(ranger) branch RANGER-4607_master updated (9346283e3 -> eaf41b1d5)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch RANGER-4607_master in repository https://gitbox.apache.org/repos/asf/ranger.git discard 9346283e3 RANGER-4607: Ranger REST API improvements add eaf41b1d5 RANGER-4607: Ranger REST API improvements This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (9346283e3) \ N -- N -- N refs/heads/RANGER-4607_master (eaf41b1d5) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../main/java/org/apache/ranger/biz/XAuditMgr.java | 36 +++--- .../main/java/org/apache/ranger/biz/XUserMgr.java | 37 --- .../java/org/apache/ranger/biz/XUserMgrBase.java | 39 --- .../ranger/security/context/RangerAPIList.java | 6 --- .../ranger/security/context/RangerAPIMapping.java | 15 -- .../java/org/apache/ranger/biz/TestXUserMgr.java | 55 -- 6 files changed, 17 insertions(+), 171 deletions(-)
(ranger) branch RANGER-4607_master updated (3d04d9a3a -> 9346283e3)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch RANGER-4607_master in repository https://gitbox.apache.org/repos/asf/ranger.git discard 3d04d9a3a RANGER-4607: Ranger REST API improvements add 2081a895a RANGER-4912: Upgrade Spring framework to 5.3.39 (#392) add 5fc70579e RANGER-4935 : Updating library dependencies in Ranger Admin React package-lock.json add 64738a246 RANGER-4213: Getting 302 status code instead of 419 in case of session timeout add 5f26ed47a RANGER-4936 : Feature for download and upload of individual policies add 7ba69cba4 RANGER-4914: Tagsync for ozone - set isRecursive=true for both ofs and o3fs keys by default (#394) add bc596e627 RANGER-4820: Support authorization of multiple accesses grouped by access groups in one policy engine call - #2 add 93c3f6329 RANGER-4934: Ranger API to add and delete resources to the DataShare in bulk. add 7af593110 Added 'Brijesh Bhalala' as a committer add 4f297c35b RANGER-4938: Ensure that only one instance of Ranger plugin is created in an Ozone Manager process add 0f6684863 RANGER-4944 : Remove save option and cancel option on User profile page for users other than ROLE_SYS_ADMIN role add c1aaffb63 RANGER-4809: Utility to migrate admin audit logs in x_trx_log table x_trx_log_v2 table add a4f8cfbdc RANGER-4948: optimize GDS policy engine to use a single trie-set for all resources across data shares add 28c61f5d7 RANGER-3801: update docker download-archives.sh to download all by default add 47134888e RANGER-4937: Add a new GDS resource API for adding new resources to a new or existing DataShare and add it to the DataSet add a28c122d5 RANGER-4949 : Creating security zone with any role selected fails for oracle DB add f06d0e708 RANGER-4901 : [Ranger React UI] Admin audits for 'Import Delete' operation type do not display service name field add 9346283e3 RANGER-4607: Ranger REST API improvements This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (3d04d9a3a) \ N -- N -- N refs/heads/RANGER-4607_master (9346283e3) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../policyengine/gds/GdsDataShareEvaluator.java| 166 ++- .../policyengine/gds/GdsDatasetEvaluator.java | 38 +- .../plugin/policyengine/gds/GdsDipEvaluator.java | 21 +- .../plugin/policyengine/gds/GdsDshidEvaluator.java | 21 +- .../plugin/policyengine/gds/GdsPolicyEngine.java | 415 +++-- .../policyengine/gds/GdsProjectEvaluator.java | 8 +- .../gds/GdsSharedResourceEvaluator.java| 10 +- .../RangerDefaultPolicyEvaluator.java | 39 +- .../ranger/plugin/store/AbstractGdsStore.java | 5 +- .../org/apache/ranger/plugin/store/GdsStore.java | 4 +- .../plugin/util/RangerAccessRequestUtil.java | 124 +++--- .../policyengine/gds/TestGdsPolicyEngine.java | 42 +- .../gds/test_gds_policy_engine_hive.json | 2 +- dev-support/ranger-docker/README.md| 6 + dev-support/ranger-docker/download-archives.sh | 49 ++- docs/pom.xml | 12 + .../ranger-admin-transaction-log-migrate.sh| 48 ++ .../authorization/hadoop/RangerHdfsAuthorizer.java | 6 + .../ozone/authorizer/RangerOzoneAuthorizer.java| 20 +- pom.xml| 4 +- .../optimized/current/ranger_core_db_mysql.sql | 2 + .../patches/074-create-index-for-x_trx_log.sql}| 14 +- .../optimized/current/ranger_core_db_oracle.sql| 4 + .../patches/066-create-sz-ref-role-table.sql | 26 ++ ..._trx_log_v2.sql => 067-create-x_trx_log_v2.sql} | 0 ...info.sql => 068-create-index-for-x_trx_log.sql} | 13 +- .../optimized/current/ranger_core_db_postgres.sql | 2 + ...wner.sql => 074-create-index-for-x_trx_log.sql} | 17 +- .../current/ranger_core_db_sqlanywhere.sql | 4 + .../patches/068-create-index-for-x_trx_log.sql}| 4 + .../optimized/current/ranger_core_db_sqlserver.sql | 2 + .../patches/068-create-index-for-x_trx_log.sql}| 18 +- .../java/org/apache/ranger/biz/GdsDBStore.java | 57 +-- .../java/org/apache/ranger/biz/ServiceDBStore.java | 96 ++-- .../main/java/org/apache/rang
(ranger) branch master updated (854a113f2 -> 2081a895a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 854a113f2 RANGER-4307: Allow users customize the time interval (#269) add 2081a895a RANGER-4912: Upgrade Spring framework to 5.3.39 (#392) No new revisions were added by this update. Summary of changes: pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
(ranger) 01/01: RANGER-4607: Ranger REST API improvements
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch RANGER-4607_master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 3d04d9a3adf603ae93273d5b17675428e8709ced Author: Pradeep Agrawal AuthorDate: Wed Nov 22 11:40:58 2023 +0530 RANGER-4607: Ranger REST API improvements RANGER-4545: DELETE /assets/resources/{resource_id} API should return proper status code for non admin users RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user without permission on audit module RANGER-4548: Return proper error message in the response for /tags/tags, /tags/resources and /tags/types API for non admin users RANGER-4547: The reponse metrics (pagination values) for the /assets/ugsyncAudits/{sync_source} API is not proper RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and /public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API RANGER-4551: No response returned for /assets/policyList/{service_name} API RANGER-4550: API request to /assets/resource/{id} returns no response RANGER-4552: Response metrics for /assets/report is not proper, and pagination does not work RANGER-4553: Response metrics for /xaudit/trx_log not proper RANGER-4554: Response metrics for /assets/resources not proper RANGER-4555: Response metrics for /assets/assets API not proper RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation of entities even without groupId / userId fields in the request RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API returns policies for users without access to the policy RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API returns policies for users without access to the policy RANGER-4576: User without access to policy is able to fetch policy details using /plugins/policies/{service_type}/for-resource API endpoint RANGER-4577: UI and API behaviour for fetching users not consistent for keyadmin users RANGER-4589: keyadmin user can update the user password via UI but cannot update the user password using /users/{user_id}/passwordchange API RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user RANGER-4591: keyadmin user can access non kms related admin audits using /assets/report/{transaction_id} API RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting status to 0 using /users API RANGER-4595: keyadmin user able to view the user permission objects via /users API RANGER-4596: keyadmin can fetch the details of admin and auditor users through /users API endpoint RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access /xusers/groups/groupName/{group_name} API RANGER-4586: XUserREST and UserREST API improvement for keyadmin users Change-Id: I1fa52a99049d81e58c40d071211d62b278ff8ef1 --- .../main/java/org/apache/ranger/biz/AssetMgr.java | 54 +--- .../java/org/apache/ranger/biz/ServiceDBStore.java | 4 +- .../main/java/org/apache/ranger/biz/UserMgr.java | 162 +--- .../main/java/org/apache/ranger/biz/XAuditMgr.java | 22 +- .../java/org/apache/ranger/biz/XAuditMgrBase.java | 8 +- .../main/java/org/apache/ranger/biz/XUserMgr.java | 93 +++ .../java/org/apache/ranger/rest/AssetREST.java | 87 +-- .../main/java/org/apache/ranger/rest/RoleREST.java | 1 + .../java/org/apache/ranger/rest/ServiceREST.java | 17 +- .../main/java/org/apache/ranger/rest/TagREST.java | 18 +- .../main/java/org/apache/ranger/rest/UserREST.java | 2 - .../java/org/apache/ranger/rest/XUserREST.java | 123 - .../org/apache/ranger/service/XGroupService.java | 4 + .../ranger/service/XUgsyncAuditInfoService.java| 2 + .../org/apache/ranger/biz/TestServiceDBStore.java | 89 ++- .../java/org/apache/ranger/biz/TestUserMgr.java| 280 ++--- .../java/org/apache/ranger/biz/TestXUserMgr.java | 151 ++- .../java/org/apache/ranger/rest/TestAssetREST.java | 120 - .../java/org/apache/ranger/rest/TestRoleREST.java | 1 + .../org/apache/ranger/rest/TestServiceREST.java| 11 +- .../java/org/apache/ranger/rest/TestTagREST.java | 9 +- .../java/org/apache/ranger/rest/TestUserREST.java | 4 +- .../java/org/apache/ranger/rest/TestXUserREST.java | 102 +--- 23 files changed, 595 insertions(+), 769 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java index 00062f3e2..620d1e619 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java @@ -19,8 +19,6 @@ package org.apache.ranger.biz; -import java.io.File; -import
(ranger) branch RANGER-4607_master created (now 3d04d9a3a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch RANGER-4607_master in repository https://gitbox.apache.org/repos/asf/ranger.git at 3d04d9a3a RANGER-4607: Ranger REST API improvements This branch includes the following new commits: new 3d04d9a3a RANGER-4607: Ranger REST API improvements The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(ranger) branch RANGER-4912_master created (now bf8a2946f)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch RANGER-4912_master in repository https://gitbox.apache.org/repos/asf/ranger.git at bf8a2946f RANGER-4912: Upgrade Spring framework to 5.3.39 This branch includes the following new commits: new bf8a2946f RANGER-4912: Upgrade Spring framework to 5.3.39 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(ranger) 01/01: RANGER-4912: Upgrade Spring framework to 5.3.39
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch RANGER-4912_master in repository https://gitbox.apache.org/repos/asf/ranger.git commit bf8a2946f94f7b6485eaf847478f522ad9efe2ed Author: Pradeep AgrawaL AuthorDate: Fri Sep 13 15:01:19 2024 +0530 RANGER-4912: Upgrade Spring framework to 5.3.39 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index b6bf23d1f..7c2390fa8 100644 --- a/pom.xml +++ b/pom.xml @@ -201,8 +201,8 @@ 8.11.3 2.4.1 5.7.12 -5.3.33 -5.3.33 +5.3.39 +5.3.39 1.99.7 1.2.4 1.19
(ranger) 02/02: Added Guru Thejus Arveti as contributor
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit c41604713f8225f871ef437a7399024e18ad8b2a Author: Pradeep Agrawal AuthorDate: Fri Aug 16 14:15:24 2024 +0530 Added Guru Thejus Arveti as contributor Change-Id: Id6fd44454ba4e2b2b482dde97e092d749f9f7bc4 --- docs/pom.xml | 4 1 file changed, 4 insertions(+) diff --git a/docs/pom.xml b/docs/pom.xml index 4bc467c21..601f89b18 100644 --- a/docs/pom.xml +++ b/docs/pom.xml @@ -654,6 +654,10 @@ Grant Henke + +Guru Thejus Arveti + + Haihui Xu
(ranger) branch master updated (c0480ed72 -> c41604713)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from c0480ed72 RANGER-4905:Reduce memory needed to create Ranger policy engine new d338761ef RANGER-4709: Auditing set role command in hive new c41604713 Added Guru Thejus Arveti as contributor The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: docs/pom.xml | 4 ++ .../hive/authorizer/RangerHiveAuthorizer.java | 79 ++ 2 files changed, 55 insertions(+), 28 deletions(-)
(ranger) 01/02: RANGER-4709: Auditing set role command in hive
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit d338761efc68ae6bf84c232de427c13fbeeca582 Author: Guru Thejus Arveti AuthorDate: Wed Aug 14 19:08:26 2024 +0530 RANGER-4709: Auditing set role command in hive Change-Id: I8208d5b9c6d71ae69249b89640f4a8828b750531 Signed-off-by: Pradeep Agrawal --- .../hive/authorizer/RangerHiveAuthorizer.java | 79 ++ 1 file changed, 51 insertions(+), 28 deletions(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 2ec60b27a..ca6edf5b2 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -115,6 +115,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { private static final String CMD_SHOW_PRINCIPALS= "show principals %s"; private static final String CMD_GRANT_ROLE = "grant %s to %s "; private static final String CMD_REVOKE_ROLE= "revoke %s from %s"; + private static final String CMD_SET_ROLE = "set role %s"; private static final Set RESERVED_ROLE_NAMES; @@ -311,39 +312,59 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { @Override public void setCurrentRole(String roleName) throws HiveAccessControlException, HiveAuthzPluginException { // from SQLStdHiveAccessController.setCurrentRole() - initUserRoles(); - if (ROLE_NONE.equalsIgnoreCase(roleName)) { - // for set role NONE, clear all roles for current session. - currentRoles.clear(); - isCurrentRoleSet = true; - return; - } - if (ROLE_ALL.equalsIgnoreCase(roleName)) { - // for set role ALL, reset roles to default roles. - currentRoles.clear(); - currentRoles.addAll(getCurrentRoleNamesFromRanger()); - isCurrentRoleSet = true; - return; - } - for (String role : getCurrentRoleNamesFromRanger()) { - // set to one of the roles user belongs to. - if (role.equalsIgnoreCase(roleName)) { + RangerHiveAuditHandler auditHandler = new RangerHiveAuditHandler(hivePlugin.getConfig()); + List roles = new ArrayList<>(); + roles.add(roleName); + boolean result = false; + + try { + initUserRoles(); + if (ROLE_NONE.equalsIgnoreCase(roleName)) { + // for set role NONE, clear all roles for current session. currentRoles.clear(); - currentRoles.add(role); isCurrentRoleSet = true; + result = true; return; } + if (ROLE_ALL.equalsIgnoreCase(roleName)) { + // for set role ALL, reset roles to default roles. + currentRoles.clear(); + currentRoles.addAll(getCurrentRoleNamesFromRanger()); + isCurrentRoleSet = true; + result = true; + return; + } + for (String role : getCurrentRoleNamesFromRanger()) { + // set to one of the roles user belongs to. + if (role.equalsIgnoreCase(roleName)) { + currentRoles.clear(); + currentRoles.add(role); + isCurrentRoleSet = true; + result = true; + return; + } + } + // set to ADMIN role, if user belongs there. + if (ROLE_ADMIN.equalsIgnoreCase(roleName) && null != this.adminRole) { + currentRoles.clear(); + currentRoles.add(adminRole); + isCurrentRoleSet = true; + result = true; + return; + } + LOG.
