[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed

2020-10-16 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3042:
--
Attachment: 0001-plugin-presto-some-log-mistake-fix.patch

> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
> Attachments: 0001-plugin-presto-some-log-mistake-fix.patch
>
>
> some log issues should be fixed about log or exception about presto plugin
>  
> {code:java}
>   @Override
>   public void checkCanDropView(SystemSecurityContext context, 
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) 
> {
>   LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
> view.getSchemaTableName().getTableName() + ") denied");
>   
> AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
> }
>   }
>   [~Override]
>   public void checkCanSetCatalogSessionProperty(SystemSecurityContext 
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName, 
> propertyName), context, PrestoAccessType.ALTER)) {
>   
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
>  + catalogName + ") denied");
>   AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
> propertyName);
> }
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed

2020-10-16 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3042:
--
Description: 
some log issues should be fixed about log or exception about presto plugin

 
{code:java}
  @Override
  public void checkCanDropView(SystemSecurityContext context, 
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
  LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
view.getSchemaTableName().getTableName() + ") denied");
  
AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
}
  }

  [~Override]
  public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, 
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), 
context, PrestoAccessType.ALTER)) {
  
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}(" 
+ catalogName + ") denied");
  AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
propertyName);
}
  }
{code}


  was:
some log issues should be fixed about log or exception about presto plugin

 
{code:java}
  @Override
  public void checkCanDropView(SystemSecurityContext context, 
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
  LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
view.getSchemaTableName().getTableName() + ") denied");
  
AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
}
  }

  [~Override]
  public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, 
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), 
context, PrestoAccessType.ALTER)) {
  
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}(" 
+ catalogName + ") denied");
  AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
propertyName);
}
  }
{code}



> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
>
> some log issues should be fixed about log or exception about presto plugin
>  
> {code:java}
>   @Override
>   public void checkCanDropView(SystemSecurityContext context, 
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) 
> {
>   LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
> view.getSchemaTableName().getTableName() + ") denied");
>   
> AccessDeniedException.denyCreateView(view.getSchemaTableName().getTableName());
> }
>   }
>   [~Override]
>   public void checkCanSetCatalogSessionProperty(SystemSecurityContext 
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName, 
> propertyName), context, PrestoAccessType.ALTER)) {
>   
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
>  + catalogName + ") denied");
>   AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
> propertyName);
> }
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3042) plugin-presto: some log issues should be fixed

2020-10-16 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3042:
--
Description: 
some log issues should be fixed about log or exception about presto plugin

 
{code:java}
  @Override
  public void checkCanDropView(SystemSecurityContext context, 
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
  LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
view.getSchemaTableName().getTableName() + ") denied");
  
AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
}
  }

  [~Override]
  public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, 
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), 
context, PrestoAccessType.ALTER)) {
  
LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}(" 
+ catalogName + ") denied");
  AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
propertyName);
}
  }
{code}


  was:
some log issues should be fixed about log or exception about presto plugin

 
{code:java}
  @Override
  public void checkCanDropView(SystemSecurityContext context, 
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
  LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
view.getSchemaTableName().getTableName() + ") denied");
  
AccessDeniedException.{color:#DE350B}denyCreateView{color}(view.getSchemaTableName().getTableName());
}
  }

  @Override
  public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, 
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), 
context, PrestoAccessType.ALTER)) {
  
LOG.debug("RangerSystemAccessControl.{color:#DE350B}checkCanSetSystemSessionProperty{color}("
 + catalogName + ") denied");
  AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
propertyName);
}
  }
{code}



> plugin-presto: some log issues should be fixed
> --
>
> Key: RANGER-3042
> URL: https://issues.apache.org/jira/browse/RANGER-3042
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Minor
>
> some log issues should be fixed about log or exception about presto plugin
>  
> {code:java}
>   @Override
>   public void checkCanDropView(SystemSecurityContext context, 
> CatalogSchemaTableName view) {
> if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) 
> {
>   LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
> view.getSchemaTableName().getTableName() + ") denied");
>   
> AccessDeniedException.*denyCreateView*(view.getSchemaTableName().getTableName());
> }
>   }
>   [~Override]
>   public void checkCanSetCatalogSessionProperty(SystemSecurityContext 
> context, String catalogName, String propertyName) {
> if (!hasPermission(createCatalogSessionResource(catalogName, 
> propertyName), context, PrestoAccessType.ALTER)) {
>   
> LOG.debug("RangerSystemAccessControl.checkCanSetSystemSessionProperty{color}("
>  + catalogName + ") denied");
>   AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
> propertyName);
> }
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3042) plugin-presto: some log issues should be fixed

