[ranger] branch ranger-2.4 updated: RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 69895d30a RANGER-3983: Support getColumnMasks and getRowFilters in
Trino SPI 376+
69895d30a is described below
commit 69895d30a5047c940ca5117427e2ca36475b2ba2
Author: Ziyue Yang
AuthorDate: Thu Dec 1 22:49:32 2022 -0800
RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+
Signed-off-by: Madhan Neethiraj
(cherry picked from commit 97137609e14342a3db2112be27c0e809b261e782)
---
.../authorizer/RangerSystemAccessControl.java | 12 +++
.../authorizer/RangerSystemAccessControlTest.java | 8 +++
.../authorizer/RangerSystemAccessControl.java | 25 ++
3 files changed, 45 insertions(+)
diff --git
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index cc06187f4..c440bf394 100644
---
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -42,6 +42,8 @@ import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.collect.ImmutableList;
+
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
@@ -174,6 +176,11 @@ public class RangerSystemAccessControl
return Optional.ofNullable(viewExpression);
}
+ @Override
+ public List getRowFilters(SystemSecurityContext context,
CatalogSchemaTableName tableName) {
+return getRowFilter(context,
tableName).map(ImmutableList::of).orElseGet(ImmutableList::of);
+ }
+
@Override
public Optional getColumnMask(SystemSecurityContext context,
CatalogSchemaTableName tableName, String columnName, Type type) {
RangerTrinoAccessRequest request = createAccessRequest(
@@ -223,6 +230,11 @@ public class RangerSystemAccessControl
return Optional.ofNullable(viewExpression);
}
+ @Override
+ public List getColumnMasks(SystemSecurityContext context,
CatalogSchemaTableName tableName, String columnName, Type type) {
+return getColumnMask(context, tableName, columnName,
type).map(ImmutableList::of).orElseGet(ImmutableList::of);
+ }
+
@Override
public Set filterCatalogs(SystemSecurityContext context, Set
catalogs) {
LOG.debug("==> RangerSystemAccessControl.filterCatalogs("+ catalogs + ")");
diff --git
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
index d6c637e5a..eda87db4e 100644
---
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
+++
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
@@ -38,6 +38,7 @@ import org.junit.Test;
import javax.security.auth.kerberos.KerberosPrincipal;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
@@ -175,14 +176,21 @@ public class RangerSystemAccessControlTest {
final VarcharType varcharType = VarcharType.createVarcharType(20);
Optional ret =
accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me",
varcharType);
+List retArray =
accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me",
varcharType);
assertNotNull(ret.get());
assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
+assertEquals(1, retArray.size());
+assertEquals("cast cast_me as varchar(20)",
retArray.get(0).getExpression());
ret = accessControlManager.getColumnMask(context(alice),
aliceTable,"do-not-cast-me", varcharType);
+retArray = accessControlManager.getColumnMasks(context(alice),
aliceTable,"do-not-cast-me", varcharType);
assertFalse(ret.isPresent());
+assertTrue(retArray.isEmpty());
ret = accessControlManager.getRowFilter(context(alice), aliceTable);
+retArray = accessControlManager.getRowFilters(context(alice), aliceTable);
assertFalse(ret.isPresent());
+assertTrue(retArray.isEmpty());
accessControlManager.checkCanExecuteFunction(context(alice), functionName);
accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice),
functionName, new TrinoPrincipal(USER, "grantee"), true);
diff --git
a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
b/ranger-t
[ranger] branch master updated: RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 97137609e RANGER-3983: Support getColumnMasks and getRowFilters in
Trino SPI 376+
97137609e is described below
commit 97137609e14342a3db2112be27c0e809b261e782
Author: Ziyue Yang
AuthorDate: Thu Dec 1 22:49:32 2022 -0800
RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+
Signed-off-by: Madhan Neethiraj
---
.../authorizer/RangerSystemAccessControl.java | 12 +++
.../authorizer/RangerSystemAccessControlTest.java | 8 +++
.../authorizer/RangerSystemAccessControl.java | 25 ++
3 files changed, 45 insertions(+)
diff --git
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
