[jira] [Commented] (RANGER-3695) Ranger Keystore alias should be configurable

[Vishal Suvagia (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17751505#comment-17751505
 ] 

Vishal Suvagia commented on RANGER-3695:


Hi Team, request to kindly review and help merge the fix.

> Ranger Keystore alias should be configurable
> 
>
> Key: RANGER-3695
> URL: https://issues.apache.org/jira/browse/RANGER-3695
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3695.patch
>
>
> Ranger keystore alias is currently hard-coded, it should be configurable to 
> allow user to provide a custom alias



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-2704) Support browser login using kerberized authentication

[Vishal Suvagia (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17751473#comment-17751473
 ] 

Vishal Suvagia commented on RANGER-2704:


Hi [~dineshkumar-yadav], kindly use [^RANGER-2704.01.patch]  to be merged in 
the required branch as the same has been used to be merged in the master branch.

> Support browser login using kerberized authentication
> -
>
> Key: RANGER-2704
> URL: https://issues.apache.org/jira/browse/RANGER-2704
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 3.0.0, 2.3.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Fix For: 3.0.0, 2.3.0
>
> Attachments: RANGER-2704.01.patch, RANGER-2704.02.patch, 
> RANGER-2704.03.patch, RANGER-2704.patch
>
>
> Need to support browser login using kerberos authentication.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74280: RANGER-4041 : Upgrade netty-all version to 4.1.86.Final

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74280/#review225165
---


Ship it!




Ship It!

- Vishal Suvagia


On Feb. 8, 2023, 6:56 a.m., Himanshu Maurya wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74280/
> ---
> 
> (Updated Feb. 8, 2023, 6:56 a.m.)
> 
> 
> Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, 
> Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin 
> Galave, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4041
> https://issues.apache.org/jira/browse/RANGER-4041
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgraded netty-all version from 4.1.85.Final to 4.1.86.Final
> 
> 
> Diffs
> -
> 
>   pom.xml e402bcc5d 
> 
> 
> Diff: https://reviews.apache.org/r/74280/diff/1/
> 
> 
> Testing
> ---
> 
> Tested all CRUD operations like:-
> 1) Policies
> 2) Services
> 3) Zones
> 4) Users/Groups/Roles
> 5) Keys from KMS 
> 6) Checked all Audit event generate properly
> Also checked password and permission updation for users
> Run queries from backend for Hive, HBase, HDFS and YARN as different users 
> and checked the policies and plugins are working good
> 
> 
> Thanks,
> 
> Himanshu Maurya
> 
>

Re: Review Request 74215: RANGER-3976:Upgrade tomcat version to 8.5.83

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74215/#review224907
---


Ship it!




Ship It!

- Vishal Suvagia


On Nov. 24, 2022, 3:07 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74215/
> ---
> 
> (Updated Nov. 24, 2022, 3:07 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3976
> https://issues.apache.org/jira/browse/RANGER-3976
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade tomcat version to 8.5.83
> 
> 
> Diffs
> -
> 
>   pom.xml bcb93ed74 
> 
> 
> Diff: https://reviews.apache.org/r/74215/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Junit passed.
> 2. verified policy and user crud operations.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 74211: RANGER-3975:Upgrade netty-all version to 4.1.85.Final

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74211/#review224900
---


Ship it!




Ship It!

- Vishal Suvagia


On Nov. 22, 2022, 11:47 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74211/
> ---
> 
> (Updated Nov. 22, 2022, 11:47 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3975
> https://issues.apache.org/jira/browse/RANGER-3975
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade netty-all version to 4.1.85.Final
> 
> 
> Diffs
> -
> 
>   pom.xml 44eef2a0c 
> 
> 
> Diff: https://reviews.apache.org/r/74211/diff/1/
> 
> 
> Testing
> ---
> 
> successfully able to build the package and Junit passed
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 74209: RANGER-3972:Upgrade jettison version to 1.5.2

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74209/#review224898
---


Ship it!




Ship It!

- Vishal Suvagia


On Nov. 22, 2022, 8:29 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74209/
> ---
> 
> (Updated Nov. 22, 2022, 8:29 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3972
> https://issues.apache.org/jira/browse/RANGER-3972
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade jettison version to 1.5.2
> 
> 
> Diffs
> -
> 
>   pom.xml 44eef2a0c 
> 
> 
> Diff: https://reviews.apache.org/r/74209/diff/1/
> 
> 
> Testing
> ---
> 
> successfully able to build the package and Junit passed
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 74210: RANGER-3974:Upgrade jackson version to 2.14.0

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74210/#review224899
---


Ship it!




Ship It!

- Vishal Suvagia


On Nov. 22, 2022, 11:13 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74210/
> ---
> 
> (Updated Nov. 22, 2022, 11:13 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3974
> https://issues.apache.org/jira/browse/RANGER-3974
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade jackson version to 2.14.0
> 
> 
> Diffs
> -
> 
>   pom.xml 44eef2a0ceba17d20bee69e441e7c05a90a53ae8 
> 
> 
> Diff: https://reviews.apache.org/r/74210/diff/1/
> 
> 
> Testing
> ---
> 
> successfully able to build the package and Junit passed.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 74208: RANGER-3971: Upgrade HBASE version to 2.4.6

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74208/#review224897
---


Ship it!




Ship It!

- Vishal Suvagia


On Nov. 23, 2022, 4:20 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74208/
> ---
> 
> (Updated Nov. 23, 2022, 4:20 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-3971
> https://issues.apache.org/jira/browse/RANGER-3971
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Upgrade HBASE version to 2.4.6
> 
> 
> Diffs
> -
> 
>   distro/src/main/assembly/admin-web.xml 9b7475492 
>   hbase-agent/pom.xml 7d2638c05 
>   
> hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
>  417c9c892 
>   pom.xml 44eef2a0c 
> 
> 
> Diff: https://reviews.apache.org/r/74208/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Plugin communication is working.
> 2. Hbase service test-connections is working.
> 3. executed Junit using mvn
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 74127: Ranger-3880 : Ranger setup fails for newer MySQL versions

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74127/#review224771
---




kms/scripts/dba_script.py
Lines 167 (patched)
<https://reviews.apache.org/r/74127/#comment313571>

Justus, Thank-you for the fix, the issue is reported for 2.3 version, but 
the fix is already in place for 2.3 version.

kms : 
https://github.com/apache/ranger/blob/ranger-2.3/kms/scripts/db_setup.py#L132-L134

can you kindly share which branch is the fix being applied to, do update 
the review request to reflect the same ?



security-admin/scripts/dba_script.py
Lines 194 (patched)
<https://reviews.apache.org/r/74127/#comment313572>

Same for this fix, it is already available in the 2.3 version:
security-admin : 
https://github.com/apache/ranger/blob/ranger-2.3/security-admin/scripts/db_setup.py#L850-L852


- Vishal Suvagia


On Oct. 6, 2022, 8:24 a.m., Justus wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74127/
> ---
> 
> (Updated Oct. 6, 2022, 8:24 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj.
> 
> 
> Bugs: RANGER-3880
> https://issues.apache.org/jira/browse/RANGER-3880
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger Setup fails when using newer MySQL which requires to set useSSL to 
> false explicitly
> 
> 
> Diffs
> -
> 
>   kms/scripts/dba_script.py 544c1201b 
>   security-admin/scripts/dba_script.py 0ba396944 
> 
> 
> Diff: https://reviews.apache.org/r/74127/diff/1/
> 
> 
> Testing
> ---
> 
> The setup works fine.
> 
> 
> Thanks,
> 
> Justus
> 
>

Re: Review Request 74014: RANGER-3739: Add JWT filter in Ranger Admin -- follow-up patch

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74014/#review224488
---


Ship it!




Ship It!

- Vishal Suvagia


On June 8, 2022, 3:19 p.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74014/
> ---
> 
> (Updated June 8, 2022, 3:19 p.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
> Jayendra Parab, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, 
> Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3739
> https://issues.apache.org/jira/browse/RANGER-3739
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add JWT auth filter in Ranger Admin, which authenticates browser & 
> non-browser JWT requests without altering existing authentication filters.
> 
> The existing authorization process must be alter to incorporate following 
> cases
> 
> Token   SSO Enabled First Authorizer / Filter
> Present Yes RangerSSOAuthenticationFilter
> Absent  Yes RangerSSOAuthenticationFilter
> Present No  RangerJwtAuthFilter (NEW)
> Absent  No  RangerJwtAuthFilter (NEW)
> 
> Enabled JWT filter by default.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/resources/conf.dist/security-applicationContext.xml 
> 7db9c3850 
> 
> 
> Diff: https://reviews.apache.org/r/74014/diff/1/
> 
> 
> Testing
> ---
> 
> 1. mvn clean compile package install -U
> 2. Login ModHeader (chrome plugin): invalid JWT
> 3. Login ModHeader (chrome plugin): expired JWT
> 4. Login ModHeader (chrome plugin): tampered JWT
> 5. Login ModHeader (chrome plugin): valid JWT
> 6. Curl Access API: invalid JWT
> 7. Curl Access API: expired JWT
> 8. Curl Access API: tampered JWT
> 9. Curl Access API: valid JWT
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

Re: [VOTE] Release Apache Ranger version 2.3.0 - rc0

[vishal suvagia]

Thank-you Ramesh for putting the Apache Ranger 2.3.0 rc0.

+1 for the Apache Ranger 2.3.0 rc0.
clean build Ranger from the source tar succeeded without any issues.
verified hashes and signature matching the source file.
verified that Ranger Admin came up fine with basic crud operations for service 
/ policies.

Thanks
Vishal Suvagia. 

