whether to support python2 or python3 or both.
> 2) Scope:
> CRUD operations on Policy/Service/Zones
> User/group operation



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2285) Error page is not available when API call returns HTTP status code 403(forbidden)

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2285:

Fix Version/s: (was: master)

> Error page is not available when API call returns  HTTP status code 
> 403(forbidden)
> --
>
> Key: RANGER-2285
> URL: https://issues.apache.org/jira/browse/RANGER-2285
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Dhaval Rajpara
>Assignee: Dhaval Rajpara
>Priority: Minor
> Attachments: 
> 0001-RANGER-2285-Error-page-is-not-available-when-API-cal.patch, 
> 0002-RANGER-2285.patch, 403ErrorPage.png, screenshort_1.png, screenshort_2.png
>
>
> Error page not populated when getting response 403(Forbidden).
> scenario-1
> Steps - 
> 1. Login with admin.
> 2. Create users 'testuser3' and 'testuser2' with USER_ROLE.
> 3. Create a group 'group1'.
> 4. Add 'testuser3' and testuser2' to 'group1'.
> 5. Give 'User/Group' page permission to 'testuser1'
> 6. Login with 'testuser3'
> 7. Go to group listing page
> 8. Click on 'view user' button in group listing page.
> 9. Click on 'testuser2' username (The page goes into loading state instant 
> off error page ).
> (Refer image screenshort_1)
> scenario-2
> Steps -
> 1. Login with 'testuser3'.
> 2. 'testuser3' user does not have permission to view Tag base policy.
> 3. By changing the router to '/policymanager/tag' its show blank 'Service 
> Manager' page instant off error page.
> (Refer image screenshort_2).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2139) UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2139:

Fix Version/s: (was: master)

> UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and 
> group files
> ---
>
> Key: RANGER-2139
> URL: https://issues.apache.org/jira/browse/RANGER-2139
> Project: Ranger
>  Issue Type: Bug
>  Components: usersync
>Affects Versions: 1.0.0, master, 0.7.1
>Reporter: Cetin Sahin
>Priority: Critical
> Attachments: 0001-RANGER-2139-Fix-UnixUserGroupBuilder.patch
>
>
> When Unix based user and group synchronization is enabled in Ranger, 
> UnixUserGroupBuilder periodically checks whether one of the /etc/passwd or 
> /etc/group files is modified or not to trigger a synchronization.
> However, while checking the modification of a file, the UnixUserGroupBuilder 
> uses java.io.File.lastModified() to check whether the file is updated after 
> the latest synchronization time.
> {code:java}
> long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified();
> {code}
> java.io.File.lastModified() function, however, returns the latest modified 
> timestamp in the time granularity of seconds. That means each timestamp ends 
> with 000 independent of the millisecond precision.
> [https://bugs.openjdk.java.net/browse/JDK-8177809]
>  
> [http://dev-answers.blogspot.com/2014/11/avoid-using-javaiofilelastmodified-for.html]
> This can cause UnixUserGroupBuilder to fail to detect the update on the file 
> if the file modification check happens between the two consecutive updates 
> within the same second. Assume the following scenario with the corresponding 
> timestamps where UnixUserGroupBuilder checks the updates per minute.
> the latest modification of users and group files are at t0 (00:00:00.111), 
> which have a corresponding timestamp of 1529539200111, denoted by T0
> Now, consider the following scenario.
>  * At time t1 (01:*00:00.123*), T1 (1529542800123): /etc/group file is 
> updated and a new group called group01 is added.
>  * At time t2 (01:*00:00.345*), T2 (1529542800345): UnixUserGroupBuilder 
> threads wakes up and detects the update on the group file and performed the 
> synchronization. After the synchronization, the latest modification time for 
> the group is updated from the File.lastModified() function. latest 
> modification of group file = File.lastModified(t1) = *152954280*. Please 
> note that the last 3 digits corresponding to the milliseconds is truncated to 
> 000 with File.lastModified() function.
>  * At time t3 (01:*00:00.567*), T3 (1529542800567): /etc/group file is 
> updated and a user membership is added to one of the groups (e.g., user 
> user01 becomes a member of group group01).
>  * At time t4 (01:*01:00.345*), T4 (1529542860345): UnixUserGroupBuilder 
> thread wakes up and couldn't detect any changes since the timestamp generated 
> from the File.lastModified() function returns the same timestamp for t1 and 
> t3. Recall that the latest modification time of the group file becomes 
> 152954280 at t2 and File.lastModified(t3) returns *152954280* as 
> well. Since both File.lastModified(t1) = File.lastModified(t3), 
> UnixUserGroupBuilder could not detect the modification on the file at t4, 
> assumes there is no update, and then, sleeps again without syncing the 
> changes.
> At time t4, UnixUserGroupBuilder is supposed to sync the user group 
> membership but if fails to detect the update. If there is no any further 
> update on one of these files, the user01 will never be part of group01 in 
> Ranger.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2206) Add Policy Validity Period and Override as search filters and add distinguishing icons in policy listing page