index cc06187f4..c440bf394 100644
---
a/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
+++
b/plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
@@ -42,6 +42,8 @@ import org.apache.ranger.plugin.service.RangerBasePlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.collect.ImmutableList;
+
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
@@ -174,6 +176,11 @@ public class RangerSystemAccessControl
return Optional.ofNullable(viewExpression);
}
+ @Override
+ public List getRowFilters(SystemSecurityContext context,
CatalogSchemaTableName tableName) {
+return getRowFilter(context,
tableName).map(ImmutableList::of).orElseGet(ImmutableList::of);
+ }
+
@Override
public Optional getColumnMask(SystemSecurityContext context,
CatalogSchemaTableName tableName, String columnName, Type type) {
RangerTrinoAccessRequest request = createAccessRequest(
@@ -223,6 +230,11 @@ public class RangerSystemAccessControl
return Optional.ofNullable(viewExpression);
}
+ @Override
+ public List getColumnMasks(SystemSecurityContext context,
CatalogSchemaTableName tableName, String columnName, Type type) {
+return getColumnMask(context, tableName, columnName,
type).map(ImmutableList::of).orElseGet(ImmutableList::of);
+ }
+
@Override
public Set filterCatalogs(SystemSecurityContext context, Set
catalogs) {
LOG.debug("==> RangerSystemAccessControl.filterCatalogs("+ catalogs + ")");
diff --git
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
index d6c637e5a..eda87db4e 100644
---
a/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
+++
b/plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
@@ -38,6 +38,7 @@ import org.junit.Test;
import javax.security.auth.kerberos.KerberosPrincipal;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
@@ -175,14 +176,21 @@ public class RangerSystemAccessControlTest {
final VarcharType varcharType = VarcharType.createVarcharType(20);
Optional ret =
accessControlManager.getColumnMask(context(alice), aliceTable, "cast_me",
varcharType);
+List retArray =
accessControlManager.getColumnMasks(context(alice), aliceTable, "cast_me",
varcharType);
assertNotNull(ret.get());
assertEquals(ret.get().getExpression(), "cast cast_me as varchar(20)");
+assertEquals(1, retArray.size());
+assertEquals("cast cast_me as varchar(20)",
retArray.get(0).getExpression());
ret = accessControlManager.getColumnMask(context(alice),
aliceTable,"do-not-cast-me", varcharType);
+retArray = accessControlManager.getColumnMasks(context(alice),
aliceTable,"do-not-cast-me", varcharType);
assertFalse(ret.isPresent());
+assertTrue(retArray.isEmpty());
ret = accessControlManager.getRowFilter(context(alice), aliceTable);
+retArray = accessControlManager.getRowFilters(context(alice), aliceTable);
assertFalse(ret.isPresent());
+assertTrue(retArray.isEmpty());
accessControlManager.checkCanExecuteFunction(context(alice), functionName);
accessControlManager.checkCanGrantExecuteFunctionPrivilege(context(alice),
functionName, new TrinoPrincipal(USER, "grantee"), true);
diff --git
a/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
b/ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/R
[ranger] branch ranger-2.4 updated: RANGER-3986: Upgrade trino guice dependency to 5.1.0
This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new ee1508fd7 RANGER-3986: Upgrade trino guice dependency to 5.1.0 ee1508fd7 is described below commit ee1508fd75e6ca2027f9c57e1b0b09f2a822eddd Author: Ziyue Yang AuthorDate: Thu Dec 1 21:48:25 2022 -0800 RANGER-3986: Upgrade trino guice dependency to 5.1.0 Signed-off-by: Madhan Neethiraj (cherry picked from commit fcf46f5abc8ded745e802815710e36e88af374d6) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 703e326dc..3f3c91bba 100644 --- a/pom.xml +++ b/pom.xml @@ -223,7 +223,7 @@ 0.192 2.0.0 -4.2.2 +5.1.0 26.0-jre 2.0.1.Final 1.1
[ranger] branch master updated: RANGER-3986: Upgrade trino guice dependency to 5.1.0
This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new fcf46f5ab RANGER-3986: Upgrade trino guice dependency to 5.1.0 fcf46f5ab is described below commit fcf46f5abc8ded745e802815710e36e88af374d6 Author: Ziyue Yang AuthorDate: Thu Dec 1 21:48:25 2022 -0800 RANGER-3986: Upgrade trino guice dependency to 5.1.0 Signed-off-by: Madhan Neethiraj --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9835ffbf8..dc09328dc 100644 --- a/pom.xml +++ b/pom.xml @@ -225,7 +225,7 @@ 0.192 2.0.0 -4.2.2 +5.1.0 26.0-jre 2.0.1.Final 1.1