On Friday, 20 May, 2022, 06:25:08 pm IST, Mehul Parikh  
wrote:  
 
 +1 for Apache Ranger 2.3.0-rc0

  - Verified signatures
  - Verified successful build
  - Verified install and start of Ranger with Postgres DB.
  - Verified CRUD of Policies / Services / Security Zones


Thanks and Regards,
Mehul Parikh

On Fri, May 20, 2022 at 3:29 AM Ramesh Mani  wrote:

> Dear Rangers,
>
> Apache Ranger 2.3.0 release candidate #0 is now available for a vote within
> the dev community. Links to the release artifacts are given below. Please
> review and vote.
>
> The vote will be open for at least 72 hours or until necessary votes are
> reached.
>  [ ] +1 approve
>  [ ] +0 no opinion
>  [ ] -1 disapprove (and reason why)
>
> Thanks,
> Ramesh
>
> List of all issues / improvements addressed in this release:
> https://issues.apache.org/jira/issues/?jql=project=RANGER AND
> status=Resolved AND fixVersion=2.3.0 ORDER BY key DESC
>
> Git tag for the release:
> https://github.com/apache/ranger/tree/release-2.3.0-rc0
>
> Sources for the release:
>
> https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz
>
> Source release verification:
>  PGP Signature:
>
> https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.asc
>  SHA256 Hash:
>
> https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.sha256
>  SHA512 Hash:
>
> https://dist.apache.org/repos/dist/dev/ranger/2.3.0-rc0/apache-ranger-2.3.0.tar.gz.sha512
>
> Keys to verify the signature of the release artifacts are available at:
> https://dist.apache.org/repos/dist/release/ranger/KEYS
>
> New features/enhancements:
>
> RANGER-2846 Add support for resource[volume, bucket, key] look up in ozone
> plugin
> RANGER-2967 Add support for Amazon CloudWatch Logs as an Audit Store
> RANGER-3023 Permission tab takes longer time to load with large number of
> users and group_users data
> RANGER-3030 Replace Findbugs with Spotbugs maven plugin
> RANGER-3182 Prestosql is renamed to Trino
> RANGER-3221 Improve logging in Presto plugin
> RANGER-3276 Remove duplicate code from buildks.java
> RANGER-3290 ArrayIndexOutOfBoundsException if solr is down
> RANGER-3299 Upgrading the bouncycastle version for bcprov-jdk15on
> RANGER-3298 Add coarse URI check for Hive Agent
> RANGER-3389 Swagger UI Support for Ranger REST API
> RANGER-3435 Add unique index on guid, service and zone_id column of
> x_policy table
> RANGER-3439 Add rest api to get or delete ranger policy based on guid
> RANGER-3455 [Logout-Ranger] Should either be disabled/ should redirect to
> knox logout page
> RANGER-3459 Upgrade Ranger's Kafka dependency to 2.8
> RANGER-3475 Promote TagRest endpoints to /public/v2
> RANGER-3487 Update underscore js with latest version.
> RANGER-3493 Add unique index on service and resource_signature column of
> x_policy table
> RANGER-3498 RANGER : Remove log4j1 dependencies.
> RANGER-3504 Create framework to execute DB patch dependent on Java patch.
> RANGER-3510 Ranger upgrade spring framework version to 5.3.12
> RANGER-3511 Create Java patch to update policy resource-signature to unique
> value.
> RANGER-3512 Create Java patch to update policy guid to unique value.
> RANGER-3515 Enhance Ranger Java client SSL config to be configured using
> serviceType and AppId
> RANGER-3518 Limit the query size stored in Audit logs
> RANGER-3521 Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC
> 6797
> RANGER-3526 policy evaluation ordering to use name as secondary sorting key
> RANGER-3533 Provide sorting on columns throughout the audits result set and
> policy listing page.
> RANGER-3538 Reduce the granularity of locking when building/retrieving a
> policy-engine within Ranger admin service
> RANGER-3539 Add jacoco-maven-plugin for code coverage
> RANGER-3540 Add support to read audit logs from Amazon CloudWatch
> RANGER-3545 Remove Logger Checks for Info Enabled
> RANGER-3548 Update performance engine test scripts
> RANGER-3550 support for using user/tag attributes in row-filter expressions
> and conditions
> RANGER-3551 Analyze & optimize module permissions related API
> RANGER-3553 Unit test coverage for XUserMgr and UserMgr class
> RANGER-3556 Ranger tagsync logs unnecessary messages
> RANGER-3561 Upgrade Storm version to 1.2.4
> RANGER-3562 Redesign post commit tasks for updating ref-tables when
> p

Re: Review Request 73965: RANGER-3739: Add JWT filter in Ranger Admin

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73965/#review224411
---


Ship it!




Ship It!

- Vishal Suvagia


On May 2, 2022, 11:53 a.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73965/
> ---
> 
> (Updated May 2, 2022, 11:53 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, 
> Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal 
> Suvagia, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3739
> https://issues.apache.org/jira/browse/RANGER-3739
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Add JWT auth filter in Ranger Admin, which authenticates browser & 
> non-browser JWT requests without altering existing authentication filters.
> 
> The existing authorization process must be alter to incorporate following 
> cases
> 
> Token SSO Enabled First Authorizer / Filter
> Present   Yes RangerSSOAuthenticationFilter
> AbsentYes RangerSSOAuthenticationFilter
> Present   No  RangerJwtAuthFilter (NEW)
> AbsentNo  RangerJwtAuthFilter (NEW)
> 
> 
> Diffs
> -
> 
>   security-admin/pom.xml eaa8db1c1 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthFilter.java
>  PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerJwtAuthWrapper.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/73965/diff/1/
> 
> 
> Testing
> ---
> 
> 1. mvn clean compile package install -U
> 2. Login ModHeader (chrome plugin): invalid JWT
> 3. Login ModHeader (chrome plugin): expired JWT
> 4. Login ModHeader (chrome plugin): tampered JWT
> 5. Login ModHeader (chrome plugin): valid JWT
> 6. Curl Access API: invalid JWT
> 7. Curl Access API: expired JWT
> 8. Curl Access API: tampered JWT
> 9. Curl Access API: valid JWT
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

Re: Review Request 73973: RANGER-3740: Create Ranger Admin API to refresh tag cache

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73973/#review224409
---


Ship it!




Ship It!

- Vishal Suvagia


On May 5, 2022, 8:43 a.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73973/
> ---
> 
> (Updated May 5, 2022, 8:43 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3740
> https://issues.apache.org/jira/browse/RANGER-3740
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Create Ranger Admin API to refresh tag cache, which will help refreshing 
> cache externally.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 
> e99b38b4a 
>   
> security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
>  93c283fbc 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 8b0baf904 
> 
> 
> Diff: https://reviews.apache.org/r/73973/diff/2/
> 
> 
> Testing
> ---
> 
> 1. mvn clean compile package install -U
> 2. Hit API with empty service name 
> (http://localhost:6182/service/tags/tags/cache/reset)
> 3. Hit API with valid service name 
> (http://localhost:6182/service/tags/tags/cache/reset?serviceName=test_hdfs)
> 4. Hit API with invalid service name 
> (http://localhost:6182/service/tags/tags/cache/reset?serviceName=invalid_service)
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

Re: Review Request 73958: RANGER-3727: Create common module for handling authentication

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73958/#review224394
---


Ship it!




Ship It!

- Vishal Suvagia


On April 28, 2022, 11:20 a.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73958/
> ---
> 
> (Updated April 28, 2022, 11:20 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja 
> Polavarapu, Vishal Suvagia, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3727
> https://issues.apache.org/jira/browse/RANGER-3727
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Create common sub-module which will be responsible to handle authentication 
> in project.
> Currently added only JWT auth support, with time will create follow-up 
> patches to add other auths (Kerberos, Delegation Token, etc).
> 
> 
> Diffs
> -
> 
>   pom.xml 52f493e8f 
>   ranger-authn/.gitignore PRE-CREATION 
>   ranger-authn/pom.xml PRE-CREATION 
>   ranger-authn/src/main/java/org/apache/ranger/authz/handler/RangerAuth.java 
> PRE-CREATION 
>   
> ranger-authn/src/main/java/org/apache/ranger/authz/handler/RangerAuthHandler.java
>  PRE-CREATION 
>   
> ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerDefaultJwtAuthHandler.java
>  PRE-CREATION 
>   
> ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerJwtAuthHandler.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/73958/diff/2/
> 
> 
> Testing
> ---
> 
> mvn clean compile package install -U
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

[jira] [Commented] (RANGER-3669) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17522179#comment-17522179
 ] 

Vishal Suvagia commented on RANGER-3669:


[~gomesnayagam] , lets say we have jdbc with some additional flags which we 
need to configure, in cases where need to add unicode and character-encoding 
support for the jdbc url.

in that case we can set the below in install.properties.
{noformat}
is_override_db_connection_string=true
db_override_connection_string=jdbc:mysql://localhost:3306/test?autoReconnect=trueuseUnicode=truecharacterEncoding=UTF-8
{noformat}
This jdbc url should now be used during setup for communication with DB

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3669
> URL: https://issues.apache.org/jira/browse/RANGER-3669
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3669.01.patch, RANGER-3669.patch
>
>
> Observed that Ranger KMS DB setup fails when using with MySQL version above 
> 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73936: RANGER-3695 : Ranger Keystore alias should be configurable

[Vishal Suvagia via Review Board]

> On April 8, 2022, 4 a.m., bhavik patel wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
> > Line 167 (original), 167 (patched)
> > <https://reviews.apache.org/r/73936/diff/1/?file=2267229#file2267229line167>
> >
> > default should be "rangeradmin".
> 
> Vishal Suvagia wrote:
> Default is not required, it should be on the user to define the alias 
> value as it is configurable.
> 
> bhavik patel wrote:
> yeah, but if user doesn’t define then from the code it should set the 
> default value

Without the alias value also Ranger comes up fine. Hardcoding a value 
necessicates the keystore to be configured with that hard coded value.
This should not be the case and need to remove the hard coded value, only 
configure it if user defines it ?
Do you see any use case where this value is required mandatorily ?


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73936/#review224269
-----------


On April 7, 2022, 4:41 p.m., Vishal Suvagia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73936/
> ---
> 
> (Updated April 7, 2022, 4:41 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3695
> https://issues.apache.org/jira/browse/RANGER-3695
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger requires keystore alias for TLS, However keystore alias should be  an 
> optional parameter, hence should be only configured
> if provided by the user.
> Fix contains changes to make the keystore alias optional.
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
>  cae9075a7b7726ad5abf2b52f53f612d4223f712 
> 
> 
> Diff: https://reviews.apache.org/r/73936/diff/1/
> 
> 
> Testing
> ---
> 
> Validated changes on a local VM with TLS enabled.
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

Re: Review Request 73935: RANGER-3669 : Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73935/
---

(Updated April 8, 2022, 10:57 a.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Apologies had uploaded a previous version of patch by mistake, updated with 
proper fix.


Bugs: RANGER-3669
https://issues.apache.org/jira/browse/RANGER-3669


Repository: ranger


Description
---

Ranger KMS db setup script needs to be updated to support MySql versions 
greater than 8.0
Made changes to allow non-ssl connection with DB for Mysql version greater than 
8.0
made a fix to allow user to define the custom jdbc url which can be used in 
db-setup.
Added missing change for Ranger Admin db-setup in RANGER-3647


Diffs
-

  kms/scripts/db_setup.py 165e30d89443b7e8244ed965c34a5d7219e7d1f3 
  kms/scripts/install.properties 780509dcdd06c13e84f1a860213eb28f3556fa26 
  security-admin/scripts/db_setup.py eaae5c8990724d7ead703d747140a0c3c49289d7 


Diff: https://reviews.apache.org/r/73935/diff/1/


Testing
---

Validated changes locally with available Mysql-8.0 release.