(ranger) 01/01: RANGER-4859: Update Trino service-def in Ranger for authorization changes
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-4859_master in repository https://gitbox.apache.org/repos/asf/ranger.git commit fe234b0d3f41b5160d2f9069929a0f5a9f25814c Author: Pradeep AgrawaL AuthorDate: Tue Jul 16 11:52:32 2024 +0530 RANGER-4859: Update Trino service-def in Ranger for authorization changes --- .../service-defs/ranger-servicedef-trino.json | 122 ++- distro/pom.xml | 36 +- .../trino/authorizer/RangerConfig.java | 81 -- .../authorizer/RangerSystemAccessControl.java | 1030 .../RangerSystemAccessControlFactory.java | 63 -- .../trino/authorizer/TrinoRangerPlugin.java| 34 - .../authorizer/RangerSystemAccessControlTest.java | 204 pom.xml| 38 +- .../optimized/current/ranger_core_db_mysql.sql |2 + .../optimized/current/ranger_core_db_oracle.sql|2 + .../optimized/current/ranger_core_db_postgres.sql |2 + .../current/ranger_core_db_sqlanywhere.sql |4 + .../optimized/current/ranger_core_db_sqlserver.sql |2 + .../patch/PatchForTrinoSvcDefUpdate_J10062.java| 315 ++ 14 files changed, 451 insertions(+), 1484 deletions(-) diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json index 802c72c7a..76e1b1384 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-trino.json @@ -203,6 +203,70 @@ "label": "Schema Procedure", "description": "Schema Procedure", "accessTypeRestrictions": ["execute", "grant"] +}, +{ + "itemId": 10, + "name": "schemafunction", + "type": "string", + "level": 30, + "parent": "schema", + "mandatory": true, + "lookupSupported":false, + "recursiveSupported": false, + "excludesSupported": false, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard": true, "ignoreCase": true }, + "label": "Schema Function", + "description":"Schema Function", + "accessTypeRestrictions": [ "create", "drop", "show" ] +}, +{ + "itemId": 11, + "name": "queryid", + "type": "string", + "level": 10, + "parent": "", + "mandatory": true, + "lookupSupported":false, + "recursiveSupported": false, + "excludesSupported": false, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard": true, "ignoreCase": true }, + "label": "Query ID", + "description":"Query ID", + "accessTypeRestrictions": [ "execute" ] +}, +{ + "itemId": 12, + "name": "sysinfo", + "type": "string", + "level": 10, + "parent": "", + "mandatory": true, + "lookupSupported":false, + "recursiveSupported": false, + "excludesSupported": false, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard": true, "ignoreCase": true }, + "label": "System Information", + "description":"Trino System Information", + "accessTypeRestrictions": [ "read_sysinfo", "write_sysinfo" ] +}, +{ + "itemId": 13, + "name": "role", + "type": "string", + "lev
(ranger) branch ranger-4859_master created (now fe234b0d3)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-4859_master in repository https://gitbox.apache.org/repos/asf/ranger.git at fe234b0d3 RANGER-4859: Update Trino service-def in Ranger for authorization changes This branch includes the following new commits: new fe234b0d3 RANGER-4859: Update Trino service-def in Ranger for authorization changes The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(ranger) branch ranger-2.5 updated: RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.5 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.5 by this push: new 922135805 RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database 922135805 is described below commit 922135805df58282e0b2a79527089aba4175c5fa Author: Ognjen Stanisavljevic AuthorDate: Thu Jun 27 21:07:28 2024 +0200 RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database Change-Id: Ibf9c28ff01605e32a64fee8c5b70c127ab7c121d Signed-off-by: PradeeP AgrawaL --- agents-audit/pom.xml | 2 +- pom.xml | 2 +- security-admin/scripts/ranger-admin-site-template.xml| 4 security-admin/scripts/setup.sh | 5 + security-admin/scripts/upgrade_admin.py | 1 + .../ranger/elasticsearch/ElasticSearchAccessAuditsService.java | 2 +- .../main/java/org/apache/ranger/solr/SolrAccessAuditsService.java| 2 +- security-admin/src/main/resources/conf.dist/ranger-admin-site.xml| 5 + .../ranger/elasticsearch/ElasticSearchAccessAuditsServiceTest.java | 1 + 9 files changed, 20 insertions(+), 4 deletions(-) diff --git a/agents-audit/pom.xml b/agents-audit/pom.xml index fd76b208d..249331848 100644 --- a/agents-audit/pom.xml +++ b/agents-audit/pom.xml @@ -308,7 +308,7 @@ org.apache.lucene lucene-spatial -${lucene.version} +8.4.0 org.apache.lucene diff --git a/pom.xml b/pom.xml index cc9fdaf64..0674b28b7 100644 --- a/pom.xml +++ b/pom.xml @@ -245,7 +245,7 @@ 1.0.2 1.70 1.70 -8.4.0 +8.11.3 0.8.0 2.10.6 9.31 diff --git a/security-admin/scripts/ranger-admin-site-template.xml b/security-admin/scripts/ranger-admin-site-template.xml index dc4bb52de..b02ed174a 100644 --- a/security-admin/scripts/ranger-admin-site-template.xml +++ b/security-admin/scripts/ranger-admin-site-template.xml @@ -160,6 +160,10 @@ ranger.audit.elasticsearch.urls + + ranger.audit.elasticsearch.protocol + + ranger.audit.elasticsearch.port diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 299a093a0..16864980d 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -94,6 +94,7 @@ javax_net_ssl_trustStore=$(get_prop 'javax_net_ssl_trustStore' $PROPFILE) javax_net_ssl_trustStorePassword=$(get_prop 'javax_net_ssl_trustStorePassword' $PROPFILE) audit_store=$(get_prop 'audit_store' $PROPFILE) audit_elasticsearch_urls=$(get_prop 'audit_elasticsearch_urls' $PROPFILE) +audit_elasticsearch_protocol=$(get_prop 'audit_elasticsearch_protocol' $PROPFILE) audit_elasticsearch_port=$(get_prop 'audit_elasticsearch_port' $PROPFILE) audit_elasticsearch_user=$(get_prop 'audit_elasticsearch_user' $PROPFILE) audit_elasticsearch_password=$(get_prop 'audit_elasticsearch_password' $PROPFILE) @@ -811,6 +812,10 @@ update_properties() { newPropertyValue=${audit_elasticsearch_urls} updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.audit.elasticsearch.protocol + newPropertyValue=${audit_elasticsearch_protocol} + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.audit.elasticsearch.port newPropertyValue=${audit_elasticsearch_port} updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger diff --git a/security-admin/scripts/upgrade_admin.py b/security-admin/scripts/upgrade_admin.py index d340bc603..345ca6302 100755 --- a/security-admin/scripts/upgrade_admin.py +++ b/security-admin/scripts/upgrade_admin.py @@ -112,6 +112,7 @@ config2xmlMAP = { 'xa.scheduler.enabled':'ranger.scheduler.enabled', 'xa.audit.store':'ranger.audit.source.type', 'audit_elasticsearch_urls':'ranger.audit.elasticsearch.urls', + 'audit_elasticsearch_protocol':'ranger.audit.elasticsearch.protocol', 'audit_elasticsearch_port':'ranger.audit.elasticsearch.port', 'audit_elasticsearch_user':'ranger.audit.elasticsearch.user', 'audit_elasticsearch_password':'ranger.audit.elasticsearch.password', diff --git a/security-admin/
(ranger) branch master updated: RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 02f796c4c RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database 02f796c4c is described below commit 02f796c4c7a8ba8804e6c0e9ac8ba3728b539cd1 Author: Ognjen Stanisavljevic AuthorDate: Thu Jun 27 21:07:28 2024 +0200 RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database Change-Id: Ibf9c28ff01605e32a64fee8c5b70c127ab7c121d Signed-off-by: PradeeP AgrawaL --- agents-audit/pom.xml | 2 +- pom.xml | 2 +- security-admin/scripts/ranger-admin-site-template.xml| 4 security-admin/scripts/setup.sh | 5 + security-admin/scripts/upgrade_admin.py | 1 + .../ranger/elasticsearch/ElasticSearchAccessAuditsService.java | 2 +- .../main/java/org/apache/ranger/solr/SolrAccessAuditsService.java| 2 +- security-admin/src/main/resources/conf.dist/ranger-admin-site.xml| 5 + .../ranger/elasticsearch/ElasticSearchAccessAuditsServiceTest.java | 1 + 9 files changed, 20 insertions(+), 4 deletions(-) diff --git a/agents-audit/pom.xml b/agents-audit/pom.xml index 7dcc6c267..06e81650f 100644 --- a/agents-audit/pom.xml +++ b/agents-audit/pom.xml @@ -312,7 +312,7 @@ org.apache.lucene lucene-spatial -${lucene.version} +8.4.0 org.apache.lucene diff --git a/pom.xml b/pom.xml index 529587295..5948d0f9d 100644 --- a/pom.xml +++ b/pom.xml @@ -244,7 +244,7 @@ 1.0.2 1.70 1.70 -8.4.0 +8.11.3 0.8.0 2.10.6 9.31 diff --git a/security-admin/scripts/ranger-admin-site-template.xml b/security-admin/scripts/ranger-admin-site-template.xml index dc4bb52de..b02ed174a 100644 --- a/security-admin/scripts/ranger-admin-site-template.xml +++ b/security-admin/scripts/ranger-admin-site-template.xml @@ -160,6 +160,10 @@ ranger.audit.elasticsearch.urls + + ranger.audit.elasticsearch.protocol + + ranger.audit.elasticsearch.port diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 299a093a0..16864980d 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -94,6 +94,7 @@ javax_net_ssl_trustStore=$(get_prop 'javax_net_ssl_trustStore' $PROPFILE) javax_net_ssl_trustStorePassword=$(get_prop 'javax_net_ssl_trustStorePassword' $PROPFILE) audit_store=$(get_prop 'audit_store' $PROPFILE) audit_elasticsearch_urls=$(get_prop 'audit_elasticsearch_urls' $PROPFILE) +audit_elasticsearch_protocol=$(get_prop 'audit_elasticsearch_protocol' $PROPFILE) audit_elasticsearch_port=$(get_prop 'audit_elasticsearch_port' $PROPFILE) audit_elasticsearch_user=$(get_prop 'audit_elasticsearch_user' $PROPFILE) audit_elasticsearch_password=$(get_prop 'audit_elasticsearch_password' $PROPFILE) @@ -811,6 +812,10 @@ update_properties() { newPropertyValue=${audit_elasticsearch_urls} updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.audit.elasticsearch.protocol + newPropertyValue=${audit_elasticsearch_protocol} + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.audit.elasticsearch.port newPropertyValue=${audit_elasticsearch_port} updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger diff --git a/security-admin/scripts/upgrade_admin.py b/security-admin/scripts/upgrade_admin.py index d340bc603..345ca6302 100755 --- a/security-admin/scripts/upgrade_admin.py +++ b/security-admin/scripts/upgrade_admin.py @@ -112,6 +112,7 @@ config2xmlMAP = { 'xa.scheduler.enabled':'ranger.scheduler.enabled', 'xa.audit.store':'ranger.audit.source.type', 'audit_elasticsearch_urls':'ranger.audit.elasticsearch.urls', + 'audit_elasticsearch_protocol':'ranger.audit.elasticsearch.protocol', 'audit_elasticsearch_port':'ranger.audit.elasticsearch.port', 'audit_elasticsearch_user':'ranger.audit.elasticsearch.user', 'audit_elasticsearch_password':'ranger.audit.elasticsearch.password', diff --git a/security-admin/src/mai
(ranger) branch master updated: RANGER-4711: Auditing SHOW GRANT Hive Command
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 2c90db088 RANGER-4711: Auditing SHOW GRANT Hive Command 2c90db088 is described below commit 2c90db08864d8bfd7ece860902439ae5abbc4920 Author: Guru Thejus Arveti AuthorDate: Thu Jun 6 15:31:20 2024 +0530 RANGER-4711: Auditing SHOW GRANT Hive Command Change-Id: I591e7baa7bbad06593ccc2721a6f2a91962731e5 Signed-off-by: PradeeP AgrawaL --- .../hive/authorizer/RangerHiveAuthorizer.java | 32 +- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index bcf8f2e07..4ba327337 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -30,6 +30,8 @@ import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; @@ -892,6 +894,34 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { RangerHiveResource resource = new RangerHiveResource(HiveObjectType.DATABASE, null); RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, roles, hiveOpType.name(), HiveAccessType.USE, context, sessionContext); requests.add(request); + } else if (hiveOpType == HiveOperationType.SHOW_GRANT) { + String command = context.getCommandString(); + String regexForShowGrantCommand = "SHOW GRANT\\s*(\\w+)?\\s*(\\w+)?\\s*ON\\s*(\\w+)?\\s*(\\S+)"; + Pattern pattern = Pattern.compile(regexForShowGrantCommand, Pattern.CASE_INSENSITIVE); + Matcher matcher = pattern.matcher(command); + + if (matcher.find()) { + String hiveObjectType = matcher.group(3); + String hiveObjectValue = matcher.group(4); + + String dbName = hiveObjectValue; + String tableName = ""; + if (hiveObjectValue.contains(".")) { + String[] parts = hiveObjectValue.split("\\."); + dbName = parts[0]; + tableName = parts[1]; + } + + if (hiveObjectType.toUpperCase().equals(HiveObjectType.DATABASE.name())) { + RangerHiveResource resource = new RangerHiveResource(HiveObjectType.DATABASE, dbName); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, roles, hiveOpType.name(), HiveAccessType.USE, context, sessionContext); + requests.add(request); + } else if (hiveObjectType.toUpperCase().equals(HiveObjectType.TABLE.name())) { + RangerHiveResource resource = new RangerHiveResource(HiveObjectType.TABLE, dbName, tableName); + RangerHiveAccessRequest request = new RangerHiveAccessRequest(resource, user, groups, roles, hiveOpType.name(), HiveAccessType.USE, context, sessionContext); + requests.add(request); + } + } } else if ( hiveOpType == HiveOperationType.REPLDUMP) { // This happens when REPL DUMP command with null inputHObjs is sent in checkPrivileges() // following parsing is done for Audit info @@ -1870,6 +1900,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { /
(ranger) branch master updated: RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new b209e6152 RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33 b209e6152 is described below commit b209e61528b3d01d463e43c0b0bff02657939b11 Author: Pradeep Agrawal AuthorDate: Wed Mar 20 13:42:28 2024 +0530 RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33 Change-Id: Iadf5feb8a527c182958ad401a010a56ed20a5f7d --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 23bf43457..efd152040 100644 --- a/pom.xml +++ b/pom.xml @@ -200,9 +200,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.11 -5.3.32 -5.3.32 + 5.7.12 +5.3.33 +5.3.33 1.99.7 1.2.4 1.19
(ranger) branch master updated: RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new c45a1c0a6 RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32 c45a1c0a6 is described below commit c45a1c0a60b58a898f5b3387d11f5bc25e1f154e Author: Pradeep Agrawal AuthorDate: Mon Feb 26 20:58:45 2024 +0530 RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32 Change-Id: I476d2e6ad8c9c0f6dd096741e1773952b4fc63f4 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index b40fbcc5a..cec2390f2 100644 --- a/pom.xml +++ b/pom.xml @@ -200,9 +200,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.10 -5.3.29 -5.3.29 + 5.7.11 +5.3.32 +5.3.32 1.99.7 1.2.4 1.19
(ranger) branch master updated: RANGER-4689: Fix Ranger Javapatch failure even if service-defs do not exist in ranger DB
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 4280c517c RANGER-4689: Fix Ranger Javapatch failure even if service-defs do not exist in ranger DB 4280c517c is described below commit 4280c517c1e26009a01e30acc55a7de54cf5f7c1 Author: Pradeep Agrawal AuthorDate: Tue Feb 6 15:12:28 2024 +0530 RANGER-4689: Fix Ranger Javapatch failure even if service-defs do not exist in ranger DB Change-Id: If3169baaeefe10e4cfd283031763286c320e1e27 --- .../PatchForHBaseServiceDefUpdate_J10035.java | 4 ++-- .../patch/PatchForHiveServiceDefUpdate_J10027.java | 4 ++-- ...atchForMigratingOldRegimePolicyJson_J10046.java | 28 -- ...PatchForOzoneServiceDefConfigUpdate_J10051.java | 4 ++-- .../PatchForOzoneServiceDefUpdate_J10041.java | 4 ++-- .../patch/PatchForTagServiceDefUpdate_J10028.java | 4 ++-- .../patch/PatchForUpdatingPolicyJson_J10019.java | 28 -- 7 files changed, 42 insertions(+), 34 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java index 75fa78ad9..ecda77a4e 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java @@ -137,8 +137,8 @@ public class PatchForHBaseServiceDefUpdate_J10035 extends BaseLoader { jsonPreUpdate = xXServiceDefObj.getDefOptions(); serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate); } else { -logger.error("HBase service-definition does not exist in the Ranger DAO."); -return false; +logger.error("HBase service-definition does not exist in the Ranger DAO. No patching is needed!!"); +return true; } dbHBaseServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME); diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java index fa319bdb8..24cf14fa1 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java @@ -137,8 +137,8 @@ public class PatchForHiveServiceDefUpdate_J10027 extends BaseLoader { jsonPreUpdate = xXServiceDefObj.getDefOptions(); serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate); } else { - logger.error("Hive service-definition does not exist in the Ranger DAO."); - return false; + logger.error("Hive service-definition does not exist in the Ranger DAO. No patching is needed!!"); + return true; } dbHiveServiceDef = svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME); diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java index dbffc5663..4dfe72aed 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java @@ -291,9 +291,10 @@ public class PatchForMigratingOldRegimePolicyJson_J10046 extends BaseLoader { resourceNameIdMap.put(serviceType, serviceDefResourceNameIDMap); XXServiceDef dbServiceDef = daoMgr.getXXServiceDef().findByName(serviceType); - - for (XXResourceDef resourceDef : daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) { - serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId()); + if (dbServiceDef != null) { + for (XXResourceDef resourceDef : daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) { + serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId()); + } } } @@ -423,9 +424,10 @@ public class PatchForMigratingOldReg
(ranger) branch master updated: RANGER-4438: Read JAVA_OPTS in ranger db setup python script
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 9146ff44f RANGER-4438: Read JAVA_OPTS in ranger db setup python script 9146ff44f is described below commit 9146ff44fc5bd7c27ca70c564c02cd98f8ab4a43 Author: Pradeep Agrawal AuthorDate: Wed Sep 27 17:10:12 2023 +0530 RANGER-4438: Read JAVA_OPTS in ranger db setup python script Change-Id: I9e68a77b95f1b4320d7af0b1642eb8c8438faff3 --- kms/scripts/db_setup.py | 44 +++- kms/scripts/install.properties | 1 + kms/scripts/setup.sh | 2 ++ security-admin/scripts/changepasswordutil.py | 7 +++-- security-admin/scripts/db_setup.py | 10 +-- security-admin/scripts/install.properties| 1 + security-admin/scripts/setup.sh | 3 ++ 7 files changed, 43 insertions(+), 25 deletions(-) diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py index d21a6ac75..f1a6bce57 100644 --- a/kms/scripts/db_setup.py +++ b/kms/scripts/db_setup.py @@ -38,6 +38,10 @@ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME") if RANGER_KMS_HOME is None: RANGER_KMS_HOME = os.getcwd() +JAVA_OPTS = os.getenv("JAVA_OPTS") +if JAVA_OPTS is None: + JAVA_OPTS = "" + def check_output(query): if is_unix: p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) @@ -135,14 +139,14 @@ class MysqlConf(BaseDB): self.JAVA_BIN = self.JAVA_BIN.strip("'") if is_unix: if self.is_db_override_jdbc_connection_string == 'true' and self.db_override_jdbc_connection_string is not None and len(self.db_override_jdbc_connection_string) > 0: - jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password) + jisql_cmd = "%s %s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password) else: - jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password) + jisql_cmd = "%s %s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password) elif os_name == "WINDOWS": if self.is_db_override_jdbc_connection_string == 'true' and self.db_override_jdbc_connection_string is not None and len(self.db_override_jdbc_connection_string) > 0: - jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.db_override_jdbc_connection_string,user, password) + jisql_cmd = "%s %s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.db_override_jdbc_connection_string,user, password) else: - jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name,db_ssl_param,user, password) + jisql_cmd = "%s %s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name,db_ssl_param,user, password) return jisql_cmd def ch
[ranger] branch master updated: RANGER-4421: Upgrade Tomcat to 8.5.93
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 0b8eb1c15 RANGER-4421: Upgrade Tomcat to 8.5.93 0b8eb1c15 is described below commit 0b8eb1c15338de978adc5b80e92b39eb410d37d2 Author: Sanket-Shelar AuthorDate: Wed Sep 20 11:09:46 2023 +0530 RANGER-4421: Upgrade Tomcat to 8.5.93 Signed-off-by: Pradeep Agrawal Change-Id: I7e2353df31a92627f2e224565aad09d0bf2439ab --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b6f5e62b..115580ada 100644 --- a/pom.xml +++ b/pom.xml @@ -206,7 +206,7 @@ 1.99.7 1.2.4 1.19 -8.5.89 +8.5.93 7.0.0 2.3 3.5.5
[ranger] branch master updated: RANGER-4422: Searching for users/groups with Sync source filter on the users/groups page leads to error on Oracle DB
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 58173c815 RANGER-4422: Searching for users/groups with Sync source filter on the users/groups page leads to error on Oracle DB 58173c815 is described below commit 58173c8154baea1b4616109bbd3acd8203f7fce0 Author: Pradeep Agrawal AuthorDate: Wed Sep 20 15:51:28 2023 +0530 RANGER-4422: Searching for users/groups with Sync source filter on the users/groups page leads to error on Oracle DB Change-Id: I4e464eb85019dcd80ef86a35bb6916c8592368ff --- .../src/main/java/org/apache/ranger/service/XGroupService.java | 2 +- .../src/main/java/org/apache/ranger/service/XUserService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java index 650760304..1f033b33d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java @@ -81,7 +81,7 @@ public class XGroupService extends XGroupServiceBase { "XXGroupUser groupUser", "obj.id = groupUser.parentGroupId")); searchFields.add(new SearchField("syncSource", "obj.syncSource", - SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); + SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); createdByUserId = PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1); diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java index d7c011ca3..166efe82c 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java @@ -122,7 +122,7 @@ public class XUserService extends XUserServiceBase { "xXPortalUser.id=xXPortalUserRole.userId and xXPortalUser.loginId = obj.name ")); searchFields.add(new SearchField("syncSource", "obj.syncSource", - SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); + SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); createdByUserId = PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1);
[ranger] branch master updated: RANGER-4382: Improve exportCSV download time