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2206:

Fix Version/s: (was: master)

> Add Policy Validity Period and Override as search filters and add 
> distinguishing icons in policy listing page
> -
>
> Key: RANGER-2206
> URL: https://issues.apache.org/jira/browse/RANGER-2206
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Attachments: 
> 0001-RANGER-2206-Add-Policy-Validity-Period-and-Override-.patch, 
> 0002-RANGER-2206.patch
>
>
> – Add policy validity period as search filter in policy listing page. Both 
> start date and end date (along with timezone). Search should show policies 
> that have validity period specified and meet that condition. 
> – Add policy override as search filter in policy listing page. Search should 
> show only policies defined as override.
> – Add indication in policy listing page to distinguish policies with validity 
> period and override policies. Add icons for visual clue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-817) [Ranger-hive] Update operation & select operation while export on partitioned table is not logged in audit log

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-817:
---
Fix Version/s: (was: 0.5.4)

> [Ranger-hive] Update operation & select operation while export on partitioned 
> table is not logged in audit log
> --
>
> Key: RANGER-817
> URL: https://issues.apache.org/jira/browse/RANGER-817
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 0.5.0
>Reporter: Deepak Sharma
>Assignee: Alok Lal
>Priority: Critical
>
> Scenario:
> 1. create a partition table.
> create table exportPartitionTable (id int, name string) partitioned by 
> (country string);
> 2. insert data into this partitioned table.
> insert into table exportPartitionTable PARTITION(country='india') values ( 7, 
> 'ranger');
> 3. export this partitiontable to hdfs data store.
> export table exportPartitionTable to '/user/user1/exportDataStore';
> Defect:
> both insert and export (select is done in export) operation are successful 
> but Both are not logged in audit log.
> same is working fine in case of non partition table.
> Note: select operation is logged if we do through command like select * from 
>  but it is not logged if it is done as part of export,



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-1939) Simplify Maven dependencies and assembly specification for hdfs plugin module

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-1939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-1939:

Fix Version/s: (was: master)

> Simplify Maven dependencies and assembly specification for hdfs plugin module
> -
>
> Key: RANGER-1939
> URL: https://issues.apache.org/jira/browse/RANGER-1939
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
>
> There are two issues with the Maven POM files for Ranger's hdfs plugin module.
> 1. There are overlapping and sometimes conflicting versions of libraries on 
> which hdfs plugin code depends. Conflicts arise partly because some of the 
> libraries packaged with hdfs plugin module are already exist in hdfs 
> component and have different versions.
> 2. assembly specification for hdfs plugin module uses DependencySets - a 
> construct which is confusing and hard to get right. They also clutter up 
> build output log with spurious messages. It is desirable to use FileSets 
> which are easier to understand and straightforward to specify in an assembly 
> spec.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2742) Database patch 046 does not apply correctly on SQL Server and SQL Anywhere

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2742:

Fix Version/s: (was: master)

> Database patch 046 does not apply correctly on SQL Server and SQL Anywhere
> --
>
> Key: RANGER-2742
> URL: https://issues.apache.org/jira/browse/RANGER-2742
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Andrew Luo
>Priority: Critical
> Attachments: 
> 0001-RANGER-2742-Fix-database-patch-046-on-SQL-Server-and-SQL-Anywher.patch
>
>
> On SQL Anywhere the constraint and column names are swapped in some 
> statements.  In SQL Server, the same problem exists in addition to not 
> properly dropping the default constraint.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2346) Ranger admin UI needs to support CRUD of tag policies for a security zone

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2346:

Fix Version/s: (was: master)

> Ranger admin UI needs to support CRUD of tag policies for a security zone
> -
>
> Key: RANGER-2346
> URL: https://issues.apache.org/jira/browse/RANGER-2346
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: Abhay Kulkarni
>Priority: Major
>
> Ranger security zone contains services and resources. If a service in a 
> security zone is associated with a tag-service, then policies in the 
> tag-service are also scoped to the security zone. UI needs to support 
> create/update/delete of tag policies with security zone scope.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-601) Implement Kafka Audit Provider for Ranger Audit using new Destination design

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-601:
---
Fix Version/s: (was: 0.5.4)

> Implement Kafka Audit Provider for Ranger Audit using new Destination design
> 
>
> Key: RANGER-601
> URL: https://issues.apache.org/jira/browse/RANGER-601
> Project: Ranger
>  Issue Type: Sub-task
>Reporter: Bosco
>Priority: Major
>
> We need to reimplement Kafka Audit Destination class for the new Audit design 
> introduced in 0.5 release