2020-10-16 Thread rujia (Jira)
rujia created RANGER-3042:
-

 Summary: plugin-presto: some log issues should be fixed
 Key: RANGER-3042
 URL: https://issues.apache.org/jira/browse/RANGER-3042
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia


some log issues should be fixed about log or exception about presto plugin

 
{code:java}
  @Override
  public void checkCanDropView(SystemSecurityContext context, 
CatalogSchemaTableName view) {
if (!hasPermission(createResource(view), context, PrestoAccessType.DROP)) {
  LOG.debug("RangerSystemAccessControl.checkCanDropView(" + 
view.getSchemaTableName().getTableName() + ") denied");
  
AccessDeniedException.{color:#DE350B}denyCreateView{color}(view.getSchemaTableName().getTableName());
}
  }

  @Override
  public void checkCanSetCatalogSessionProperty(SystemSecurityContext context, 
String catalogName, String propertyName) {
if (!hasPermission(createCatalogSessionResource(catalogName, propertyName), 
context, PrestoAccessType.ALTER)) {
  
LOG.debug("RangerSystemAccessControl.{color:#DE350B}checkCanSetSystemSessionProperty{color}("
 + catalogName + ") denied");
  AccessDeniedException.denySetCatalogSessionProperty(catalogName, 
propertyName);
}
  }
{code}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3041) hive-plugin: default policy 'default database tables columns' should contains permission of lookupuser and {OWNER}

2020-10-15 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3041:
--
Attachment: 0001-default-database-policy-update-for-hive-pulgin.patch

> hive-plugin: default policy 'default database tables columns' should contains 
> permission of lookupuser and {OWNER}
> --
>
> Key: RANGER-3041
> URL: https://issues.apache.org/jira/browse/RANGER-3041
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-default-database-policy-update-for-hive-pulgin.patch
>
>
> 'default database tables columns' and policy of hvie service only contains 
> create permission for public group now,  the right permissions should be 
> added for lookupuser and {OWNER} , because default database is often used by 
> users



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3041) hive-plugin: default policy 'default database tables columns' should contains permission of lookupuser and {OWNER}

2020-10-15 Thread rujia (Jira)
rujia created RANGER-3041:
-

 Summary: hive-plugin: default policy 'default database tables 
columns' should contains permission of lookupuser and {OWNER}
 Key: RANGER-3041
 URL: https://issues.apache.org/jira/browse/RANGER-3041
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia


'default database tables columns' and policy of hvie service only contains 
create permission for public group now,  the right permissions should be added 
for lookupuser and {OWNER} , because default database is often used by users



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default

2020-10-14 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3040:
--
Attachment: 0001-add-read-permission-for-lookupuser-on-default-polici.patch

> There is no read permission for lookupuser on presto/storm/es by default 
> -
>
> Key: RANGER-3040
> URL: https://issues.apache.org/jira/browse/RANGER-3040
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 
> 0001-add-read-permission-for-lookupuser-on-default-polici.patch
>
>
> lookupuser should has read permission for all components by default, 
> otherwise the function of lookup resource will not work on ranger web.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default

2020-10-14 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3040:
--
Description: lookupuser should has read permission for all components by 
default, otherwise the function of lookup resource will not work on ranger web.

> There is no read permission for lookupuser on presto/storm/es by default 
> -
>
> Key: RANGER-3040
> URL: https://issues.apache.org/jira/browse/RANGER-3040
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 
> 0001-add-read-permission-for-lookupuser-on-default-polici.patch
>
>
> lookupuser should has read permission for all components by default, 
> otherwise the function of lookup resource will not work on ranger web.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3040) There is no read permission for lookupuser on presto/storm/es by default

2020-10-14 Thread rujia (Jira)
rujia created RANGER-3040:
-

 Summary: There is no read permission for lookupuser on 
presto/storm/es by default 
 Key: RANGER-3040
 URL: https://issues.apache.org/jira/browse/RANGER-3040
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3039) plugin-hive: user belongs to role 'admin' should has access to execute dfs command

2020-10-14 Thread rujia (Jira)
rujia created RANGER-3039:
-

 Summary: plugin-hive: user belongs to role 'admin' should has 
access to execute dfs command
 Key: RANGER-3039
 URL: https://issues.apache.org/jira/browse/RANGER-3039
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia
 Attachments: 
0001-user-belongs-to-role-admin-should-has-access-to-exec.patch

currently, dfs command is not supported through hive beeline, and it should be 
supported when user belongs role 'admin'