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 80e67e076 RANGER-4382: Improve exportCSV download time 80e67e076 is described below commit 80e67e07638ccbe13841c0f8daeff4afbd7f7621 Author: Pradeep Agrawal AuthorDate: Fri Sep 8 14:47:35 2023 +0530 RANGER-4382: Improve exportCSV download time Change-Id: Iafd2754259a5c158b0faed54a410f659cd9c1f8d --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 1028 ++-- .../java/org/apache/ranger/rest/ServiceREST.java | 49 +- 2 files changed, 519 insertions(+), 558 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 036dbfec6..84b096e9b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -4080,8 +4080,7 @@ public class ServiceDBStore extends AbstractServiceStore { return false; } -private void writeExcel(List policies, String excelFileName, -HttpServletResponse response) throws IOException { + private void writeExcel(List policies, String excelFileName, HttpServletResponse response) throws IOException { Workbook workbook = null; OutputStream outStream = null; try { @@ -4090,86 +4089,71 @@ public class ServiceDBStore extends AbstractServiceStore { createHeaderRow(sheet); int rowCount = 0; if (!CollectionUtils.isEmpty(policies)) { + Map svcNameToSvcType = new HashMap<>(); for (RangerPolicy policy : policies) { -List policyItems = policy -.getPolicyItems(); -List rowFilterPolicyItems = policy - .getRowFilterPolicyItems(); -List dataMaskPolicyItems = policy - .getDataMaskPolicyItems(); -List allowExceptions = policy -.getAllowExceptions(); -List denyExceptions = policy -.getDenyExceptions(); -List denyPolicyItems = policy -.getDenyPolicyItems(); -XXService xxservice = daoMgr.getXXService().findByName( -policy.getService()); -String serviceType = ""; -if (xxservice != null) { -Long ServiceId = xxservice.getType(); -XXServiceDef xxservDef = daoMgr.getXXServiceDef() - .getById(ServiceId); -if (xxservDef != null) { -serviceType = xxservDef.getName(); -} -} + List policyItems = policy.getPolicyItems(); + List rowFilterPolicyItems = policy.getRowFilterPolicyItems(); + List dataMaskPolicyItems = policy.getDataMaskPolicyItems(); + List allowExceptions = policy.getAllowExceptions(); + List denyExceptions = policy.getDenyExceptions(); + List denyPolicyItems = policy.getDenyPolicyItems(); + + String serviceType = policy.getServiceType(); + if (StringUtils.isBlank(serviceType)) { + serviceType = svcNameToSvcType.get(policy.getService()); + if (StringUtils.isBlank(serviceType)) { + serviceType = daoMgr.getXXServiceDef().findServiceDefTypeByServiceName(policy.getService()); + if (StringUtils.isNotB
[ranger] branch master updated: RANGER-4285: [Best practices] Change java patch seq J10057 to J10060
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 82af76567 RANGER-4285: [Best practices] Change java patch seq J10057 to J10060 82af76567 is described below commit 82af76567cbdf663a48b3fcfaefaa3fc0e77aa8b Author: Sanket-Shelar AuthorDate: Thu Aug 31 12:51:14 2023 +0530 RANGER-4285: [Best practices] Change java patch seq J10057 to J10060 Signed-off-by: Pradeep Agrawal Change-Id: I8bea7bb1f41f9d6ef87f4dde898657d22d2420e6 --- .../db/mysql/optimized/current/ranger_core_db_mysql.sql| 2 +- .../db/oracle/optimized/current/ranger_core_db_oracle.sql | 2 +- .../postgres/optimized/current/ranger_core_db_postgres.sql | 2 +- .../optimized/current/ranger_core_db_sqlanywhere.sql | 2 +- .../optimized/current/ranger_core_db_sqlserver.sql | 2 +- ...chForAllServiceDefForPolicyConditionUpdate_J10060.java} | 14 +++--- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index a5166a5b2..c4b729c9c 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1879,5 +1879,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10055',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10056',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); -INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10057',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10060',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 26db314bc..c3d236206 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -2068,6 +2068,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10054',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10055',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10056',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); -INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10057',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10060',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); commit; diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/curr
[ranger] branch master updated: RANGER-4353: Introduce option in Ranger to control retention period of x_trx_log table data
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new fde454390 RANGER-4353: Introduce option in Ranger to control retention period of x_trx_log table data fde454390 is described below commit fde454390e99cb60db125a0ba2241e9807f77b39 Author: Pradeep AgrawaL AuthorDate: Mon Aug 21 16:41:17 2023 +0530 RANGER-4353: Introduce option in Ranger to control retention period of x_trx_log table data Change-Id: Icd3bdade26181afaee2abb54fb866e10a24217e4 --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 34 ++ .../org/apache/ranger/db/XXAuthSessionDao.java | 17 ++- .../java/org/apache/ranger/db/XXTrxLogDao.java | 12 .../java/org/apache/ranger/rest/ServiceREST.java | 8 +++-- .../main/resources/META-INF/jpa_named_queries.xml | 7 + .../main/resources/conf.dist/ranger-admin-site.xml | 9 ++ 6 files changed, 78 insertions(+), 9 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index ed1ea0376..9b02229e1 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -253,6 +253,8 @@ public class ServiceDBStore extends AbstractServiceStore { public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3; public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false; public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0; + public static boolean SUPPORTS_PURGE_TRANSACTION_RECORDS = false; + public static Integer TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS = 0; private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin."; public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters"; @@ -398,6 +400,8 @@ public class ServiceDBStore extends AbstractServiceStore { SUPPORTS_PURGE_LOGIN_RECORDS = config.getBoolean("ranger.admin.init.purge.login_records", false); LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.init.purge.login_records.retention.days", 0); + SUPPORTS_PURGE_TRANSACTION_RECORDS = config.getBoolean("ranger.admin.init.purge.transaction_records", false); + TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.init.purge.transaction_records.retention.days", 0); isRolesDownloadedByService = config.getBoolean("ranger.support.for.service.specific.role.download", false); SUPPORTS_IN_PLACE_POLICY_UPDATES= SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" + RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES, RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT); @@ -407,6 +411,8 @@ public class ServiceDBStore extends AbstractServiceStore { LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS); LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS); LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" + LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS); + LOG.info("SUPPORTS_PURGE_TRANSACTION_RECORDS=" + SUPPORTS_PURGE_TRANSACTION_RECORDS); + LOG.info("TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS=" + TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS); LOG.info("isRolesDownloadedByService=" + isRolesDownloadedByService); LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" + SUPPORTS_IN_PLACE_POLICY_UPDATES); @@ -427,6 +433,9 @@ public class ServiceDBStore extends AbstractServiceStore { if (SUPPORTS_PURGE_LOGIN_RECORDS) { removeAuthSessions(LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS); } + if (SUPPORTS_PURGE_TRANSACTION_RECORDS) { + removeTransactionLogs(TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS);
[ranger] branch master updated: RANGER-4337: Upgrade spring-framework and spring-security
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new f46357f16 RANGER-4337: Upgrade spring-framework and spring-security f46357f16 is described below commit f46357f1647aca98f10bb2e5824bde9955ad2fb2 Author: Pradeep AgrawaL AuthorDate: Tue Aug 1 15:31:37 2023 +0530 RANGER-4337: Upgrade spring-framework and spring-security --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index d4f626202..c7a860650 100644 --- a/pom.xml +++ b/pom.xml @@ -199,9 +199,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.8 -5.3.27 -5.3.27 + 5.7.10 +5.3.29 +5.3.29 1.99.7 1.2.4 1.19
[ranger] branch master updated: RANGER-4308: Upgrade netty to 4.1.94-final
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 7cac1d330 RANGER-4308: Upgrade netty to 4.1.94-final 7cac1d330 is described below commit 7cac1d33090951e2f9dc62b51dc554d84083a03d Author: Pradeep AgrawaL AuthorDate: Thu Jul 6 12:38:56 2023 +0530 RANGER-4308: Upgrade netty to 4.1.94-final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9fc946731..518202b90 100644 --- a/pom.xml +++ b/pom.xml @@ -177,7 +177,7 @@ 3.0.0 1.10.19 5.1.49 -4.1.85.Final +4.1.94.Final 0.8 1.6.7 20211018.2
[ranger] branch master updated: RANGER-2895: Replace c3p0 connection pool with HikariCP
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 846031985 RANGER-2895: Replace c3p0 connection pool with HikariCP 846031985 is described below commit 846031985cae70f7a8c5e92faf186948a302260e Author: Pradeep AgrawaL AuthorDate: Wed Jun 7 18:39:25 2023 +0530 RANGER-2895: Replace c3p0 connection pool with HikariCP --- pom.xml| 4 +- security-admin/pom.xml | 6 +- .../scripts/ranger-admin-site-template.xml | 10 +-- security-admin/scripts/upgrade_admin.py| 9 +- .../org/apache/ranger/db/RangerDaoManager.java | 6 -- .../org/apache/ranger/db/XXAccessAuditDao.java | 2 +- .../src/main/resources/META-INF/persistence.xml| 10 --- .../conf.dist/ranger-admin-default-site.xml| 18 ++-- .../main/webapp/META-INF/applicationContext.xml| 98 +++--- 9 files changed, 32 insertions(+), 131 deletions(-) diff --git a/pom.xml b/pom.xml index 9a6667ad2..9fc946731 100644 --- a/pom.xml +++ b/pom.xml @@ -87,7 +87,7 @@ 1.3.7 1.1.3 1.70 -0.9.5.5 +4.0.3 2.2.0-b23 3.1.0 8.29 @@ -176,7 +176,7 @@ 3.0.2 3.0.0 1.10.19 -5.1.31 +5.1.49 4.1.85.Final 0.8 1.6.7 diff --git a/security-admin/pom.xml b/security-admin/pom.xml index 25aaa0e58..08d289590 100644 --- a/security-admin/pom.xml +++ b/security-admin/pom.xml @@ -46,9 +46,9 @@ ${asm.all.version} -com.mchange -c3p0 -${c3p0.version} +com.zaxxer +HikariCP +${HikariCP.version} org.glassfish.hk2.external diff --git a/security-admin/scripts/ranger-admin-site-template.xml b/security-admin/scripts/ranger-admin-site-template.xml index 037260f50..dc4bb52de 100644 --- a/security-admin/scripts/ranger-admin-site-template.xml +++ b/security-admin/scripts/ranger-admin-site-template.xml @@ -117,25 +117,21 @@ - ranger.jpa.jdbc.initialpoolsize + ranger.jpa.jdbc.idletimeout - ranger.jpa.jdbc.maxidletime + ranger.jpa.jdbc.maxlifetime - ranger.jpa.jdbc.maxstatements + ranger.jpa.jdbc.connectiontimeout ranger.jpa.jdbc.preferredtestquery - - ranger.jpa.jdbc.idleconnectiontestperiod - - ranger.jpa.jdbc.credential.alias diff --git a/security-admin/scripts/upgrade_admin.py b/security-admin/scripts/upgrade_admin.py index 85f57b8ce..d340bc603 100755 --- a/security-admin/scripts/upgrade_admin.py +++ b/security-admin/scripts/upgrade_admin.py @@ -102,11 +102,10 @@ config2xmlMAP = { 'jdbc.password':'ranger.jpa.jdbc.password', 'jdbc.maxPoolSize':'ranger.jpa.jdbc.maxpoolsize', 'jdbc.minPoolSize':'ranger.jpa.jdbc.minpoolsize', - 'jdbc.initialPoolSize':'ranger.jpa.jdbc.initialpoolsize', - 'jdbc.maxIdleTime':'ranger.jpa.jdbc.maxidletime', - 'jdbc.maxStatements':'ranger.jpa.jdbc.maxstatements', - 'jdbc.preferredTestQuery':'ranger.jpa.jdbc.preferredtestquery', - 'jdbc.idleConnectionTestPeriod':'ranger.jpa.jdbc.idleconnectiontestperiod', + 'jdbc.idleTimeout':'ranger.jpa.jdbc.idletimeout', + 'jdbc.maxLifetime':'ranger.jpa.jdbc.maxlifetime', + 'jdbc.connectionTimeout':'ranger.jpa.jdbc.connectiontimeout', +'jdbc.preferredTestQuery':'ranger.jpa.jdbc.preferredTestQuery', 'xaDB.jdbc.credential.alias':'ranger.jpa.jdbc.credential.alias', 'xaDB.jdbc.credential.provider.path':'ranger.jpa.jdbc.credential.provider.path', 'xa.logs.base.dir':'ranger.logs.base.dir', diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java index 44375e5ac..81f9a1681 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java +++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java @@ -38,9 +38,6 @@ public class RangerDaoManager extends RangerDaoManagerBase { @PersistenceContext(unitName = "defaultPU") private EntityM
[ranger] branch master updated: RANGER-4242: Ranger Upgrade is failing
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 2ab2fd44d RANGER-4242: Ranger Upgrade is failing 2ab2fd44d is described below commit 2ab2fd44d1fcb004eb832abcda1bf46d40a2872a Author: Pradeep Agrawal AuthorDate: Tue May 23 11:05:30 2023 +0530 RANGER-4242: Ranger Upgrade is failing --- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 6 +++ ...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java | 30 +- ...ForUpdateToUniqueResoureceSignature_J10053.java | 47 +++--- 3 files changed, 76 insertions(+), 7 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java index f5f9f8956..e6c6954a4 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java @@ -370,6 +370,9 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { newPolicyForNewResource.setConditions(exPolicy.getConditions()); newPolicyForNewResource.setIsDenyAllElse(exPolicy.getIsDenyAllElse()); newPolicyForNewResource.setZoneName(exPolicy.getZoneName()); + newPolicyForNewResource.setIsEnabled(exPolicy.getIsEnabled()); + newPolicyForNewResource.setIsAuditEnabled(exPolicy.getIsAuditEnabled()); + newPolicyForNewResource.setPolicyType(exPolicy.getPolicyType()); try { if (isAllResources) { @@ -406,6 +409,9 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { newPolicy.setResources(resForNewPol); newPolicy.setResourceSignature(null); newPolicy.setGuid(null); +if (logger.isDebugEnabled()) { +logger.debug("newPolicy:"+newPolicy); +} this.svcDBStore.createPolicy(newPolicy); } diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java index e6ae57fc8..2c5939009 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java @@ -133,7 +133,7 @@ public class PatchPreSql_057_ForUpdateToUniqueGUID_J10052 extends BaseLoader { isFirstElement = false; continue; } - RangerPolicy policy = svcStore.getPolicy(xxPolicy.getId()); + RangerPolicy policy = getPolicy(xxPolicy); if (policy != null) { guid = guidUtil.genGUID(); xxPolicy.setGuid(guid); @@ -157,4 +157,32 @@ public class PatchPreSql_057_ForUpdateToUniqueGUID_J10052 extends BaseLoader { logger.info("No zone or service found"); } } + + private RangerPolicy getPolicy(final XXPolicy xPolicy) { + final RangerPolicy ret; + + if (xPolicy != null) { + String policyText = xPolicy.getPolicyText(); + if (logger.isDebugEnabled()) { + logger.debug("Ranger Policy text:[" + policyText + "]"); + } + ret = JsonUtils.jsonToObject(policyText, RangerPolicy.class); + + if (ret != null) { + ret.setId(xPolicy.getId()); + ret.setGuid(xPolicy.getGuid()); + ret.setCreateTime(xPolicy.getCreateTime()); + ret.setUpdateTime(xPolicy.getUpdateTime()); + ret.setVersion(xPolicy.getVersion()); + ret.setPolicyType(xPolicy.getPolicyType() == null ? RangerPolicy.PO
[ranger] branch master updated: RANGER-4274: Change sql patch sequence 075 to 066
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 88bcc539b RANGER-4274: Change sql patch sequence 075 to 066 88bcc539b is described below commit 88bcc539bc32d31b6d2dfcfcf3b0e55cd424de20 Author: Pradeep Agrawal AuthorDate: Thu Jun 15 11:13:00 2023 +0530 RANGER-4274: Change sql patch sequence 075 to 066 --- security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql | 2 +- ...75-create-sz-role-ref-table.sql => 066-create-sz-role-ref-table.sql} | 0 security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql| 2 +- ...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0 .../db/postgres/optimized/current/ranger_core_db_postgres.sql | 2 +- ...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0 .../db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql | 2 +- ...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0 .../db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql | 2 +- ...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0 10 files changed, 5 insertions(+), 5 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index ac1fa1509..a3b05d851 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1831,7 +1831,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); -INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('075',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('066',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/mysql/patches/075-create-sz-role-ref-table.sql b/security-admin/db/mysql/patches/066-create-sz-role-ref-table.sql similarity index 100% rename from security-admin/db/mysql/patches/075-create-sz-role-ref-table.sql rename to security-admin/db/mysql/patches/066-create-sz-role-ref-table.sql diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index a4d145de0..91ec963ed 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -1992,7 +1992,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval, '059',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval, '060',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval, '065',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); -INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval, '075',sys_extract_utc(systimestamp),'Ranger 3.0.0',sy
[ranger] 01/02: RANGER-4262: Upgrade aws-java-sdk to 1.12.481
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 27456a9c634cd3747da890a34d1d765d91685224 Author: Pradeep AgrawaL AuthorDate: Tue Jun 6 10:17:03 2023 +0530 RANGER-4262: Upgrade aws-java-sdk to 1.12.481 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3d4a755a2..ec01430fe 100644 --- a/pom.xml +++ b/pom.xml @@ -247,7 +247,7 @@ 0.8.0 2.10.6 9.31 -1.12.125 +1.12.481 2.3.0
[ranger] branch master updated (cb65abc86 -> 00267ed13)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from cb65abc86 RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2 new 27456a9c6 RANGER-4262: Upgrade aws-java-sdk to 1.12.481 new 00267ed13 RANGER-4257: Upgrade Tomcat to 8.5.89 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
[ranger] 02/02: RANGER-4257: Upgrade Tomcat to 8.5.89
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 00267ed13ebd653c028a09cf5f0cf13abf4ed8a3 Author: Pradeep AgrawaL AuthorDate: Tue May 30 16:58:46 2023 +0530 RANGER-4257: Upgrade Tomcat to 8.5.89 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ec01430fe..9a6667ad2 100644 --- a/pom.xml +++ b/pom.xml @@ -205,7 +205,7 @@ 1.99.7 1.2.4 1.19 -8.5.86 +8.5.89 7.0.0 2.3 3.5.5
[ranger] branch ranger-2.4 updated: RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 23c42c7b0 RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data 23c42c7b0 is described below commit 23c42c7b0562a2c724ffa557e6a4723eaa7bb8d4 Author: Pradeep AgrawaL AuthorDate: Thu May 25 18:21:54 2023 +0530 RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 42 ++ .../main/java/org/apache/ranger/biz/XUserMgr.java | 1 - .../org/apache/ranger/db/XXAuthSessionDao.java | 19 -- .../java/org/apache/ranger/rest/PublicAPIsv2.java | 15 .../java/org/apache/ranger/rest/ServiceREST.java | 39 .../main/resources/META-INF/jpa_named_queries.xml | 4 +++ .../main/resources/conf.dist/ranger-admin-site.xml | 8 + 7 files changed, 125 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index a871700b5..2b6bfd271 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -247,6 +247,8 @@ public class ServiceDBStore extends AbstractServiceStore { public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES = false; public static Integer RETENTION_PERIOD_IN_DAYS = 7; public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3; + public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false; + public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0; private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin."; public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters"; @@ -389,9 +391,21 @@ public class ServiceDBStore extends AbstractServiceStore { SUPPORTS_POLICY_DELTAS = config.getBoolean("ranger.admin" + RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA, RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA_DEFAULT); RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.delta.retention.time.in.days", 7); TAG_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.tag.delta.retention.time.in.days", 3); + + SUPPORTS_PURGE_LOGIN_RECORDS = config.getBoolean("ranger.admin.init.purge.login_records", false); + LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.init.purge.login_records.retention.days", 0); + isRolesDownloadedByService = config.getBoolean("ranger.support.for.service.specific.role.download", false); SUPPORTS_IN_PLACE_POLICY_UPDATES= SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" + RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES, RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT); + LOG.info("SUPPORTS_POLICY_DELTAS=" + SUPPORTS_POLICY_DELTAS); + LOG.info("RETENTION_PERIOD_IN_DAYS=" + RETENTION_PERIOD_IN_DAYS); + LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS); + LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS); + LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" + LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS); + LOG.info("isRolesDownloadedByService=" + isRolesDownloadedByService); + LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" + SUPPORTS_IN_PLACE_POLICY_UPDATES); + TransactionTemplate txTemplate = new TransactionTemplate(txManager); final ServiceDBStore dbStore = this; @@ -406,6 +420,9 @@ public class ServiceDBStore extends AbstractServiceStore { createGenericUsers(); resetPolicyUpdateLog(RETENTION_PERIOD_IN_DAYS, RangerPolicyDelta.CHANGE_TYPE_RANGER_ADMIN_START);
[ranger] branch master updated: RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new a07dbb804 RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data a07dbb804 is described below commit a07dbb8049dab1419fb983fc685211675292af49 Author: Pradeep AgrawaL AuthorDate: Thu May 25 18:21:54 2023 +0530 RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 36 .../org/apache/ranger/db/XXAuthSessionDao.java | 19 +-- .../java/org/apache/ranger/rest/PublicAPIsv2.java | 15 + .../java/org/apache/ranger/rest/ServiceREST.java | 39 ++ .../main/resources/META-INF/jpa_named_queries.xml | 4 +++ .../main/resources/conf.dist/ranger-admin-site.xml | 8 + 6 files changed, 119 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 04aee289e..356b01f3c 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -249,6 +249,8 @@ public class ServiceDBStore extends AbstractServiceStore { public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES = false; public static Integer RETENTION_PERIOD_IN_DAYS = 7; public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3; + public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false; + public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0; private static final String RANGER_PLUGIN_CONFIG_PREFIX = "ranger.plugin."; public static final String RANGER_PLUGIN_AUDIT_FILTERS = "ranger.plugin.audit.filters"; @@ -391,12 +393,18 @@ public class ServiceDBStore extends AbstractServiceStore { SUPPORTS_POLICY_DELTAS = config.getBoolean("ranger.admin" + RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA, RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA_DEFAULT); RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.delta.retention.time.in.days", 7); TAG_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.tag.delta.retention.time.in.days", 3); + + SUPPORTS_PURGE_LOGIN_RECORDS = config.getBoolean("ranger.admin.init.purge.login_records", false); + LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = config.getInt("ranger.admin.init.purge.login_records.retention.days", 0); + isRolesDownloadedByService = config.getBoolean("ranger.support.for.service.specific.role.download", false); SUPPORTS_IN_PLACE_POLICY_UPDATES= SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" + RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES, RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT); LOG.info("SUPPORTS_POLICY_DELTAS=" + SUPPORTS_POLICY_DELTAS); LOG.info("RETENTION_PERIOD_IN_DAYS=" + RETENTION_PERIOD_IN_DAYS); LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS); + LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS); + LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" + LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS); LOG.info("isRolesDownloadedByService=" + isRolesDownloadedByService); LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" + SUPPORTS_IN_PLACE_POLICY_UPDATES); @@ -414,6 +422,9 @@ public class ServiceDBStore extends AbstractServiceStore { createGenericUsers(); resetPolicyUpdateLog(RETENTION_PERIOD_IN_DAYS, RangerPolicyDelta.CHANGE_TYPE_RANGER_ADMIN_START); resetTagUpdateLog(TAG_RETENTION_PERIOD_IN_DAYS, ServiceTags.TagsChangeType.RANGER_ADMIN_START); +