[ranger] branch ranger-2.4 updated: RANGER-3863: fix to enable build in Apple M1/M2 environment
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 7153686e0 RANGER-3863: fix to enable build in Apple M1/M2 environment
7153686e0 is described below
commit 7153686e01d56ccfffc47c58a30dea745506582e
Author: ziyue yang
AuthorDate: Thu Dec 1 17:03:06 2022 -0800
RANGER-3863: fix to enable build in Apple M1/M2 environment
Signed-off-by: Madhan Neethiraj
(cherry picked from commit d9d5c2dab7f1fca7b390f5a95cc89b45fa55d377)
---
pom.xml| 6 +++---
security-admin/pom.xml | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 61d8429fd..703e326dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -209,9 +209,9 @@
5.0.3
2.11.3
2.11.3
-0.0.2
-5.2.0
-5.2.0
+1.0.0
+5.7.0
+5.7.0
0.192
2.0.0
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 8aa68afe6..b81f2c1d8 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -850,7 +850,7 @@
com.github.eirslett
frontend-maven-plugin
-1.6
+1.12.1
${project.build.directory}
${project.build.directory}
[ranger] branch dependabot/npm_and_yarn/security-admin/src/test/javascript/decode-uri-component-0.2.2 created (now e4fa0b017)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/npm_and_yarn/security-admin/src/test/javascript/decode-uri-component-0.2.2 in repository https://gitbox.apache.org/repos/asf/ranger.git at e4fa0b017 Bump decode-uri-component in /security-admin/src/test/javascript No new revisions were added by this update.
[ranger] branch master updated: RANGER-3863: fix to enable build in Apple M1/M2 environment
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d9d5c2dab RANGER-3863: fix to enable build in Apple M1/M2 environment
d9d5c2dab is described below
commit d9d5c2dab7f1fca7b390f5a95cc89b45fa55d377
Author: ziyue yang
AuthorDate: Thu Dec 1 17:03:06 2022 -0800
RANGER-3863: fix to enable build in Apple M1/M2 environment
Signed-off-by: Madhan Neethiraj
---
pom.xml| 6 +++---
security-admin/pom.xml | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 7b0dd14c5..9835ffbf8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -211,9 +211,9 @@
5.0.3
2.14.0
2.14.0
-0.0.2
-5.2.0
-5.2.0
+1.0.0
+5.7.0
+5.7.0
0.192
2.0.0
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 5e24dd846..54bd231d8 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -928,7 +928,7 @@
com.github.eirslett
frontend-maven-plugin
-1.6
+1.12.1
${project.build.directory}
${project.build.directory}
[ranger] branch ranger-2.4 updated: RANGER-3855: added RangerMultiSourceUserStoreRetriever implementation
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 2218bfa97 RANGER-3855: added RangerMultiSourceUserStoreRetriever
implementation
2218bfa97 is described below
commit 2218bfa97bbd5b767230eec6291f5793a2ad0daa
Author: Eckman, Barbara
AuthorDate: Thu Nov 17 16:11:45 2022 -0500
RANGER-3855: added RangerMultiSourceUserStoreRetriever implementation
Signed-off-by: Madhan Neethiraj
(cherry picked from commit f510319fb23bc23c71e08780e0b59d502b9590d3)
---
.../externalretrievers/GetFromDataFile.java| 75 +
.../externalretrievers/GetFromURL.java | 224 +
.../contextenricher/externalretrievers/LICENSE | 202
.../contextenricher/externalretrievers/NOTICE | 18 +
.../contextenricher/externalretrievers/README.md | 137
.../RangerMultiSourceUserStoreRetriever.java | 365 +
.../ranger/plugin/util/RangerRolesProvider.java| 2 +-
.../apache/ranger/plugin/util/RangerRolesUtil.java | 2 +-
dev-support/spotbugsIncludeFile.xml| 1 +
9 files changed, 1024 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
new file mode 100644
index 0..93cf38aac
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher.externalretrievers;
+
+import org.apache.ranger.plugin.contextenricher.RangerAbstractContextEnricher;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+public class GetFromDataFile {
+private static final Logger LOG =
LoggerFactory.getLogger(GetFromDataFile.class);
+
+public Map> getFromDataFile(String dataFile,
String attrName) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("==> getFromDataFile(dataFile={}, attrName={})",
dataFile, attrName);
+}
+
+Map> ret = new HashMap<>();
+
+// create an instance so that readProperties() can be used!