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3039) plugin-hive: user belongs to role 'admin' should has access to execute dfs command

2020-10-14 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3039:
--
Attachment: 0001-user-belongs-to-role-admin-should-has-access-to-exec.patch

> plugin-hive: user belongs to role 'admin' should has access to execute dfs 
> command
> --
>
> Key: RANGER-3039
> URL: https://issues.apache.org/jira/browse/RANGER-3039
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 
> 0001-user-belongs-to-role-admin-should-has-access-to-exec.patch
>
>
> currently, dfs command is not supported through hive beeline, and it should 
> be supported when user belongs role 'admin'



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3035) Ranger Presto Plugin: Machine-Machine user can not access presto with right permission

2020-10-12 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3035:
--
Attachment: 0001-plugin-presto-M-M-user-can-not-access.patch

> Ranger Presto Plugin: Machine-Machine user can not access presto with right 
> permission
> --
>
> Key: RANGER-3035
> URL: https://issues.apache.org/jira/browse/RANGER-3035
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-plugin-presto-M-M-user-can-not-access.patch
>
>
> plugin-presto use the user who comes from identity object to create request 
> now , it will not match  when the user is M-M user(like: user1/h...@test.com)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3035) Ranger Presto Plugin: Machine-Machine user can not access presto with right permission

2020-10-12 Thread rujia (Jira)
rujia created RANGER-3035:
-

 Summary: Ranger Presto Plugin: Machine-Machine user can not access 
presto with right permission
 Key: RANGER-3035
 URL: https://issues.apache.org/jira/browse/RANGER-3035
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia


plugin-presto use the user who comes from identity object to create request now 
, it will not match  when the user is M-M user(like: user1/h...@test.com)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface

2020-10-10 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3033:
--
Attachment: 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch

> Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface
> ---
>
> Key: RANGER-3033
> URL: https://issues.apache.org/jira/browse/RANGER-3033
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 
> 0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch
>
>
> command 'show role grant user xxx' is not supported now



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3033) Ranger hive authorizer should impl 'getRoleGrantInfoForPrincipal' interface

2020-10-10 Thread rujia (Jira)
rujia created RANGER-3033:
-

 Summary: Ranger hive authorizer should impl 
'getRoleGrantInfoForPrincipal' interface
 Key: RANGER-3033
 URL: https://issues.apache.org/jira/browse/RANGER-3033
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia
 Attachments: 
0001-hive-authorizer-should-impl-getRoleGrantInfoForPrinc.patch

command 'show role grant user xxx' is not supported now



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-3032) The log4j properties of rangeradmin cannot take effect dynamically

2020-10-10 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-3032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-3032:
--
Attachment: 0001-make-rangeradmin-log4j-dynamically.patch

> The log4j properties of rangeradmin cannot take effect dynamically
> --
>
> Key: RANGER-3032
> URL: https://issues.apache.org/jira/browse/RANGER-3032
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 2.0.0, 2.1.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-make-rangeradmin-log4j-dynamically.patch
>
>
> When i tried to modify log4j.properties of rangeradmin after rangeradmin 
> started, i found it cann't take effect without restart service



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-3032) The log4j properties of rangeradmin cannot take effect dynamically

2020-10-10 Thread rujia (Jira)
rujia created RANGER-3032:
-

 Summary: The log4j properties of rangeradmin cannot take effect 
dynamically
 Key: RANGER-3032
 URL: https://issues.apache.org/jira/browse/RANGER-3032
 Project: Ranger
  Issue Type: Bug
  Components: admin
Affects Versions: 2.1.0, 2.0.0
Reporter: rujia


When i tried to modify log4j.properties of rangeradmin after rangeradmin 
started, i found it cann't take effect without restart service



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode

2020-07-15 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2912:
--
Attachment: 0001-issue-fix-for-es-audit.patch

> ranger and plugins will throw GSSAPI error when write audit log to 
> ElasticSearch when cluster running on none security mode
> ---
>
> Key: RANGER-2912
> URL: https://issues.apache.org/jira/browse/RANGER-2912
> Project: Ranger
>  Issue Type: Bug
>  Components: audit, plugins, Ranger
>Reporter: rujia
>Priority: Major
> Attachments: 0001-issue-fix-for-es-audit.patch
>
>
> user and password default set to 'NONE' when connect to ES, but ranger-audit 
> and plugins doesn't handle String 'NONE',  and will try to get subject from 
> ENV for both sec and none sec mode.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2912) ranger and plugins will throw GSSAPI error when write audit log to ElasticSearch when cluster running on none security mode