File Attachments (updated)


RANGER-3669.01.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/08/48106a24-5c65-47d3-b971-7b69f5d7bb79__RANGER-3669.01.patch


Thanks,

Vishal Suvagia

Re: Review Request 73936: RANGER-3695 : Ranger Keystore alias should be configurable

[Vishal Suvagia via Review Board]

> On April 8, 2022, 4 a.m., bhavik patel wrote:
> > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
> > Line 167 (original), 167 (patched)
> > <https://reviews.apache.org/r/73936/diff/1/?file=2267229#file2267229line167>
> >
> > default should be "rangeradmin".

Default is not required, it should be on the user to define the alias value as 
it is configurable.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73936/#review224269
-----------


On April 7, 2022, 4:41 p.m., Vishal Suvagia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73936/
> ---
> 
> (Updated April 7, 2022, 4:41 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3695
> https://issues.apache.org/jira/browse/RANGER-3695
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger requires keystore alias for TLS, However keystore alias should be  an 
> optional parameter, hence should be only configured
> if provided by the user.
> Fix contains changes to make the keystore alias optional.
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
>  cae9075a7b7726ad5abf2b52f53f612d4223f712 
> 
> 
> Diff: https://reviews.apache.org/r/73936/diff/1/
> 
> 
> Testing
> ---
> 
> Validated changes on a local VM with TLS enabled.
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

[jira] [Updated] (RANGER-3669) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3669:
---
Attachment: RANGER-3669.01.patch

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3669
> URL: https://issues.apache.org/jira/browse/RANGER-3669
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3669.01.patch, RANGER-3669.patch
>
>
> Observed that Ranger KMS DB setup fails when using with MySQL version above 
> 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Review Request 73936: RANGER-3695 : Ranger Keystore alias should be configurable

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73936/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3695
https://issues.apache.org/jira/browse/RANGER-3695


Repository: ranger


Description
---

Ranger requires keystore alias for TLS, However keystore alias should be  an 
optional parameter, hence should be only configured
if provided by the user.
Fix contains changes to make the keystore alias optional.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 cae9075a7b7726ad5abf2b52f53f612d4223f712 


Diff: https://reviews.apache.org/r/73936/diff/1/


Testing
---

Validated changes on a local VM with TLS enabled.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3695) Ranger Keystore alias should be configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3695:
---
Attachment: RANGER-3695.patch

> Ranger Keystore alias should be configurable
> 
>
> Key: RANGER-3695
> URL: https://issues.apache.org/jira/browse/RANGER-3695
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3695.patch
>
>
> Ranger keystore alias is currently hard-coded, it should be configurable to 
> allow user to provide a custom alias



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Review Request 73935: RANGER-3669 : Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73935/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3669
https://issues.apache.org/jira/browse/RANGER-3669


Repository: ranger


Description
---

Ranger KMS db setup script needs to be updated to support MySql versions 
greater than 8.0
Made changes to allow non-ssl connection with DB for Mysql version greater than 
8.0
made a fix to allow user to define the custom jdbc url which can be used in 
db-setup.
Added missing change for Ranger Admin db-setup in RANGER-3647


Diffs
-

  kms/scripts/db_setup.py 165e30d89443b7e8244ed965c34a5d7219e7d1f3 
  kms/scripts/install.properties 780509dcdd06c13e84f1a860213eb28f3556fa26 
  security-admin/scripts/db_setup.py eaae5c8990724d7ead703d747140a0c3c49289d7 


Diff: https://reviews.apache.org/r/73935/diff/1/


Testing
---

Validated changes locally with available Mysql-8.0 release.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3669) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3669:
---
Attachment: RANGER-3669.patch

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3669
> URL: https://issues.apache.org/jira/browse/RANGER-3669
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3669.patch
>
>
> Observed that Ranger KMS DB setup fails when using with MySQL version above 
> 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

> On April 4, 2022, 1:31 p.m., bhavik patel wrote:
> > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
> > Lines 607 (patched)
> > <https://reviews.apache.org/r/72024/diff/2/?file=2266637#file2266637line607>
> >
> > same method is there in RangerKrbFilter class

This is required to check for a kerberos authenticated user to redirect the 
user to login page once the user performs logout.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/#review224245
---


On April 5, 2022, 12:24 p.m., Vishal Suvagia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72024/
> ---
> 
> (Updated April 5, 2022, 12:24 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2704
> https://issues.apache.org/jira/browse/RANGER-2704
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to support browser login using kerberos authentication. Added a logout 
> for an unauthenticated user to redirect to the login page.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
>  223a991c76bae7d25f5ce89604d0a8a90d426fe5 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  abbf2d983beb30b59e5d3f6429d6fc226f735793 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 0a1128613dca50fe67ea3f891261f1ee449c46db 
> 
> 
> Diff: https://reviews.apache.org/r/72024/diff/2/
> 
> 
> Testing
> ---
> 
> Veriried kerberos ticket authentication is working on a kerberized browser.
> 
> 
> Steps to test for a kerberized browser:
> #1) For Kerberized browsers:
> #1> To open Chrome in kerberos enabled mode need to run below command:
>google-chrome --auth-server-whitelist="*ranger.testserver.com"
> #2> For Firefox, need to go to about:configs and then search for 
> negotiate and then add the host domain
> ranger.testserver.com to the property 
> "network.negotiate-auth.trusted-uris"
> #2) Perform kinit with the required user.
> #3) Open the Ranger Admin portal using FQDN of the server host.
> 
> 
> Known Issue: If there is no valid kerberos ticket, user lands on a blank page 
> and a short hack is to either append locallogin to the URL or refresh the 
> browser tab to redirect to the login page.
> P.S: this issue is not observed on Google Chrome browser
> 
> 
> File Attachments
> 
> 
> RANGER-2704.patch
>   
> https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
> RANGER-2704.02.patch
>   
> https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch
> RANGER-2704.03.patch
>   
> https://reviews.apache.org/media/uploaded/files/2022/04/05/31e52557-051e-40ba-bc34-5dc6418e06f8__RANGER-2704.03.patch
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/
---

(Updated April 5, 2022, 12:24 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

updated changes to address review comments.


Bugs: RANGER-2704
https://issues.apache.org/jira/browse/RANGER-2704


Repository: ranger


Description
---

Need to support browser login using kerberos authentication. Added a logout for 
an unauthenticated user to redirect to the login page.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 223a991c76bae7d25f5ce89604d0a8a90d426fe5 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 abbf2d983beb30b59e5d3f6429d6fc226f735793 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
0a1128613dca50fe67ea3f891261f1ee449c46db 


Diff: https://reviews.apache.org/r/72024/diff/2/


Testing
---

Veriried kerberos ticket authentication is working on a kerberized browser.


Steps to test for a kerberized browser:
#1) For Kerberized browsers:
#1> To open Chrome in kerberos enabled mode need to run below command:
   google-chrome --auth-server-whitelist="*ranger.testserver.com"
#2> For Firefox, need to go to about:configs and then search for negotiate 
and then add the host domain
ranger.testserver.com to the property 
"network.negotiate-auth.trusted-uris"
#2) Perform kinit with the required user.
#3) Open the Ranger Admin portal using FQDN of the server host.


Known Issue: If there is no valid kerberos ticket, user lands on a blank page 
and a short hack is to either append locallogin to the URL or refresh the 
browser tab to redirect to the login page.
P.S: this issue is not observed on Google Chrome browser


File Attachments (updated)


RANGER-2704.patch
  
https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
RANGER-2704.02.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch
RANGER-2704.03.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/05/31e52557-051e-40ba-bc34-5dc6418e06f8__RANGER-2704.03.patch


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2704) Support browser login using kerberized authentication

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2704:
---
Attachment: RANGER-2704.03.patch

> Support browser login using kerberized authentication
> -
>
> Key: RANGER-2704
> URL: https://issues.apache.org/jira/browse/RANGER-2704
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>        Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Attachments: RANGER-2704.01.patch, RANGER-2704.02.patch, 
> RANGER-2704.03.patch, RANGER-2704.patch
>
>
> Need to support browser login using kerberos authentication.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3695) Ranger Keystore alias should be configurable

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3695:
--

 Summary: Ranger Keystore alias should be configurable
 Key: RANGER-3695
 URL: https://issues.apache.org/jira/browse/RANGER-3695
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Affects Versions: 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Ranger keystore alias is currently hard-coded, it should be configurable to 
allow user to provide a custom alias



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

> On March 1, 2022, 3:25 a.m., Kirby Zhou wrote:
> > What will happens at following situation?
> > 
> > 1. A kerberosized browser with unauthorized principal want to login to 
> > ranger by HTML form using another user/password.
> > 
> > 2. A kerberosized browser with different KDC want to login to ranger by by 
> > HTML form using another user/password.
> 
> Vishal Suvagia wrote:
> Hi Kirby Zhou,
> There is a flag to enable/disable kerberos based authentication for 
> Ranger UI, it is disabled by default. If the kerberos auth is enabled by 
> setting the flag and any user wants to use user/password credentials to login 
> to Ranger UI it can be done by appending the "/locallogin" to the Ranger URL.
> For e.g : If url for Ranger UI is http://abc.cluster.com:6080 then the 
> local-login url will be http://abc.cluster.com:6080/locallogin
>   using this url, user can get the login page and enter the 
> required user/password credentials.
> 
> Kirby Zhou wrote:
> I known that: If a browser without kerberos try to access 
> kerberos-enabled Ranger UI, it will be forwarded to 
> http://abc.cluster.com:6080/login.jsp
> 
> What I donot know is that: a kerbero-authenticated browser, but its 
> kerberos ticket is rejected by Ranger UI by many ways, what will happen.
> 
> Should I have to let my browser logout kerberos? Or I have to add 
> /locallogin by hand in address bar?

Q) A kerbero-authenticated browser, but its kerberos ticket is rejected by 
Ranger UI by many ways, what will happen.
A) If the ticket is invalid, user will be redirected to the Ranger Login page. 
If it does land on a blank page, user can perform a refresh to get the login 
page.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/#review224105
---


On April 4, 2022, 1:04 p.m., Vishal Suvagia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72024/
> ---
> 
> (Updated April 4, 2022, 1:04 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2704
> https://issues.apache.org/jira/browse/RANGER-2704
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to support browser login using kerberos authentication. Added a logout 
> for an unauthenticated user to redirect to the login page.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
>  223a991c76bae7d25f5ce89604d0a8a90d426fe5 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  abbf2d983beb30b59e5d3f6429d6fc226f735793 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 0a1128613dca50fe67ea3f891261f1ee449c46db 
> 
> 
> Diff: https://reviews.apache.org/r/72024/diff/2/
> 
> 
> Testing
> ---
> 
> Veriried kerberos ticket authentication is working on a kerberized browser.
> 
> 
> Steps to test for a kerberized browser:
> #1) For Kerberized browsers:
> #1> To open Chrome in kerberos enabled mode need to run below command:
>google-chrome --auth-server-whitelist="*ranger.testserver.com"
> #2> For Firefox, need to go to about:configs and then search for 
> negotiate and then add the host domain
> ranger.testserver.com to the property 
> "network.negotiate-auth.trusted-uris"
> #2) Perform kinit with the required user.
> #3) Open the Ranger Admin portal using FQDN of the server host.
> 
> 
> Known Issue: If there is no valid kerberos ticket, user lands on a blank page 
> and a short hack is to either append locallogin to the URL or refresh the 
> browser tab to redirect to the login page.
> P.S: this issue is not observed on Google Chrome browser
> 
> 
> File Attachments
> 
> 
> RANGER-2704.patch
>   
> https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
> RANGER-2704.02.patch
>   
> https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/
---

(Updated April 4, 2022, 1:04 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Updated patch to remove unnecessary changes.