[ranger] branch master updated: RANGER-4245: Upgrade derby, spring-ldap and testng libraries
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 56db102e8 RANGER-4245: Upgrade derby, spring-ldap and testng libraries 56db102e8 is described below commit 56db102e8804672367e539bcc4b90b8e7cdce9ad Author: Pradeep Agrawal AuthorDate: Mon May 22 16:19:18 2023 +0530 RANGER-4245: Upgrade derby, spring-ldap and testng libraries --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 29a38830e..ca1c5d5d3 100644 --- a/pom.xml +++ b/pom.xml @@ -111,7 +111,7 @@ 1.10.0 5.4.0 5.4.0 -10.11.1.1 +10.14.2.0 2.1.7 2.7.12 7.10.2 @@ -198,7 +198,7 @@ 1.7.32 1.7.32 8.11.2 -2.3.8.RELEASE +2.4.1 5.7.8 5.3.27 5.3.27 @@ -206,7 +206,7 @@ 1.2.4 1.19 8.5.86 -6.9.4 +7.0.0 2.3 3.5.5 4.2.1
[ranger] branch ranger-2.4 updated: RANGER-4241: Fix sql patch 65 syntax issue for oracle db
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 613c62c9c RANGER-4241: Fix sql patch 65 syntax issue for oracle db 613c62c9c is described below commit 613c62c9cc32a00074600f9739153230cf8a25eb Author: Pradeep Agrawal AuthorDate: Tue May 16 19:53:31 2023 +0530 RANGER-4241: Fix sql patch 65 syntax issue for oracle db --- .../065-add-uk-on-x_rms_service_resource-resource_signature.sql| 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql index f91dfef06..f19630ca8 100644 --- a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql +++ b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql @@ -12,7 +12,6 @@ -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. --- sync_source_info CLOB NOT NULL, DECLARE v_index_exists number:=0; @@ -30,7 +29,7 @@ BEGIN commit; SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME = upper('x_rms_svc_res_IDX_res_sgn') AND TABLE_NAME= upper('x_rms_service_resource'); IF (v_index_exists > 0) THEN -EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn ON x_rms_service_resource(resource_signature)'; +EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn'; commit; END IF;
[ranger] branch master updated: RANGER-4241: Fix sql patch 65 syntax issue for oracle db
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new d1a5ee36a RANGER-4241: Fix sql patch 65 syntax issue for oracle db d1a5ee36a is described below commit d1a5ee36ac458fe9f87e7e6a5ae320a74c09f703 Author: Pradeep Agrawal AuthorDate: Tue May 16 19:53:31 2023 +0530 RANGER-4241: Fix sql patch 65 syntax issue for oracle db --- .../065-add-uk-on-x_rms_service_resource-resource_signature.sql| 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql index f91dfef06..f19630ca8 100644 --- a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql +++ b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql @@ -12,7 +12,6 @@ -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. --- sync_source_info CLOB NOT NULL, DECLARE v_index_exists number:=0; @@ -30,7 +29,7 @@ BEGIN commit; SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME = upper('x_rms_svc_res_IDX_res_sgn') AND TABLE_NAME= upper('x_rms_service_resource'); IF (v_index_exists > 0) THEN -EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn ON x_rms_service_resource(resource_signature)'; +EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn'; commit; END IF;
[ranger] branch master updated (54a2cd0a4 -> 576cb642a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 54a2cd0a4 RANGER-4235: security-zone persistence optimized to avoid creation of unnecessary ref table entries new dd6954457 RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15 new 576cb642a RANGER-4232: Upgrade Spring Security to 5.7.8 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: distro/src/main/assembly/admin-web.xml | 2 +- plugin-ozone/pom.xml | 9 + pom.xml| 10 +- ranger-ozone-plugin-shim/pom.xml | 9 + 4 files changed, 24 insertions(+), 6 deletions(-)
[ranger] 02/02: RANGER-4232: Upgrade Spring Security to 5.7.8
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 576cb642af672532fd789a9405c1c4ee4d42e43d Author: Pradeep AgrawaL AuthorDate: Mon May 15 10:32:46 2023 +0530 RANGER-4232: Upgrade Spring Security to 5.7.8 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cd4d58fa4..29a38830e 100644 --- a/pom.xml +++ b/pom.xml @@ -199,7 +199,7 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.5 + 5.7.8 5.3.27 5.3.27 1.99.7
[ranger] 01/02: RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit dd6954457e27c1d9a4c827c6afea8a3e0952448e Author: Pradeep Agrawal AuthorDate: Mon May 8 13:30:15 2023 +0530 RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15 --- distro/src/main/assembly/admin-web.xml | 2 +- plugin-ozone/pom.xml | 9 + pom.xml| 8 ranger-ozone-plugin-shim/pom.xml | 9 + 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/distro/src/main/assembly/admin-web.xml b/distro/src/main/assembly/admin-web.xml index b29b83347..245d9ca09 100644 --- a/distro/src/main/assembly/admin-web.xml +++ b/distro/src/main/assembly/admin-web.xml @@ -189,7 +189,7 @@ org.apache.ratis:ratis-proto:jar:${ratis.version} org.apache.ratis:ratis-thirdparty-misc:jar:${ratis-thirdparty.version} org.apache.commons:commons-compress:jar:1.4.1 - org.bouncycastle:bcpkix-jdk15on + org.bouncycastle:bcpkix-jdk15on:jar:${org.bouncycastle.bcpkix-jdk15on} commons-net:commons-net:jar:${commons.net.version} com.google.guava:guava io.jaegertracing:jaeger-core:jar:1.6.0 diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml index b832bd9a5..fa20ec382 100644 --- a/plugin-ozone/pom.xml +++ b/plugin-ozone/pom.xml @@ -88,6 +88,11 @@ limitations under the License. httpcore ${httpcomponents.httpcore.version} + +org.bouncycastle +bcpkix-jdk15on +${org.bouncycastle.bcpkix-jdk15on} + org.apache.ozone ozone-common @@ -104,6 +109,10 @@ limitations under the License. hdds-common ${ozone.version} + +org.bouncycastle +* + org.apache.logging.log4j * diff --git a/pom.xml b/pom.xml index 32d19d42c..cd4d58fa4 100644 --- a/pom.xml +++ b/pom.xml @@ -86,7 +86,7 @@ 2.11.3 1.3.7 1.1.3 -1.55 +1.70 0.9.5.5 2.2.0-b23 3.1.0 @@ -241,12 +241,12 @@ 1.6.4 1.3.8 1.0.2 -1.68 -1.59 +1.70 +1.70 8.4.0 0.8.0 2.10.6 -8.22.1 +9.31 1.12.125 diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml index 303e7de51..de08a7c7d 100644 --- a/ranger-ozone-plugin-shim/pom.xml +++ b/ranger-ozone-plugin-shim/pom.xml @@ -77,6 +77,11 @@ httpcore ${httpcomponents.httpcore.version} + +org.bouncycastle +bcpkix-jdk15on +${org.bouncycastle.bcpkix-jdk15on} + org.apache.ozone ozone-common @@ -93,6 +98,10 @@ hdds-common ${ozone.version} + +org.bouncycastle +* + org.apache.logging.log4j *
[ranger] branch master updated: RANGER-4218: Fix for test failure in TestServiceDBStore
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new aea071ca7 RANGER-4218: Fix for test failure in TestServiceDBStore aea071ca7 is described below commit aea071ca7c029e45e08beb7392d50c582f0e0c68 Author: Pradeep Agrawal AuthorDate: Fri May 5 16:15:37 2023 +0530 RANGER-4218: Fix for test failure in TestServiceDBStore --- .../src/test/java/org/apache/ranger/biz/TestServiceDBStore.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java index a468ed6f8..eadd64ab7 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java @@ -2431,7 +2431,7 @@ public void test47getMetricByTypeDenyconditions() throws Exception { Mockito.when(serviceDBStore.xUserMgr.getGroupsForUser("testUser2")).thenReturn(new HashSet() {{ add("testServiceAdminGroup2"); }}); - result = serviceDBStore.isServiceAdminUser(rService.getName(), "testUser1"); + result = serviceDBStore.isServiceAdminUser(rService.getName(), "testUser2"); Assert.assertTrue(result); Mockito.verify(daoManager).getXXServiceConfigMap();
[ranger] branch master updated: RANGER-4139: Fix for Unapproved licenses error during ranger build
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new b9e5c79e4 RANGER-4139: Fix for Unapproved licenses error during ranger build b9e5c79e4 is described below commit b9e5c79e4ad45061be50209148654293dda110e4 Author: Pradeep Agrawal AuthorDate: Fri May 5 13:58:46 2023 +0530 RANGER-4139: Fix for Unapproved licenses error during ranger build --- pom.xml | 4 1 file changed, 4 insertions(+) diff --git a/pom.xml b/pom.xml index 95185bc69..32d19d42c 100644 --- a/pom.xml +++ b/pom.xml @@ -1195,6 +1195,10 @@ **/default_primary_config.json **/default_secondary_config.json **/babel.config.json + **/docs/src/site/resources/css/custom.css + **/docs/src/site/resources/ranger-logo.svg + **/docs/src/site/resources/override-banner.js + **/docs/src/site/resources/smooth-scroll.js
[ranger] branch ranger-2.4 updated: RANGER-4188: updatePolicy results in 400 status code
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new e052d7404 RANGER-4188: updatePolicy results in 400 status code e052d7404 is described below commit e052d740436962c91c892b91094bb28de1e4fdec Author: Pradeep Agrawal AuthorDate: Fri Apr 14 20:34:20 2023 +0530 RANGER-4188: updatePolicy results in 400 status code --- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 2b4acbcbf..6e6541d13 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1757,7 +1757,7 @@ public class ServiceREST { } else { policy.setId(existingPolicy.getId()); } - ret = updatePolicy(policy, null); + ret = updatePolicy(policy, policy.getId()); } } catch(WebApplicationException excp) { throw excp;
[ranger] 02/02: RANGER-4220: Upgrade Spring Framework to 5.3.27
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit a928364ce86b3004419b1abf1038881bd5833ff5 Author: Pradeep AgrawaL AuthorDate: Wed May 3 14:25:27 2023 +0530 RANGER-4220: Upgrade Spring Framework to 5.3.27 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index efe7b5827..95185bc69 100644 --- a/pom.xml +++ b/pom.xml @@ -200,8 +200,8 @@ 8.11.2 2.3.8.RELEASE 5.7.5 -5.3.26 -5.3.26 +5.3.27 +5.3.27 1.99.7 1.2.4 1.19
[ranger] branch master updated (9f1dc5b4a -> a928364ce)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 9f1dc5b4a RANGER-4221: Enable File Sync Source for Ranger Usersync in Docker (#251) new 0069b38a7 RANGER-4188: updatePolicy results in 400 status code new a928364ce RANGER-4220: Upgrade Spring Framework to 5.3.27 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 4 ++-- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
[ranger] 01/02: RANGER-4188: updatePolicy results in 400 status code
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 0069b38a7f2ed0cfee89eb13ae30443815b17a51 Author: Pradeep Agrawal AuthorDate: Fri Apr 14 20:34:20 2023 +0530 RANGER-4188: updatePolicy results in 400 status code --- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 83086106b..3447eb20e 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1761,7 +1761,7 @@ public class ServiceREST { } else { policy.setId(existingPolicy.getId()); } - ret = updatePolicy(policy, null); + ret = updatePolicy(policy, policy.getId()); } } catch(WebApplicationException excp) { throw excp;
[ranger] branch master updated: RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade woodstox, commons-net, kerby and json-smart libraries versions
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 87c9f3b0d RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade woodstox, commons-net, kerby and json-smart libraries versions 87c9f3b0d is described below commit 87c9f3b0dff669d5dab4667f86d108c019480c80 Author: Pradeep AgrawaL AuthorDate: Mon Apr 24 18:12:43 2023 +0530 RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade woodstox, commons-net, kerby and json-smart libraries versions --- credentialbuilder/pom.xml| 10 ++ distro/src/main/assembly/kms.xml | 4 pom.xml | 10 +- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/credentialbuilder/pom.xml b/credentialbuilder/pom.xml index 2d3cf446a..dea198b47 100644 --- a/credentialbuilder/pom.xml +++ b/credentialbuilder/pom.xml @@ -142,5 +142,15 @@ ${slf4j.version} test + +org.codehaus.woodstox +stax2-api +${codehaus.woodstox.stax2api.version} + + +com.fasterxml.woodstox +woodstox-core +${fasterxml.woodstox.version} + diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml index 4b4a2ac8e..0de32ce19 100755 --- a/distro/src/main/assembly/kms.xml +++ b/distro/src/main/assembly/kms.xml @@ -90,6 +90,10 @@ com.fasterxml.jackson.core:jackson-core com.fasterxml.jackson.core:jackson-annotations com.fasterxml.jackson.core:jackson-databind + org.apache.kerby:kerb-core:jar:${kerby.version} + org.apache.kerby:kerb-util:jar:${kerby.version} + org.apache.kerby:kerb-crypto:jar:${kerby.version} + org.apache.kerby:kerby-asn1:jar:${kerby.version} com.microsoft.azure:azure:jar:${com.microsoft.azure.version} com.microsoft.azure:azure-keyvault:jar:${com.microsoft.azure.azure-keyvault.version} com.microsoft.azure:azure-mgmt-keyvault:jar:${com.microsoft.azure.azure-mgmt-keyvault.version} diff --git a/pom.xml b/pom.xml index 285499c18..efe7b5827 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ 3.3.2 1.2 2.2 -3.6 +3.9.0 1.6 1.10.0 5.4.0 @@ -157,12 +157,12 @@ 0.9.94 3.2 3.2.11 -2.4.7 +2.4.10 1.0 1.3.9 4.13.1 2.8.1 -1.0.0 +2.0.3 1.4.0 3.1.3 1.10 @@ -209,8 +209,8 @@ 6.9.4 2.3 3.5.5 - 3.1.4 -5.0.3 + 4.2.1 +5.4.0 2.14.0 2.14.0 1.0.0
[ranger] branch master updated: RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 2d9af0015 RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4 2d9af0015 is described below commit 2d9af00153e8326c7b5eb80e7c86e1e8988dfbdc Author: Pradeep Agrawal AuthorDate: Fri Mar 31 17:56:40 2023 +0530 RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index de0617e2a..df83bf5ce 100644 --- a/pom.xml +++ b/pom.xml @@ -150,7 +150,7 @@ 1.19.3 1.19.3 2.3.3 -1.5.2 +1.5.4 9.4.49.v20220914 0.9.94 3.2 @@ -198,8 +198,8 @@ 8.11.2 2.3.8.RELEASE 5.7.5 -5.3.23 -5.3.23 +5.3.26 +5.3.26 1.99.7 1.2.4 1.19
[ranger] 02/03: RANGER-4123: No policy found for given version
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 00f4934797e3481c739276cc0b7c4b70b7ec8584 Author: Pradeep AgrawaL AuthorDate: Mon Mar 6 15:26:49 2023 +0530 RANGER-4123: No policy found for given version --- .../org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java | 5 + 1 file changed, 5 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java index 6eb3315e7..9b99b942c 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java @@ -84,6 +84,7 @@ import org.apache.ranger.plugin.model.RangerValiditySchedule; import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.util.RangerPerfTracer; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.service.RangerDataHistService; import org.apache.ranger.service.RangerPolicyService; import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; @@ -124,6 +125,9 @@ public class PatchForUpdatingPolicyJson_J10019 extends BaseLoader { @Autowired XUserMgr xUserMgr; + @Autowired + RangerDataHistService dataHistService; + private final Map groupIdMap = new HashMap<>(); private final Map userIdMap = new HashMap<>(); private final Map> resourceNameIdMap = new HashMap<>(); @@ -289,6 +293,7 @@ public class PatchForUpdatingPolicyJson_J10019 extends BaseLoader { addAccessDefRef(serviceType, policy.getId(), accesses); addPolicyConditionDefRef(serviceType, policy.getId(), conditions); addDataMaskDefRef(serviceType, policy.getId(), dataMasks); + dataHistService.createObjectDataHistory(policy, RangerDataHistService.ACTION_UPDATE); } catch (Exception e) { logger.error("portPoliry(id=" + policy.getId() +") failed!!"); logger.error("Offending policy:" + policyText);
[ranger] branch master updated (be40c58f7 -> 85cf0c2da)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from be40c58f7 RANGER-4121: fix for NPE in service-zone update new d5ae8af36 RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table new 00f493479 RANGER-4123: No policy found for given version new 85cf0c2da RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../optimized/current/ranger_core_db_mysql.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 48 ++ .../optimized/current/ranger_core_db_oracle.sql| 3 +- ...n-x_rms_service_resource-resource_signature.sql | 50 +++ .../optimized/current/ranger_core_db_postgres.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 58 ++ .../current/ranger_core_db_sqlanywhere.sql | 4 +- ...-x_rms_service_resource-resource_signature.sql} | 15 +++--- .../optimized/current/ranger_core_db_sqlserver.sql | 12 ++--- ...n-x_rms_service_resource-resource_signature.sql | 55 .../main/java/org/apache/ranger/biz/XUserMgr.java | 4 +- .../patch/PatchForUpdatingPolicyJson_J10019.java | 5 ++ 12 files changed, 240 insertions(+), 20 deletions(-) create mode 100644 security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql create mode 100644 security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql create mode 100644 security-admin/db/postgres/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql copy security-admin/db/sqlanywhere/patches/{050-create-index-for-resource-signature.sql => 065-add-uk-on-x_rms_service_resource-resource_signature.sql} (68%) create mode 100644 security-admin/db/sqlserver/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
[ranger] 03/03: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 85cf0c2da119af379bc1f818ab6a47c2315a14a9 Author: Pradeep AgrawaL AuthorDate: Thu Mar 9 14:35:17 2023 +0530 RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item --- security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 49a74cd1e..b3aca3164 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -2256,7 +2256,6 @@ public class XUserMgr extends XUserMgrBase { List xXPortalUserRoles=xXPortalUserRoleDao.findByUserId(xXPortalUserId); XXPolicyDao xXPolicyDao = daoManager.getXXPolicy(); - List xXPolicyList=xXPolicyDao.findByUserId(id); logger.warn("Deleting User : "+vXUser.getName()); if (force) { //delete XXGroupUser mapping @@ -2308,6 +2307,7 @@ public class XUserMgr extends XUserMgrBase { } } //delete XXPolicyItemUserPerm records of user + List xXPolicyList=xXPolicyDao.findByUserId(id); for(XXPolicy xXPolicy:xXPolicyList){ RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy); List policyItems = rangerPolicy.getPolicyItems(); @@ -2357,7 +2357,7 @@ public class XUserMgr extends XUserMgrBase { } } else { boolean hasReferences=false; - + List xXPolicyList=xXPolicyDao.findByUserId(id); if(vxGroupUserList!=null && vxGroupUserList.getListSize()>0){ hasReferences=true; }
[ranger] 01/03: RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit d5ae8af36d589c78dd4fd2d5336c0cc0fee36eab Author: Pradeep AgrawaL AuthorDate: Tue Feb 28 12:45:41 2023 +0530 RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table --- .../optimized/current/ranger_core_db_mysql.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 48 ++ .../optimized/current/ranger_core_db_oracle.sql| 3 +- ...n-x_rms_service_resource-resource_signature.sql | 50 +++ .../optimized/current/ranger_core_db_postgres.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 58 ++ .../current/ranger_core_db_sqlanywhere.sql | 4 +- ...n-x_rms_service_resource-resource_signature.sql | 27 ++ .../optimized/current/ranger_core_db_sqlserver.sql | 12 ++--- ...n-x_rms_service_resource-resource_signature.sql | 55 10 files changed, 252 insertions(+), 11 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 9a79fe8ad..66ae5060a 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1625,10 +1625,10 @@ CREATE TABLE `x_rms_service_resource` ( `service_resource_elements_text` text, PRIMARY KEY (`id`), UNIQUE KEY `x_rms_service_res_UK_guid` (`guid`), + UNIQUE KEY `x_rms_service_resource_UK_resource_signature` (`resource_signature`), CONSTRAINT `x_rms_service_res_FK_service_id` FOREIGN KEY (`service_id`) REFERENCES `x_service` (`id`) ); CREATE INDEX x_rms_service_resource_IDX_service_id ON x_rms_service_resource(service_id); -CREATE INDEX x_rms_service_resource_IDX_resource_signature ON x_rms_service_resource(resource_signature); CREATE TABLE `x_rms_notification` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, @@ -1813,6 +1813,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql new file mode 100644 index 0..303de0b86 --- /dev/null +++ b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql @@ -0,0 +1,48 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +drop procedure if exists truncate_rms_tables; +delimiter ;; +create procedure truncate_rms_tables() begin +SET FOREIGN_KEY_CHECKS = 0; +truncate table x_rms_mapping_provider; +truncate table x_rms_resource_mapping; +truncate table x_rms_notification; +truncate table x_rms_service_resource; +SET F
[ranger] 02/03: RANGER-4123: No policy found for given version
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 5fe35623a444f5a5af816aecf1d787591933db78 Author: Pradeep AgrawaL AuthorDate: Mon Mar 6 15:26:49 2023 +0530 RANGER-4123: No policy found for given version --- .../org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java | 5 + 1 file changed, 5 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java index 6dcf3f264..31fd2de7d 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java @@ -83,6 +83,7 @@ import org.apache.ranger.plugin.model.RangerValiditySchedule; import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.util.RangerPerfTracer; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.service.RangerDataHistService; import org.apache.ranger.service.RangerPolicyService; import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; @@ -119,6 +120,9 @@ public class PatchForUpdatingPolicyJson_J10019 extends BaseLoader { @Autowired PolicyRefUpdater policyRefUpdater; + @Autowired + RangerDataHistService dataHistService; + private final Map groupIdMap = new HashMap<>(); private final Map userIdMap = new HashMap<>(); private final Map> resourceNameIdMap = new HashMap<>(); @@ -284,6 +288,7 @@ public class PatchForUpdatingPolicyJson_J10019 extends BaseLoader { addAccessDefRef(serviceType, policy.getId(), accesses); addPolicyConditionDefRef(serviceType, policy.getId(), conditions); addDataMaskDefRef(serviceType, policy.getId(), dataMasks); + dataHistService.createObjectDataHistory(policy, RangerDataHistService.ACTION_UPDATE); } catch (Exception e) { logger.error("portPoliry(id=" + policy.getId() +") failed!!"); logger.error("Offending policy:" + policyText);
[ranger] 03/03: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 262d53cc2ce6bd21bf0493451e605a9990a405e9 Author: Pradeep AgrawaL AuthorDate: Thu Mar 9 14:35:17 2023 +0530 RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item --- security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 2955bd513..e23fe6327 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -2275,7 +2275,6 @@ public class XUserMgr extends XUserMgrBase { List xXPortalUserRoles=xXPortalUserRoleDao.findByUserId(xXPortalUserId); XXPolicyDao xXPolicyDao = daoManager.getXXPolicy(); - List xXPolicyList=xXPolicyDao.findByUserId(id); logger.warn("Deleting User : "+vXUser.getName()); if (force) { //delete XXGroupUser mapping @@ -2327,6 +2326,7 @@ public class XUserMgr extends XUserMgrBase { } } //delete XXPolicyItemUserPerm records of user + List xXPolicyList=xXPolicyDao.findByUserId(id); for(XXPolicy xXPolicy:xXPolicyList){ RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy); List policyItems = rangerPolicy.getPolicyItems(); @@ -2376,7 +2376,7 @@ public class XUserMgr extends XUserMgrBase { } } else { boolean hasReferences=false; - + List xXPolicyList=xXPolicyDao.findByUserId(id); if(vxGroupUserList!=null && vxGroupUserList.getListSize()>0){ hasReferences=true; }
