[GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-595948740 @bolkedebruin for getting plugin to work again (not add row/col level) is it just a matter of updating version in pom.xml or code changes too? I'm guessing https://github.com/prestosql/presto/pull/1624 in release 320 and https://github.com/prestosql/presto/pull/171 in release 318 broke it as users mention 317 works. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-570348580 some fixes: https://github.com/apache/ranger/blob/master/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java#L130 change checkCanSetSystemSessionProperty to have a dummy IF condition that always results in false so that session properties are never denied https://github.com/apache/ranger/blob/master/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java#L116 change checkCanSetUser to have an IF condition (principal does not equal userName) then accessDenied. This is critical so that users can't impersonate the privileges of another user public void checkCanSetUser(final Optional principal, final String userName) { final String loweruserName = userName.toLowerCase(); RangerSystemAccessControl.LOG.info("==> RangerSystemAccessControl.checkCanSetUser(userName=" + loweruserName + ")"); if (principal.isPresent()) { final String principalName = principal.get().getName().toLowerCase(); RangerSystemAccessControl.LOG.info("==> RangerSystemAccessControl.checkCanSetUser(principalName=" + principalName + ")"); if (!loweruserName.equals(principalName)) { AccessDeniedException.denySetUser((Optional)principal, userName); } } } https://github.com/prestodb/presto/issues/13394 remove deny in presto code This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-499182239 bingo! its all working now :) One thing i noticed was that any ranger policy changes do not take affect until 30 seconds after policy change. I also had to copy the config files to /etc/hadoop/conf/ otherwise faced 'The value of property hadoop.security.credential.provider.path must not be null' error This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-591646358 @brucemen711 can u share the stack trace? are u able to isolate which release between 317 and 325 started breaking? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [ranger] tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin
tooptoop4 edited a comment on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-498066894 The xmls went to PRESTOINSTALL/etc/ Even after copying (and chmod 777) to PRESTOINSTALL/plugins/ranger/ranger-presto-plugin-impl/ still getting same errors This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services