+RangerAbstractContextEnricher ce = new RangerAbstractContextEnricher()
{
+@Override
+public void enrich(RangerAccessRequest rangerAccessRequest) {
+}
+};
+
+Properties prop = ce.readProperties(dataFile);
+
+if (prop == null) {
+LOG.warn("getFromDataFile({}, {}): failed to read file", dataFile,
attrName);
+} else {
+if (LOG.isDebugEnabled()) {
+LOG.debug("read from datafile {}: {}", dataFile, prop);
+}
+
+// reformat UserAttrsProp into UserStore format:
+// format of UserAttrsProp: Map
+// format of UserStore: Map>
+for (String user : prop.stringPropertyNames()) {
+Map userAttrs = new HashMap<>();
+
+userAttrs.put(attrName, prop.getProperty(user));
+
+ret.put(user, userAttrs);
+}
+}
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("<== getFromDataFile(dataFile={}, attrName={}): ret={}",
dataFile, attrName, ret);
+}
+
+return ret;
+}
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
new file mode 100644
index 0..f9eae3574
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
@@ -0,0 +1,224 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) unde
[ranger] branch master updated: RANGER-3855: added RangerMultiSourceUserStoreRetriever implementation
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f510319fb RANGER-3855: added RangerMultiSourceUserStoreRetriever
implementation
f510319fb is described below
commit f510319fb23bc23c71e08780e0b59d502b9590d3
Author: Eckman, Barbara
AuthorDate: Thu Nov 17 16:11:45 2022 -0500
RANGER-3855: added RangerMultiSourceUserStoreRetriever implementation
Signed-off-by: Madhan Neethiraj
---
.../externalretrievers/GetFromDataFile.java| 75 +
.../externalretrievers/GetFromURL.java | 224 +
.../contextenricher/externalretrievers/LICENSE | 202
.../contextenricher/externalretrievers/NOTICE | 18 +
.../contextenricher/externalretrievers/README.md | 137
.../RangerMultiSourceUserStoreRetriever.java | 365 +
.../ranger/plugin/util/RangerRolesProvider.java| 2 +-
.../apache/ranger/plugin/util/RangerRolesUtil.java | 2 +-
dev-support/spotbugsIncludeFile.xml| 1 +
9 files changed, 1024 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
new file mode 100644
index 0..93cf38aac
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher.externalretrievers;
+
+import org.apache.ranger.plugin.contextenricher.RangerAbstractContextEnricher;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+public class GetFromDataFile {
+private static final Logger LOG =
LoggerFactory.getLogger(GetFromDataFile.class);
+
+public Map> getFromDataFile(String dataFile,
String attrName) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("==> getFromDataFile(dataFile={}, attrName={})",
dataFile, attrName);
+}
+
+Map> ret = new HashMap<>();
+
+// create an instance so that readProperties() can be used!
+RangerAbstractContextEnricher ce = new RangerAbstractContextEnricher()
{
+@Override
+public void enrich(RangerAccessRequest rangerAccessRequest) {
+}
+};
+
+Properties prop = ce.readProperties(dataFile);
+
+if (prop == null) {
+LOG.warn("getFromDataFile({}, {}): failed to read file", dataFile,
attrName);
+} else {
+if (LOG.isDebugEnabled()) {
+LOG.debug("read from datafile {}: {}", dataFile, prop);
+}
+
+// reformat UserAttrsProp into UserStore format:
+// format of UserAttrsProp: Map
+// format of UserStore: Map>
+for (String user : prop.stringPropertyNames()) {
+Map userAttrs = new HashMap<>();
+
+userAttrs.put(attrName, prop.getProperty(user));
+
+ret.put(user, userAttrs);
+}
+}
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("<== getFromDataFile(dataFile={}, attrName={}): ret={}",
dataFile, attrName, ret);
+}
+
+return ret;
+}
+}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
new file mode 100644
index 0..f9eae3574
--- /dev/null
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
@@ -0,0 +1,224 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distri
[ranger] branch dependabot/npm_and_yarn/security-admin/src/test/javascript/minimatch-and-mocha-3.1.2 created (now 7066e9b31)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/npm_and_yarn/security-admin/src/test/javascript/minimatch-and-mocha-3.1.2 in repository https://gitbox.apache.org/repos/asf/ranger.git at 7066e9b31 Bump minimatch and mocha in /security-admin/src/test/javascript No new revisions were added by this update.