Bugs: RANGER-2704
https://issues.apache.org/jira/browse/RANGER-2704


Repository: ranger


Description
---

Need to support browser login using kerberos authentication. Added a logout for 
an unauthenticated user to redirect to the login page.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 223a991c76bae7d25f5ce89604d0a8a90d426fe5 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 abbf2d983beb30b59e5d3f6429d6fc226f735793 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
0a1128613dca50fe67ea3f891261f1ee449c46db 


Diff: https://reviews.apache.org/r/72024/diff/2/


Testing (updated)
---

Veriried kerberos ticket authentication is working on a kerberized browser.


Steps to test for a kerberized browser:
#1) For Kerberized browsers:
#1> To open Chrome in kerberos enabled mode need to run below command:
   google-chrome --auth-server-whitelist="*ranger.testserver.com"
#2> For Firefox, need to go to about:configs and then search for negotiate 
and then add the host domain
ranger.testserver.com to the property 
"network.negotiate-auth.trusted-uris"
#2) Perform kinit with the required user.
#3) Open the Ranger Admin portal using FQDN of the server host.


Known Issue: If there is no valid kerberos ticket, user lands on a blank page 
and a short hack is to either append locallogin to the URL or refresh the 
browser tab to redirect to the login page.
P.S: this issue is not observed on Google Chrome browser


File Attachments (updated)


RANGER-2704.patch
  
https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
RANGER-2704.02.patch
  
https://reviews.apache.org/media/uploaded/files/2022/04/04/6e737bec-e640-4459-922c-353793172b12__RANGER-2704.02.patch


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2704) Support browser login using kerberized authentication

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2704:
---
Attachment: RANGER-2704.02.patch

> Support browser login using kerberized authentication
> -
>
> Key: RANGER-2704
> URL: https://issues.apache.org/jira/browse/RANGER-2704
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>        Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Attachments: RANGER-2704.01.patch, RANGER-2704.02.patch, 
> RANGER-2704.patch
>
>
> Need to support browser login using kerberos authentication.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3647) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3647:
---
Fix Version/s: 3.0.0

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3647
> URL: https://issues.apache.org/jira/browse/RANGER-3647
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: RANGER-3647-01.patch, RANGER-3647.patch
>
>
> Observed that Ranger DB setup fails when using with MySQL version above 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (RANGER-3673) Need to enable cipher configuration for Usersync

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia resolved RANGER-3673.

Fix Version/s: 3.0.0
   2.3.0
   Resolution: Fixed

Commited to master branch : 
https://github.com/apache/ranger/commit/f66c5593ba43d7206df3043add90e967a2f5586d
ranger-2.3 branch : 
https://github.com/apache/ranger/commit/55496d57776ed0417d66733780371ac29c26b67c

> Need to enable cipher configuration  for Usersync
> -
>
> Key: RANGER-3673
> URL: https://issues.apache.org/jira/browse/RANGER-3673
> Project: Ranger
>  Issue Type: Improvement
>  Components: usersync
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 3.0.0, 2.3.0
>
> Attachments: RANGER-3673.patch
>
>
> Ranger Usersync supports enabling for TLS, need to enable cipher suite 
> configuration for same.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3673) Need to enable cipher configuration for Usersync

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3673:
---
Attachment: RANGER-3673.patch

> Need to enable cipher configuration  for Usersync
> -
>
> Key: RANGER-3673
> URL: https://issues.apache.org/jira/browse/RANGER-3673
> Project: Ranger
>  Issue Type: Improvement
>  Components: usersync
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3673.patch
>
>
> Ranger Usersync supports enabling for TLS, need to enable cipher suite 
> configuration for same.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 73878: RANGER-3647 : Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73878/
---

(Updated March 21, 2022, 2:17 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Request to kindly review the patch.


Bugs: RANGER-3647
https://issues.apache.org/jira/browse/RANGER-3647


Repository: ranger


Description
---

Observed that Ranger DB setup fails when using with MySQL version above 8.0.


Diffs
-

  security-admin/scripts/db_setup.py ad823b31012c6bee36c29e1f85adc747d4de02ac 
  security-admin/scripts/install.properties 
22868fa316a8b9a7da32218b0d0b5cf9c855ef9e 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
b3c41a9d15b8bfe88bcc59e04917284a3fef6dc5 


Diff: https://reviews.apache.org/r/73878/diff/2/


Testing
---

Validated locally by setting up Ranger with available Mysql-8.0 release.


File Attachments


RANGER-3647-01.patch
  
https://reviews.apache.org/media/uploaded/files/2022/03/16/696cd10b-37c0-4caf-8d00-32d80770574c__RANGER-3647-01.patch


Thanks,

Vishal Suvagia

[jira] [Created] (RANGER-3673) Need to enable cipher configuration for Usersync

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3673:
--

 Summary: Need to enable cipher configuration  for Usersync
 Key: RANGER-3673
 URL: https://issues.apache.org/jira/browse/RANGER-3673
 Project: Ranger
  Issue Type: Improvement
  Components: usersync
Affects Versions: 2.2.0, 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Ranger Usersync supports enabling for TLS, need to enable cipher suite 
configuration for same.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3669) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3669:
--

 Summary: Connection to DB fails for MySQL version above 8.0
 Key: RANGER-3669
 URL: https://issues.apache.org/jira/browse/RANGER-3669
 Project: Ranger
  Issue Type: Improvement
  Components: kms
Affects Versions: 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Observed that Ranger KMS DB setup fails when using with MySQL version above 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (RANGER-3647) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3647:
---
Attachment: RANGER-3647-01.patch

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3647
> URL: https://issues.apache.org/jira/browse/RANGER-3647
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3647-01.patch, RANGER-3647.patch
>
>
> Observed that Ranger DB setup fails when using with MySQL version above 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

> On March 1, 2022, 3:25 a.m., Kirby Zhou wrote:
> > What will happens at following situation?
> > 
> > 1. A kerberosized browser with unauthorized principal want to login to 
> > ranger by HTML form using another user/password.
> > 
> > 2. A kerberosized browser with different KDC want to login to ranger by by 
> > HTML form using another user/password.

Hi Kirby Zhou,
There is a flag to enable/disable kerberos based authentication for Ranger UI, 
it is disabled by default. If the kerberos auth is enabled by setting the flag 
and any user wants to use user/password credentials to login to Ranger UI it 
can be done by appending the "/locallogin" to the Ranger URL.
For e.g : If url for Ranger UI is http://abc.cluster.com:6080 then the 
local-login url will be http://abc.cluster.com:6080/locallogin
  using this url, user can get the login page and enter the required 
user/password credentials.


- Vishal


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/#review224105
-------


On Feb. 28, 2022, 7:35 p.m., Vishal Suvagia wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72024/
> ---
> 
> (Updated Feb. 28, 2022, 7:35 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan 
> Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2704
> https://issues.apache.org/jira/browse/RANGER-2704
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Need to support browser login using kerberos authentication. Added a logout 
> for an unauthenticated user to redirect to the login page.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
>  223a991c76bae7d25f5ce89604d0a8a90d426fe5 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  abbf2d983beb30b59e5d3f6429d6fc226f735793 
>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
> 0a1128613dca50fe67ea3f891261f1ee449c46db 
> 
> 
> Diff: https://reviews.apache.org/r/72024/diff/2/
> 
> 
> Testing
> ---
> 
> Veriried kerberos ticket authentication is working on a kerberized browser.
> 
> 
> Steps to test for a kerberized browser:
> #1) For Kerberized browsers:
> #1> To open Chrome in kerberos enabled mode need to run below command:
>google-chrome --auth-server-whitelist="*ranger.testserver.com"
> #2> For Firefox, need to go to about:configs and then search for 
> negotiate and then add the host domain
> ranger.testserver.com to the property 
> "network.negotiate-auth.trusted-uris"
> #2) Perform kinit with the required user.
> #3) Open the Ranger Admin portal using FQDN of the server host.
> 
> 
> File Attachments
> 
> 
> RANGER-2704.patch
>   
> https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch
> 
> 
> Thanks,
> 
> Vishal Suvagia
> 
>

[jira] [Updated] (RANGER-3647) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3647:
---
Attachment: RANGER-3647.patch

> Connection to DB fails for MySQL version above 8.0
> --
>
> Key: RANGER-3647
> URL: https://issues.apache.org/jira/browse/RANGER-3647
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3647.patch
>
>
> Observed that Ranger DB setup fails when using with MySQL version above 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: Review Request 72024: RANGER-2704 : Support browser login using kerberized authentication.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72024/
---

(Updated Feb. 28, 2022, 7:35 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-2704
https://issues.apache.org/jira/browse/RANGER-2704


Repository: ranger


Description
---

Need to support browser login using kerberos authentication. Added a logout for 
an unauthenticated user to redirect to the login page.


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerKrbFilter.java
 223a991c76bae7d25f5ce89604d0a8a90d426fe5 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 abbf2d983beb30b59e5d3f6429d6fc226f735793 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
0a1128613dca50fe67ea3f891261f1ee449c46db 


Diff: https://reviews.apache.org/r/72024/diff/2/


Testing
---

Veriried kerberos ticket authentication is working on a kerberized browser.


Steps to test for a kerberized browser:
#1) For Kerberized browsers:
#1> To open Chrome in kerberos enabled mode need to run below command:
   google-chrome --auth-server-whitelist="*ranger.testserver.com"
#2> For Firefox, need to go to about:configs and then search for negotiate 
and then add the host domain
ranger.testserver.com to the property 
"network.negotiate-auth.trusted-uris"
#2) Perform kinit with the required user.
#3) Open the Ranger Admin portal using FQDN of the server host.