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-263) Packaging for KafkaProvider in plugins

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-263:
---
Fix Version/s: (was: 0.5.4)

> Packaging for KafkaProvider in plugins
> --
>
> Key: RANGER-263
> URL: https://issues.apache.org/jira/browse/RANGER-263
> Project: Ranger
>  Issue Type: Sub-task
>Reporter: Bosco
>Assignee: Bosco
>Priority: Major
>
> Need to support or provide guidelines to included Kafka libraries/jars in 
> components which need to send audit records to Kafka



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-600) Failed to execute goal org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly (default-cli) on project ranger

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-600:
---
Fix Version/s: (was: 0.5.4)

> Failed to execute goal 
> org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly 
> (default-cli) on project ranger
> -
>
> Key: RANGER-600
> URL: https://issues.apache.org/jira/browse/RANGER-600
> Project: Ranger
>  Issue Type: Bug
>Affects Versions: 0.5.0
>Reporter: Mujadid khalid
>Assignee: Alok Lal
>Priority: Major
>
> when I compile latest code from master branch I got following error
> Failed to execute goal 
> org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:assembly 
> (default-cli) on project ranger: Failed to create assembly: Error creating 
> assembly archive src: Problem creating TAR: request to write '8192' bytes 
> exceeds size in header of '566424' bytes
> To fix this issue change following in the pom file
> 
>   maven-assembly-plugin
>  2.3
>   
> 
>   src/main/assembly/hdfs-agent.xml
> In this way issue was fixed



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-536) Test connection fails with SSL error when setting up knox repository

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-536:
---
Fix Version/s: (was: 0.5.4)

> Test connection fails with SSL error when setting up knox repository
> 
>
> Key: RANGER-536
> URL: https://issues.apache.org/jira/browse/RANGER-536
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 0.4.0
> Environment: Debian 6, HDP 2.2
>Reporter: phanikumar
>Priority: Minor
>
> I have setup Knox with a self-signed cert.  When creating a Knox repository 
> in the Ranger admin web UI the "Test Connection" button produces this error:
> ==
> Connection Failed.
> Exception on REST call to KnoxUrl : 
> https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies. You can 
> still save the repository and start creating policies, but you would not be 
> able to use autocomplete for resource names. Check xa_portal.log for more 
> info.
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
> No name matching myhost.mydomain.com found. 
> java.security.cert.CertificateException: No name matching  found. 
> No name matching myhost.mydomain.com found. 
> ==
> Ranger policies for Knox can still be created and they work 
> Additional error messages from xa_portal.log:
> 2015-03-31 15:45:27,849 [http-bio-6080-exec-2] ERROR 
> com.xasecure.biz.AssetMgr (AssetMgr.java:1566) - Unable to get knox resources.
> com.xasecure.hadoop.client.exceptions.HadoopException: Exception on REST call 
> to KnoxUrl : https://myhost.mydomain.com:8443/gateway/admin/api/v1/topologies.
>   at 
> com.xasecure.knox.client.KnoxClient.getServiceList(KnoxClient.java:223)
>   at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1547)
>   at com.xasecure.biz.AssetMgr$7.call(AssetMgr.java:1544)
>   at com.xasecure.common.TimedEventUtil.timedTask(TimedEventUtil.java:51)
>   at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1562)
>   at com.xasecure.biz.AssetMgr.getKnoxResources(AssetMgr.java:1524)
>   at com.xasecure.rest.AssetREST.pullKnoxResources(AssetREST.java:381)
>   at 
> com.xasecure.rest.AssetREST$$FastClassByCGLIB$$90363ab.invoke()
>   at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
>   at 
> org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
>   at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
>   at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
>   at 
> org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
>   at 
> com.xasecure.rest.AssetREST$$EnhancerByCGLIB$$6b3c72e7.pullKnoxResources()
>   at sun.reflect.GeneratedMethodAccessor87.invoke(Unknown Source)
>   at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>   at java.lang.reflect.Method.invoke(Method.java:606)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
>   at 
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:70)
>   at 
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
>   at 
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:86)
>   at 
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
>   at 
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:74)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1357)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1289)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1239)
>   at 
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1229)
>   at 
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420)
>   at 
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:497)
>   at 
> 

[jira] [Updated] (RANGER-2457) Support download csv via REST as enhancement

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2457:

Fix Version/s: (was: 0.6.0)

