Re: Review Request 74880: RANGER-4698: Audit UI improvements with respect to values overflowing into other columns
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74880/ --- (Updated Feb. 14, 2024, 3:32 a.m.) Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, and Ramesh Mani. Bugs: RANGER-4698 https://issues.apache.org/jira/browse/RANGER-4698 Repository: ranger Description --- In the Ranger react UI, in the audits, if the length of certain fields is long, the value is overflowing into other columns. In such scenarios, the value must be clipped in the audit display tables. Improvements have to be added in :- 1. Access Audits - Service Name and Cluster Name fields 2. Plugin Status Audits - Service Name field 3. Login sessions Audits - Login Id field Diffs - security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx 8e12ec654 security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/LoginSessionsLogs.jsx 37aa0e01e security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginStatusLogs.jsx d798a5fd5 Diff: https://reviews.apache.org/r/74880/diff/1/ Testing --- Applied the patch on a cluster and ensured that the values are clipped when the value is long, and ensured that the text is not overflowing into other columns Thanks, Abhishek Patil
[jira] [Updated] (RANGER-4700) Audit logs for Masking policy is missing data mask type entry
[ https://issues.apache.org/jira/browse/RANGER-4700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4700: Fix Version/s: (was: 3.0.0) > Audit logs for Masking policy is missing data mask type entry > - > > Key: RANGER-4700 > URL: https://issues.apache.org/jira/browse/RANGER-4700 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Audit logs for Masking policy is missing data mask type entry. > *Current Behaviour :-* > * Audit logs for Masking policy is missing data mask type entry for having > datamasklabel > other than "Custom". > *Steps to repro :-* > 1) Inside Hive service, navigate hive masking policy listing page. > 2) Click on "Add New Policy", add all the details. Under policy item section > add select masking option. Now save the policy > 3) Go to Audits, Admin page, click on the audit record of above newly policy. > 4) Under "Masking Policy Items" table we would not see Data mask Types > details. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4697) GDS: The GDS cache is not updated when the name of a security zone is modified which is linked with a datashare
[ https://issues.apache.org/jira/browse/RANGER-4697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anand Nadar updated RANGER-4697: Description: Steps to reproduce: 1. Create a datashare DSH-1, with zone1 and service1 2. Now download the GDS cache for service1. Note down the gds version as well (The response has the security zone name) 3. Now modify the zoneName to zone-test. 4. Now check the response of GDS cache download api, it's gds version would not be incremented and it will also contain the old security zone name. 5. Due to this the access enforcement fails. When the zone name is modified, then the gds version is not updated. (Because the datshare object contains the zoneID and therefore the zone name change does not affect the object) However, the GDS cache contains the security zone name which is used to evaluate access. But this new change of zone name is not taken by the cache because the service specific gds version is not updated. And because of this the access enforcement fails for GDS policies. Resolution: To address this issue, upon modification of the security-zone, the service-specific GDS versions for all services associated with that particular zone must be updated, if they are associated with a datashare. was: Steps to reproduce: 1. Create a datashare DSH-1, with zone1 and service1 2. Now download the GDS cache for service1. Note down the gds version as well (The response has the security zone name) 3. Now modify the zoneName to zone-test. 4. Now check the response of GDS cache download api, it's gds version would not be incremented and it will also contain the old security zone name. 5. Due to this the access enforcement fails. When the zone name is modified, then the gds version is not updated. (Because the datshare object contains the zoneID and therefore the zone name change does not affect the object) However, the GDS cache contains the security zone name which is used to evaluate access. But this new change of zone name is not taken by the cache because the service specific gds version is not updated. And because of this the access enforcement fails for GDS policies. Resolution: To address this issue, upon modification of the zone name, the service-specific GDS versions for all services associated with that particular zone must be updated, if they are associated with a datashare. > GDS: The GDS cache is not updated when the name of a security zone is > modified which is linked with a datashare > --- > > Key: RANGER-4697 > URL: https://issues.apache.org/jira/browse/RANGER-4697 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Anand Nadar >Assignee: Anand Nadar >Priority: Major > > Steps to reproduce: > 1. Create a datashare DSH-1, with zone1 and service1 > 2. Now download the GDS cache for service1. Note down the gds version as well > (The response has the security zone name) > 3. Now modify the zoneName to zone-test. > 4. Now check the response of GDS cache download api, it's gds version would > not be incremented and it will also contain the old security zone name. > 5. Due to this the access enforcement fails. > When the zone name is modified, then the gds version is not updated. (Because > the datshare object contains the zoneID and therefore the zone name change > does not affect the object) > However, the GDS cache contains the security zone name which is used to > evaluate access. > But this new change of zone name is not taken by the cache because the > service specific gds version is not updated. And because of this the access > enforcement fails for GDS policies. > Resolution: > To address this issue, upon modification of the security-zone, the > service-specific GDS versions for all services associated with that > particular zone must be updated, if they are associated with a datashare. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4701) remove dependency on jackson v1 (ranger-plugins-common)
PJ Fanning created RANGER-4701: -- Summary: remove dependency on jackson v1 (ranger-plugins-common) Key: RANGER-4701 URL: https://issues.apache.org/jira/browse/RANGER-4701 Project: Ranger Issue Type: Task Components: plugins Reporter: PJ Fanning https://mvnrepository.com/artifact/org.apache.ranger/ranger-plugins-common/2.4.0 depends on https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-jaxrs `org.codehaus.jackson/jackson-jaxrs` is not supported any more and has very insecure dependencies. If you need JAX-RS support, you should be using Jackson v2. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4700) Audit logs for Masking policy is missing data mask type entry