File Attachments


RANGER-2704.patch
  
https://reviews.apache.org/media/uploaded/files/2020/01/17/8c9682ca-1ade-4281-89e7-d43a8af09300__RANGER-2704.patch


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2704) Support browser login using kerberized authentication

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2704:
---
Attachment: RANGER-2704.01.patch

> Support browser login using kerberized authentication
> -
>
> Key: RANGER-2704
> URL: https://issues.apache.org/jira/browse/RANGER-2704
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>        Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Attachments: RANGER-2704.01.patch, RANGER-2704.patch
>
>
> Need to support browser login using kerberos authentication.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (RANGER-3647) Connection to DB fails for MySQL version above 8.0

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3647:
--

 Summary: Connection to DB fails for MySQL version above 8.0
 Key: RANGER-3647
 URL: https://issues.apache.org/jira/browse/RANGER-3647
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Affects Versions: 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Observed that Ranger DB setup fails when using with MySQL version above 8.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Re: [VOTE] Release Apache Ranger version 2.2.0 - rc2

[vishal suvagia]

Thank-you Ramesh for putting the Apache Ranger 2.2.0 release candidate #2.

+1 for the Apache Ranger 2.2.0 release candidate #2.
clean build Ranger from the source tar succeeded without any issues.
verified hashes and signature matching the source file.
verified that Ranger Admin portal came up fine.


Thanks
Vishal Suvagia.
--

On Tuesday, 26 October, 2021, 11:39:33 am IST, Mehul Parikh 
 wrote:  
 
 +1 for Apache Ranger 2.2.0 rc2


  - Verified signatures
  - Built ranger-2.2-rc2 from sources successfully
  - Started Ranger-admin successfully
  - Verified policy download by hdfs / yarn / hbase / hive / kafka /
  plugins.


On Mon, Oct 25, 2021 at 3:34 AM Abhay Kulkarni  wrote:

> +1
>
> - Verified pgp, sha signatures
> - Built ranger-2.2-rc2 from sources successfully
> - Started Ranger-admin successfully
> - Verified that the changes to tag policies are downloaded to
> hdfs/hbase/hive/kafka/yarn plugins
>
> Thanks!
> -Abhay
>
> On Sat, Oct 23, 2021 at 5:31 PM Madhan Neethiraj 
> wrote:
> >
> > +1 for Apache Ranger 2.2.0 rc2
> >
> >  - verified signature
> >  - verified 2.2.0-rc2 builds successfully
> >  - verified Ranger admin startup; created services/policies/security
> zones
> >  - sanity testing of HDFS/Hive/HBase/Kafka/YARN plugins
> >  - verified audit logs from plugins, audit-filters
> >
> > Thank you Ramesh for putting this release together.
> >
> > Thanks,
> > Madhan
> >
> >
> > On 10/23/21, 12:33 AM, "Ramesh Mani"  wrote:
> >
> >    Dear Rangers,
> >
> >    Apache Ranger 2.2.0 release candidate #2 is now available for a vote
> within
> >    the dev community. Links to the release artifacts are given below.
> Please
> >    review and vote.
> >
> >    The vote will be open for at least 72 hours or until necessary votes
> are
> >    reached.
> >      [ ] +1 approve
> >      [ ] +0 no opinion
> >      [ ] -1 disapprove (and reason why)
> >
> >    Thanks,
> >    Ramesh
> >
> >    List of all the issues addressed in this release:
> >    https://issues.apache.org/jira/issues/?jql=project=RANGER AND
> >    status=Resolved AND fixVersion=2.2.0 ORDER BY key DESC
> >
> >    Git tag for the release:
> >    https://github.com/apache/ranger/tree/release-2.2.0-rc2
> >
> >    Sources for the release:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz
> >
> >    Source release verification:
> >      PGP Signature:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.asc
> >      SHA256 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA256
> >      SHA512 Hash:
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.2.0-rc2/apache-ranger-2.2.0.tar.gz.SHA512
> >
> >    Keys to verify the signature of the release artifacts are available
> at:
> >    https://dist.apache.org/repos/dist/release/ranger/KEYS
> >
> >    New features/enhancements:
> >
> >
> >        -
> >
> >        Schema changes to improve performance of chained plugin features.
> >        RANGER-3067
> >
> >
> >        -
> >
> >        Support delegation-admin for specific permissions.RANGER-3122
> >        -
> >
> >        Kafka Client improvement to use Kafka AdminClient API instead of
> >        Zookeeper. RANGER-3001
> >        -
> >
> >        GET API service/xusers/users response time improvement.
> RANGER-3027/
> >        RANGER-3024
> >        -
> >
> >        Improvement in Ranger Latest UI's Edit Policy Page. RANGER-3130
> >        -
> >
> >        Ranger UI Search by object name in page /reports/audit/admin.
> RANGER-3052
> >        -
> >
> >        Enhancement to trace additional information on resources.
> RANGER-3065
> >        -
> >
> >        Improve audit log for Role operations in Ranger Hive authorizer.
> >        RANGER-3170
> >        -
> >
> >        Audit-filter feature implementation to help reduce volume of
> audit logs
> >        generated.RANGER-3000
> >        -
> >
> >        Need feature to make the access log file name configurable for
> >        user.RANGER-3242/RANGER-3241
> >        -
> >
> >        Upgrade solr version in Ranger to Solr 8.6.3 for better
> >        performance.RANGER-3091
> >        -
> >
> >        Enhance Ranger admin REST

Review Request 73636: RANGER-3418 : Rotated Ranger admin access logs aren't getting removed

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73636/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3418
https://issues.apache.org/jira/browse/RANGER-3418


Repository: ranger


Description
---

Ranger admin access logs in the configured log directory aren't removed and 
keeps up utilizing unused space. Need to have access logs configurable to have 
older logs purged.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 62a188b95233eb5d07e253030819819cc50d4565 


Diff: https://reviews.apache.org/r/73636/diff/1/


Testing
---

Validated the changes locally.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3418) Rotated Ranger admin access logs aren't getting removed

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3418:
---
Attachment: RANGER-3418.patch

> Rotated Ranger admin access logs aren't getting removed
> ---
>
> Key: RANGER-3418
> URL: https://issues.apache.org/jira/browse/RANGER-3418
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Affects Versions: 3.0.0, 2.1.1
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3418.patch
>
>
> {color:#172b4d}Ranger admin access logs in the configured log directory 
> aren't removed and keeps up utilizing unused space. Need to have access logs 
> configurable to have older logs purged.
> {color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3418) Rotated Ranger admin access logs aren't getting removed

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3418:
--

 Summary: Rotated Ranger admin access logs aren't getting removed
 Key: RANGER-3418
 URL: https://issues.apache.org/jira/browse/RANGER-3418
 Project: Ranger
  Issue Type: Improvement
  Components: admin, Ranger
Affects Versions: 3.0.0, 2.1.1
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


{color:#172b4d}Ranger admin access logs in the configured log directory aren't 
removed and keeps up utilizing unused space. Need to have access logs 
configurable to have older logs purged.
{color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73568: RANGER-3398: Duplicate JAVA patch suffix should not be allowed

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73568/#review223450
---


Ship it!




Ship It!

- Vishal Suvagia


On Sept. 6, 2021, 7:44 a.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73568/
> ---
> 
> (Updated Sept. 6, 2021, 7:44 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3398
> https://issues.apache.org/jira/browse/RANGER-3398
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Duplicate JAVA suffix is allowed. Currently we need a manual human 
> intervention to find and correct. Use case in details as follows.
> 
> ## Use-Case:
> 
> 1. Say user1 & user2 working on a fix in Ranger and they both need JAVA patch 
> changes.
> 2. Assume user1 needs to update table1 and user2 needs to update table2 using 
> java.
> 3. Both Checked latest JAVA patch suffix (say it is _J10050). And used suffix 
> _J10051 for their JAVA files
> 4. If both commits ends up merging. The setup script will apply ONLY one of 
> the both JAVA files (suffixed _J10051) randomly.
> 
> ## Reproduce Steps:
> 
> 1. cd /security-admin/src/main/java/org/apache/ranger/patch/
> 2. Update suffix of last 2 patches such that both contains same suffix
> 3. mvn clean compile package install -U #build ranger
> 4. setup ranger
> 
> To avoid this, we need to fail maven build itself if there are duplicate 
> suffix.
> 
> 
> Diffs
> -
> 
>   security-admin/pom.xml 7ee2b22b2 
> 
> 
> Diff: https://reviews.apache.org/r/73568/diff/1/
> 
> 
> Testing
> ---
> 
> ## In-Valid cases
> 
> 1. Same prefixed files inside patches directory
> 2. Same prefixed files inside audit directory
> 3. Same prefixed files first inside patches second inside audit directory
> 
> ## Valid cases
> 
> 1. NO duplicate prefix
> 
> ## Build
> 
> mvn clean compile package install -U
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

Re: Review Request 73505: RANGER-3355 : Update the current logging mechanism to use custom log4j conf.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73505/#review223320
---


Ship it!




Ship It!

- Vishal Suvagia


On Aug. 6, 2021, 2:38 p.m., Mateen Mansoori wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73505/
> ---
> 
> (Updated Aug. 6, 2021, 2:38 p.m.)
> 
> 
> Review request for ranger, Dineshkumar Yadav, Jayendra Parab, Abhay Kulkarni, 
> Mehul Parikh, Mugdha Varadkar, Pradeep Agrawal, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3355
> https://issues.apache.org/jira/browse/RANGER-3355
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Update the current logging mechanism to use custom log4j.properties file.
> 
> 
> Diffs
> -
> 
>   embeddedwebserver/scripts/ranger-admin-services.sh 0bc06e1d1 
>   security-admin/scripts/db_setup.py 4dcf6c98f 
>   security-admin/scripts/install.properties 6cde15dff 
>   security-admin/scripts/setup.sh df8d64f0c 
>   security-admin/src/main/webapp/WEB-INF/log4j.properties b47554cdc 
> 
> 
> Diff: https://reviews.apache.org/r/73505/diff/1/
> 
> 
> Testing
> ---
> 
> Tested on local VM.
> Tested : By providing custom location for log4j conf file, Also with defualt 
> log4j conf and default log directory.
> 
> 
> Thanks,
> 
> Mateen Mansoori
> 
>

Review Request 73479: RANGER-3342 : Addendum fix Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73479/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3342
https://issues.apache.org/jira/browse/RANGER-3342


Repository: ranger


Description
---

Earlier fix included a Logger check for Log Level Fine, but the LOG get level 
is found to be null leading to a
NullPointerException.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 d3b10845556a20915f37e84b26ad050791e5495e 


Diff: https://reviews.apache.org/r/73479/diff/1/


Testing
---

Validated on a cluster.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3342) Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3342:
---
Attachment: RANGER-3342.02.patch

> Need to make the Ranger embedded server work directory configurable
> ---
>
> Key: RANGER-3342
> URL: https://issues.apache.org/jira/browse/RANGER-3342
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 2.1.0, 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3342.01.patch, RANGER-3342.02.patch, 
> RANGER-3342.patch
>
>
> Currently the work directory for Ranger embedded server is not configurable. 
> Need to make the work directory configurable to a custom location so that 
> user can customize if required.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Reopened] (RANGER-3342) Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia reopened RANGER-3342:


An addendum fix is required, hence re-opening the ticket.