> Support download csv via REST as enhancement
> 
>
> Key: RANGER-2457
> URL: https://issues.apache.org/jira/browse/RANGER-2457
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 0.6.0
>Reporter: Venkateswara Reddy
>Assignee: Mehul Parikh
>Priority: Major
>
> +*LIst of changes / improvements*+
>  # Along with download excel spreadsheet feature, add support for download 
> file as CSV format using REST API.
>  # REST API should have multiple options to download different file formats 
> same as Ranger Reports page.
> Sample Excel Command:
> curl -X GET --header "application/xml" -H "Content-Type: 
> application/ms-excel" -o Ranger_Policies.xls -u admin:\{password} 
> "http://[ranger-server]:6080/service/plugins/policies/downloadExcel?;



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`

2020-07-16 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17159681#comment-17159681
 ] 

Pradeep Agrawal commented on RANGER-2909:
-

[~nityananda] : Try both the patches which Nixon has suggested above. Let me 
know if issue is still there. 

> Authorization support for atlas `entity-label` and `entity-business metadata`
> -
>
> Key: RANGER-2909
> URL: https://issues.apache.org/jira/browse/RANGER-2909
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: ranger-2.0
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Major
>
> We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but 
> we wanted authorisation for `entity-labels` and `entity-business-metadata` 
> that comes with new version of Atlas i.e Atlas 2.0.0.
>  # We tried building ranger from the master branch, but authorisation for 
> roles which were attached to policies was not working (authorisation for 
> users and groups attached to policies was working)
>  # Since the above didn’t work we tried building ranger from the specific 
> commit where the patch to support authorisation for labels and  
> business-metadata was added 
> [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb]
>   , the same problem appeared here i.e authorisation for roles attached to 
> policies was not working
>  # Finally, we added the patches to  Ranger 2.0.0
>  ## Applied the patches  
> [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
>  , 
> [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
>  ## After building and running ranger I had to manually delete the entry from 
> `x_db_version_h` table i.e `J10034` and then restart ranger to apply the 
> patch by running `db_setup.py`. Even after applying the patch, the changes 
> are not reflected. i.e(No option for `entity-label` and 
> `entity-business-metadata`  (have also checked `x_access_type_def` table and 
> entity-label and entity-business-metadata was not present)
> What will be the best way to move forward to support authorisation for 
> `labels` and `business-metadata` where authorisation policies work with roles.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (RANGER-2909) Authorization support for atlas `entity-label` and `entity-business metadata`

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reassigned RANGER-2909:
---

Assignee: Pradeep Agrawal

> Authorization support for atlas `entity-label` and `entity-business metadata`
> -
>
> Key: RANGER-2909
> URL: https://issues.apache.org/jira/browse/RANGER-2909
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: ranger-2.0
>Reporter: Nityananda Gohain
>Assignee: Pradeep Agrawal
>Priority: Major
>
> We were using Ranger 2.0.0 with Atlas which was working perfectly fine, but 
> we wanted authorisation for `entity-labels` and `entity-business-metadata` 
> that comes with new version of Atlas i.e Atlas 2.0.0.
>  # We tried building ranger from the master branch, but authorisation for 
> roles which were attached to policies was not working (authorisation for 
> users and groups attached to policies was working)
>  # Since the above didn’t work we tried building ranger from the specific 
> commit where the patch to support authorisation for labels and  
> business-metadata was added 
> [https://github.com/apache/ranger/commit/3b49c2f9fb77d76154911b7dd61f2382d0b56bfb]
>   , the same problem appeared here i.e authorisation for roles attached to 
> policies was not working
>  # Finally, we added the patches to  Ranger 2.0.0
>  ## Applied the patches  
> [https://github.com/atlanhq/ranger/commit/a252ecf4b1006cc78e1c48cc3bacc518401b4825]
>  , 
> [https://github.com/atlanhq/ranger/commit/a7024c23bf6f54e39dfb3b31f6186ebd21977f93]
>  ## After building and running ranger I had to manually delete the entry from 
> `x_db_version_h` table i.e `J10034` and then restart ranger to apply the 
> patch by running `db_setup.py`. Even after applying the patch, the changes 
> are not reflected. i.e(No option for `entity-label` and 
> `entity-business-metadata`  (have also checked `x_access_type_def` table and 
> entity-label and entity-business-metadata was not present)
> What will be the best way to move forward to support authorisation for 
> `labels` and `business-metadata` where authorisation policies work with roles.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2898:

Fix Version/s: 2.1.0

> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
> Fix For: 2.1.0
>
>
> Found below exception in atlas application.log where audits were not getting 
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ Request to collection [ranger_audits] failed due to (0) 
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0 
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019 
> INFO - 
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ request was not communication error it seems (CloudSolrClient:953) 
> 2020-07-01 12:22:27,020 WARN - 
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ failed to log audit event: 
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>  
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
>  (BaseAuditHandler:374) 
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: 
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836 
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2898) Upgrade httpclient from 4.5.3 to 4.5.4