2020-07-15 Thread rujia (Jira)
rujia created RANGER-2912:
-

 Summary: ranger and plugins will throw GSSAPI error when write 
audit log to ElasticSearch when cluster running on none security mode
 Key: RANGER-2912
 URL: https://issues.apache.org/jira/browse/RANGER-2912
 Project: Ranger
  Issue Type: Bug
  Components: audit, plugins, Ranger
Reporter: rujia


user and password default set to 'NONE' when connect to ES, but ranger-audit 
and plugins doesn't handle String 'NONE',  and will try to get subject from ENV 
for both sec and none sec mode.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2911) ES plugin missing implemention for some ES request

2020-07-15 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17158015#comment-17158015
 ] 

rujia commented on RANGER-2911:
---

review link : [https://reviews.apache.org/r/72684/]

> ES plugin missing implemention for some ES request  
> 
>
> Key: RANGER-2911
> URL: https://issues.apache.org/jira/browse/RANGER-2911
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Blocker
> Attachments: 0001-Add-ES-Plugin-Request-support.patch
>
>
> If a policy set resource to a specific index or string with wildcard like 
> 'index*', and has been given all permission for user1, ES plugin will deny 
> the request from user1 if the request is not matched in code.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2911) ES plugin missing implemention for some ES request

2020-07-15 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2911:
--
Attachment: 0001-Add-ES-Plugin-Request-support.patch

> ES plugin missing implemention for some ES request  
> 
>
> Key: RANGER-2911
> URL: https://issues.apache.org/jira/browse/RANGER-2911
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Blocker
> Attachments: 0001-Add-ES-Plugin-Request-support.patch
>
>
> If a policy set resource to a specific index or string with wildcard like 
> 'index*', and has been given all permission for user1, ES plugin will deny 
> the request from user1 if the request is not matched in code.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2911) ES plugin missing implemention for some ES request

2020-07-15 Thread rujia (Jira)
rujia created RANGER-2911:
-

 Summary: ES plugin missing implemention for some ES request  
 Key: RANGER-2911
 URL: https://issues.apache.org/jira/browse/RANGER-2911
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.0.0
Reporter: rujia


If a policy set resource to a specific index or string with wildcard like 
'index*', and has been given all permission for user1, ES plugin will deny the 
request from user1 if the request is not matched in code.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-13 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156685#comment-17156685
 ] 

rujia commented on RANGER-2891:
---

this interface has been deleted since presto version 331, so we need not impl 
it any more 

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Resolved] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-13 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia resolved RANGER-2891.
---
Resolution: Won't Fix

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, Screen Shot 
> 2020-07-05 at 9.02.55 PM.png
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-05 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2891:
--
Attachment: 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch, 
> 0002-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES

2020-07-05 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2892:
--
Attachment: (was: 
0001-ElasticSearch-plugin-NullPointException-fix.patch)

> NoClassDeFoundError occur when HDFS write audit to ES
> -
>
> Key: RANGER-2892
> URL: https://issues.apache.org/jira/browse/RANGER-2892
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: rujia
>Priority: Major
>
> When enable audit for es, HDFS will throw NoClassDeFoundError: 
> org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES

2020-07-05 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2892:
--
Attachment: 0001-ElasticSearch-plugin-NullPointException-fix.patch

> NoClassDeFoundError occur when HDFS write audit to ES
> -
>
> Key: RANGER-2892
> URL: https://issues.apache.org/jira/browse/RANGER-2892
> Project: Ranger
>  Issue Type: Bug
>  Components: audit
>Reporter: rujia
>Priority: Major
> Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch
>
>
> When enable audit for es, HDFS will throw NoClassDeFoundError: 
> org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-03 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2891:
--
Description: plugin-presto does not support 

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-03 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2891:
--
Description: plugin-presto does not support 'checkCanShowColumnsMetadata' 
API now, i think it should be implemented.  (was: plugin-presto does not 
support )

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2890) Add missing log4j properties for audit log

2020-07-03 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150893#comment-17150893
 ] 

rujia commented on RANGER-2890:
---

 [~rmani] thanks for your reminder, i have created review request: 
[https://reviews.apache.org/r/72640/]

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2890) Add missing log4j properties for audit log

2020-07-03 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2890:
--
Description: Currently, plugins missing log4j properties in their audit 
conf, it need be added for plugins and enable for default.