> Need to make the Ranger embedded server work directory configurable
> ---
>
> Key: RANGER-3342
> URL: https://issues.apache.org/jira/browse/RANGER-3342
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 2.1.0, 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3342.01.patch, RANGER-3342.patch
>
>
> Currently the work directory for Ranger embedded server is not configurable. 
> Need to make the work directory configurable to a custom location so that 
> user can customize if required.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73463: RANGER-3342 : Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73463/
---

(Updated July 20, 2021, 9:37 a.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Updated patch to address review comments.


Bugs: RANGER-3342
https://issues.apache.org/jira/browse/RANGER-3342


Repository: ranger


Description
---

Currently the work directory for Ranger embedded server is not configurable.
Need to make the work directory configurable to a custom location so that user 
can customize if required.


Diffs (updated)
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 137168259d9aa55548a3953aff7def6d7228a9e5 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
8842071982f7a5831db4dcbcffd00d6a22a6fb2c 


Diff: https://reviews.apache.org/r/73463/diff/2/

Changes: https://reviews.apache.org/r/73463/diff/1-2/


Testing
---

Validated the changes locally.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3342) Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3342:
---
Attachment: RANGER-3342.01.patch

> Need to make the Ranger embedded server work directory configurable
> ---
>
> Key: RANGER-3342
> URL: https://issues.apache.org/jira/browse/RANGER-3342
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 2.1.0, 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3342.01.patch, RANGER-3342.patch
>
>
> Currently the work directory for Ranger embedded server is not configurable. 
> Need to make the work directory configurable to a custom location so that 
> user can customize if required.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Review Request 73463: RANGER-3342 : Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73463/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3342
https://issues.apache.org/jira/browse/RANGER-3342


Repository: ranger


Description
---

Currently the work directory for Ranger embedded server is not configurable.
Need to make the work directory configurable to a custom location so that user 
can customize if required.


Diffs
-

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 137168259d9aa55548a3953aff7def6d7228a9e5 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
8842071982f7a5831db4dcbcffd00d6a22a6fb2c 


Diff: https://reviews.apache.org/r/73463/diff/1/


Testing
---

Validated the changes locally.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3342) Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3342:
---
Attachment: RANGER-3342.patch

> Need to make the Ranger embedded server work directory configurable
> ---
>
> Key: RANGER-3342
> URL: https://issues.apache.org/jira/browse/RANGER-3342
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 2.1.0, 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3342.patch
>
>
> Currently the work directory for Ranger embedded server is not configurable. 
> Need to make the work directory configurable to a custom location so that 
> user can customize if required.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3342) Need to make the Ranger embedded server work directory configurable

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3342:
--

 Summary: Need to make the Ranger embedded server work directory 
configurable
 Key: RANGER-3342
 URL: https://issues.apache.org/jira/browse/RANGER-3342
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Affects Versions: 2.1.0, 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Currently the work directory for Ranger embedded server is not configurable. 
Need to make the work directory configurable to a custom location so that user 
can customize if required.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73393: RANGER-3303: Improve error handling in Ranger Solr bootstrap

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73393/#review223087
---


Ship it!




Ship It!

- Vishal Suvagia


On June 2, 2021, 7:31 a.m., Mahesh Bandal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73393/
> ---
> 
> (Updated June 2, 2021, 7:31 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, 
> Gautam Borad, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul 
> Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3303
> https://issues.apache.org/jira/browse/RANGER-3303
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Handle retries for failure during upload configs and validate ranger_audits 
> collection after create collection action.
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java
>  a14b84efa 
> 
> 
> Diff: https://reviews.apache.org/r/73393/diff/2/
> 
> 
> Testing
> ---
> 
> Ranger installation and setup successful.
> Done sanity testing on ranger.
> 
> 
> Thanks,
> 
> Mahesh Bandal
> 
>

[jira] [Updated] (RANGER-3287) Implement best practices for logging

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3287:
---
Attachment: RANGER-3287.01.patch

> Implement best practices for logging
> 
>
> Key: RANGER-3287
> URL: https://issues.apache.org/jira/browse/RANGER-3287
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3287.01.patch, RANGER-3287.patch
>
>
> Implement best practice.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73360: RANGER-3287 : Implement best practices for logging.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73360/
---

(Updated May 20, 2021, 12:15 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Changes
---

Updated changes as recommended


Bugs: RANGER-3287
https://issues.apache.org/jira/browse/RANGER-3287


Repository: ranger


Description
---

Implement best practices for logging


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
fb892d5c1c3ea6a2b8b74db4d09a886cf1363187 


Diff: https://reviews.apache.org/r/73360/diff/2/

Changes: https://reviews.apache.org/r/73360/diff/1-2/


Testing
---

Validated changes locally.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3287) Implement best practices for logging

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3287:
---
Attachment: RANGER-3287.patch

> Implement best practices for logging
> 
>
> Key: RANGER-3287
> URL: https://issues.apache.org/jira/browse/RANGER-3287
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3287.patch
>
>
> Implement best practice.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Review Request 73360: RANGER-3287 : Implement best practices for logging.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73360/
---

Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3287
https://issues.apache.org/jira/browse/RANGER-3287


Repository: ranger


Description
---

Implement best practices for logging


Diffs
-

  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
fb892d5c1c3ea6a2b8b74db4d09a886cf1363187 


Diff: https://reviews.apache.org/r/73360/diff/1/


Testing
---

Validated changes locally.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3287) implement best practices for logging

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3287:
---
Summary: implement best practices for logging  (was: implement best 
practices)

> implement best practices for logging
> 
>
> Key: RANGER-3287
> URL: https://issues.apache.org/jira/browse/RANGER-3287
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
>
> Implement best practice.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-3287) Implement best practices for logging

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3287:
---
Summary: Implement best practices for logging  (was: implement best 
practices for logging)

> Implement best practices for logging
> 
>
> Key: RANGER-3287
> URL: https://issues.apache.org/jira/browse/RANGER-3287
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 3.0.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
>
> Implement best practice.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3287) implement best practices

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3287:
--

 Summary: implement best practices
 Key: RANGER-3287
 URL: https://issues.apache.org/jira/browse/RANGER-3287
 Project: Ranger
  Issue Type: Bug
  Components: admin
Affects Versions: 3.0.0, 2.2.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Implement best practice.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73348: RANGER-3251: [Ranger Audit Filters UI] Tag, KMS service not showing the audit filters in UI section

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73348/#review222982
---


Ship it!




Ship It!

- Vishal Suvagia


On May 12, 2021, 5:25 a.m., Kishor Gollapalliwar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73348/
> ---
> 
> (Updated May 12, 2021, 5:25 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, 
> Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Vishal Suvagia, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-3251
> https://issues.apache.org/jira/browse/RANGER-3251
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Observed that for Tag and KMS service, while clicking on view service button, 
> we are not displaying the audit filters in UI section, instead, we are 
> displaying it as configs. [While the same works for other services like hdfs, 
> hive, etc]
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json 
> 5a2915cea 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json 
> 7b72f45c1 
> 
> 
> Diff: https://reviews.apache.org/r/73348/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Updated serviceDef with REST endpoint
> 2. List all servcieDefs with REST endpoint
> 3. Login to Ranger Admin and navigated to dashboard
> 4. Updated existing services (previous filter)
> 5. Created new services
> 6. Updated services (new filter)
> 7. Deleted services (new & old)
> 8. Verified upgrade with few services for each service type
> 9. Verified build: mvn clean compile package install
> 
> 
> Thanks,
> 
> Kishor Gollapalliwar
> 
>

[jira] [Updated] (RANGER-3275) Need to update solr-config.xml in the ranger-audits collection config-set

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3275:
---
Attachment: RANGER-3275.patch

> Need to update solr-config.xml in the ranger-audits collection config-set
> -
>
> Key: RANGER-3275
> URL: https://issues.apache.org/jira/browse/RANGER-3275
> Project: Ranger
>  Issue Type: Bug
>  Components: admin, Ranger
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3275.patch
>
>
> {color:#172b4d}The solrconfig.xml in the config-set for Ranger needs to be 
> updated in correct order to use the ttl configuration properly, without which 
> the documents will not expire or purge out even after the ttl is set.
> {color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73338: RANGER-3275 : Need to update solr-config.xml in the ranger-audits collection config-set

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73338/
---

(Updated May 6, 2021, 4:43 p.m.)


Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, Gautam 
Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan 
Periasamy.


Bugs: RANGER-3275
https://issues.apache.org/jira/browse/RANGER-3275


Repository: ranger


Description
---

The solrconfig.xml in the config-set for Ranger needs to be updated in correct 
order to use the ttl configuration properly, without which the documents do not 
contain the ttl and will not expire or purge out even after the ttl is set.


Diffs
-

  security-admin/contrib/solr_for_audit_setup/conf/solrconfig.xml 
2216f665fd197e066585fe527645b218ab25a221 


Diff: https://reviews.apache.org/r/73338/diff/1/


Testing
---

Tested the changes locally, ttl is getting applied to the created documents.


Thanks,

Vishal Suvagia

[jira] [Created] (RANGER-3275) Need to update solr-config.xml in the ranger-audits collection config-set

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3275:
--

 Summary: Need to update solr-config.xml in the ranger-audits 
collection config-set
 Key: RANGER-3275
 URL: https://issues.apache.org/jira/browse/RANGER-3275
 Project: Ranger
  Issue Type: Bug
  Components: admin, Ranger
Affects Versions: 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


{color:#172b4d}The solrconfig.xml in the config-set for Ranger needs to be 
updated in correct order to use the ttl configuration properly, without which 
the documents will not expire or purge out even after the ttl is set.
{color}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-2704) Support browser login using kerberized authentication

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2704:
---
Attachment: RANGER-2704.patch

> Support browser login using kerberized authentication
> -
>
> Key: RANGER-2704
> URL: https://issues.apache.org/jira/browse/RANGER-2704
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>        Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Attachments: RANGER-2704.patch
>
>
> Need to support browser login using kerberos authentication.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (RANGER-3242) Need feature to make the access log file name configurable for user

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3242:
---
Attachment: RANGER-3242.patch

> Need feature to make the access log file name configurable for user
> ---
>
> Key: RANGER-3242
> URL: https://issues.apache.org/jira/browse/RANGER-3242
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 2.2.0, 2.1.1, 2.10
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Minor
> Attachments: RANGER-3242.patch
>
>
> Currently the access log file name is set as default, need feature to have it 
> customizable for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (RANGER-3241) Need feature to make the access log file name configurable

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia resolved RANGER-3241.