[ranger] 01/03: RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 02e976602f9b827d888213f3077c980acc17765c Author: Pradeep AgrawaL AuthorDate: Tue Feb 28 12:45:41 2023 +0530 RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table --- .../optimized/current/ranger_core_db_mysql.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 48 ++ .../optimized/current/ranger_core_db_oracle.sql| 3 +- ...n-x_rms_service_resource-resource_signature.sql | 50 +++ .../optimized/current/ranger_core_db_postgres.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 58 ++ .../current/ranger_core_db_sqlanywhere.sql | 4 +- ...n-x_rms_service_resource-resource_signature.sql | 27 ++ .../optimized/current/ranger_core_db_sqlserver.sql | 12 ++--- ...n-x_rms_service_resource-resource_signature.sql | 55 10 files changed, 252 insertions(+), 11 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index f36f7c02b..8d9db7849 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1625,10 +1625,10 @@ CREATE TABLE `x_rms_service_resource` ( `service_resource_elements_text` text, PRIMARY KEY (`id`), UNIQUE KEY `x_rms_service_res_UK_guid` (`guid`), + UNIQUE KEY `x_rms_service_resource_UK_resource_signature` (`resource_signature`), CONSTRAINT `x_rms_service_res_FK_service_id` FOREIGN KEY (`service_id`) REFERENCES `x_service` (`id`) ); CREATE INDEX x_rms_service_resource_IDX_service_id ON x_rms_service_resource(service_id); -CREATE INDEX x_rms_service_resource_IDX_resource_signature ON x_rms_service_resource(resource_signature); CREATE TABLE `x_rms_notification` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, @@ -1813,6 +1813,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); diff --git a/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql new file mode 100644 index 0..303de0b86 --- /dev/null +++ b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql @@ -0,0 +1,48 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +drop procedure if exists truncate_rms_tables; +delimiter ;; +create procedure truncate_rms_tables() begin +SET FOREIGN_KEY_CHECKS = 0; +truncate table x_rms_mapping_provider; +truncate table x_rms_resource_mapping; +truncate table x_rms_notification; +truncate table x_rms_service_resource; +SET F
[ranger] branch ranger-2.4 updated (85f34ecf4 -> 262d53cc2)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git from 85f34ecf4 RANGER-4121: fix for NPE in service-zone update new 02e976602 RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table new 5fe35623a RANGER-4123: No policy found for given version new 262d53cc2 RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../optimized/current/ranger_core_db_mysql.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 48 ++ .../optimized/current/ranger_core_db_oracle.sql| 3 +- ...n-x_rms_service_resource-resource_signature.sql | 50 +++ .../optimized/current/ranger_core_db_postgres.sql | 3 +- ...n-x_rms_service_resource-resource_signature.sql | 58 ++ .../current/ranger_core_db_sqlanywhere.sql | 4 +- ...-x_rms_service_resource-resource_signature.sql} | 15 +++--- .../optimized/current/ranger_core_db_sqlserver.sql | 12 ++--- ...n-x_rms_service_resource-resource_signature.sql | 55 .../main/java/org/apache/ranger/biz/XUserMgr.java | 4 +- .../patch/PatchForUpdatingPolicyJson_J10019.java | 5 ++ 12 files changed, 240 insertions(+), 20 deletions(-) create mode 100644 security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql create mode 100644 security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql create mode 100644 security-admin/db/postgres/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql copy security-admin/db/sqlanywhere/patches/{050-create-index-for-resource-signature.sql => 065-add-uk-on-x_rms_service_resource-resource_signature.sql} (68%) create mode 100644 security-admin/db/sqlserver/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
[ranger] branch ranger-2.4 updated: RANGER-4113: Upgrade tomcat to 8.5.86
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new a28c05a59 RANGER-4113: Upgrade tomcat to 8.5.86 a28c05a59 is described below commit a28c05a59cfb30060edbc0bdba3d3d4eae88755b Author: Pradeep Agrawal AuthorDate: Thu Mar 2 14:51:34 2023 +0530 RANGER-4113: Upgrade tomcat to 8.5.86 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2324996f7..e2e202123 100644 --- a/pom.xml +++ b/pom.xml @@ -200,7 +200,7 @@ 1.99.7 1.2.4 1.19 -8.5.79 +8.5.86 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-4113: Upgrade tomcat to 8.5.86
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new e817d996e RANGER-4113: Upgrade tomcat to 8.5.86 e817d996e is described below commit e817d996efc8f225f825c8bbc69756e1324dd20c Author: Pradeep Agrawal AuthorDate: Thu Mar 2 14:51:34 2023 +0530 RANGER-4113: Upgrade tomcat to 8.5.86 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0c12c914c..3a039565d 100644 --- a/pom.xml +++ b/pom.xml @@ -203,7 +203,7 @@ 1.99.7 1.2.4 1.19 -8.5.83 +8.5.86 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-4112: Update servicedef by name results in 400 status code
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new fa2c6e03c RANGER-4112: Update servicedef by name results in 400 status code fa2c6e03c is described below commit fa2c6e03c7761ab60cf686ecaeb69bec2267ef47 Author: Pradeep AgrawaL AuthorDate: Tue Feb 28 16:55:05 2023 +0530 RANGER-4112: Update servicedef by name results in 400 status code --- security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java | 2 +- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- .../src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java| 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index 4ad6058cc..85cd7dd67 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -278,7 +278,7 @@ public class PublicAPIsv2 { serviceDef.setGuid(existingServiceDef.getGuid()); } - return serviceREST.updateServiceDef(serviceDef, null); + return serviceREST.updateServiceDef(serviceDef, serviceDef.getId()); } /* diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 9e2fb66b4..5542250aa 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -332,7 +332,7 @@ public class ServiceREST { // if serviceDef.id is null, then set param 'id' into serviceDef Object if (serviceDef.getId() == null) { serviceDef.setId(id); - } else if(!serviceDef.getId().equals(id)) { + } else if(StringUtils.isBlank(serviceDef.getName()) && !serviceDef.getId().equals(id)) { throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef Id mismatch", true); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java index 53750a041..73a593e9f 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java @@ -317,7 +317,7 @@ public class TestPublicAPIsv2 { RangerServiceDef rangerServiceDef = rangerServiceDef(); String name = rangerServiceDef.getName(); Mockito.when(serviceREST.getServiceDefByName(name)).thenReturn(rangerServiceDef); - Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, null)).thenReturn(rangerServiceDef); + Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, rangerServiceDef.getId())).thenReturn(rangerServiceDef); RangerServiceDef dbRangerServiceDef = publicAPIsv2.updateServiceDefByName(rangerServiceDef, name); Assert.assertNotNull(dbRangerServiceDef); Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); @@ -325,7 +325,7 @@ public class TestPublicAPIsv2 { rangerServiceDef.getId()); Assert.assertEquals(dbRangerServiceDef.getName(), rangerServiceDef.getName()); - Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, null); + Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, dbRangerServiceDef.getId()); Mockito.verify(serviceREST).getServiceDefByName(name); }
[ranger] branch ranger-2.4 updated: RANGER-4112: Update servicedef by name results in 400 status code
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 1a9c169f0 RANGER-4112: Update servicedef by name results in 400 status code 1a9c169f0 is described below commit 1a9c169f07e82f48688fc8fd012a9641fc40dc18 Author: Pradeep AgrawaL AuthorDate: Tue Feb 28 16:55:05 2023 +0530 RANGER-4112: Update servicedef by name results in 400 status code --- security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java | 2 +- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- .../src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java| 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index 4ad6058cc..85cd7dd67 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -278,7 +278,7 @@ public class PublicAPIsv2 { serviceDef.setGuid(existingServiceDef.getGuid()); } - return serviceREST.updateServiceDef(serviceDef, null); + return serviceREST.updateServiceDef(serviceDef, serviceDef.getId()); } /* diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index fac25878e..e11d8efd8 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -332,7 +332,7 @@ public class ServiceREST { // if serviceDef.id is null, then set param 'id' into serviceDef Object if (serviceDef.getId() == null) { serviceDef.setId(id); - } else if(!serviceDef.getId().equals(id)) { + } else if(StringUtils.isBlank(serviceDef.getName()) && !serviceDef.getId().equals(id)) { throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "serviceDef Id mismatch", true); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java index 53750a041..73a593e9f 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java @@ -317,7 +317,7 @@ public class TestPublicAPIsv2 { RangerServiceDef rangerServiceDef = rangerServiceDef(); String name = rangerServiceDef.getName(); Mockito.when(serviceREST.getServiceDefByName(name)).thenReturn(rangerServiceDef); - Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, null)).thenReturn(rangerServiceDef); + Mockito.when(serviceREST.updateServiceDef(rangerServiceDef, rangerServiceDef.getId())).thenReturn(rangerServiceDef); RangerServiceDef dbRangerServiceDef = publicAPIsv2.updateServiceDefByName(rangerServiceDef, name); Assert.assertNotNull(dbRangerServiceDef); Assert.assertEquals(dbRangerServiceDef, rangerServiceDef); @@ -325,7 +325,7 @@ public class TestPublicAPIsv2 { rangerServiceDef.getId()); Assert.assertEquals(dbRangerServiceDef.getName(), rangerServiceDef.getName()); - Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, null); + Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef, dbRangerServiceDef.getId()); Mockito.verify(serviceREST).getServiceDefByName(name); }
[ranger] branch ranger-2.4 updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 1f7e5a025 RANGER-3825: Ranger admin user is unable to change another user email after the upgrade 1f7e5a025 is described below commit 1f7e5a025f537fa54e9a0929340aaa8a7d8f1465 Author: pradeep AuthorDate: Wed Sep 28 19:27:36 2022 +0530 RANGER-3825: Ranger admin user is unable to change another user email after the upgrade --- .../src/main/java/org/apache/ranger/biz/UserMgr.java | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index f921654cc..eaaa15a11 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -530,17 +530,17 @@ public class UserMgr { MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail); } - } else { - String encryptedOldPwd = encrypt(gjUser.getLoginId(), changeEmail.getOldPassword()); + } else { + String encryptedOldPwd = encrypt(gjUser.getLoginId(), changeEmail.getOldPassword()); + if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { + encryptedOldPwd = encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword()); if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { - logger.info("changeEmailAddress(). Invalid password. changeEmail=" - + changeEmail); - throw restErrorUtil.createRESTException( - "serverMsg.userMgrWrongPassword", - MessageEnums.OPER_NO_PERMISSION, null, null, "" - + changeEmail); + logger.info("changeEmailAddress(). Invalid password. changeEmail=" + changeEmail); + throw restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword", + MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail); } } + } // Normalize email. Make it lower case gjUser.setEmailAddress(stringUtil.normalizeEmail(changeEmail
[ranger] branch master updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 32687a172 RANGER-3825: Ranger admin user is unable to change another user email after the upgrade 32687a172 is described below commit 32687a172b0da31cf01b285a0123a81dcd7e6da9 Author: pradeep AuthorDate: Wed Sep 28 19:27:36 2022 +0530 RANGER-3825: Ranger admin user is unable to change another user email after the upgrade --- security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 086c6e5d7..d5393603e 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -472,9 +472,12 @@ public class UserMgr { } else { String encryptedOldPwd = encrypt(gjUser.getLoginId(), changeEmail.getOldPassword()); if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { - logger.info("changeEmailAddress(). Invalid password. changeEmail=" + changeEmail); - throw restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword", - MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail); + encryptedOldPwd = encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword()); + if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { + logger.info("changeEmailAddress(). Invalid password. changeEmail=" + changeEmail); + throw restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword", + MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail); + } } }
[ranger] branch master updated: RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 677b1c40c RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid 677b1c40c is described below commit 677b1c40c04e84abbdd7121e54997a7e7d46ea3f Author: pradeep AuthorDate: Thu Nov 24 00:10:53 2022 +0530 RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid --- security-admin/src/main/java/org/apache/ranger/rest/TagREST.java | 2 +- security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 0d29a95ca..443188f9a 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -1004,7 +1004,7 @@ public class TagREST { try { RangerTagResourceMap exist = validator.preDeleteTagResourceMapByGuid(guid); -tagStore.deleteServiceResource(exist.getId()); +tagStore.deleteTagResourceMap(exist.getId()); } catch(Exception excp) { LOG.error("deleteTagResourceMapByGuid(" + guid + ") failed", excp); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java index 7fba152a9..5986d5182 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java @@ -1184,7 +1184,7 @@ public class TestTagREST { } catch (Exception e) { } try { - Mockito.doNothing().when(tagStore).deleteServiceResource(oldTagResourceMap.getId()); + Mockito.doNothing().when(tagStore).deleteTagResourceMap(oldTagResourceMap.getId()); } catch (Exception e) { } @@ -1197,7 +1197,7 @@ public class TestTagREST { } catch (Exception e) { } try { - Mockito.verify(tagStore).deleteServiceResource(oldTagResourceMap.getId()); + Mockito.verify(tagStore).deleteTagResourceMap(oldTagResourceMap.getId()); } catch (Exception e) { } }
[ranger] branch ranger-2.4 updated: RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new c72e2e377 RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid c72e2e377 is described below commit c72e2e3778847ea9988f958e6cf8eb49e1388a3f Author: pradeep AuthorDate: Thu Nov 24 00:10:53 2022 +0530 RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid --- security-admin/src/main/java/org/apache/ranger/rest/TagREST.java | 2 +- security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 36c6a4bc9..f8898b75b 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -934,7 +934,7 @@ public class TagREST { try { RangerTagResourceMap exist = validator.preDeleteTagResourceMapByGuid(guid); -tagStore.deleteServiceResource(exist.getId()); +tagStore.deleteTagResourceMap(exist.getId()); } catch(Exception excp) { LOG.error("deleteTagResourceMapByGuid(" + guid + ") failed", excp); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java index 7fba152a9..5986d5182 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java @@ -1184,7 +1184,7 @@ public class TestTagREST { } catch (Exception e) { } try { - Mockito.doNothing().when(tagStore).deleteServiceResource(oldTagResourceMap.getId()); + Mockito.doNothing().when(tagStore).deleteTagResourceMap(oldTagResourceMap.getId()); } catch (Exception e) { } @@ -1197,7 +1197,7 @@ public class TestTagREST { } catch (Exception e) { } try { - Mockito.verify(tagStore).deleteServiceResource(oldTagResourceMap.getId()); + Mockito.verify(tagStore).deleteTagResourceMap(oldTagResourceMap.getId()); } catch (Exception e) { } }
[ranger] branch ranger-2.4 updated: RANGER-3960: Upgrade spring-security version to 5.7.5
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 731be8363 RANGER-3960: Upgrade spring-security version to 5.7.5 731be8363 is described below commit 731be8363bc1db15b2a2a999c3d56e3d2eb27b8e Author: pradeep AuthorDate: Tue Nov 8 19:52:59 2022 +0530 RANGER-3960: Upgrade spring-security version to 5.7.5 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index da3bc6a7b..1e72609ff 100644 --- a/pom.xml +++ b/pom.xml @@ -194,9 +194,9 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.2 -5.3.21 -5.3.21 + 5.7.5 +5.3.23 +5.3.23 1.99.7 1.2.4 1.19
[ranger] branch master updated: RANGER-3960: Upgrade spring-security version to 5.7.5
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 73f1a3b22 RANGER-3960: Upgrade spring-security version to 5.7.5 73f1a3b22 is described below commit 73f1a3b22848e43da0d1aad86ea59dd491c568ad Author: pradeep AuthorDate: Tue Nov 8 19:52:59 2022 +0530 RANGER-3960: Upgrade spring-security version to 5.7.5 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index fc2c2a585..6925feb06 100644 --- a/pom.xml +++ b/pom.xml @@ -196,9 +196,9 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.2 -5.3.21 -5.3.21 + 5.7.5 +5.3.23 +5.3.23 1.99.7 1.2.4 1.19
[ranger] branch ranger-2.4 updated: RANGER-3852: performance and scalability analyzer tool for apache ranger
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 97c508d99 RANGER-3852: performance and scalability analyzer tool for apache ranger 97c508d99 is described below commit 97c508d99e9bb99282575d100ae4365d92dd8aa9 Author: Fateh Singh AuthorDate: Fri Aug 12 23:13:13 2022 -0700 RANGER-3852: performance and scalability analyzer tool for apache ranger Signed-off-by: pradeep --- pom.xml| 4 + ranger-tools/src/main/python/README.md | 95 +++ ranger-tools/src/main/python/config/README.md | 94 +++ ranger-tools/src/main/python/outputs/README.md | 27 ++ .../src/main/python/performance_analyzer.py| 237 + .../python/ranger_performance_tool/__init__.py | 17 ++ .../python/ranger_performance_tool/perf_globals.py | 48 .../ranger_perf_assets/__init__.py | 17 ++ .../ranger_perf_assets/default_primary_config.json | 38 +++ .../default_secondary_config.json | 58 .../ranger_perf_assets/path.py | 21 ++ .../ranger_perf_object_stores/__init__.py | 17 ++ .../base_object_stores.py | 237 + .../ranger_perf_object_stores/random_generators.py | 188 + .../service_object_stores.py | 189 + .../ranger_perf_utils/__init__.py | 0 .../ranger_perf_utils/config_utils.py | 85 ++ .../ranger_perf_utils/dataframe_utils.py | 129 + .../ranger_perf_utils/extra_unused_utils.py| 99 +++ .../ranger_perf_utils/logging_utils.py | 293 + ranger-tools/src/main/python/requirements.txt | 22 ++ .../src/main/python/setup_performance_analyzer.py | 55 22 files changed, 1970 insertions(+) diff --git a/pom.xml b/pom.xml index 570227ce2..eaa4f6d65 100644 --- a/pom.xml +++ b/pom.xml @@ -1161,6 +1161,10 @@ **/package-lock.json **/ranger_es_schema.json **/venv/** +**/requirements.txt +**/__init__.py +**/default_primary_config.json +**/default_secondary_config.json diff --git a/ranger-tools/src/main/python/README.md b/ranger-tools/src/main/python/README.md new file mode 100644 index 0..4763a1d51 --- /dev/null +++ b/ranger-tools/src/main/python/README.md @@ -0,0 +1,95 @@ + + +# Performance and Scalability Analyzer for Apache Ranger +## Documentation +Run the below command to generate pydocs for the package. Code base has doc strings describing the methods and classes from which the document is generated. + +```bash +> python -m pydoc -b +``` + +Other README files can be found in the following directory: + +```/config/README.md```: Describes the primary and secondary config files which the user has to modify + +```/outputs/README.md```: Describes the output files generated by the analyzer + +## Server side installation +```bash +> sudo apt-get install sysstat +or +> sudo yum install sysstat +``` +```ranger.accesslog.pattern``` to include the `%D` in the access pattern so that the tomcat server also logs the api execution time + +## Client side Installation + +Use the package manager [pip](https://pip.pypa.io/en/stable/) to install requirements for running the performance tests. +Ensure right path to requirements.txt is given. + +```bash +> pip install -r requirements.txt + +> apt-get install sshpass +or +> brew install hudochenkov/sshpass/sshpass +``` + + +## Usage +```cd``` into ```python``` directory before executing below commands + +First time usage or to reset the config files: +```bash +> python setup_performance_analyzer.py +``` + +Subsequent usage: +Fill out the config details (```primary_config.json``` and ```secondary_config.json```) in ```/config``` folder or keep default + +For multiple api testing (Uses values from config file). + +usage: + +```bash +> python3 performance_analyzer.py +``` + +For single api testing (Command line arguments override config file values) + +usage: + +```bash +> python performance_analyzer.py --ranger_url --calls --api --username --password --client_ip --ssh_host --ssh_user --ssh_password +``` + +Example command: + +```bash +> python3 performance_analyzer.py --ranger_url http://ranger_host:ranger_admin_port --calls 10 --api create_policy --username admin --password Admin123 --client_ip vpn_ip_client_in_logs --ssh_host ranger_host --ssh_user ssh_user --ssh_password ssh_password +``` + +## Description of tools used +System metric
[ranger] branch master updated: RANGER-3852: performance and scalability analyzer tool for apache ranger
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new c3f1c4a6a RANGER-3852: performance and scalability analyzer tool for apache ranger c3f1c4a6a is described below commit c3f1c4a6ad2ee0c805ad29f0efb265569e0d2cf0 Author: Fateh Singh AuthorDate: Fri Aug 12 23:13:13 2022 -0700 RANGER-3852: performance and scalability analyzer tool for apache ranger Signed-off-by: pradeep --- pom.xml| 4 + ranger-tools/src/main/python/README.md | 95 +++ ranger-tools/src/main/python/config/README.md | 94 +++ ranger-tools/src/main/python/outputs/README.md | 27 ++ .../src/main/python/performance_analyzer.py| 237 + .../python/ranger_performance_tool/__init__.py | 17 ++ .../python/ranger_performance_tool/perf_globals.py | 48 .../ranger_perf_assets/__init__.py | 17 ++ .../ranger_perf_assets/default_primary_config.json | 38 +++ .../default_secondary_config.json | 58 .../ranger_perf_assets/path.py | 21 ++ .../ranger_perf_object_stores/__init__.py | 17 ++ .../base_object_stores.py | 237 + .../ranger_perf_object_stores/random_generators.py | 188 + .../service_object_stores.py | 189 + .../ranger_perf_utils/__init__.py | 0 .../ranger_perf_utils/config_utils.py | 85 ++ .../ranger_perf_utils/dataframe_utils.py | 129 + .../ranger_perf_utils/extra_unused_utils.py| 99 +++ .../ranger_perf_utils/logging_utils.py | 293 + ranger-tools/src/main/python/requirements.txt | 22 ++ .../src/main/python/setup_performance_analyzer.py | 55 22 files changed, 1970 insertions(+) diff --git a/pom.xml b/pom.xml index 8698e67e5..7c794c833 100644 --- a/pom.xml +++ b/pom.xml @@ -1178,6 +1178,10 @@ **/package-lock.json **/ranger_es_schema.json **/venv/** +**/requirements.txt +**/__init__.py +**/default_primary_config.json +**/default_secondary_config.json diff --git a/ranger-tools/src/main/python/README.md b/ranger-tools/src/main/python/README.md new file mode 100644 index 0..4763a1d51 --- /dev/null +++ b/ranger-tools/src/main/python/README.md @@ -0,0 +1,95 @@ + + +# Performance and Scalability Analyzer for Apache Ranger +## Documentation +Run the below command to generate pydocs for the package. Code base has doc strings describing the methods and classes from which the document is generated. + +```bash +> python -m pydoc -b +``` + +Other README files can be found in the following directory: + +```/config/README.md```: Describes the primary and secondary config files which the user has to modify + +```/outputs/README.md```: Describes the output files generated by the analyzer + +## Server side installation +```bash +> sudo apt-get install sysstat +or +> sudo yum install sysstat +``` +```ranger.accesslog.pattern``` to include the `%D` in the access pattern so that the tomcat server also logs the api execution time + +## Client side Installation + +Use the package manager [pip](https://pip.pypa.io/en/stable/) to install requirements for running the performance tests. +Ensure right path to requirements.txt is given. + +```bash +> pip install -r requirements.txt + +> apt-get install sshpass +or +> brew install hudochenkov/sshpass/sshpass +``` + + +## Usage +```cd``` into ```python``` directory before executing below commands + +First time usage or to reset the config files: +```bash +> python setup_performance_analyzer.py +``` + +Subsequent usage: +Fill out the config details (```primary_config.json``` and ```secondary_config.json```) in ```/config``` folder or keep default + +For multiple api testing (Uses values from config file). + +usage: + +```bash +> python3 performance_analyzer.py +``` + +For single api testing (Command line arguments override config file values) + +usage: + +```bash +> python performance_analyzer.py --ranger_url --calls --api --username --password --client_ip --ssh_host --ssh_user --ssh_password +``` + +Example command: + +```bash +> python3 performance_analyzer.py --ranger_url http://ranger_host:ranger_admin_port --calls 10 --api create_policy --username admin --password Admin123 --client_ip vpn_ip_client_in_logs --ssh_host ranger_host --ssh_user ssh_user --ssh_password ssh_password +``` + +## Description of tools used +System metrics on s