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2890) Add missing log4j properties for audit log

2020-07-03 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150848#comment-17150848
 ] 

rujia commented on RANGER-2890:
---

Thanks for your reminder,i have created review request: 
[https://reviews.apache.org/r/72640/]

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-03 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2891:
--
Attachment: 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Issue Comment Deleted] (RANGER-2890) Add missing log4j properties for audit log

2020-07-03 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2890:
--
Comment: was deleted

(was: Thanks for your reminder,i have created review request: 
[https://reviews.apache.org/r/72640/])

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>
> Currently, plugins missing log4j properties in their audit conf, it need be 
> added for plugins and enable for default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2892) NoClassDeFoundError occur when HDFS write audit to ES

2020-07-03 Thread rujia (Jira)
rujia created RANGER-2892:
-

 Summary: NoClassDeFoundError occur when HDFS write audit to ES
 Key: RANGER-2892
 URL: https://issues.apache.org/jira/browse/RANGER-2892
 Project: Ranger
  Issue Type: Bug
  Components: audit
Reporter: rujia


When enable audit for es, HDFS will throw NoClassDeFoundError: 
org.apache.logging.log4j.LogManager, it miss log4j-api in it's classpath.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-03 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150895#comment-17150895
 ] 

rujia commented on RANGER-2891:
---

[~rmani]  thanks,  pls see :  [https://reviews.apache.org/r/72639/]

> Add checkCanShowColumnsMetadata for presto plugin
> -
>
> Key: RANGER-2891
> URL: https://issues.apache.org/jira/browse/RANGER-2891
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Minor
> Attachments: 
> 0001-Add-checkCanShowColumnsMetadata-for-presto-plugin.patch
>
>
> plugin-presto does not support 'checkCanShowColumnsMetadata' API now, i think 
> it should be implemented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2891) Add checkCanShowColumnsMetadata for presto plugin

2020-07-02 Thread rujia (Jira)
rujia created RANGER-2891:
-

 Summary: Add checkCanShowColumnsMetadata for presto plugin
 Key: RANGER-2891
 URL: https://issues.apache.org/jira/browse/RANGER-2891
 Project: Ranger
  Issue Type: Improvement
  Components: plugins
Affects Versions: 2.0.0
Reporter: rujia






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2890) Add missing log4j properties for audit log

2020-07-02 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2890:
--
Summary: Add missing log4j properties for audit log  (was: Add missing 
log4j propertis for audit log)

> Add missing log4j properties for audit log
> --
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2890) Add missing log4j propertis for audit log

2020-07-02 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2890:
--
Attachment: 0001-aduit-for-log4j.patch

> Add missing log4j propertis for audit log
> -
>
> Key: RANGER-2890
> URL: https://issues.apache.org/jira/browse/RANGER-2890
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-aduit-for-log4j.patch
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2890) Add missing log4j propertis for audit log

2020-07-02 Thread rujia (Jira)
rujia created RANGER-2890:
-

 Summary: Add missing log4j propertis for audit log
 Key: RANGER-2890
 URL: https://issues.apache.org/jira/browse/RANGER-2890
 Project: Ranger
  Issue Type: Improvement
  Components: audit
Affects Versions: 2.0.0
Reporter: rujia






--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-30 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2810:
--
Attachment: 0001-kafka-authorizer-ticket-expired-fix.patch

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: 0001-kafka-authorizer-ticket-expired-fix.patch, 
> image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'

2020-06-29 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2877:
--
Attachment: 0001-ElasticSearch-plugin-NullPointException-fix.patch

> ElasticSearch-Plugin throws NullPointException when the type of request is 
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: 0001-ElasticSearch-plugin-NullPointException-fix.patch, 
> ES Processing logic.png, NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u : 
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
>  -H 'Content-Type:application/json' -d 
> '\{"mapping":{"properties":{"age":"text"}}}'  
> then ES will print NullPointException in it's log file, and the request will 
> fail



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-29 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519
 ] 

rujia edited comment on RANGER-2810 at 6/29/20, 7:03 AM:
-

this problem is caused by kafka run without core-site.xml, and then 
kafka-plugin add OS user to principal list of subject. When the server 
principal expired, it will be removed from principal list and 
re-append(relogin), so the OS user will be the first one, and then will cause 
GSSAPI error when do connection


was (Author: rujia1019):
this problem is caused by kafka run without core-site.xml, and then 
kafka-plugin add OS user to principal list of subject, when the server 
principal expired, the server pricipal will be remove from principal list and 
re-append(relogin), so the OS user will be the fiest one, and then will cause 
GSSAPI error then do connection