[ranger] branch ranger-2.4 updated: RANGER-3978: Docker setup for Ranger KMS - fix to enable restart of container - #2
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new ddb46668d RANGER-3978: Docker setup for Ranger KMS - fix to enable
restart of container - #2
ddb46668d is described below
commit ddb46668d88a906724bbba548bd464b5672b8596
Author: Madhan Neethiraj
AuthorDate: Wed Nov 30 08:43:18 2022 -0800
RANGER-3978: Docker setup for Ranger KMS - fix to enable restart of
container - #2
(cherry picked from commit 7bfc0ad68a7342d4f30140102b50f4ef985ec6af)
---
dev-support/ranger-docker/scripts/ranger-kms.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dev-support/ranger-docker/scripts/ranger-kms.sh
b/dev-support/ranger-docker/scripts/ranger-kms.sh
index 0424f832b..be5519e40 100755
--- a/dev-support/ranger-docker/scripts/ranger-kms.sh
+++ b/dev-support/ranger-docker/scripts/ranger-kms.sh
@@ -35,6 +35,9 @@ then
fi
fi
+# delete PID file if exists
+rm -f /var/run/ranger_kms/rangerkms.pid
+
cd ${RANGER_HOME}/kms && ./ranger-kms-services.sh start
RANGER_KMS_PID=`ps -ef | grep -v grep | grep "Dproc_rangerkms" | awk '{print
$2}'`
[ranger] branch master updated: RANGER-3978: Docker setup for Ranger KMS - fix to enable restart of container - #2
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 7bfc0ad68 RANGER-3978: Docker setup for Ranger KMS - fix to enable
restart of container - #2
7bfc0ad68 is described below
commit 7bfc0ad68a7342d4f30140102b50f4ef985ec6af
Author: Madhan Neethiraj
AuthorDate: Wed Nov 30 08:43:18 2022 -0800
RANGER-3978: Docker setup for Ranger KMS - fix to enable restart of
container - #2
---
dev-support/ranger-docker/scripts/ranger-kms.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dev-support/ranger-docker/scripts/ranger-kms.sh
b/dev-support/ranger-docker/scripts/ranger-kms.sh
index 0424f832b..be5519e40 100755
--- a/dev-support/ranger-docker/scripts/ranger-kms.sh
+++ b/dev-support/ranger-docker/scripts/ranger-kms.sh
@@ -35,6 +35,9 @@ then
fi
fi
+# delete PID file if exists
+rm -f /var/run/ranger_kms/rangerkms.pid
+
cd ${RANGER_HOME}/kms && ./ranger-kms-services.sh start
RANGER_KMS_PID=`ps -ef | grep -v grep | grep "Dproc_rangerkms" | awk '{print
$2}'`
[ranger] branch ranger-2.4 updated: RANGER-3982: updated Python client to support Ranger KMS REST APIs
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 28f3c09d1 RANGER-3982: updated Python client to support Ranger KMS
REST APIs
28f3c09d1 is described below
commit 28f3c09d1fb32bd72414b927f63b66100e7ea0dd
Author: Madhan Neethiraj
AuthorDate: Wed Nov 23 17:17:50 2022 -0800
RANGER-3982: updated Python client to support Ranger KMS REST APIs
(cherry picked from commit d0c6bdb6eb193d849bbf0cea8d7c425c0901981d)
---
intg/src/main/python/README.md | 110 ++-
.../python/apache_ranger/client/ranger_client.py | 29 +++-
.../apache_ranger/client/ranger_kms_client.py | 157 +
intg/src/main/python/apache_ranger/exceptions.py | 11 +-
.../main/python/apache_ranger/model/ranger_base.py | 17 ++-
.../main/python/apache_ranger/model/ranger_kms.py | 77 ++
intg/src/main/python/apache_ranger/utils.py| 26 +++-
intg/src/main/python/setup.py | 2 +-
8 files changed, 411 insertions(+), 18 deletions(-)
diff --git a/intg/src/main/python/README.md b/intg/src/main/python/README.md
index f21628fb0..46de769fc 100644
--- a/intg/src/main/python/README.md
+++ b/intg/src/main/python/README.md
@@ -35,7 +35,7 @@ Verify if apache-ranger client is installed:
Package Version
-
-apache-ranger 0.0.7
+apache-ranger 0.0.8
```
## Usage
@@ -120,4 +120,112 @@ ranger.delete_service_by_id(created_service.id)