Resolution: Won't Fix

Fix will be tracked in RANGER-3242.

> Need feature to make the access log file name configurable
> --
>
> Key: RANGER-3241
> URL: https://issues.apache.org/jira/browse/RANGER-3241
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin, Ranger
>Affects Versions: 2.1.0, 2.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
>
> Currently the access log file name is set as default, need feature to have it 
> customizable for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3242) Need feature to make the access log file name configurable for user

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3242:
--

 Summary: Need feature to make the access log file name 
configurable for user
 Key: RANGER-3242
 URL: https://issues.apache.org/jira/browse/RANGER-3242
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Affects Versions: 2.2.0, 2.1.1, 2.10
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Currently the access log file name is set as default, need feature to have it 
customizable for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3241) Need feature to make the access log file name configurable

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3241:
--

 Summary: Need feature to make the access log file name configurable
 Key: RANGER-3241
 URL: https://issues.apache.org/jira/browse/RANGER-3241
 Project: Ranger
  Issue Type: Improvement
  Components: admin, Ranger
Affects Versions: 2.1.0, 2.2.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


Currently the access log file name is set as default, need feature to have it 
customizable for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: Review Request 73037: RANGER-3087 :: Making db_setup.py fool-proof and robust

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73037/
---

(Updated Dec. 1, 2020, 4:38 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Jayendra Parab, Mehul 
Parikh, Pradeep Agrawal, and Velmurugan Periasamy.


Bugs: RANGER-3087
https://issues.apache.org/jira/browse/RANGER-3087


Repository: ranger


Description
---

When a user configures a small heap size in install.properties, vm creation in 
db_setup.py fails to apply the java patches with below error.

Error occurred during initialization of VM
Initial heap size set to a larger value than the maximum heap size

As a fix, adding checks for low heap size and setting default heap-size 
accordingly.


Diffs
-

  security-admin/scripts/db_setup.py b448738d11af4dc3508f1c982d323593d2b676f1 


Diff: https://reviews.apache.org/r/73037/diff/1/


Testing
---

Validated changes for fresh install and upgrade from ranger-1.0 to master and 
ranger-2.2 to master with heap-size less than 1024M and 2G.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-3087) Making db_setup.py fool-proof and robust

[Vishal Suvagia (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-3087:
---
Attachment: RANGER-3087.patch

> Making db_setup.py fool-proof and robust
> 
>
> Key: RANGER-3087
> URL: https://issues.apache.org/jira/browse/RANGER-3087
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 3.0.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Attachments: RANGER-3087.patch
>
>
> When a user configures a small heap size in install.properties, vm creation 
> in db_setup.py fails to apply the java patches with below error.
> {code:none}
> Error occurred during initialization of VM
> Initial heap size set to a larger value than the maximum heap size
> {code}
> Need to make db_setup.py more fool-proof and robust to wrongly configured 
> heap-size.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (RANGER-3087) Making db_setup.py fool-proof and robust

[Vishal Suvagia (Jira)]

Vishal Suvagia created RANGER-3087:
--

 Summary: Making db_setup.py fool-proof and robust
 Key: RANGER-3087
 URL: https://issues.apache.org/jira/browse/RANGER-3087
 Project: Ranger
  Issue Type: Improvement
  Components: Ranger
Affects Versions: 3.0.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia


When a user configures a small heap size in install.properties, vm creation in 
db_setup.py fails to apply the java patches with below error.
{code:none}
Error occurred during initialization of VM
Initial heap size set to a larger value than the maximum heap size
{code}
Need to make db_setup.py more fool-proof and robust to wrongly configured 
heap-size.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Re: [VOTE] Apache Ranger Release 2.0.0-rc1

[vishal suvagia]

Thank-you Vel for putting the Apache Ranger 2.0.0 release candidate #1.
+1 for the Apache Ranger 2.0.0 release candidate #1.
Able to clean / build Ranger from the source tar.
Able to verify hashes and signature.
Able to verify that Ranger Admin portal came up properly with custom user.


Thanks
Vishal Suvagia.


 

On Tuesday, 6 August, 2019, 10:56:03 AM IST, Bhavik Patel 
 wrote:  
 
 +1
Able to clean and build successfully.
Verified signature and hashes.

Regard,
Bhavik Patel
+91-7208744109


On Tue, Aug 6, 2019 at 9:56 AM PradeeP AgrawaL 
wrote:

> +1
> Successfully Build the tar and tag branch.
> Successful Ranger Install and start
>
>
> On Mon, 5 Aug 2019 at 23:20, Selvamohan Neethiraj 
> wrote:
>
> > +1
> >
> > Verified build.
> > Verified PGP signature.
> > Verified SHA256 checksum
> > Verified SHA512 checksum
> >
> > Thanks,
> > Selva-
> >
> > > On Aug 2, 2019, at 5:19 PM, Velmurugan Periasamy 
> wrote:
> > >
> > > Hello Ranger community:
> > >
> > > Thank you for your contribution to Apache Ranger. Apache Ranger 2.0.0
> > release candidate #1 is now available for a vote within dev community.
> > >
> > > Links to RC1 release artifacts are given below. Kindly request all
> > Rangers (Dev's & PMC members) to review and vote on this release.
> > >
> > >
> > > Git tag for the release:
> > > https://github.com/apache/ranger/tree/ranger-2.0.0-rc1 (last commit
> > id:  2a97668824d6a05f97193f3bf21d1bbe50a48330)
> > >
> > >
> > > Sources for the release:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.0.0-rc1/apache-ranger-2.0.0.tar.gz
> > >
> > >
> > > Source release verification:
> > >
> > > PGP Signature:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.0.0-rc1/apache-ranger-2.0.0.tar.gz.asc
> > >
> > > MD5/SHA Hashes:
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.0.0-rc1/apache-ranger-2.0.0.tar.gz.sha256
> > >
> >
> https://dist.apache.org/repos/dist/dev/ranger/2.0.0-rc1/apache-ranger-2.0.0.tar.gz.sha512
> > >
> > >
> > > Keys to verify the signature of the release artifact are available at:
> > > https://dist.apache.org/repos/dist/release/ranger/KEYS
> > >
> > >
> > > Release Notes:
> > >
> >
> https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.0.0+-+Release+Notes
> > >
> > >
> > > Build verification steps can be found at:
> > >  http://ranger.apache.org/quick_start_guide.html
> > >
> > >
> > > The vote will be open for at least 72 hours or until necessary number
> of
> > votes are reached.
> > > [ ] +1  approve
> > > [ ] +0  no opinion
> > > [ ] -1  disapprove (and reason why)
> > >
> > > Here is my +1
> > >
> > > Thank you,
> > > Velmurugan Periasamy
> > >
> >
> >
>
  

Review Request 69509: RANGER-2304 : Need to add property dfs.permissions.ContentSummary.subAccess when enabling Ranger HDFS plugin manually.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69509/
---

Review request for ranger, Ankita Sinha, bhavik patel, Colm O hEigeartaigh, 
Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, pengjianhua, 
Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Velmurugan Periasamy, and 
Qiang Zhang.


Bugs: RANGER-2304
https://issues.apache.org/jira/browse/RANGER-2304


Repository: ranger


Description
---

As part of fixes in HDFS-14112 and RANGER-2297, need to update the script that 
handles setting up HDFS authorizer when Ranger HDFS plugin is enabled/disabled, 
as below:
   * Set the property dfs.permissions.ContentSummary.subAccess in hdfs-site.xml 
to ‘true’ when Ranger plugin is   
 enabled.
   * Remove the property dfs.permissions.ContentSummary.subAccess in 
hdfs-site.xml or set to ‘false’ when Ranger plugin
 is disabled.


Diffs
-

  hdfs-agent/conf/hdfs-site-changes.cfg 8088b43f8 
  hdfs-agent/disable-conf/hdfs-site-changes.cfg 652bf2ee8 


Diff: https://reviews.apache.org/r/69509/diff/1/


Testing
---

Tested with a fresh install on Cent-OS, the property 
dfs.permissions.ContentSummary.subAccess is set to true when Ranger HDFS plugin 
is enabled manually.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2304) Need to add property dfs.permissions.ContentSummary.subAccess when enabling Ranger HDFS plugin manually

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2304:
---
Attachment: RANGER-2304.patch

> Need to add property dfs.permissions.ContentSummary.subAccess when enabling 
> Ranger HDFS plugin manually
> ---
>
> Key: RANGER-2304
> URL: https://issues.apache.org/jira/browse/RANGER-2304
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0, 1.2.1
>
> Attachments: RANGER-2304.patch
>
>
> As part of fixes in HDFS-14112 and RANGER-2297, need to update the script 
> that handles setting up HDFS authorizer when Ranger HDFS plugin is 
> enabled/disabled, as below:
>  * set the property {{dfs.permissions.ContentSummary.subAccess}} in 
> hdfs-site.xml to ‘true’ when Ranger plugin is enabled.
>  * remove the property {{dfs.permissions.ContentSummary.subAccess}} in 
> hdfs-site.xml or set to ‘false’ when Ranger plugin is disabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2304) Need to add property dfs.permissions.ContentSummary.subAccess when enabling Ranger HDFS plugin manually

[Vishal Suvagia (JIRA)]

Vishal Suvagia created RANGER-2304:
--

 Summary: Need to add property 
dfs.permissions.ContentSummary.subAccess when enabling Ranger HDFS plugin 
manually
 Key: RANGER-2304
 URL: https://issues.apache.org/jira/browse/RANGER-2304
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.2.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia
 Fix For: 2.0.0, 1.2.1


As part of fixes in HDFS-14112 and RANGER-2297, need to update the script that 
handles setting up HDFS authorizer when Ranger HDFS plugin is enabled/disabled, 
as below:
 * set the property {{dfs.permissions.ContentSummary.subAccess}} in 
hdfs-site.xml to ‘true’ when Ranger plugin is enabled.
 * remove the property {{dfs.permissions.ContentSummary.subAccess}} in 
hdfs-site.xml or set to ‘false’ when Ranger plugin is disabled.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16660662#comment-16660662
 ] 

Vishal Suvagia commented on RANGER-2251:


Committed in ranger-0.7 branch:
https://github.com/apache/ranger/commit/61b69730225687508123dae489b542bc86bfbd60

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2251-master.patch, RANGER-2251-ranger-0.7.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: RANGER-2251-ranger-0.7.patch

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2251-master.patch, RANGER-2251-ranger-0.7.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 69112: RANGER-2259 : Need to provide appropriate permisssions for unix-auth files.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69112/
---

Review request for ranger, Ankita Sinha, Colm O hEigeartaigh, Gautam Borad, 
Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, pengjianhua, Pradeep Agrawal, 
Ramesh Mani, Sailaja Polavarapu, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-2259
https://issues.apache.org/jira/browse/RANGER-2259


Repository: ranger


Description
---

Need to provide appropriate file level permissions for unix-auth files.