[ https://issues.apache.org/jira/browse/RANGER-4700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4700: Labels: ranger-react (was: ) > Audit logs for Masking policy is missing data mask type entry > - > > Key: RANGER-4700 > URL: https://issues.apache.org/jira/browse/RANGER-4700 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > > Audit logs for Masking policy is missing data mask type entry. > *Current Behaviour :-* > * Audit logs for Masking policy is missing data mask type entry for having > datamasklabel > other than "Custom". > *Steps to repro :-* > 1) Inside Hive service, navigate hive masking policy listing page. > 2) Click on "Add New Policy", add all the details. Under policy item section > add select masking option. Now save the policy > 3) Go to Audits, Admin page, click on the audit record of above newly policy. > 4) Under "Masking Policy Items" table we would not see Data mask Types > details. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4700) Audit logs for Masking policy is missing data mask type entry
[ https://issues.apache.org/jira/browse/RANGER-4700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4700: Fix Version/s: 3.0.0 > Audit logs for Masking policy is missing data mask type entry > - > > Key: RANGER-4700 > URL: https://issues.apache.org/jira/browse/RANGER-4700 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > > Audit logs for Masking policy is missing data mask type entry. > *Current Behaviour :-* > * Audit logs for Masking policy is missing data mask type entry for having > datamasklabel > other than "Custom". > *Steps to repro :-* > 1) Inside Hive service, navigate hive masking policy listing page. > 2) Click on "Add New Policy", add all the details. Under policy item section > add select masking option. Now save the policy > 3) Go to Audits, Admin page, click on the audit record of above newly policy. > 4) Under "Masking Policy Items" table we would not see Data mask Types > details. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4700) Audit logs for Masking policy is missing data mask type entry
Brijesh Bhalala created RANGER-4700: --- Summary: Audit logs for Masking policy is missing data mask type entry Key: RANGER-4700 URL: https://issues.apache.org/jira/browse/RANGER-4700 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Brijesh Bhalala Assignee: Brijesh Bhalala Audit logs for Masking policy is missing data mask type entry. *Current Behaviour :-* * Audit logs for Masking policy is missing data mask type entry for having datamasklabel other than "Custom". *Steps to repro :-* 1) Inside Hive service, navigate hive masking policy listing page. 2) Click on "Add New Policy", add all the details. Under policy item section add select masking option. Now save the policy 3) Go to Audits, Admin page, click on the audit record of above newly policy. 4) Under "Masking Policy Items" table we would not see Data mask Types details. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4699) Update the execution of setServiceDef call in App.jsx
Mugdha Varadkar created RANGER-4699: --- Summary: Update the execution of setServiceDef call in App.jsx Key: RANGER-4699 URL: https://issues.apache.org/jira/browse/RANGER-4699 Project: Ranger Issue Type: Bug Components: admin, Ranger Reporter: Mugdha Varadkar Assignee: Brijesh Bhalala Need minor code update in executing the setServiceDef() call in App.jsx -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4697) GDS: The GDS cache is not updated when the name of a security zone is modified which is linked with a datashare
[ https://issues.apache.org/jira/browse/RANGER-4697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816962#comment-17816962 ] Anand Nadar commented on RANGER-4697: - Raised review request : https://reviews.apache.org/r/74881/ > GDS: The GDS cache is not updated when the name of a security zone is > modified which is linked with a datashare > --- > > Key: RANGER-4697 > URL: https://issues.apache.org/jira/browse/RANGER-4697 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Anand Nadar >Assignee: Anand Nadar >Priority: Major > > Steps to reproduce: > 1. Create a datashare DSH-1, with zone1 and service1 > 2. Now download the GDS cache for service1. Note down the gds version as well > (The response has the security zone name) > 3. Now modify the zoneName to zone-test. > 4. Now check the response of GDS cache download api, it's gds version would > not be incremented and it will also contain the old security zone name. > 5. Due to this the access enforcement fails. > When the zone name is modified, then the gds version is not updated. (Because > the datshare object contains the zoneID and therefore the zone name change > does not affect the object) > However, the GDS cache contains the security zone name which is used to > evaluate access. > But this new change of zone name is not taken by the cache because the > service specific gds version is not updated. And because of this the access > enforcement fails for GDS policies. > Resolution: > To address this issue, upon modification of the zone name, the > service-specific GDS versions for all services associated with that > particular zone must be updated, if they are associated with a datashare. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74881: RANGER-4697 : Increment GDS version when security zone is updated
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74881/ --- Review request for ranger, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, Prashant Satam, Siddhesh Phatak, and Subhrat Chaudhary. Bugs: RANGER-4697 https://issues.apache.org/jira/browse/RANGER-4697 Repository: ranger Description --- When a security zone is modified, if its services are associated with any datashare then the service specific GDS version needs to be incremented. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java 0dad263d9 security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 4fa9c48df security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java 25567c727 Diff: https://reviews.apache.org/r/74881/diff/1/ Testing --- Verified that global gds version and service specific gds version are incremented when zone is updated and it is associated with a datashare. Verified that if the zone and service are not associated with a datashare then the gds versions are not incremented. Thanks, Anand Nadar