print('deleted service: id=' + str(created_service.id))
```
+
+```python test_ranger_kms.py```
+```python
+# test_ranger_kms.py
+from apache_ranger.client.ranger_kms_client import RangerKMSClient
+from apache_ranger.client.ranger_client import HadoopSimpleAuth
+from apache_ranger.model.ranger_kms import RangerKey
+import time
+
+
+##
+## Step 1: create a client to connect to Apache Ranger KMS
+##
+kms_url = 'http://localhost:9292'
+kms_auth = HadoopSimpleAuth('keyadmin')
+
+# For Kerberos authentication
+#
+# from requests_kerberos import HTTPKerberosAuth
+#
+# kms_auth = HTTPKerberosAuth()
+#
+# For HTTP Basic authentication
+#
+# kms_auth = ('keyadmin', 'rangerR0cks!')
+
+kms_client = RangerKMSClient(kms_url, kms_auth)
+
+
+
+##
+## Step 2: Let's call KMS APIs
+##
+
+kms_status = kms_client.kms_status()
+print('kms_status():', kms_status)
+print()
+
+key_name = 'test_' + str(int(time.time() * 1000))
+
+key = kms_client.create_key(RangerKey({'name':key_name}))
+print('create_key(' + key_name + '):', key)
+print()
+
+rollover_key = kms_client.rollover_key(key_name, key.material)
+print('rollover_key(' + key_name + '):', rollover_key)
+print()
+
+kms_client.invalidate_cache_for_key(key_name)
+print('invalidate_cache_for_key(' + key_name + ')')
+print()
+
+key_metadata = kms_client.get_key_metadata(key_name)
+print('get_key_metadata(' + key_name + '):', key_metadata)
+print()
+
+current_key = kms_client.get_current_key(key_name)
+print('get_current_key(' + key_name + '):', current_key)
+print()
+
+encrypted_keys = kms_client.generate_encrypted_key(key_name, 6)
+print('generate_encrypted_key(' + key_name + ', ' + str(6) + '):')
+for i in range(len(encrypted_keys)):
+ encrypted_key = encrypted_keys[i]
+ decrypted_key = kms_client.decrypt_encrypted_key(key_name,
encrypted_key.versionName, encrypted_key.iv,
encrypted_key.encryptedKeyVersion.material)
+ reencrypted_key = kms_client.reencrypt_encrypted_key(key_name,
encrypted_key.versionName, encrypted_key.iv,
encrypted_key.encryptedKeyVersion.material)
+ print(' encrypted_keys[' + str(i) + ']: ', encrypted_key)
+ print(' decrypted_key[' + str(i) + ']: ', decrypted_key)
+ print(' reencrypted_key[' + str(i) + ']:', reencrypted_key)
+print()
+
+reencrypted_keys = kms_client.batch_reencrypt_encrypted_keys(key_name,
encrypted_keys)
+print('batch_reencrypt_encrypted_keys(' + key_name + ', ' +
str(len(encrypted_keys)) + '):')
+for i in range(len(reencrypted_keys)):
+ print(' batch_reencrypt_encrypted_key[' + str(i) + ']:',
reencrypted_keys[i])
+print()
+
+key_versions = kms_client.get_key_versions(key_name)
+print('get_key_versions(' + key_name + '):', len(key_versions))
+for i in range(len(key_versions)):
+ print(' key_versions[' + str(i) + ']:', key_versions[i])
+print()
+
+for i in range(len(key_versions)):
+ key_version = kms_client.get_key_version(key_versions[i].versionName)
+ print('get_key_version(' + str(i) + '):', key_version)
+print()
+
+key_names = kms_client.get_key_names()
+print('get_key_names():', len(key_names))
+for i in range(len(key_names)):
+ print(' key_name[' + str(i) + ']:', key_names[i])
+print()
+
+keys_metadata = kms_client.get_keys_metadata(key_names)
+print('get_keys_metadata(' + str(key_names) + '):', len(keys_metadata))
+for i in range(len(keys_metadata)):
+ print(' key_
[ranger] branch master updated: RANGER-3982: updated Python client to support Ranger KMS REST APIs
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d0c6bdb6e RANGER-3982: updated Python client to support Ranger KMS
REST APIs
d0c6bdb6e is described below
commit d0c6bdb6eb193d849bbf0cea8d7c425c0901981d
Author: Madhan Neethiraj
AuthorDate: Wed Nov 23 17:17:50 2022 -0800
