[jira] [Resolved] (RANGER-2849) Allow Ranger to be configurable to not disclose server version
[ https://issues.apache.org/jira/browse/RANGER-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal resolved RANGER-2849. - Resolution: Fixed > Allow Ranger to be configurable to not disclose server version > -- > > Key: RANGER-2849 > URL: https://issues.apache.org/jira/browse/RANGER-2849 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mehul Parikh >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2849-V1.patch > > > Allow Ranger to be configurable to not disclose server version -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-2849) Allow Ranger to be configurable to not disclose server version
[ https://issues.apache.org/jira/browse/RANGER-2849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17130622#comment-17130622 ] Pradeep Agrawal commented on RANGER-2849: - Patch committed : [https://github.com/apache/ranger/commit/734485dd2149db628b3353279a9f16b45de91956] [~maheshbandal] : Please close the RR. > Allow Ranger to be configurable to not disclose server version > -- > > Key: RANGER-2849 > URL: https://issues.apache.org/jira/browse/RANGER-2849 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mehul Parikh >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > Attachments: RANGER-2849-V1.patch > > > Allow Ranger to be configurable to not disclose server version -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: Review Request 72571: RANGER-2849: Allow Ranger to be configurable to not disclose server version
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72571/#review220991 --- Ship it! Ship It! - Kishor Gollapalliwar On June 5, 2020, 2:01 p.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72571/ > --- > > (Updated June 5, 2020, 2:01 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2849 > https://issues.apache.org/jira/browse/RANGER-2849 > > > Repository: ranger > > > Description > --- > > Allow Ranger to be configurable to not disclose server version > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > dc931c25d > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 3eb47f932 > > > Diff: https://reviews.apache.org/r/72571/diff/1/ > > > Testing > --- > > After getting error/exception ranger does not disclose server version if > ranger.valve.errorreportvalve.showserverinfo set to false. When > ranger.valve.errorreportvalve.showreport is set to false; it does not > disclose exception message in response. > > > Thanks, > > Mahesh Bandal > >
[jira] [Updated] (RANGER-2852) Add .gitattributes file to prevent CRLF and LF mismatches for source and text files
[ https://issues.apache.org/jira/browse/RANGER-2852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2852: Attachment: 0001-RANGER-2852-Add-.gitattributes-file-to-prevent-CRLF-.patch > Add .gitattributes file to prevent CRLF and LF mismatches for source and text > files > --- > > Key: RANGER-2852 > URL: https://issues.apache.org/jira/browse/RANGER-2852 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Attachments: > 0001-RANGER-2852-Add-.gitattributes-file-to-prevent-CRLF-.patch > > > Source code in Ranger repo has a bunch of files that have CRLF endings. > I would like to avoid that by creating .gitattributes file which prevents > sources from having CRLF entries in text files. > I am adding a couple of links here to give more primer on what exactly is the > issue and how we are trying to fix it. > # [http://git-scm.com/docs/gitattributes#_checking_out_and_checking_in] > # > [http://stackoverflow.com/questions/170961/whats-the-best-crlf-handling-strategy-with-git] -- This message was sent by Atlassian Jira (v8.3.4#803005)
Review Request 72580: RANGER-2852: Add .gitattributes file to prevent CRLF and LF mismatches for source and text files
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72580/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Colm O hEigeartaigh, Gautam Borad, Jayendra Parab, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, Velmurugan Periasamy, Qiang Zhang, and Zsombor Gegesy. Bugs: RANGER-2852 https://issues.apache.org/jira/browse/RANGER-2852 Repository: ranger Description --- **Problem Statement:** When existing java file have ^M character then patch does not get apply. Source code in Ranger repo has several files that have CRLF endings. With more development happening on windows there is a higher chance of more CRLF files getting into the source code. **Proposed Solution:** Inspired from HADOOP-8911 and HADOOP-8912 I would like to avoid that by creating .gitattributes file which prevents sources from having CRLF entries in text files. I am adding a couple of links here to give more primer on what exactly is the issue and how we can try to fix it. http://git-scm.com/docs/gitattributes#_checking_out_and_checking_in http://stackoverflow.com/questions/170961/whats-the-best-crlf-handling-strategy-with-git Diffs - .gitattributes PRE-CREATION Diff: https://reviews.apache.org/r/72580/diff/1/ Testing --- Build successful with this patch. Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-2853) "Unauthenticated : Please check the permission in the policy for the user": An NPE in ranger admin when enable kms.