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2898:

Fix Version/s: (was: 2.1.0)

> Upgrade httpclient from 4.5.3 to 4.5.4
> --
>
> Key: RANGER-2898
> URL: https://issues.apache.org/jira/browse/RANGER-2898
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Nixon Rodrigues
>Priority: Major
>
> Found below exception in atlas application.log where audits were not getting 
> added in SOLR from Atlas plugin.
> {code:java}
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ Request to collection [ranger_audits] failed due to (0) 
> java.lang.ClassCastException: [B cannot be cast to java.lang.String, retry=0 
> commError=false errorCode=0 (CloudSolrClient:925) 2020-07-01 12:22:27,019 
> INFO - 
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ request was not communication error it seems (CloudSolrClient:953) 
> 2020-07-01 12:22:27,020 WARN - 
> [atlas.async.multi_dest.batch_atlas.async.multi_dest.batch.solr_destWriter:] 
> ~ failed to log audit event: 
> \{"repoType":15,"repo":"xxx-xx","reqUser":"oozie_execute","evtTime":"2020-06-18
>  
> 08:27:18.918","access":"entity-create","resource":"hive_db/[]/x@xxx-xxx","resType":"entity","action":"entity-create","result":0,"agent":"atlas","policy":-1,"enforcer":"ranger-acl","cliIP":"172.1.1.1","agentHost":"xxx-xxx-xx-x.xxx","logType":"RangerAudit","id":"13729e1e-e901-4e4a-ac49-0cf21701c63b-0","seq_num":1,"event_count":1,"event_dur_ms":0,"tags":[],"cluster_name":"xx-xxx"}
>  (BaseAuditHandler:374) 
> org.apache.solr.client.solrj.impl.CloudSolrClient$RouteException: 
> java.lang.ClassCastException: [B cannot be cast to java.lang.String
> {code}
> its due to HTTPCLIENT-1836 
> To fix above issue:- Upgrade httpclient from 4.5.3 to 4.5.4.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2897) Update jQuery version.

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2897:

Fix Version/s: 2.1.0

> Update jQuery version.
> --
>
> Key: RANGER-2897
> URL: https://issues.apache.org/jira/browse/RANGER-2897
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2897.patch
>
>
> Update jQuery version 3.4.1 to 3.5.1 for Ranger. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2762) Logout issue when knox-trusted proxy is enabled

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2762:

Fix Version/s: 2.1.0

> Logout issue when knox-trusted proxy is enabled
> ---
>
> Key: RANGER-2762
> URL: https://issues.apache.org/jira/browse/RANGER-2762
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Harshal Chavan
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2762-Handling-browser-requests-when-knox-trus.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2914) Invalid obj name in DB script for MS-SQL

2020-07-16 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2914:

Fix Version/s: 2.1.0

> Invalid obj name in DB script for MS-SQL
> 
>
> Key: RANGER-2914
> URL: https://issues.apache.org/jira/browse/RANGER-2914
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Dhaval B. SHAH
>Assignee: Dhaval B. SHAH
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: RANGER-2914.patch
>
>
> Need to change obj name from _*getXportalUIdByLoginId*_  to 
> *_dbo.getXportalUIdByLoginId_*  while inserting value in table 
> x_ranger_global_state



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2908) Upgrade jackson version to 2.10.3

2020-07-15 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2908.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

[https://github.com/apache/ranger/commit/850e31e31087fad03ba519d1246d2f0bd70cb669]

> Upgrade jackson version to 2.10.3
> -
>
> Key: RANGER-2908
> URL: https://issues.apache.org/jira/browse/RANGER-2908
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 2.1.0
>
>
> Upgrade jackson version to 2.10.3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml

2020-07-13 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156700#comment-17156700
 ] 

Pradeep Agrawal commented on RANGER-2907:
-

[~sneethiraj] : Shall attached patch resolve the issue. I have not tested this 
patch as I don't have an env to test the patch.

> Ranger Plugin is not using default TrustManager if a trustmanager is not 
> specified in ranger-policymgr-ssl.xml
> --
>
> Key: RANGER-2907
> URL: https://issues.apache.org/jira/browse/RANGER-2907
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Selvamohan Neethiraj
>Assignee: Selvamohan Neethiraj
>Priority: Critical
> Attachments: 
> 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch
>
>
> When a CA certified certificate is used by Ranger Admin, the RangerPlugin 
> should be able to use the default cacerts (from JVM) without having to 
> configure it manually.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2907) Ranger Plugin is not using default TrustManager if a trustmanager is not specified in ranger-policymgr-ssl.xml

2020-07-13 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2907:

Attachment: 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch

> Ranger Plugin is not using default TrustManager if a trustmanager is not 
> specified in ranger-policymgr-ssl.xml
> --
>
> Key: RANGER-2907
> URL: https://issues.apache.org/jira/browse/RANGER-2907
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Selvamohan Neethiraj
>Assignee: Selvamohan Neethiraj
>Priority: Critical
> Attachments: 
> 0001-RANGER-2907-Ranger-Plugin-is-not-using-default-Trust.patch
>
>
> When a CA certified certificate is used by Ranger Admin, the RangerPlugin 
> should be able to use the default cacerts (from JVM) without having to 
> configure it manually.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2902) Add policy id to the list of filters in Access Audit Tab

2020-07-10 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2902.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

[https://github.com/apache/ranger/commit/c66c8384757be11335d62f72e63b8da5a5f58234]

> Add policy id to the list of filters in Access Audit Tab
> 
>
> Key: RANGER-2902
> URL: https://issues.apache.org/jira/browse/RANGER-2902
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Nitin Galave
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2902.patch
>
>
> Add policy Id filter to Access Audit Tab.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2900) Include policy priority in policy details popup on access auidts page

2020-07-10 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2900.
-
Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/87cc02b103c15297e8b8ddb12a8997517a27fc1c]

> Include policy priority in policy details popup on access auidts page
> -
>
> Key: RANGER-2900
> URL: https://issues.apache.org/jira/browse/RANGER-2900
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: suja s
>Assignee: Nitin Galave
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2900.patch, policypriorityscreen1.png, 
> policypriorityscreen2.png
>
>
> Access Audits page on UI - On clicking on policyid, a popup is displayed with 
> details of the policy that is getting enforced. Suggestion is to include 
> policy priority also as part of details.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2858) 'show databases' gives permission denied error, even though the user has permissions on a few of the databases in security zone policies

2020-07-09 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155145#comment-17155145
 ] 

Pradeep Agrawal commented on RANGER-2858:
-

Patch 2([https://reviews.apache.org/r/72659/]) committed to master : 

[https://github.com/apache/ranger/commit/708085410ff2bbbde5f9343c31cd0a1b45f5efa8]

> 'show databases' gives permission denied error, even though the user has 
> permissions on a few of the databases in security zone policies
> 
>
> Key: RANGER-2858
> URL: https://issues.apache.org/jira/browse/RANGER-2858
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Abhay Kulkarni
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 2.1.0
>
>
> When user has permissions on a few of the databases in security zone 
> policies, "show databases" command is expected to list databases on which the 
> user has some permission in any security zone(s). However, the command fails 
> with the following message.
> 
>  FAILED: HiveAccessControlException Permission denied: user [behemoth] does 
> not have [USE] privilege on [Unknown resource!!]
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException:
>  Permission denied: user [behemoth] does not have [USE] privilege on [Unknown 
> resource!!]
>  at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:487)
> 
> Furthermore, command "use " where  is name of the 
> database where user has some access in any security zone, succeeds.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17155074#comment-17155074
 ] 

Pradeep Agrawal commented on RANGER-2905:
-

[~iammehrabalam]: Thanks

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17154706#comment-17154706
 ] 

Pradeep Agrawal commented on RANGER-2905:
-

[~iammehrabalam] : Can you take the latest pull and attached patch and see if 
changes are working for you or not. 

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2905:

Attachment: (was: 
0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch)

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2905:

Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2905:

Attachment: 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
> Attachments: 
> 0001-RANGER-2905-Failed-to-log-Audit-event-in-Elasticsear.patch
>
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Assigned] (RANGER-2905) Failed to log Audit event in Elasticsearch

2020-07-09 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2905?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reassigned RANGER-2905:
---

Assignee: Pradeep Agrawal

> Failed to log Audit event in Elasticsearch 
> ---
>
> Key: RANGER-2905
> URL: https://issues.apache.org/jira/browse/RANGER-2905
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Affects Versions: 2.1.0
>Reporter: Md Mehrab Alam
>Assignee: Pradeep Agrawal
>Priority: Major
>
>  
> Elasticsearch audit IndexRequest validation is failing due to empty (i.e 
> empty string) type. 
> https://github.com/apache/ranger/blob/cd2165f4b81eff0f29edf30fe73c31d24d9f1d78/agents-audit/src/main/java/org/apache/ranger/audit/destination/ElasticSearchAuditDestination.java#L119
>  
> Elasticsearch validation code:
> https://github.com/elastic/elasticsearch/blob/7.x/server/src/main/java/org/elasticsearch/action/index/IndexRequest.java#L215
>  
> {code:java}
> 2020-07-08 22:55:24,740 ERROR 
> org.apache.ranger.audit.provider.BaseAuditHandler: Error sending message to 
> ElasticSearch
> org.elasticsearch.action.ActionRequestValidationException: Validation Failed: 
> 1: type is missing;
> at 
> org.elasticsearch.action.bulk.BulkRequest.validate(BulkRequest.java:393)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1480)
> at 
> org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1454)
> at 
> org.elasticsearch.client.RestHighLevelClient.bulk(RestHighLevelClient.java:497)
> at 
> org.apache.ranger.audit.destination.ElasticSearchAuditDestination.log(ElasticSearchAuditDestination.java:125)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
> at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
> at java.lang.Thread.run(Thread.java:748)
> 2020-07-08 22:55:24,740 WARN 
> org.apache.ranger.audit.provider.BaseAuditHandler: failed to log audit event:
> {code}
> Elasticsearch version: 
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config