Diffs
-

  unixauthservice/scripts/setup.py e0c8c830ff13aa8abae3c0b20e89e2a27a07d099 


Diff: https://reviews.apache.org/r/69112/diff/1/


Testing
---

Verified with a fresh installation, appropriate permissions are getting applied.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2259) Need to provide appropriate permisssions for unix-auth files

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2259:
---
Attachment: RANGER-2259-master.patch

> Need to provide appropriate permisssions for unix-auth files
> 
>
> Key: RANGER-2259
> URL: https://issues.apache.org/jira/browse/RANGER-2259
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>    Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 1.2.1
>
> Attachments: RANGER-2259-master.patch
>
>
> Need to provide appropriate file level permissions for unix-auth files.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 69083: RANGER-2251 : Need to provide options for making java heap size memory configurable in Ranger services.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69083/
---

(Updated Oct. 22, 2018, 9:01 a.m.)


Review request for ranger, Ankita Sinha, Colm O hEigeartaigh, Gautam Borad, 
Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
---

Updating review request.


Bugs: RANGER-2251
https://issues.apache.org/jira/browse/RANGER-2251


Repository: ranger


Description
---

Need to make java heap size memory configurable for Ranger services.


Diffs (updated)
-

  embeddedwebserver/scripts/ranger-admin-services.sh 
990d3c7922351f298277792baa2551efa5e7a1cc 
  kms/scripts/ranger-kms 604d7014c5584d5feef26975c7bfffd8c2194f1e 
  security-admin/scripts/db_setup.py 5ac312fba9c3ddfb8c345d2c2551bab9c49fd67b 
  security-admin/scripts/install.properties 
34c52ebe58b59892ebf5f8fd66d81a73264aa049 
  tagsync/scripts/ranger-tagsync-services.sh 
6fcdf1562569f6203da309936e4762395c9036f0 
  unixauthservice/scripts/ranger-usersync-services.sh 
0c03c5a18eb9a15740df8398e96fc14104277dd2 


Diff: https://reviews.apache.org/r/69083/diff/2/

Changes: https://reviews.apache.org/r/69083/diff/1-2/


Testing
---

Tested with fresh installation for heapsize to be effective for Ranger: Admin, 
Usersycnc, Tagsync and KMS services.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: RANGER-2251-master.patch

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2251-master.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: (was: WIP-RANGER-2251-master.patch)

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2259) Need to provide appropriate permisssions for unix-auth files

[Vishal Suvagia (JIRA)]

Vishal Suvagia created RANGER-2259:
--

 Summary: Need to provide appropriate permisssions for unix-auth 
files
 Key: RANGER-2259
 URL: https://issues.apache.org/jira/browse/RANGER-2259
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.2.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia
 Fix For: 1.2.1


Need to provide appropriate file level permissions for unix-auth files.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 69083: RANGER-2251 : Need to provide options for making java heap size memory configurable in Ranger services.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69083/
---

Review request for ranger, Ankita Sinha, Colm O hEigeartaigh, Gautam Borad, 
Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2251
https://issues.apache.org/jira/browse/RANGER-2251


Repository: ranger


Description
---

Need to make java heap size memory configurable for Ranger services.


Diffs
-

  embeddedwebserver/scripts/ranger-admin-services.sh 
990d3c7922351f298277792baa2551efa5e7a1cc 
  kms/scripts/ranger-kms 604d7014c5584d5feef26975c7bfffd8c2194f1e 
  security-admin/scripts/db_setup.py 5ac312fba9c3ddfb8c345d2c2551bab9c49fd67b 
  security-admin/scripts/install.properties 
34c52ebe58b59892ebf5f8fd66d81a73264aa049 
  tagsync/scripts/ranger-tagsync-services.sh 
6fcdf1562569f6203da309936e4762395c9036f0 
  unixauthservice/scripts/ranger-usersync-services.sh 
0c03c5a18eb9a15740df8398e96fc14104277dd2 
  unixauthservice/scripts/setup.py e0c8c830ff13aa8abae3c0b20e89e2a27a07d099 


Diff: https://reviews.apache.org/r/69083/diff/1/


Testing
---

Tested with fresh installation for heapsize to be effective for Ranger: Admin, 
Usersycnc, Tagsync and KMS services.


Thanks,

Vishal Suvagia

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: WIP-RANGER-2251-master.patch

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: WIP-RANGER-2251-master.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: (was: RANGER-2251-master.patch)

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: WIP-RANGER-2251-master.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16653234#comment-16653234
 ] 

Vishal Suvagia commented on RANGER-2251:


The attached patch is a work in progress patch.

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2251-master.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2251?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2251:
---
Attachment: RANGER-2251-master.patch

> Need to provide options for making java heap size memory configurable in 
> Ranger services
> 
>
> Key: RANGER-2251
> URL: https://issues.apache.org/jira/browse/RANGER-2251
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.2.0
>    Reporter: Vishal Suvagia
>Assignee: Vishal Suvagia
>Priority: Major
> Fix For: 2.0.0
>
> Attachments: RANGER-2251-master.patch
>
>
> Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (RANGER-2251) Need to provide options for making java heap size memory configurable in Ranger services

[Vishal Suvagia (JIRA)]

Vishal Suvagia created RANGER-2251:
--

 Summary: Need to provide options for making java heap size memory 
configurable in Ranger services
 Key: RANGER-2251
 URL: https://issues.apache.org/jira/browse/RANGER-2251
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.2.0
Reporter: Vishal Suvagia
Assignee: Vishal Suvagia
 Fix For: 2.0.0


Need to make java heap size memory configurable for Ranger services.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2181) Code Improvement To Follow Best Practices

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16631924#comment-16631924
 ] 

Vishal Suvagia commented on RANGER-2181:


commited to Apache Ranger ranger-0.7 branch:

https://github.com/apache/ranger/commit/b050618aeb094234a3fb535eae3a27e0d2724519

> Code Improvement To Follow Best Practices
> -
>
> Key: RANGER-2181
> URL: https://issues.apache.org/jira/browse/RANGER-2181
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.1.0
>Reporter: Mehul Parikh
>Assignee: bhavik patel
>Priority: Major
> Fix For: 2.0.0, 1.2.0
>
> Attachments: 
> 0001-RANGER-2181-Code-Improvement-To-Follow-Best-Practice.patch, 
> RANGER-2181-01.patch, RANGER-2181-02.patch
>
>
> Code Improvement To Follow Best Practices for saving services. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2168) Add service admin user through service config

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16631921#comment-16631921
 ] 

Vishal Suvagia commented on RANGER-2168:


committed to Apache Ranger ranger-0.7 branch: 
https://github.com/apache/ranger/commit/46c6cf878026b1c2d7e76f838c95733271e1497b

> Add service admin user through service config
> -
>
> Key: RANGER-2168
> URL: https://issues.apache.org/jira/browse/RANGER-2168
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 1.0.1, 2.0.0, 1.1.1, 1.2.0
>
> Attachments: RANGER-2168-2.patch, RANGER-2168-3.patch
>
>
> Allow admin user to add a custom service config property  
> 'service.admin.users' through service page. Users listed for this property 
> should able to create/update/delete the ranger policy of that service. 
> Currently only user with admin role or a delegated admin user can create the 
> policy.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 68681: RANGER-2213 Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.90.

[Vishal Suvagia via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68681/#review208553
---



@Qiang Zhang, Kindly add the testing done with this patch ?

- Vishal Suvagia


On Sept. 11, 2018, 3:07 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68681/
> ---
> 
> (Updated Sept. 11, 2018, 3:07 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2213
> https://issues.apache.org/jira/browse/RANGER-2213
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [SECURITY] CVE-2018-1336
> Severity: High 
> Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 
> 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
> Description: An improper handing of overflow in the UTF-8 decoder with 
> supplementary characters can lead to an infinite loop in the decoder causing 
> a Denial of Service.
> 
> CVE-2018-8014
> Description: The defaults settings for the CORS filter provided in Apache 
> Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 
> 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is 
> expected that users of the CORS filter will have configured it appropriately 
> for their environment rather than using it in the default configuration. 
> Therefore, it is expected that most users will not be impacted by this issue.
> 
> CVE-2018-8034
> Description: The host name verification when using TLS with the WebSocket 
> client was missing. It is now enabled by default. 
> Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 
> 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
> 
> 
> Diffs
> -
> 
>   pom.xml ae3f4be4c 
> 
> 
> Diff: https://reviews.apache.org/r/68681/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

[jira] [Commented] (RANGER-2166) A ClassNotFound exception is thrown with atlasrest as a tag source

[Vishal Suvagia (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16565476#comment-16565476
 ] 

Vishal Suvagia commented on RANGER-2166:


[~abhayk], an addendum patch is required for this change and attached herewith, 
request to kindly review attached patch and commit the same.

> A ClassNotFound exception is thrown with atlasrest as a tag source
> --
>
> Key: RANGER-2166
> URL: https://issues.apache.org/jira/browse/RANGER-2166
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: 1.1.0
>    Reporter: Vishal Suvagia
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2166-Addendum.patch
>
>
> tagsync throws ClassNotFound exception when using REST API to download tags 
> from Atlas.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2166) A ClassNotFound exception is thrown with atlasrest as a tag source

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-2166:
---
Attachment: RANGER-2166-Addendum.patch

> A ClassNotFound exception is thrown with atlasrest as a tag source
> --
>
> Key: RANGER-2166
> URL: https://issues.apache.org/jira/browse/RANGER-2166
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: 1.1.0
>    Reporter: Vishal Suvagia
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
> Attachments: RANGER-2166-Addendum.patch
>
>
> tagsync throws ClassNotFound exception when using REST API to download tags 
> from Atlas.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Reopened] (RANGER-2166) A ClassNotFound exception is thrown with atlasrest as a tag source

[Vishal Suvagia (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia reopened RANGER-2166:


Re-opening this as the jackson-module-jaxb-annotations jar is available under 
com.fasterxml.jackson.module.

> A ClassNotFound exception is thrown with atlasrest as a tag source
> --
>
> Key: RANGER-2166
> URL: https://issues.apache.org/jira/browse/RANGER-2166
> Project: Ranger
>  Issue Type: Bug
>  Components: tagsync
>Affects Versions: 1.1.0
>    Reporter: Vishal Suvagia
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: master
>
>
> tagsync throws ClassNotFound exception when using REST API to download tags 
> from Atlas.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)