[ranger] branch ranger-2.4 updated: RANGER-3914: Change sync_source column's datatype from varchar to text
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 1b4f70410 RANGER-3914: Change sync_source column's datatype from varchar to text 1b4f70410 is described below commit 1b4f70410d6d602e9bbed3710bd812d9cf62 Author: pradeep AuthorDate: Thu Sep 15 22:30:16 2022 +0530 RANGER-3914: Change sync_source column's datatype from varchar to text --- .../optimized/current/ranger_core_db_mysql.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 38 +++ .../optimized/current/ranger_core_db_oracle.sql| 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 34 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 77 ++ .../optimized/current/ranger_core_db_postgres.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 44 + .../current/ranger_core_db_sqlanywhere.sql | 20 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 42 .../optimized/current/ranger_core_db_sqlserver.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 75 + 20 files changed, 371 insertions(+), 89 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 309c4196b..f36f7c02b 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -115,9 +115,9 @@ CREATE TABLE `x_portal_user` ( `email` varchar(512) DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `user_src` int(11) NOT NULL DEFAULT '0', - `notes` varchar(4000) DEFAULT NULL, - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `notes` text DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, `old_passwords` text DEFAULT NULL, `password_updated_time` datetime DEFAULT NULL, PRIMARY KEY (`id`), @@ -272,14 +272,14 @@ CREATE TABLE `x_group` ( `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `group_name` varchar(767) NOT NULL, - `descr` varchar(4000) NOT NULL, + `descr` text DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `group_type` int(11) NOT NULL DEFAULT '0', `cred_store_id` bigint(20) DEFAULT NULL, `group_src` INT NOT NULL DEFAULT 0, `is_visible` INT(11) NOT NULL DEFAULT '1', - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `x_group_UK_group_name` (`group_name`), KEY `x_group_FK_added_by_id` (`added_by_id`), @@ -321,12 +321,12 @@ CREATE TABLE `x_user` ( `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `user_name` varchar(767) NOT NULL, - `descr` varchar(4000) NOT NULL, + `descr` text DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `cred_store_id` bigint(20) DEFAULT NULL, `is_visible` INT(11) NOT NULL DEFAULT '1', - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, PRIMARY KEY (`id`), KEY `x_user_FK_added_by_id` (`added_by_id`), KEY `x_user_FK_upd_by_id` (`upd_by_id`), @@ -1812,6 +1812,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('057',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h
[ranger] branch master updated: RANGER-3914: Change sync_source column's datatype from varchar to text
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 3444c6625 RANGER-3914: Change sync_source column's datatype from varchar to text 3444c6625 is described below commit 3444c6625e26c12a477ca0204c8a9712e2f86d4b Author: pradeep AuthorDate: Thu Sep 15 22:30:16 2022 +0530 RANGER-3914: Change sync_source column's datatype from varchar to text --- .../optimized/current/ranger_core_db_mysql.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 38 +++ .../optimized/current/ranger_core_db_oracle.sql| 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 34 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 77 ++ .../optimized/current/ranger_core_db_postgres.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 44 + .../current/ranger_core_db_sqlanywhere.sql | 20 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 42 .../optimized/current/ranger_core_db_sqlserver.sql | 19 +++--- ...playName-col-in-x_service_def_and_x_service.sql | 6 +- ...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +- ...c-col-datatype-x_user-x_portal_user-x_group.sql | 75 + 20 files changed, 371 insertions(+), 89 deletions(-) diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 833ffa0e0..9a79fe8ad 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -115,9 +115,9 @@ CREATE TABLE `x_portal_user` ( `email` varchar(512) DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `user_src` int(11) NOT NULL DEFAULT '0', - `notes` varchar(4000) DEFAULT NULL, - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `notes` text DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, `old_passwords` text DEFAULT NULL, `password_updated_time` datetime DEFAULT NULL, PRIMARY KEY (`id`), @@ -272,14 +272,14 @@ CREATE TABLE `x_group` ( `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `group_name` varchar(767) NOT NULL, - `descr` varchar(4000) NOT NULL, + `descr` text DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `group_type` int(11) NOT NULL DEFAULT '0', `cred_store_id` bigint(20) DEFAULT NULL, `group_src` INT NOT NULL DEFAULT 0, `is_visible` INT(11) NOT NULL DEFAULT '1', - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `x_group_UK_group_name` (`group_name`), KEY `x_group_FK_added_by_id` (`added_by_id`), @@ -321,12 +321,12 @@ CREATE TABLE `x_user` ( `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `user_name` varchar(767) NOT NULL, - `descr` varchar(4000) NOT NULL, + `descr` text DEFAULT NULL, `status` int(11) NOT NULL DEFAULT '0', `cred_store_id` bigint(20) DEFAULT NULL, `is_visible` INT(11) NOT NULL DEFAULT '1', - `other_attributes` varchar(4000) DEFAULT NULL, - `sync_source` varchar(4000) DEFAULT NULL, + `other_attributes` text DEFAULT NULL, + `sync_source` text DEFAULT NULL, PRIMARY KEY (`id`), KEY `x_user_FK_added_by_id` (`added_by_id`), KEY `x_user_FK_upd_by_id` (`upd_by_id`), @@ -1812,6 +1812,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('057',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,i
[ranger] branch ranger-2.4 updated: RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 2ee1bb6f5 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator 2ee1bb6f5 is described below commit 2ee1bb6f57661c25175ee85af8e1e37dbb9759cb Author: pradeep AuthorDate: Wed Sep 14 19:17:30 2022 +0530 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator --- .../src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java | 2 +- .../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java index 51c28e3f3..095fc9abf 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java @@ -1381,7 +1381,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria * @param type the type to set */ public void setType(String type) { - this.type = type; + this.type = type == null ? "" : type; } /** diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index 9f7a3bbc6..2ba146dd5 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -1142,7 +1142,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator if(policyItem != null && CollectionUtils.isNotEmpty(policyItem.getAccesses())) { for(RangerPolicyItemAccess itemAccess : policyItem.getAccesses()) { - if(StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) { + if (itemAccess != null && StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) { ret = itemAccess; break;
[ranger] branch master updated: RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new bcba8b798 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator bcba8b798 is described below commit bcba8b798ed408694d997903f0dad02c612ca752 Author: pradeep AuthorDate: Wed Sep 14 19:17:30 2022 +0530 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator --- .../src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java | 2 +- .../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java index 51c28e3f3..095fc9abf 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java @@ -1381,7 +1381,7 @@ public class RangerPolicy extends RangerBaseModelObject implements java.io.Seria * @param type the type to set */ public void setType(String type) { - this.type = type; + this.type = type == null ? "" : type; } /** diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index 235e84477..006aeeecb 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -1142,7 +1142,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator if(policyItem != null && CollectionUtils.isNotEmpty(policyItem.getAccesses())) { for(RangerPolicyItemAccess itemAccess : policyItem.getAccesses()) { - if(StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) { + if (itemAccess != null && StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) { ret = itemAccess; break;
[ranger] branch ranger-2.4 updated: RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 81275777b RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles 81275777b is described below commit 81275777bfa466806c50109d18922df5d909a876 Author: Fateh Singh AuthorDate: Fri Jul 22 09:26:12 2022 -0700 RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles Signed-off-by: pradeep --- security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 1434d11d3..6c475b484 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -909,7 +909,7 @@ public class RoleREST { effectiveUser = loggedInUser; } -if (!bizUtil.isUserRangerAdmin(effectiveUser)) { +if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { throw new Exception("User " + effectiveUser + " does not have permission for this operation"); } } @@ -937,7 +937,7 @@ public class RoleREST { effectiveUser = loggedInUser; } try { -if (!bizUtil.isUserRangerAdmin(effectiveUser)) { +if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { existingRole = roleStore.getRole(roleName); ensureRoleAccess(effectiveUser, userGroups, existingRole);
[ranger] branch master updated: RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new eaeaeb4ed RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles eaeaeb4ed is described below commit eaeaeb4ed3fbb0db1abe291e67769484aba20f9e Author: Fateh Singh AuthorDate: Fri Jul 22 09:26:12 2022 -0700 RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles Signed-off-by: pradeep --- security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 1e74a5ffd..a2ab49a88 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -909,7 +909,7 @@ public class RoleREST { effectiveUser = loggedInUser; } -if (!bizUtil.isUserRangerAdmin(effectiveUser)) { +if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { throw new Exception("User " + effectiveUser + " does not have permission for this operation"); } } @@ -937,7 +937,7 @@ public class RoleREST { effectiveUser = loggedInUser; } try { -if (!bizUtil.isUserRangerAdmin(effectiveUser)) { +if (!bizUtil.isUserRangerAdmin(effectiveUser) && !svcStore.isServiceAdminUser(serviceName, effectiveUser)) { existingRole = roleStore.getRole(roleName); ensureRoleAccess(effectiveUser, userGroups, existingRole);
[ranger] 01/03: RANGER-3853: Persist db updates immediately using Transaction Management
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit e6d75b057604ba4cfe3509851240f57e384d9e6a Author: Abhishek Kumar AuthorDate: Tue Aug 9 14:53:04 2022 -0700 RANGER-3853: Persist db updates immediately using Transaction Management Signed-off-by: pradeep --- .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +- 1 file changed, 57 insertions(+), 17 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java index bbde1a4df..99de47310 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java @@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; import java.util.List; import java.util.Map; @@ -39,6 +45,10 @@ public class PatchForSyncSourceUpdate_J10054 extends BaseLoader{ @Autowired RangerDaoManager daoManager; +@Autowired +@Qualifier(value = "transactionManager") +PlatformTransactionManager txManager; + private static final Logger logger = LoggerFactory.getLogger(PatchForSyncSourceUpdate_J10054.class); @Override @@ -87,23 +97,39 @@ public class PatchForSyncSourceUpdate_J10054 extends BaseLoader{ if (StringUtils.isNotEmpty(otherAttributes) && StringUtils.isEmpty(syncSource)){ syncSource = (String) gson.fromJson(otherAttributes, Map.class).get(UgsyncCommonConstants.SYNC_SOURCE); xUser.setSyncSource(syncSource); -if (StringUtils.isNotEmpty(syncSource)) { -XXPortalUser xXPortalUser = daoManager.getXXPortalUser().findByLoginId(xUser.getName()); -if (xXPortalUser != null && xXPortalUser.getUserSource() == 0){ -/* updating the user source to external for users which had some sync source prior to upgrade - but the user source was marked internal to due bugs which were fixed later. - See RANGER-3297 for more info -*/ -xXPortalUser.setUserSource(1); -daoManager.getXXPortalUser().update(xXPortalUser); -if (logger.isDebugEnabled()) { -logger.debug("USER: Name: " + xUser.getName() + " userSource changed to External"); + +TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); + +String finalSyncSource = syncSource; +try { +txTemplate.execute(new TransactionCallback() { +@Override +public Object doInTransaction(TransactionStatus status) { +if (StringUtils.isNotEmpty(finalSyncSource)) { +XXPortalUser xXPortalUser = daoManager.getXXPortalUser().findByLoginId(xUser.getName()); +if (xXPortalUser != null && xXPortalUser.getUserSource() == 0){ +/* updating the user source to external for users which had some sync source prior to upgrade + but the user source was marked internal to due bugs which were fixed later. + See RANGER-3297 for more info +*/ +xXPortalUser.setUserSource(1); + daoManager.getXXPortalUser().update(xXPortalUser); +if (logger.isDebugEnabled()) { +logger.debug("USER: Name: " + xUser.getName() + " userSource changed to External"); +} +} +} +daoManager.getXXUser().update(xUser); +if (logger.isDebugEnabled()) { +
[ranger] 03/03: RANGER-3857: Fix Ranger java patch J10055 performance issue
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 17494fbd3e65190ae8f462491784b9ed88db9513 Author: pradeep AuthorDate: Sun Aug 14 02:42:56 2022 +0530 RANGER-3857: Fix Ranger java patch J10055 performance issue --- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 454 + 1 file changed, 279 insertions(+), 175 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java index 949967cd3..f5f9f8956 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java @@ -27,8 +27,8 @@ import java.util.Map; import java.util.Set; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import org.apache.ranger.biz.SecurityZoneDBStore; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.RangerValidatorFactory; @@ -45,6 +45,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerSecurityZone; import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService; +import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; @@ -52,12 +53,20 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.util.CLIUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; @Component public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { -private static final Logger logger = Logger.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class); +private static final Logger logger = LoggerFactory.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class); private static final String ACCESS_TYPE_UPDATE = "update"; private static final String ACCESS_TYPE_QUERY = "query"; private static final String ACCESS_TYPE_ADMIN = "solr_admin"; @@ -70,6 +79,8 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { private static final String ACCESS_TYPE_OTHERS_TAG = "solr:others"; private enum NEW_RESOURCE { admin, config, schema } +private static final String SVC_ACCESS_TYPE_CONFIG_SUFFIX = "accessTypes"; + private static final String SOLR_SVC_DEF_NAME = EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_SOLR_NAME; private static RangerServiceDef embeddedSolrServiceDef = null; @@ -85,6 +96,10 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { @Autowired private RangerValidatorFactory validatorFactory; + @Autowired + @Qualifier(value = "transactionManager") + PlatformTransactionManager txManager; + public static void main(String[] args) { logger.info("main()"); try { @@ -121,20 +136,32 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { System.exit(1); } -if (updateSolrSvcDef() != null) { -final Long resTypeSvcDefId = embeddedSolrServiceDef.getId(); -final Long tagSvcDefId = EmbeddedServiceDefsUtil.instance().getTagServiceDefId(); -updateExistingRangerResPolicy(resTypeSvcDefId); -updateExistingRangerTagPolicies(tagSvcDefId); - -deleteOldAccessTypeRefs(resTypeSvcDefId); -deleteOldAccessTypeRefs(tagSvcDefId); -} else { -logger.error("Error while updating " + SOLR_SVC_DEF_NAME + " service-def")
[ranger] 02/03: RANGER-3854: Persist db updates immediately using Transaction Management in J10056
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 062902f24ee9cfe439b19aa0c88236c6e6010b07 Author: Abhishek Kumar AuthorDate: Wed Aug 10 12:56:39 2022 -0700 RANGER-3854: Persist db updates immediately using Transaction Management in J10056 Signed-off-by: pradeep --- .../PatchForExternalUserStatusUpdate_J10056.java | 29 +++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java index f1ed0978c..f4a122b38 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java @@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; @Component public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { @@ -36,7 +42,11 @@ public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { private static final Logger logger = LoggerFactory.getLogger(PatchForExternalUserStatusUpdate_J10056.class); @Autowired - private RangerDaoManager rngrDaoMgr; + private RangerDaoManager daoManager; + + @Autowired + @Qualifier(value = "transactionManager") + PlatformTransactionManager txManager; public static void main(String[] args) { try { @@ -70,14 +80,27 @@ public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { } private void updateExternalUserStatus() { - XXPortalUserDao dao = this.rngrDaoMgr.getXXPortalUser(); + XXPortalUserDao dao = this.daoManager.getXXPortalUser(); List xXPortalUsers = dao.findByUserSourceAndStatus(RangerCommonEnums.USER_EXTERNAL,RangerCommonEnums.ACT_STATUS_DISABLED); if(CollectionUtils.isNotEmpty(xXPortalUsers)) { for (XXPortalUser xxPortalUser : xXPortalUsers) { if (xxPortalUser != null) { xxPortalUser.setStatus(RangerCommonEnums.ACT_STATUS_ACTIVE); - dao.update(xxPortalUser, true); + TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); + try { + txTemplate.execute(new TransactionCallback() { + @Override + public Object doInTransaction(TransactionStatus status) { + dao.update(xxPortalUser, true); + return null; + } + }); + } catch (Throwable ex) { + logger.error("updateExternalUserStatus(): Failed to update DB for user: " + xxPortalUser.getLoginId() + " ", ex); + throw new RuntimeException(ex); + } } } }
[ranger] branch ranger-2.4 updated (a154956e2 -> 17494fbd3)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git from a154956e2 RANGER-3816: getResourceACLs() updated to handle macros in resource values new e6d75b057 RANGER-3853: Persist db updates immediately using Transaction Management new 062902f24 RANGER-3854: Persist db updates immediately using Transaction Management in J10056 new 17494fbd3 RANGER-3857: Fix Ranger java patch J10055 performance issue The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../PatchForExternalUserStatusUpdate_J10056.java | 29 +- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 454 + .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +++- 3 files changed, 362 insertions(+), 195 deletions(-)
[ranger] branch master updated: RANGER-3857: Fix Ranger java patch J10055 performance issue
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 8dd9cae37 RANGER-3857: Fix Ranger java patch J10055 performance issue 8dd9cae37 is described below commit 8dd9cae3794b3f974146a5142f3e87b3f6917360 Author: pradeep AuthorDate: Sun Aug 14 02:42:56 2022 +0530 RANGER-3857: Fix Ranger java patch J10055 performance issue --- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 408 - 1 file changed, 238 insertions(+), 170 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java index 4684923ca..f5f9f8956 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java @@ -56,7 +56,13 @@ import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; @Component public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { @@ -90,6 +96,10 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { @Autowired private RangerValidatorFactory validatorFactory; + @Autowired + @Qualifier(value = "transactionManager") + PlatformTransactionManager txManager; + public static void main(String[] args) { logger.info("main()"); try { @@ -126,20 +136,32 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { System.exit(1); } -if (updateSolrSvcDef() != null) { -final Long resTypeSvcDefId = embeddedSolrServiceDef.getId(); -final Long tagSvcDefId = EmbeddedServiceDefsUtil.instance().getTagServiceDefId(); -updateExistingRangerResPolicy(resTypeSvcDefId); -updateExistingRangerTagPolicies(tagSvcDefId); - -deleteOldAccessTypeRefs(resTypeSvcDefId); -deleteOldAccessTypeRefs(tagSvcDefId); -} else { -logger.error("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); -throw new RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); -} + TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); + try { + txTemplate.execute(new TransactionCallback() { + @Override + public Object doInTransaction(TransactionStatus status) { + if (updateSolrSvcDef() == null) { + throw new RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); + } + return null; + } + }); + } catch (Throwable ex) { + logger.error("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); + throw new RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); + } + + final Long resTypeSvcDefId = embeddedSolrServiceDef.getId(); + final Long tagSvcDefId = EmbeddedServiceDefsUtil.instance().getTagServiceDefId(); + updateExistingRangerResPolicy(resTypeSvcDefId); + updateExistingRangerTagPolicies(tagSvcDefId); + + deleteOldAccessTypeRefs(resTypeSvcDefId); + deleteOldAccessTypeRefs(tagSvcDefId); } catch (Exception e) { -logger.error("Error whille executing PatchForSolrSvcDefAndPoliciesUpdat