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-29 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519
 ] 

rujia edited comment on RANGER-2810 at 6/29/20, 7:02 AM:
-

this problem is caused by kafka run without core-site.xml, and then 
kafka-plugin add OS user to principal list of subject, when the server 
principal expired, the server pricipal will be remove from principal list and 
re-append(relogin), so the OS user will be the fiest one, and then will cause 
GSSAPI error then do connection


was (Author: rujia1019):
this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin 
add OS user to principal list of subject, when the server principal expired, 
the server pricipal will be remove from principal list and re-append(relogin), 
so the OS user will be the fiest one, and then will cause GSSAPI error then do 
connection

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-28 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519
 ] 

rujia edited comment on RANGER-2810 at 6/29/20, 3:36 AM:
-

this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin 
add OS user to principal list of subject, when the server principal expired, 
the server pricipal will be remove from principal list and re-append(relogin), 
so the OS user will be the fiest one, and then will cause GSSAPI error then do 
connection


was (Author: rujia1019):
this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin 
add OS user to principal list of subject, when the server principal expired, 
the os user will be remove and append to the principal list, the OS user will 
be the fiest one, and then will cause GSSAPI error then do connection

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Commented] (RANGER-2810) Kafka with Ranger plugin will fail

2020-06-28 Thread rujia (Jira)


[ 
https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17147519#comment-17147519
 ] 

rujia commented on RANGER-2810:
---

this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin 
add OS user to principal list of subject, when the server principal expired, 
the os user will be remove and append to the principal list, the OS user will 
be the fiest one, and then will cause GSSAPI error then do connection

> Kafka with Ranger plugin will fail
> --
>
> Key: RANGER-2810
> URL: https://issues.apache.org/jira/browse/RANGER-2810
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 2.0.0, 2.1.0
> Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>Reporter: bright.zhou
>Assignee: Pradeep Agrawal
>Priority: Blocker
> Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is 
> ok, but after 10h+ of kafka start, there is something wrong occured, we can 
> see error log in kafka-root.log, the error log is `Authentication failed 
> during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ 
> name protocol error: x `。To solve this we had to restart Kafka, It's so 
> strange that if i change `authorizer.class.name` to 
> `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger 
> is related with acls and not related with SASL authentication,so i want to 
> ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'

2020-06-28 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2877:
--
Attachment: ES Processing logic.png

> ElasticSearch-Plugin throws NullPointException when the type of request is 
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: ES Processing logic.png, NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u : 
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
>  -H 'Content-Type:application/json' -d 
> '\{"mapping":{"properties":{"age":"text"}}}'  
> then ES will print NullPointException in it's log file, and the request will 
> fail



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Updated] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'

2020-06-28 Thread rujia (Jira)


 [ 
https://issues.apache.org/jira/browse/RANGER-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

rujia updated RANGER-2877:
--
Attachment: NullPointException.png

> ElasticSearch-Plugin throws NullPointException when the type of request is 
> 'PutMappingRequest'
> --
>
> Key: RANGER-2877
> URL: https://issues.apache.org/jira/browse/RANGER-2877
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: rujia
>Priority: Major
> Attachments: NullPointException.png
>
>
> *request*: curl -XPUT --tlsv1.2 --negotiate -k -u : 
> '[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
>  -H 'Content-Type:application/json' -d 
> '\{"mapping":{"properties":{"age":"text"}}}'  
> then ES will print NullPointException in it's log file, and the request will 
> fail



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Created] (RANGER-2877) ElasticSearch-Plugin throws NullPointException when the type of request is 'PutMappingRequest'

2020-06-28 Thread rujia (Jira)
rujia created RANGER-2877:
-

 Summary: ElasticSearch-Plugin throws NullPointException when the 
type of request is 'PutMappingRequest'
 Key: RANGER-2877
 URL: https://issues.apache.org/jira/browse/RANGER-2877
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 2.0.0
Reporter: rujia


*request*: curl -XPUT --tlsv1.2 --negotiate -k -u : 
'[https://x:xxx/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true'|https://10.244.224.123:24100/graphbase0624_age_index1/_mapping/age_index1?include_type_name=true%27]
 -H 'Content-Type:application/json' -d 
'\{"mapping":{"properties":{"age":"text"}}}'  

then ES will print NullPointException in it's log file, and the request will 
fail



--
This message was sent by Atlassian Jira
(v8.3.4#803005)