2020-07-08 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2903?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2903:

Attachment: 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch

> Remove elasticsearch audit's is_enabled property from config
> 
>
> Key: RANGER-2903
> URL: https://issues.apache.org/jira/browse/RANGER-2903
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2903-Remove-elasticsearch-audit-s-is_enabled-.patch
>
>
> Remove elasticsearch audit's is_enabled property from config as it may cause 
> plugin setup/start failure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2903) Remove elasticsearch audit's is_enabled property from config

2020-07-08 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2903:
---

 Summary: Remove elasticsearch audit's is_enabled property from 
config
 Key: RANGER-2903
 URL: https://issues.apache.org/jira/browse/RANGER-2903
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.1.0


Remove elasticsearch audit's is_enabled property from config as it may cause 
plugin setup/start failure.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-07 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152565#comment-17152565
 ] 

Pradeep Agrawal commented on RANGER-2856:
-

[~RickyMa] : Please close the RR.

Next time please create the patch using "git format-patch" command.

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png, 
> image-2020-07-02-22-03-36-267.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-07 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2856.
-
Fix Version/s: (was: master)
   2.1.0
   Resolution: Fixed

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png, 
> image-2020-07-02-22-03-36-267.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-07 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17152564#comment-17152564
 ] 

Pradeep Agrawal commented on RANGER-2856:
-

Patch committed : 
[https://github.com/apache/ranger/commit/400beaa7604e4c83d051dc6e83b8bc109e5d8c53]

 

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png, 
> image-2020-07-02-22-03-36-267.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'

2020-07-06 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2877.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

[https://github.com/apache/ranger/commit/4160ebfc7cb1db642e8ba7fdbaa72142978e764b]

> ElasticSearch-Plugin throws NullPointException when the type of request is 
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch, 
> ES Processing logic.png, NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u : 
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
>  -H 'Content-Type:application/json' -d 
> '\{"mapping":{"properties":{"age":"text"}}}'  
> then ES will print NullPointException in it's log file, and the request will 
> fail



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-06 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17151942#comment-17151942
 ] 

Pradeep Agrawal commented on RANGER-2891:
-

[~rujia1019] : have reverted the commit as build is failing.

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Reopened] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-06 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reopened RANGER-2891:
-

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-06 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2891.
-
Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/0fa35a1d00de7899effa5a589713baf947cabd2b]

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Reopened] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-06 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal reopened RANGER-2891:
-

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2885) Add missing PermType Java codes for new versions of Kafka

2020-07-05 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2885.
-
Fix Version/s: (was: master)
   2.1.0
   Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/a15ec3c1028b01b292e257a1a50d83fcd8d91149]

> Add missing PermType Java codes for new versions of Kafka
> -
>
> Key: RANGER-2885
> URL: https://issues.apache.org/jira/browse/RANGER-2885
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: RANGER-2885.patch
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> There are codes missing for:
> https://issues.apache.org/jira/browse/RANGER-2117
> https://issues.apache.org/jira/browse/RANGER-2692
> When calling 
> 'http://10.1.0.44:6080/service/public/api/policy?repositoryName=tdw_kafka\=kafka\=false',
>  it will return 'Unknown' value in permMapList.permList field, which is not 
> appropriate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2890) Add missing log4j properties for audit log

2020-07-05 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2890.
-
Fix Version/s: 2.1.0
   Resolution: Fixed

Patch committed :  
[https://github.com/apache/ranger/commit/197b27683b5271836a8add2d783ee2889b47d153]

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2887) Upgrade Tomcat to 7.0.104

2020-07-03 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal resolved RANGER-2887.
-
Resolution: Fixed

Patch committed : 
[https://github.com/apache/ranger/commit/23b49c581dedea32bf8a03b503f9337530427521]

> Upgrade Tomcat to 7.0.104
> -
>
> Key: RANGER-2887
> URL: https://issues.apache.org/jira/browse/RANGER-2887
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Mahesh Hanumant Bandal
>Assignee: Mahesh Hanumant Bandal
>Priority: Minor
> Fix For: 2.1.0
>
>
> Upgrade Tomcat version to follow best practices



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-02 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150436#comment-17150436
 ] 

Pradeep Agrawal commented on RANGER-2856:
-

[~RickyMa] : if [^RANGER-2856.patch] is your proposed patch then download that 
file and go to your RR and select: update -> update Diff -> select the file and 
upload it. After upload publish the RR again.