RANGER-3982: updated Python client to support Ranger KMS REST APIs
---
intg/src/main/python/README.md | 110 ++-
.../python/apache_ranger/client/ranger_client.py | 29 +++-
.../apache_ranger/client/ranger_kms_client.py | 157 +
intg/src/main/python/apache_ranger/exceptions.py | 11 +-
.../main/python/apache_ranger/model/ranger_base.py | 17 ++-
.../main/python/apache_ranger/model/ranger_kms.py | 77 ++
intg/src/main/python/apache_ranger/utils.py| 26 +++-
intg/src/main/python/setup.py | 2 +-
8 files changed, 411 insertions(+), 18 deletions(-)
diff --git a/intg/src/main/python/README.md b/intg/src/main/python/README.md
index f21628fb0..46de769fc 100644
--- a/intg/src/main/python/README.md
+++ b/intg/src/main/python/README.md
@@ -35,7 +35,7 @@ Verify if apache-ranger client is installed:
Package Version
-
-apache-ranger 0.0.7
+apache-ranger 0.0.8
```
## Usage
@@ -120,4 +120,112 @@ ranger.delete_service_by_id(created_service.id)
print('deleted service: id=' + str(created_service.id))
```
+
+```python test_ranger_kms.py```
+```python
+# test_ranger_kms.py
+from apache_ranger.client.ranger_kms_client import RangerKMSClient
+from apache_ranger.client.ranger_client import HadoopSimpleAuth
+from apache_ranger.model.ranger_kms import RangerKey
+import time
+
+
+##
+## Step 1: create a client to connect to Apache Ranger KMS
+##
+kms_url = 'http://localhost:9292'
+kms_auth = HadoopSimpleAuth('keyadmin')
+
+# For Kerberos authentication
+#
+# from requests_kerberos import HTTPKerberosAuth
+#
+# kms_auth = HTTPKerberosAuth()
+#
+# For HTTP Basic authentication
+#
+# kms_auth = ('keyadmin', 'rangerR0cks!')
+
+kms_client = RangerKMSClient(kms_url, kms_auth)
+
+
+
+##
+## Step 2: Let's call KMS APIs
+##
+
+kms_status = kms_client.kms_status()
+print('kms_status():', kms_status)
+print()
+
+key_name = 'test_' + str(int(time.time() * 1000))
+
+key = kms_client.create_key(RangerKey({'name':key_name}))
+print('create_key(' + key_name + '):', key)
+print()
+
+rollover_key = kms_client.rollover_key(key_name, key.material)
+print('rollover_key(' + key_name + '):', rollover_key)
+print()
+
+kms_client.invalidate_cache_for_key(key_name)
+print('invalidate_cache_for_key(' + key_name + ')')
+print()
+
+key_metadata = kms_client.get_key_metadata(key_name)
+print('get_key_metadata(' + key_name + '):', key_metadata)
+print()
+
+current_key = kms_client.get_current_key(key_name)
+print('get_current_key(' + key_name + '):', current_key)
+print()
+
+encrypted_keys = kms_client.generate_encrypted_key(key_name, 6)
+print('generate_encrypted_key(' + key_name + ', ' + str(6) + '):')
+for i in range(len(encrypted_keys)):
+ encrypted_key = encrypted_keys[i]
+ decrypted_key = kms_client.decrypt_encrypted_key(key_name,
encrypted_key.versionName, encrypted_key.iv,
encrypted_key.encryptedKeyVersion.material)
+ reencrypted_key = kms_client.reencrypt_encrypted_key(key_name,
encrypted_key.versionName, encrypted_key.iv,
encrypted_key.encryptedKeyVersion.material)
+ print(' encrypted_keys[' + str(i) + ']: ', encrypted_key)
+ print(' decrypted_key[' + str(i) + ']: ', decrypted_key)
+ print(' reencrypted_key[' + str(i) + ']:', reencrypted_key)
+print()
+
+reencrypted_keys = kms_client.batch_reencrypt_encrypted_keys(key_name,
encrypted_keys)
+print('batch_reencrypt_encrypted_keys(' + key_name + ', ' +
str(len(encrypted_keys)) + '):')
+for i in range(len(reencrypted_keys)):
+ print(' batch_reencrypt_encrypted_key[' + str(i) + ']:',
reencrypted_keys[i])
+print()
+
+key_versions = kms_client.get_key_versions(key_name)
+print('get_key_versions(' + key_name + '):', len(key_versions))
+for i in range(len(key_versions)):