[ https://issues.apache.org/jira/browse/RANGER-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-2853: Fix Version/s: 2.1.0 > "Unauthenticated : Please check the permission in the policy for the user": > An NPE in ranger admin when enable kms. > --- > > Key: RANGER-2853 > URL: https://issues.apache.org/jira/browse/RANGER-2853 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.2.0 >Reporter: gaozhan ding >Priority: Major > Fix For: 2.1.0 > > Attachments: > 0001-RANGER-2853-fix-NPE-error-in-ranger-admin-when-enabl.patch, image.png > > > We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we > got an error from ranger admin web ui. On the premise that all configurations > have been completed, I can not list keys in ranger admin, errors are as > follows: Unauthenticated : Please check the permission in the policy for the > user. > {panel:title=logs in ranger admin:} > -XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO > org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request > failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the > permission in the policy for the user > javax.ws.rs.WebApplicationException > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56) > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325) > at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215) > at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87) > at > org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke() > .. > {panel} > I studied the problem and found that this problem have nothing to do with > authentication, it is an exception caused by NPE. I try print that exception: > {panel:title=NPE} > -XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR > org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger: > java.lang.NullPointerException > at > org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395) > at org.apache.hadoop.security.User.(User.java:48) > at > org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66) > at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574) > at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152) > at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85) > at > org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke() > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > at > org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) > at > org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys() > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRu
Re: Review Request 72571: RANGER-2849: Allow Ranger to be configurable to not disclose server version
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72571/#review220987 --- Ship it! Ship It! - Pradeep Agrawal On June 5, 2020, 2:01 p.m., Mahesh Bandal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72571/ > --- > > (Updated June 5, 2020, 2:01 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, > and Velmurugan Periasamy. > > > Bugs: RANGER-2849 > https://issues.apache.org/jira/browse/RANGER-2849 > > > Repository: ranger > > > Description > --- > > Allow Ranger to be configurable to not disclose server version > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > dc931c25d > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 3eb47f932 > > > Diff: https://reviews.apache.org/r/72571/diff/1/ > > > Testing > --- > > After getting error/exception ranger does not disclose server version if > ranger.valve.errorreportvalve.showserverinfo set to false. When > ranger.valve.errorreportvalve.showreport is set to false; it does not > disclose exception message in response. > > > Thanks, > > Mahesh Bandal > >
[jira] [Closed] (RANGER-2853) "Unauthenticated : Please check the permission in the policy for the user": An NPE in ranger admin when enable kms.
[ https://issues.apache.org/jira/browse/RANGER-2853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] gaozhan ding closed RANGER-2853. patch has merged in master > "Unauthenticated : Please check the permission in the policy for the user": > An NPE in ranger admin when enable kms. > --- > > Key: RANGER-2853 > URL: https://issues.apache.org/jira/browse/RANGER-2853 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.2.0 >Reporter: gaozhan ding >Priority: Major > Attachments: > 0001-RANGER-2853-fix-NPE-error-in-ranger-admin-when-enabl.patch, image.png > > > We use ranger with kerberos. When enable ranger-kms for hdfs encryption, we > got an error from ranger admin web ui. On the premise that all configurations > have been completed, I can not list keys in ranger admin, errors are as > follows: Unauthenticated : Please check the permission in the policy for the > user. > {panel:title=logs in ranger admin:} > -XX-XX 13:09:39,164 [http-bio-6182-exec-10] INFO > org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request > failed. loginId=keyadmin, logMessage=Unauthenticated : Please check the > permission in the policy for the user > javax.ws.rs.WebApplicationException > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56) > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:325) > at org.apache.ranger.rest.XKeyREST.handleError(XKeyREST.java:215) > at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:87) > at > org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke() > .. > {panel} > I studied the problem and found that this problem have nothing to do with > authentication, it is an exception caused by NPE. I try print that exception: > {panel:title=NPE} > -XX-XX 07:16:42,615 [http-bio-6182-exec-2] ERROR > org.apache.ranger.biz.KmsKeyMgr (KmsKeyMgr.java:176) - test_for_ranger: > java.lang.NullPointerException > at > org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:395) > at org.apache.hadoop.security.User.(User.java:48) > at > org.apache.hadoop.security.SecureClientLogin.loginUserFromKeytab(SecureClientLogin.java:66) > at org.apache.ranger.biz.KmsKeyMgr.getSubjectForKerberos(KmsKeyMgr.java:574) > at org.apache.ranger.biz.KmsKeyMgr.searchKeys(KmsKeyMgr.java:152) > at org.apache.ranger.rest.XKeyREST.searchKeys(XKeyREST.java:85) > at > org.apache.ranger.rest.XKeyREST$$FastClassBySpringCGLIB$$c5260d52.invoke() > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > at > org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671) > at > org.apache.ranger.rest.XKeyREST$$EnhancerBySpringCGLIB$$5010f39f.searchKeys() > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147
Re: Review Request 72579: RANGER-2853:"Unauthenticated : Please check the permission in the policy for the user": An NPE in ranger admin when enable kms.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72579/#review220985 --- Ship it! Ship It! - Pradeep Agrawal On June 9, 2020, 1:22 p.m., ding gaozhan wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72579/ > --- > > (Updated June 9, 2020, 1:22 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-2853 > https://issues.apache.org/jira/browse/RANGER-2853 > > > Repository: ranger > > > Description > --- > > fix a NPE error in ranger-admin when enable kms with kerberos. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 84cee5c8c > > > Diff: https://reviews.apache.org/r/72579/diff/1/ > > > Testing > --- > > Manual test passed > > > Thanks, > > ding gaozhan > >