!image-2020-07-02-22-03-36-267.png!

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png, 
> image-2020-07-02-22-03-36-267.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-02 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2856:

Attachment: image-2020-07-02-22-03-36-267.png

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png, 
> image-2020-07-02-22-03-36-267.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-02 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150431#comment-17150431
 ] 

Pradeep Agrawal commented on RANGER-2856:
-

[~RickyMa] : I see your patch diff like this :  
[https://reviews.apache.org/r/72588/diff/1#index_header]

!image-2020-07-02-21-58-59-495.png!

 

 

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-02 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2856:

Attachment: image-2020-07-02-21-58-59-495.png

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch, image-2020-07-02-21-58-59-495.png
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE

2020-07-01 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2888:

Attachment: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch

> Upgrade Spring framework to version 4.3.27.RELEASE
> --
>
> Key: RANGER-2888
> URL: https://issues.apache.org/jira/browse/RANGER-2888
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE

2020-07-01 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2888:

Attachment: (was: 
0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch)

> Upgrade Spring framework to version 4.3.27.RELEASE
> --
>
> Key: RANGER-2888
> URL: https://issues.apache.org/jira/browse/RANGER-2888
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: 0001-RANGER-2888-Upgrade-Spring-framework-libraries.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE

2020-07-01 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2888:

Attachment: 0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch

> Upgrade Spring framework to version 4.3.27.RELEASE
> --
>
> Key: RANGER-2888
> URL: https://issues.apache.org/jira/browse/RANGER-2888
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.1.0
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Minor
> Fix For: 2.1.0
>
> Attachments: 
> 0001-RANGER-2888-Upgrade-Spring-framework-to-version-4.3..patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2856) A policy should be deleted if it has no policyItems

2020-07-01 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149442#comment-17149442
 ] 

Pradeep Agrawal commented on RANGER-2856:
-

[~RickyMa] : Upload this patch [https://github.com/apache/ranger/pull/66/files] 
at RR [https://reviews.apache.org/r/72588/]

> A policy should be deleted if it has no policyItems
> ---
>
> Key: RANGER-2856
> URL: https://issues.apache.org/jira/browse/RANGER-2856
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: master
>Reporter: RickyMa
>Priority: Minor
> Fix For: master
>
> Attachments: RANGER-2856.patch
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> Condition: A policy contains only one policyItem and the policyItem only sets 
> one user and no groups.
> Action: Delete the user in the policyItem using API: 
> '[http://ip:6080/service/xusers/users/\{id}?forceDelete=true'|http://ip:6080/service/xusers/users/id?forceDelete=true%27,]
> Result: The policy still exists, but it has no policyItems. A policy with no 
> policyItems is completely meaningless and it should be deleted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2888) Upgrade Spring framework to version 4.3.27.RELEASE

2020-07-01 Thread Pradeep Agrawal (Jira)
Pradeep Agrawal created RANGER-2888:
---

 Summary: Upgrade Spring framework to version 4.3.27.RELEASE
 Key: RANGER-2888
 URL: https://issues.apache.org/jira/browse/RANGER-2888
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Affects Versions: 2.1.0
Reporter: Pradeep Agrawal
Assignee: Pradeep Agrawal
 Fix For: 2.1.0






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2864) Group creation is failing during import policy

2020-06-30 Thread Pradeep Agrawal (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2864:

Fix Version/s: 2.1.0

> Group creation is failing during import policy
> --
>
> Key: RANGER-2864
> URL: https://issues.apache.org/jira/browse/RANGER-2864
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.1.0
>
>
> while creating a group during import policy, description field is null that 
> is leading to fail group creation.
>  As "descr" column in the table is not null for x_group in mysql.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2864) Group creation is failing during import policy

2020-06-30 Thread Pradeep Agrawal (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148569#comment-17148569
 ] 

Pradeep Agrawal commented on RANGER-2864:
-

Patch committed : 
[https://github.com/apache/ranger/commit/641ef11a2e45887d689c986b2584fd3ba4c9fcc5]

> Group creation is failing during import policy
> --
>
> Key: RANGER-2864
> URL: https://issues.apache.org/jira/browse/RANGER-2864
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> while creating a group during import policy, description field is null that 
> is leading to fail group creation.
>  As "descr" column in the table is not null for x_group in mysql.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


  1   2   3   4   5   6   7   8   9   10   >