+ print(' key_versions[' + str(i) + ']:', key_versions[i])
+print()
+
+for i in range(len(key_versions)):
+ key_version = kms_client.get_key_version(key_versions[i].versionName)
+ print('get_key_version(' + str(i) + '):', key_version)
+print()
+
+key_names = kms_client.get_key_names()
+print('get_key_names():', len(key_names))
+for i in range(len(key_names)):
+ print(' key_name[' + str(i) + ']:', key_names[i])
+print()
+
+keys_metadata = kms_client.get_keys_metadata(key_names)
+print('get_keys_metadata(' + str(key_names) + '):', len(keys_metadata))
+for i in range(len(keys_metadata)):
+ print(' key_metadata[' + str(i) + ']:', keys_metadata[i])
+print()
+
+key = kms_client.get_key(key
[ranger] branch ranger-2.4 updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 1f7e5a025 RANGER-3825: Ranger admin user is unable to change another
user email after the upgrade
1f7e5a025 is described below
commit 1f7e5a025f537fa54e9a0929340aaa8a7d8f1465
Author: pradeep
AuthorDate: Wed Sep 28 19:27:36 2022 +0530
RANGER-3825: Ranger admin user is unable to change another user email after
the upgrade
---
.../src/main/java/org/apache/ranger/biz/UserMgr.java | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index f921654cc..eaaa15a11 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -530,17 +530,17 @@ public class UserMgr {
MessageEnums.OPER_NO_PERMISSION, null, null, ""
+ changeEmail);
}
- } else {
- String encryptedOldPwd =
encrypt(gjUser.getLoginId(), changeEmail.getOldPassword());
+ } else {
+ String encryptedOldPwd = encrypt(gjUser.getLoginId(),
changeEmail.getOldPassword());
+ if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
+ encryptedOldPwd =
encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword());
if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
- logger.info("changeEmailAddress().
Invalid password. changeEmail="
- + changeEmail);
- throw restErrorUtil.createRESTException(
-
"serverMsg.userMgrWrongPassword",
-
MessageEnums.OPER_NO_PERMISSION, null, null, ""
- +
changeEmail);
+ logger.info("changeEmailAddress().
Invalid password. changeEmail=" + changeEmail);
+ throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
+
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
}
}
+ }
// Normalize email. Make it lower case
gjUser.setEmailAddress(stringUtil.normalizeEmail(changeEmail
[ranger] branch master updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 32687a172 RANGER-3825: Ranger admin user is unable to change another
user email after the upgrade
32687a172 is described below
commit 32687a172b0da31cf01b285a0123a81dcd7e6da9
Author: pradeep
AuthorDate: Wed Sep 28 19:27:36 2022 +0530
RANGER-3825: Ranger admin user is unable to change another user email after
the upgrade
---
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 086c6e5d7..d5393603e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -472,9 +472,12 @@ public class UserMgr {
} else {
String encryptedOldPwd = encrypt(gjUser.getLoginId(),
changeEmail.getOldPassword());
if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
- logger.info("changeEmailAddress(). Invalid
password. changeEmail=" + changeEmail);
- throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
-
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
+ encryptedOldPwd =
encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword());
+ if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
+ logger.info("changeEmailAddress().
Invalid password. changeEmail=" + changeEmail);
+ throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
+
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
+ }
}
}