[ranger] 02/02: RANGER-3854: Persist db updates immediately using Transaction Management in J10056
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 1671b142aed7b7f37257a94f71ea0bce6708b709 Author: Abhishek Kumar AuthorDate: Wed Aug 10 12:56:39 2022 -0700 RANGER-3854: Persist db updates immediately using Transaction Management in J10056 Signed-off-by: pradeep --- .../PatchForExternalUserStatusUpdate_J10056.java | 29 +++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java index f1ed0978c..f4a122b38 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java @@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; @Component public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { @@ -36,7 +42,11 @@ public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { private static final Logger logger = LoggerFactory.getLogger(PatchForExternalUserStatusUpdate_J10056.class); @Autowired - private RangerDaoManager rngrDaoMgr; + private RangerDaoManager daoManager; + + @Autowired + @Qualifier(value = "transactionManager") + PlatformTransactionManager txManager; public static void main(String[] args) { try { @@ -70,14 +80,27 @@ public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader { } private void updateExternalUserStatus() { - XXPortalUserDao dao = this.rngrDaoMgr.getXXPortalUser(); + XXPortalUserDao dao = this.daoManager.getXXPortalUser(); List xXPortalUsers = dao.findByUserSourceAndStatus(RangerCommonEnums.USER_EXTERNAL,RangerCommonEnums.ACT_STATUS_DISABLED); if(CollectionUtils.isNotEmpty(xXPortalUsers)) { for (XXPortalUser xxPortalUser : xXPortalUsers) { if (xxPortalUser != null) { xxPortalUser.setStatus(RangerCommonEnums.ACT_STATUS_ACTIVE); - dao.update(xxPortalUser, true); + TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); + try { + txTemplate.execute(new TransactionCallback() { + @Override + public Object doInTransaction(TransactionStatus status) { + dao.update(xxPortalUser, true); + return null; + } + }); + } catch (Throwable ex) { + logger.error("updateExternalUserStatus(): Failed to update DB for user: " + xxPortalUser.getLoginId() + " ", ex); + throw new RuntimeException(ex); + } } } }
[ranger] branch master updated (4ec6c5599 -> 1671b142a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 4ec6c5599 RANGER-3816: getResourceACLs() updated to handle macros in resource values new c4ee5a860 RANGER-3853: Persist db updates immediately using Transaction Management new 1671b142a RANGER-3854: Persist db updates immediately using Transaction Management in J10056 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../PatchForExternalUserStatusUpdate_J10056.java | 29 - .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +- 2 files changed, 83 insertions(+), 20 deletions(-)
[ranger] 01/02: RANGER-3853: Persist db updates immediately using Transaction Management
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit c4ee5a860424e335025b7eaa261c2289c9c93301 Author: Abhishek Kumar AuthorDate: Tue Aug 9 14:53:04 2022 -0700 RANGER-3853: Persist db updates immediately using Transaction Management Signed-off-by: pradeep --- .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +- 1 file changed, 57 insertions(+), 17 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java index bbde1a4df..99de47310 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java @@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; import java.util.List; import java.util.Map; @@ -39,6 +45,10 @@ public class PatchForSyncSourceUpdate_J10054 extends BaseLoader{ @Autowired RangerDaoManager daoManager; +@Autowired +@Qualifier(value = "transactionManager") +PlatformTransactionManager txManager; + private static final Logger logger = LoggerFactory.getLogger(PatchForSyncSourceUpdate_J10054.class); @Override @@ -87,23 +97,39 @@ public class PatchForSyncSourceUpdate_J10054 extends BaseLoader{ if (StringUtils.isNotEmpty(otherAttributes) && StringUtils.isEmpty(syncSource)){ syncSource = (String) gson.fromJson(otherAttributes, Map.class).get(UgsyncCommonConstants.SYNC_SOURCE); xUser.setSyncSource(syncSource); -if (StringUtils.isNotEmpty(syncSource)) { -XXPortalUser xXPortalUser = daoManager.getXXPortalUser().findByLoginId(xUser.getName()); -if (xXPortalUser != null && xXPortalUser.getUserSource() == 0){ -/* updating the user source to external for users which had some sync source prior to upgrade - but the user source was marked internal to due bugs which were fixed later. - See RANGER-3297 for more info -*/ -xXPortalUser.setUserSource(1); -daoManager.getXXPortalUser().update(xXPortalUser); -if (logger.isDebugEnabled()) { -logger.debug("USER: Name: " + xUser.getName() + " userSource changed to External"); + +TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); + +String finalSyncSource = syncSource; +try { +txTemplate.execute(new TransactionCallback() { +@Override +public Object doInTransaction(TransactionStatus status) { +if (StringUtils.isNotEmpty(finalSyncSource)) { +XXPortalUser xXPortalUser = daoManager.getXXPortalUser().findByLoginId(xUser.getName()); +if (xXPortalUser != null && xXPortalUser.getUserSource() == 0){ +/* updating the user source to external for users which had some sync source prior to upgrade + but the user source was marked internal to due bugs which were fixed later. + See RANGER-3297 for more info +*/ +xXPortalUser.setUserSource(1); + daoManager.getXXPortalUser().update(xXPortalUser); +if (logger.isDebugEnabled()) { +logger.debug("USER: Name: " + xUser.getName() + " userSource changed to External"); +} +} +} +daoManager.getXXUser().update(xUser); +if (logger.isDebugEnabled()) { +
[ranger] 03/04: RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 672bba42bebac8f8e9fc7ab8f5b564fee7a9552b Author: Fateh Singh AuthorDate: Wed Jul 27 15:37:15 2022 -0700 RANGER-3849 Unit test cases for ServiceREST.java to increase coverage Signed-off-by: pradeep --- .../org/apache/ranger/rest/TestServiceREST.java| 263 +++-- 1 file changed, 243 insertions(+), 20 deletions(-) diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 09d55e89d..375135a5a 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -60,20 +60,12 @@ import org.apache.ranger.db.XXSecurityZoneRefServiceDao; import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao; import org.apache.ranger.db.XXServiceDao; import org.apache.ranger.db.XXServiceDefDao; -import org.apache.ranger.entity.XXPortalUser; -import org.apache.ranger.entity.XXSecurityZone; -import org.apache.ranger.entity.XXSecurityZoneRefService; -import org.apache.ranger.entity.XXSecurityZoneRefTagService; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.plugin.model.RangerPluginInfo; -import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.entity.*; +import org.apache.ranger.plugin.model.*; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; @@ -102,14 +94,7 @@ import org.apache.ranger.service.RangerServiceDefService; import org.apache.ranger.service.RangerServiceService; import org.apache.ranger.service.RangerTransactionService; import org.apache.ranger.service.XUserService; -import org.apache.ranger.view.RangerExportPolicyList; -import org.apache.ranger.view.RangerPluginInfoList; -import org.apache.ranger.view.RangerPolicyList; -import org.apache.ranger.view.RangerServiceDefList; -import org.apache.ranger.view.RangerServiceList; -import org.apache.ranger.view.VXResponse; -import org.apache.ranger.view.VXString; -import org.apache.ranger.view.VXUser; +import org.apache.ranger.view.*; import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Rule; @@ -117,12 +102,17 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.junit.runners.MethodSorters; +import org.mockito.Answers; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import com.sun.jersey.core.header.FormDataContentDisposition; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; + +import static org.mockito.ArgumentMatchers.eq; @RunWith(MockitoJUnitRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) @@ -138,7 +128,7 @@ public class TestServiceREST { @Mock RangerValidatorFactory validatorFactory; - @Mock + @Mock(answer = Answers.RETURNS_DEEP_STUBS) RangerDaoManager daoManager; @Mock @@ -242,12 +232,19 @@ public class TestServiceREST { private String capabilityVector; + private final String grantor = "test-grantor-1"; + + private final String owner_user = "test-owner-user-1"; + + private final String zone_name = "test-zone-1"; + public void setup() { RangerSecurityContext context = new RangerSecurityContext(); context.setUserSession(new UserSessionBase()); RangerContextHolder.setSecurityContext(context); UserSessionBase currentUserSession = ContextUtil .getCurrentUserSession(); + currentUserSession.setXXPortalUser(new XXPortalUser()); currentUserSession.setUserAdmin(true); capabilityVector = Long.toHexString(new RangerPluginCapability().getPluginCapabilities()); } @@ -396,6 +393,59 @@ public class TestServiceREST { sp.setServiceId(1l); return sp; } + private List createLongList(){ + List list = new ArrayList(); + list.add
[ranger] 01/04: RANGER-3724: Create Ranger Admin API to refresh policy cache
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit bcb17f48b425bdd880b978d469961ba388ddac7c Author: Kishor Gollapalliwar AuthorDate: Wed Apr 27 18:57:43 2022 +0530 RANGER-3724: Create Ranger Admin API to refresh policy cache Signed-off-by: Mehul Parikh --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 14 +++ .../ranger/common/RangerServicePoliciesCache.java | 44 ++ .../java/org/apache/ranger/rest/ServiceREST.java | 42 +++-- 3 files changed, 97 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index f58dcd2be..41fb3bb96 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -3022,6 +3022,20 @@ public class ServiceDBStore extends AbstractServiceStore { return ret; } +public boolean resetPolicyCache(final String serviceName) { +if (LOG.isDebugEnabled()) { +LOG.debug("==> ServiceDBStore.resetPolicyCache(" + serviceName + ")"); +} + +boolean ret = RangerServicePoliciesCache.getInstance().resetCache(serviceName); + +if (LOG.isDebugEnabled()) { +LOG.debug("<== ServiceDBStore.resetPolicyCache(): ret=" + ret); +} + +return ret; +} + private static class RangerPolicyDeltaComparator implements Comparator, java.io.Serializable { @Override public int compare(RangerPolicyDelta me, RangerPolicyDelta other) { diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java index ba38836ac..b1447829b 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java @@ -139,6 +139,50 @@ public class RangerServicePoliciesCache { return ret; } +/** + * Reset policy cache using serviceName if provided. + * If serviceName is empty, reset everything. + * @param serviceName + * @return true if was able to reset policy cache, false otherwise + */ +public boolean resetCache(final String serviceName) { +if (LOG.isDebugEnabled()) { +LOG.debug("==> RangerServicePoliciesCache.resetCache({})", serviceName); +} + +boolean ret = false; +synchronized (this) { +if (!servicePoliciesMap.isEmpty()) { +if (StringUtils.isBlank(serviceName)) { +servicePoliciesMap.clear(); +if (LOG.isDebugEnabled()) { +LOG.debug("RangerServicePoliciesCache.resetCache(): Removed policy caching for all services."); +} +ret = true; +} else { +ServicePoliciesWrapper removedServicePoliciesWrapper = servicePoliciesMap.remove(serviceName.trim()); // returns null if key not found +ret = removedServicePoliciesWrapper != null; + +if (ret) { +if (LOG.isDebugEnabled()) { + LOG.debug("RangerServicePoliciesCache.resetCache(): Removed policy caching for [{}] service.", serviceName); +} +} else { +LOG.warn("RangerServicePoliciesCache.resetCache(): Caching for [{}] service not found, hence reset is skipped.", serviceName); +} +} +} else { +LOG.warn("RangerServicePoliciesCache.resetCache(): Policy cache is already empty."); +} +} + +if (LOG.isDebugEnabled()) { +LOG.debug("<== RangerServicePoliciesCache.resetCache(): ret={}", ret); +} + +return ret; +} + private class ServicePoliciesWrapper { final Long serviceId; ServicePolicies servicePolicies; diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index ee5239480..f2f328e53 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1596,8 +1596,8 @@ public class ServiceREST { LOG.debug("<== ServiceREST.secureRevokeAccess(" + serviceName + ", " + re
[ranger] branch ranger-2.4 updated (e8f007c80 -> f39efe2a9)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git from e8f007c80 RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource new bcb17f48b RANGER-3724: Create Ranger Admin API to refresh policy cache new 1afad2b4e RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch new 672bba42b RANGER-3849 Unit test cases for ServiceREST.java to increase coverage new f39efe2a9 RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../java/org/apache/ranger/biz/RoleDBStore.java| 4 +- .../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +- .../java/org/apache/ranger/biz/ServiceDBStore.java | 14 + .../ranger/common/RangerServicePoliciesCache.java | 44 + .../java/org/apache/ranger/rest/ServiceREST.java | 75 +- .../java/org/apache/ranger/rest/TestRoleREST.java | 931 + .../org/apache/ranger/rest/TestServiceREST.java| 263 +- 7 files changed, 1309 insertions(+), 26 deletions(-) create mode 100644 security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
[ranger] 02/04: RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit 1afad2b4e3521c315d90176f97ae3e6e5159f82b Author: Kishor Gollapalliwar AuthorDate: Thu May 12 14:20:40 2022 +0530 RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch Signed-off-by: Mehul Parikh --- .../java/org/apache/ranger/rest/ServiceREST.java | 53 ++ 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index f2f328e53..66f859540 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1957,12 +1957,21 @@ public class ServiceREST { return ret; } +/** + * Resets/ removes service policy cache for given service. + * @param serviceName non-empty serviceName + * @return {@code true} if successfully reseted/ removed for given service, {@code false} otherwise. + */ @GET @Path("/policies/cache/reset") @Produces({ "application/json", "application/xml" }) -public boolean resetPolicyCache(@QueryParam("name") String name) { +public boolean resetPolicyCache(@QueryParam("serviceName") String serviceName) { if (LOG.isDebugEnabled()) { -LOG.debug("==> ServiceREST.resetPolicyCache(" + name + ")"); +LOG.debug("==> ServiceREST.resetPolicyCache(" + serviceName + ")"); +} + +if (StringUtils.isEmpty(serviceName)) { +throw restErrorUtil.createRESTException("Required parameter [serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA); } // check for ADMIN access @@ -1970,13 +1979,11 @@ public class ServiceREST { boolean isServiceAdmin = false; String loggedInUser = bizUtil.getCurrentUserLoginId(); -if (StringUtils.isNotEmpty(name)) { -try { -RangerService rangerService = svcStore.getServiceByName(name); -isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); -} catch (Exception e) { -LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + name + "]", e); -} +try { +RangerService rangerService = svcStore.getServiceByName(serviceName); +isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService, loggedInUser); +} catch (Exception e) { +LOG.warn("Failed to find if user [" + loggedInUser + "] has service admin privileges on service [" + serviceName + "]", e); } if (!isServiceAdmin) { @@ -1984,7 +1991,7 @@ public class ServiceREST { } } -boolean ret = svcStore.resetPolicyCache(name); +boolean ret = svcStore.resetPolicyCache(serviceName); if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.resetPolicyCache(): ret=" + ret); @@ -1993,6 +2000,32 @@ public class ServiceREST { return ret; } +/** + * Resets/ removes service policy cache for all. + * @return {@code true} if successfully reseted/ removed, {@code false} otherwise. + */ +@GET +@Path("/policies/cache/reset-all") +@Produces({ "application/json", "application/xml" }) +public boolean resetPolicyCacheAll() { +if (LOG.isDebugEnabled()) { +LOG.debug("==> ServiceREST.resetPolicyCacheAll()"); +} + +// check for ADMIN access +if (!bizUtil.isAdmin()) { +throw restErrorUtil.createRESTException("User cannot reset policy cache", MessageEnums.OPER_NO_PERMISSION); +} + +boolean ret = svcStore.resetPolicyCache(null); + +if (LOG.isDebugEnabled()) { +LOG.debug("<== ServiceREST.resetPolicyCacheAll(): ret=" + ret); +} + +return ret; +} + @GET @Path("/policies/downloadExcel") @Produces("application/ms-excel")
[ranger] 04/04: RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git commit f39efe2a9df9acc8e977af1142279f8e86ff Author: Fateh Singh AuthorDate: Fri Jul 22 12:37:24 2022 -0700 RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly Signed-off-by: pradeep --- .../java/org/apache/ranger/biz/RoleDBStore.java| 4 +- .../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +- .../java/org/apache/ranger/rest/TestRoleREST.java | 931 + 3 files changed, 936 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java index f501f2896..c19e3e1a1 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java @@ -391,13 +391,13 @@ public class RoleDBStore implements RoleStore { public Set getRoleNames(String userName, Set userGroups) throws Exception{ Set ret = new HashSet<>(); if (StringUtils.isNotEmpty(userName)) { -List xxRoleRefUsers = roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(userName); +List xxRoleRefUsers = roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(userName); for (XXRoleRefUser xxRoleRefUser : xxRoleRefUsers) { ret.add(getRole(xxRoleRefUser.getRoleId())); } } for(String userGroup : userGroups) { -List xxRoleRefGroups = roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(userGroup); +List xxRoleRefGroups = roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(userGroup); for (XXRoleRefGroup xxRoleRefGroup : xxRoleRefGroups) { ret.add(getRole(xxRoleRefGroup.getRoleId())); } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java index 012d4c02f..66adac2b5 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java @@ -74,7 +74,9 @@ public class RoleRefUpdater { @Autowired RangerBizUtil xaBizUtil; - + public RangerDaoManager getRangerDaoManager() { + return daoMgr; + } public void createNewRoleMappingForRefTable(RangerRole rangerRole, Boolean createNonExistUserGroup) { if (rangerRole == null) { return; diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java new file mode 100644 index 0..e6d3420bd --- /dev/null +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java @@ -0,0 +1,931 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.rest; + +import org.apache.ranger.admin.client.datatype.RESTResponse; +import org.apache.ranger.biz.*; +import org.apache.ranger.common.*; +import org.apache.ranger.db.*; +import org.apache.ranger.entity.*; +import org.apache.ranger.plugin.model.RangerRole; +import org.apache.ranger.plugin.model.validation.RangerRoleValidator; +import org.apache.ranger.plugin.util.GrantRevokeRoleRequest; +import org.apache.ranger.plugin.util.RangerRoles; +import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.service.RangerRoleService; +import org.apache.ranger.service.XUserService; +import org.apache.ranger.view.RangerRoleList; +import org.apache.ranger.view.VXUser; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +imp
[ranger] branch master updated: RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 348ae02a4 RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly 348ae02a4 is described below commit 348ae02a46b7086114f0bca35d817b48f99643b3 Author: Fateh Singh AuthorDate: Fri Jul 22 12:37:24 2022 -0700 RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly --- .../java/org/apache/ranger/biz/RoleDBStore.java| 4 +- .../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +- .../java/org/apache/ranger/rest/TestRoleREST.java | 933 + 3 files changed, 938 insertions(+), 3 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java index f501f2896..c19e3e1a1 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java @@ -391,13 +391,13 @@ public class RoleDBStore implements RoleStore { public Set getRoleNames(String userName, Set userGroups) throws Exception{ Set ret = new HashSet<>(); if (StringUtils.isNotEmpty(userName)) { -List xxRoleRefUsers = roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(userName); +List xxRoleRefUsers = roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(userName); for (XXRoleRefUser xxRoleRefUser : xxRoleRefUsers) { ret.add(getRole(xxRoleRefUser.getRoleId())); } } for(String userGroup : userGroups) { -List xxRoleRefGroups = roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(userGroup); +List xxRoleRefGroups = roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(userGroup); for (XXRoleRefGroup xxRoleRefGroup : xxRoleRefGroups) { ret.add(getRole(xxRoleRefGroup.getRoleId())); } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java index 012d4c02f..66adac2b5 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java @@ -74,7 +74,9 @@ public class RoleRefUpdater { @Autowired RangerBizUtil xaBizUtil; - + public RangerDaoManager getRangerDaoManager() { + return daoMgr; + } public void createNewRoleMappingForRefTable(RangerRole rangerRole, Boolean createNonExistUserGroup) { if (rangerRole == null) { return; diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java new file mode 100644 index 0..217c1bba3 --- /dev/null +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java @@ -0,0 +1,933 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.rest; + +import org.apache.ranger.admin.client.datatype.RESTResponse; +import org.apache.ranger.biz.*; +import org.apache.ranger.common.*; +import org.apache.ranger.db.*; +import org.apache.ranger.entity.*; +import org.apache.ranger.plugin.model.RangerRole; +import org.apache.ranger.plugin.model.validation.RangerRoleValidator; +import org.apache.ranger.plugin.util.GrantRevokeRoleRequest; +import org.apache.ranger.plugin.util.RangerRoles; +import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.service.RangerRoleService; +import org.apache.ranger.ser
[ranger] branch master updated: RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 3dc951065 RANGER-3849 Unit test cases for ServiceREST.java to increase coverage 3dc951065 is described below commit 3dc9510658c77dee1f1cd741497da0494c33cb68 Author: Fateh Singh AuthorDate: Wed Jul 27 15:37:15 2022 -0700 RANGER-3849 Unit test cases for ServiceREST.java to increase coverage Signed-off-by: pradeep --- .../org/apache/ranger/rest/TestServiceREST.java| 263 +++-- 1 file changed, 243 insertions(+), 20 deletions(-) diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 09d55e89d..375135a5a 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -60,20 +60,12 @@ import org.apache.ranger.db.XXSecurityZoneRefServiceDao; import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao; import org.apache.ranger.db.XXServiceDao; import org.apache.ranger.db.XXServiceDefDao; -import org.apache.ranger.entity.XXPortalUser; -import org.apache.ranger.entity.XXSecurityZone; -import org.apache.ranger.entity.XXSecurityZoneRefService; -import org.apache.ranger.entity.XXSecurityZoneRefTagService; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.plugin.model.RangerPluginInfo; -import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.entity.*; +import org.apache.ranger.plugin.model.*; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; @@ -102,14 +94,7 @@ import org.apache.ranger.service.RangerServiceDefService; import org.apache.ranger.service.RangerServiceService; import org.apache.ranger.service.RangerTransactionService; import org.apache.ranger.service.XUserService; -import org.apache.ranger.view.RangerExportPolicyList; -import org.apache.ranger.view.RangerPluginInfoList; -import org.apache.ranger.view.RangerPolicyList; -import org.apache.ranger.view.RangerServiceDefList; -import org.apache.ranger.view.RangerServiceList; -import org.apache.ranger.view.VXResponse; -import org.apache.ranger.view.VXString; -import org.apache.ranger.view.VXUser; +import org.apache.ranger.view.*; import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.Rule; @@ -117,12 +102,17 @@ import org.junit.Test; import org.junit.rules.ExpectedException; import org.junit.runner.RunWith; import org.junit.runners.MethodSorters; +import org.mockito.Answers; import org.mockito.InjectMocks; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import com.sun.jersey.core.header.FormDataContentDisposition; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; + +import static org.mockito.ArgumentMatchers.eq; @RunWith(MockitoJUnitRunner.class) @FixMethodOrder(MethodSorters.NAME_ASCENDING) @@ -138,7 +128,7 @@ public class TestServiceREST { @Mock RangerValidatorFactory validatorFactory; - @Mock + @Mock(answer = Answers.RETURNS_DEEP_STUBS) RangerDaoManager daoManager; @Mock @@ -242,12 +232,19 @@ public class TestServiceREST { private String capabilityVector; + private final String grantor = "test-grantor-1"; + + private final String owner_user = "test-owner-user-1"; + + private final String zone_name = "test-zone-1"; + public void setup() { RangerSecurityContext context = new RangerSecurityContext(); context.setUserSession(new UserSessionBase()); RangerContextHolder.setSecurityContext(context); UserSessionBase currentUserSession = ContextUtil .getCurrentUserSession(); + currentUserSession.setXXPortalUser(new XXPortalUser()); currentUserSession.setUserAdmin(true); capabilityVector = Long.toHexString(new RangerPluginCapability().getPluginCapabilities()); } @@ -396,6 +393,59 @
[ranger] branch ranger-2.4 updated: RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new e8f007c80 RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource e8f007c80 is described below commit e8f007c80b80bd56803ce9857791851e7d8f864e Author: pradeep AuthorDate: Thu Jul 14 11:54:03 2022 +0530 RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource --- .../src/main/java/org/apache/ranger/plugin/store/TagValidator.java | 1 + 1 file changed, 1 insertion(+) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java index 08b1e45fd..699e49e17 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java @@ -150,6 +150,7 @@ public class TagValidator { if (ret == null) { RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource); resource.setResourceSignature(serializer.getSignature()); + ret = tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(), resource.getResourceSignature()); } return ret;
[ranger] branch master updated: RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new a9fdb1beb RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource a9fdb1beb is described below commit a9fdb1beb1a43ff3cf3b638df1022e96414056ce Author: pradeep AuthorDate: Thu Jul 14 11:54:03 2022 +0530 RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource --- .../src/main/java/org/apache/ranger/plugin/store/TagValidator.java | 1 + 1 file changed, 1 insertion(+) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java index 08b1e45fd..699e49e17 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java @@ -150,6 +150,7 @@ public class TagValidator { if (ret == null) { RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource); resource.setResourceSignature(serializer.getSignature()); + ret = tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(), resource.getResourceSignature()); } return ret;
[ranger] branch ranger-2.4 updated: RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 382490b10 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature 382490b10 is described below commit 382490b100531dd1d299cd82244ded66937f894a Author: pradeep AuthorDate: Mon Aug 1 14:50:07 2022 +0530 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature --- .../apache/ranger/biz/RangerPolicyRetriever.java | 2 +- .../java/org/apache/ranger/db/XXPolicyDao.java | 32 ++ .../java/org/apache/ranger/db/XXPortalUserDao.java | 21 + ...ForUpdateToUniqueResoureceSignature_J10053.java | 50 ++ .../main/resources/META-INF/jpa_named_queries.xml | 12 ++ 5 files changed, 116 insertions(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java index 238fecd48..e94c37f7b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -343,7 +343,7 @@ public class RangerPolicyRetriever { ret = userScreenNames.get(userId); if(ret == null) { - XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + XXPortalUser user = daoMgr.getXXPortalUser().findById(userId); if(user != null) { ret = user.getPublicScreenName(); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index 54191d828..f329c0eff 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -18,7 +18,9 @@ package org.apache.ranger.db; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.persistence.NoResultException; @@ -354,4 +356,34 @@ public class XXPolicyDao extends BaseDao { } return ret; } + + public Map findDuplicatePoliciesByServiceAndResourceSignature() { + Map policies = new HashMap(); + try { + List rows = (List) getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList(); + if (rows != null) { + for (Object[] row : rows) { + policies.put((String) row[0], (Long) row[1]); + } + } + } catch (NoResultException e) { + return null; + } catch (Exception ex) { + } + return policies; + } + + public List findByServiceIdAndResourceSignature(Long serviceId, String policySignature) { + if (policySignature == null || serviceId == null) { + return new ArrayList(); + } + try { + return getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature", tClass) + .setParameter("serviceId", serviceId) + .setParameter("resSignature", policySignature) + .getResultList(); + } catch (NoResultException e) { + return new ArrayList(); + } + } } \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java index 8d15a324e..1787eeae6 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java @@ -128,4 +128,25 @@ public class XXPortalUserDao extends BaseDao { return null; } } + + public XXPortalUser findById(Long id) { + XXPortalUser xXPortalUser = null; + if (id == null) { + return xXPortalUser; + } + try { + xXPortalUser = new XXPortalUser(); + Object[] row = (Object[]) getEntityManager().createNamedQuery("XXPortalUser.findB
[ranger] branch master updated: RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 1199de317 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature 1199de317 is described below commit 1199de3175a588aa4593773d94f0cb1a3235b216 Author: pradeep AuthorDate: Mon Aug 1 14:50:07 2022 +0530 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature --- .../apache/ranger/biz/RangerPolicyRetriever.java | 2 +- .../java/org/apache/ranger/db/XXPolicyDao.java | 32 ++ .../java/org/apache/ranger/db/XXPortalUserDao.java | 21 + ...ForUpdateToUniqueResoureceSignature_J10053.java | 50 ++ .../main/resources/META-INF/jpa_named_queries.xml | 12 ++ 5 files changed, 116 insertions(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java index 238fecd48..e94c37f7b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -343,7 +343,7 @@ public class RangerPolicyRetriever { ret = userScreenNames.get(userId); if(ret == null) { - XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + XXPortalUser user = daoMgr.getXXPortalUser().findById(userId); if(user != null) { ret = user.getPublicScreenName(); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index 4677c37f3..dc58be3df 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -18,7 +18,9 @@ package org.apache.ranger.db; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.persistence.NoResultException; @@ -356,4 +358,34 @@ public class XXPolicyDao extends BaseDao { } return ret; } + + public Map findDuplicatePoliciesByServiceAndResourceSignature() { + Map policies = new HashMap(); + try { + List rows = (List) getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList(); + if (rows != null) { + for (Object[] row : rows) { + policies.put((String) row[0], (Long) row[1]); + } + } + } catch (NoResultException e) { + return null; + } catch (Exception ex) { + } + return policies; + } + + public List findByServiceIdAndResourceSignature(Long serviceId, String policySignature) { + if (policySignature == null || serviceId == null) { + return new ArrayList(); + } + try { + return getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature", tClass) + .setParameter("serviceId", serviceId) + .setParameter("resSignature", policySignature) + .getResultList(); + } catch (NoResultException e) { + return new ArrayList(); + } + } } \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java index 8d15a324e..1787eeae6 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java @@ -128,4 +128,25 @@ public class XXPortalUserDao extends BaseDao { return null; } } + + public XXPortalUser findById(Long id) { + XXPortalUser xXPortalUser = null; + if (id == null) { + return xXPortalUser; + } + try { + xXPortalUser = new XXPortalUser(); + Object[] row = (Object[]) getEntityManager().createNamedQuery("XXPortalUser.findById").setParameter("
[ranger] branch master updated: RANGER-3829: IncrementalSync value to be read from config (FIX)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 3bd591fbd RANGER-3829: IncrementalSync value to be read from config (FIX) 3bd591fbd is described below commit 3bd591fbd1f0434b47263c2d99cf634f5ace8dd0 Author: Abhishek Kumar AuthorDate: Mon Jul 18 18:49:20 2022 -0700 RANGER-3829: IncrementalSync value to be read from config (FIX) Signed-off-by: pradeep --- .../org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java index 550775f65..b1a6af183 100644 --- a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java @@ -150,7 +150,7 @@ public class LdapUserGroupBuilder implements UserGroupSource { ugsyncAuditInfo = new UgsyncAuditInfo(); ldapSyncSourceInfo = new LdapSyncSourceInfo(); ldapSyncSourceInfo.setLdapUrl(ldapUrl); - ldapSyncSourceInfo.setIncrementalSycn("True"); + ldapSyncSourceInfo.setIncrementalSycn(Boolean.toString(config.isDeltaSyncEnabled())); ldapSyncSourceInfo.setUserSearchEnabled(Boolean.toString(userSearchEnabled)); ldapSyncSourceInfo.setGroupSearchEnabled(Boolean.toString(groupSearchEnabled)); ldapSyncSourceInfo.setGroupSearchFirstEnabled(Boolean.toString(groupSearchFirstEnabled));
[ranger] branch master updated: RANGER-3813: Fix ConcurrentModificationException in UnixUserGroupBuilder
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new c51fedfba RANGER-3813: Fix ConcurrentModificationException in UnixUserGroupBuilder c51fedfba is described below commit c51fedfba9efb61c1ff7bf9b41f4db4b965fe1a7 Author: Abhishek Kumar AuthorDate: Tue Jun 28 20:45:59 2022 -0700 RANGER-3813: Fix ConcurrentModificationException in UnixUserGroupBuilder Signed-off-by: pradeep --- .../unixusersync/process/UnixUserGroupBuilder.java | 134 - 1 file changed, 51 insertions(+), 83 deletions(-) diff --git a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java index 7653dfdbe..d6b54c30a 100644 --- a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java +++ b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java @@ -60,8 +60,7 @@ public class UnixUserGroupBuilder implements UserGroupSource { static final String LINUX_GET_ALL_GROUPS_CMD = "getent group"; static final String LINUX_GET_GROUP_CMD = "getent group %s"; - // mainly for testing purposes - // there might be a better way + // mainly for testing purposes, there might be a better way static final String MAC_GET_ALL_USERS_CMD = "dscl . -readall /Users UniqueID PrimaryGroupID | " + "awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;}" + "/RecordName: / {name = $2;i = 0;}/PrimaryGroupID: / {gid = $2;}" + @@ -107,7 +106,9 @@ public class UnixUserGroupBuilder implements UserGroupSource { public static void main(String[] args) throws Throwable { UnixUserGroupBuilder ugbuilder = new UnixUserGroupBuilder(); ugbuilder.init(); - ugbuilder.print(); + if (LOG.isDebugEnabled()) { + ugbuilder.print(); + } } public UnixUserGroupBuilder() { @@ -185,11 +186,7 @@ public class UnixUserGroupBuilder implements UserGroupSource { } long TempGroupFileModifiedAt = new File(unixGroupFile).lastModified(); - if (groupFileModifiedAt != TempGroupFileModifiedAt) { - return true; - } - - return false; + return groupFileModifiedAt != TempGroupFileModifiedAt; } @@ -225,12 +222,12 @@ public class UnixUserGroupBuilder implements UserGroupSource { private void buildUserGroupInfo() throws Throwable { - groupId2groupNameMap = new HashMap(); - sourceUsers = new HashMap<>(); - sourceGroups = new HashMap<>(); - sourceGroupUsers = new HashMap<>(); - groupUserTable = HashBasedTable.create(); - allGroups = new HashSet<>(); + groupId2groupNameMap = new HashMap<>(); + sourceUsers = new HashMap<>(); + sourceGroups = new HashMap<>(); + sourceGroupUsers = new HashMap<>(); + groupUserTable = HashBasedTable.create(); + allGroups= new HashSet<>(); if (OS.startsWith("Mac")) { buildUnixGroupList(MAC_GET_ALL_GROUPS_CMD, MAC_GET_GROUP_CMD, false); @@ -245,11 +242,11 @@ public class UnixUserGroupBuilder implements UserGroupSource { Iterator groupUserTableIterator = groupUserTable.rowKeySet().iterator(); while (groupUserTableIterator.hasNext()) { - String groupName = groupUserTableIterator.next(); - Map groupUsersMap = groupUserTable.row(groupName); - Set userSet = new HashSet(); - for(String userName : groupUsersMap.keySet()){ - //String transformUserName = userNameTransform(entry.getKey()); + String groupName = groupUserTableIterator.next(); + Map groupUsersMap = groupUserTable.row(groupName); + Set userSet = new HashSet<>(); + + for (String userName : groupUsersMap.keySet()) { if (sourceUsers.containsKey(userName)) { userSet.add(userName); } @@ -266,23 +263,17 @@ public class UnixUserGroupBuilder implements UserGroupSource { private void print() { for(S
[ranger] branch master updated: RANGER-3825: Ranger internal user is unable to change his password after the upgrade
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new e10a247cc RANGER-3825: Ranger internal user is unable to change his password after the upgrade e10a247cc is described below commit e10a247cccb9db324a0ddbe3b53c3dcb4b271ad4 Author: pradeep AuthorDate: Wed Jul 13 10:30:05 2022 +0530 RANGER-3825: Ranger internal user is unable to change his password after the upgrade --- security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 53fa007aa..086c6e5d7 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -1107,9 +1107,9 @@ public class UserMgr { String sha256PasswordUpdateDisable = PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false"); if ("false".equalsIgnoreCase(sha256PasswordUpdateDisable)) { - saltEncodedpasswd = encodeString(password, loginId, "MD5"); - } else { saltEncodedpasswd = encodeString(password, loginId, "SHA-256"); + } else { + saltEncodedpasswd = encodeString(password, loginId, "MD5"); } }
[ranger] branch master updated: RANGER-3794: Improve performance of delete users/groups utility
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new f59f3a7e4 RANGER-3794: Improve performance of delete users/groups utility f59f3a7e4 is described below commit f59f3a7e47ed3673d62df6c2f74450185f6e3b02 Author: Fateh Singh AuthorDate: Fri Jun 17 07:57:28 2022 -0700 RANGER-3794: Improve performance of delete users/groups utility Signed-off-by: pradeep --- security-admin/scripts/deleteUserGroupUtil.py | 83 +++ 1 file changed, 35 insertions(+), 48 deletions(-) diff --git a/security-admin/scripts/deleteUserGroupUtil.py b/security-admin/scripts/deleteUserGroupUtil.py index 1c9f58385..8bca54acb 100644 --- a/security-admin/scripts/deleteUserGroupUtil.py +++ b/security-admin/scripts/deleteUserGroupUtil.py @@ -14,13 +14,12 @@ import argparse import os,sys -import pycurl import getpass import logging -try: - from StringIO import StringIO as BytesIO -except ImportError: - from io import BytesIO +import time +import requests + +s = requests.Session() def log(msg,type): if type == 'info': @@ -54,44 +53,25 @@ def printUsage(): log("[I] -debug: Enables debugging","info") sys.exit(1) -def processRequest(url,usernamepassword,data,method,isHttps,certfile,isDebug): - buffer = BytesIO() - header = BytesIO() - c = pycurl.Curl() - c.setopt(c.URL, url) - c.setopt(pycurl.HTTPHEADER, ['Content-Type: application/json','Accept: application/json']) - c.setopt(pycurl.USERPWD, usernamepassword) - c.setopt(pycurl.VERBOSE, 0) - if isHttps==True: - c.setopt(pycurl.SSL_VERIFYPEER,1) - c.setopt(pycurl.SSL_VERIFYHOST,2) - c.setopt(pycurl.CAINFO, certfile) - - c.setopt(c.WRITEFUNCTION ,buffer.write) - c.setopt(c.HEADERFUNCTION,header.write) - # setting proper method and parameters - if method == 'get' : - c.setopt(pycurl.HTTPGET, 1) - elif method == 'delete' : - c.setopt(pycurl.CUSTOMREQUEST, "DELETE") - c.setopt(c.POSTFIELDS, str(data)) - else : - log("[E] Unknown Http Request method found, only get or delete method are allowed!","error") +def processRequest(url, username, password, data, method, isHttps, certfile, isDebug): + verify = isHttps + if isHttps: + verify = certfile + if method.lower() == 'get': + response = s.get(url, data=data, auth=(username, password),verify=verify) + elif method.lower() == 'delete': + response = s.delete(url, data=data, auth=(username, password),verify=verify) + else: + log("[E] Unsupported method"+method,'error') + pass - c.perform() - # getting response - response = buffer.getvalue() - headerResponse = header.getvalue() - response_code=0 - response_code=str(c.getinfo(pycurl.RESPONSE_CODE)) - response_code=int(response_code) - buffer.close() - header.close() - c.close() + #log("[I] Request time: %s seconds" % str(response.elapsed.total_seconds()),"info") + response_code = response.status_code if isDebug ==True or (response_code!=200 and response_code!=204): - log('Request URL = ' + str(url), "info") - log('Response= ' + str(headerResponse), "info") + log('Request URL = ' + str(url),'debug') + log('Response= ' + str(response.headers),'debug') return response_code + def validateArgs(argv): if(len(argv)<7): log("[E] insufficient number of arguments. Found " + str(len(argv)) + "; expected at least 7","error") @@ -121,6 +101,7 @@ def validateArgs(argv): printUsage() def main(argv): + start_time = time.time() FORMAT = '%(asctime)-15s %(message)s' logging.basicConfig(format=FORMAT, level=logging.DEBUG) inputPath="" @@ -213,16 +194,18 @@ def main(argv): if isUser==True and isGroup==True: log("[E] -users and -groups both option were provided, only one is allowed.","error") printUsage() + io_time = 0 if password =="" : + io_start_time = time.time() password=getpass.getpass("Enter Ranger Admin password : ") - - usernamepassword=user+":"+password + io
[ranger] branch master updated: RANGER-3806: Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new ef641366b RANGER-3806: Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db ef641366b is described below commit ef641366b861afb7a6451023e6a76ba35aea3f19 Author: pradeep AuthorDate: Fri Jun 24 14:49:38 2022 +0530 RANGER-3806: Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db --- .../src/main/java/org/apache/ranger/service/XGroupUserService.java | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java index 9345e8180..5cfcb785c 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java @@ -305,8 +305,11 @@ public class XGroupUserService extends xxGroupUser = new XXGroupUser(); groupUserMappingExists = false; } - xxGroupUser.setAddedByUserId(createdByUserId); - xxGroupUser.setUpdatedByUserId(createdByUserId); + XXPortalUser xXPortalUser = daoManager.getXXPortalUser().getById(createdByUserId); + if (xXPortalUser != null) { + xxGroupUser.setAddedByUserId(createdByUserId); + xxGroupUser.setUpdatedByUserId(createdByUserId); + } if (groupUserMappingExists) { xxGroupUser = getDao().update(xxGroupUser);
[ranger] branch master updated: RANGER-3807: getUserRoles API gives 200 for non existing user passed to this API
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new d247fece1 RANGER-3807: getUserRoles API gives 200 for non existing user passed to this API d247fece1 is described below commit d247fece105d926b4487cfd43fcefedad94c Author: pradeep AuthorDate: Fri Jun 24 16:40:46 2022 +0530 RANGER-3807: getUserRoles API gives 200 for non existing user passed to this API --- security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index e00767643..d2bc59a02 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -698,6 +698,9 @@ public class RoleREST { LOG.debug("==> getUserRoles()"); } try { +if (xUserService.getXUserByUserName(userName) == null) { +throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "User:" + userName + " not found", false); +} Set roleList = roleStore.getRoleNames(userName, userMgr.getGroupsForUser(userName)); for (RangerRole role : roleList) { ret.add(role.getName());
[ranger] branch master updated: RANGER-3797 : Not able to create security zone for solr service after upgrade
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new fc7ad98fb RANGER-3797 : Not able to create security zone for solr service after upgrade fc7ad98fb is described below commit fc7ad98fbb2ee7bb7d4cd3329abc438a73e0444a Author: mateen.mansoori AuthorDate: Tue Jun 21 16:11:53 2022 +0530 RANGER-3797 : Not able to create security zone for solr service after upgrade Signed-off-by: pradeep --- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 56 ++ 1 file changed, 46 insertions(+), 10 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java index 949967cd3..4684923ca 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java @@ -27,8 +27,8 @@ import java.util.Map; import java.util.Set; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; -import org.apache.log4j.Logger; import org.apache.ranger.biz.SecurityZoneDBStore; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.RangerValidatorFactory; @@ -45,6 +45,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerSecurityZone; import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService; +import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; @@ -52,12 +53,14 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.util.CLIUtil; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @Component public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { -private static final Logger logger = Logger.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class); +private static final Logger logger = LoggerFactory.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class); private static final String ACCESS_TYPE_UPDATE = "update"; private static final String ACCESS_TYPE_QUERY = "query"; private static final String ACCESS_TYPE_ADMIN = "solr_admin"; @@ -70,6 +73,8 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { private static final String ACCESS_TYPE_OTHERS_TAG = "solr:others"; private enum NEW_RESOURCE { admin, config, schema } +private static final String SVC_ACCESS_TYPE_CONFIG_SUFFIX = "accessTypes"; + private static final String SOLR_SVC_DEF_NAME = EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_SOLR_NAME; private static RangerServiceDef embeddedSolrServiceDef = null; @@ -134,7 +139,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { throw new RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def"); } } catch (Exception e) { -logger.error("Error whille executing PatchForSolrSvcDefAndPoliciesUpdate_J10055.", e); +logger.error("Error whille executing PatchForSolrSvcDefAndPoliciesUpdate_J10055 - ", e); System.exit(1); } @@ -142,7 +147,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { // For RANGER-3725 - Update atlas default audit filter updateDefaultAuditFilter(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); } catch (Throwable t) { - logger.error("Failed to update atlas default audit filter, Error - ", t); + logger.error("Failed to update atlas default audit filter - ", t); System.exit(1); } @@ -159,6 +164,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader { filter