(ranger) branch ranger-2.5 updated: RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.5 by this push:
new 922135805 RANGER-4792: Fix issue with creating index and import data
in ElasticSearch as Audit database
922135805 is described below
commit 922135805df58282e0b2a79527089aba4175c5fa
Author: Ognjen Stanisavljevic
AuthorDate: Thu Jun 27 21:07:28 2024 +0200
RANGER-4792: Fix issue with creating index and import data in ElasticSearch
as Audit database
Change-Id: Ibf9c28ff01605e32a64fee8c5b70c127ab7c121d
Signed-off-by: PradeeP AgrawaL
---
agents-audit/pom.xml | 2 +-
pom.xml | 2 +-
security-admin/scripts/ranger-admin-site-template.xml| 4
security-admin/scripts/setup.sh | 5 +
security-admin/scripts/upgrade_admin.py | 1 +
.../ranger/elasticsearch/ElasticSearchAccessAuditsService.java | 2 +-
.../main/java/org/apache/ranger/solr/SolrAccessAuditsService.java| 2 +-
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml| 5 +
.../ranger/elasticsearch/ElasticSearchAccessAuditsServiceTest.java | 1 +
9 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/agents-audit/pom.xml b/agents-audit/pom.xml
index fd76b208d..249331848 100644
--- a/agents-audit/pom.xml
+++ b/agents-audit/pom.xml
@@ -308,7 +308,7 @@
org.apache.lucene
lucene-spatial
-${lucene.version}
+8.4.0
org.apache.lucene
diff --git a/pom.xml b/pom.xml
index cc9fdaf64..0674b28b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -245,7 +245,7 @@
1.0.2
1.70
1.70
-8.4.0
+8.11.3
0.8.0
2.10.6
9.31
diff --git a/security-admin/scripts/ranger-admin-site-template.xml
b/security-admin/scripts/ranger-admin-site-template.xml
index dc4bb52de..b02ed174a 100644
--- a/security-admin/scripts/ranger-admin-site-template.xml
+++ b/security-admin/scripts/ranger-admin-site-template.xml
@@ -160,6 +160,10 @@
ranger.audit.elasticsearch.urls
+
+ ranger.audit.elasticsearch.protocol
+
+
ranger.audit.elasticsearch.port
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 299a093a0..16864980d 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -94,6 +94,7 @@ javax_net_ssl_trustStore=$(get_prop
'javax_net_ssl_trustStore' $PROPFILE)
javax_net_ssl_trustStorePassword=$(get_prop 'javax_net_ssl_trustStorePassword'
$PROPFILE)
audit_store=$(get_prop 'audit_store' $PROPFILE)
audit_elasticsearch_urls=$(get_prop 'audit_elasticsearch_urls' $PROPFILE)
+audit_elasticsearch_protocol=$(get_prop 'audit_elasticsearch_protocol'
$PROPFILE)
audit_elasticsearch_port=$(get_prop 'audit_elasticsearch_port' $PROPFILE)
audit_elasticsearch_user=$(get_prop 'audit_elasticsearch_user' $PROPFILE)
audit_elasticsearch_password=$(get_prop 'audit_elasticsearch_password'
$PROPFILE)
@@ -811,6 +812,10 @@ update_properties() {
newPropertyValue=${audit_elasticsearch_urls}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+ propertyName=ranger.audit.elasticsearch.protocol
+ newPropertyValue=${audit_elasticsearch_protocol}
+ updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
propertyName=ranger.audit.elasticsearch.port
newPropertyValue=${audit_elasticsearch_port}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
diff --git a/security-admin/scripts/upgrade_admin.py
b/security-admin/scripts/upgrade_admin.py
index d340bc603..345ca6302 100755
--- a/security-admin/scripts/upgrade_admin.py
+++ b/security-admin/scripts/upgrade_admin.py
@@ -112,6 +112,7 @@ config2xmlMAP = {
'xa.scheduler.enabled':'ranger.scheduler.enabled',
'xa.audit.store':'ranger.audit.source.type',
'audit_elasticsearch_urls':'ranger.audit.elasticsearch.urls',
+ 'audit_elasticsearch_protocol':'ranger.audit.elasticsearch.protocol',
'audit_elasticsearch_port':'ranger.audit.elasticsearch.port',
'audit_elasticsearch_user':'ranger.audit.elasticsearch.user',
'audit_elasticsearch_password':'ranger.audit.elasticsearch.password',
diff --git
a/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java
b/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java
index 4c9b049a0..826986874 100644
(ranger) branch master updated: RANGER-4792: Fix issue with creating index and import data in ElasticSearch as Audit database
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 02f796c4c RANGER-4792: Fix issue with creating index and import data
in ElasticSearch as Audit database
02f796c4c is described below
commit 02f796c4c7a8ba8804e6c0e9ac8ba3728b539cd1
Author: Ognjen Stanisavljevic
AuthorDate: Thu Jun 27 21:07:28 2024 +0200
RANGER-4792: Fix issue with creating index and import data in ElasticSearch
as Audit database
Change-Id: Ibf9c28ff01605e32a64fee8c5b70c127ab7c121d
Signed-off-by: PradeeP AgrawaL
---
agents-audit/pom.xml | 2 +-
pom.xml | 2 +-
security-admin/scripts/ranger-admin-site-template.xml| 4
security-admin/scripts/setup.sh | 5 +
security-admin/scripts/upgrade_admin.py | 1 +
.../ranger/elasticsearch/ElasticSearchAccessAuditsService.java | 2 +-
.../main/java/org/apache/ranger/solr/SolrAccessAuditsService.java| 2 +-
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml| 5 +
.../ranger/elasticsearch/ElasticSearchAccessAuditsServiceTest.java | 1 +
9 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/agents-audit/pom.xml b/agents-audit/pom.xml
index 7dcc6c267..06e81650f 100644
--- a/agents-audit/pom.xml
+++ b/agents-audit/pom.xml
@@ -312,7 +312,7 @@
org.apache.lucene
lucene-spatial
-${lucene.version}
+8.4.0
org.apache.lucene
diff --git a/pom.xml b/pom.xml
index 529587295..5948d0f9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -244,7 +244,7 @@
1.0.2
1.70
1.70
-8.4.0
+8.11.3
0.8.0
2.10.6
9.31
diff --git a/security-admin/scripts/ranger-admin-site-template.xml
b/security-admin/scripts/ranger-admin-site-template.xml
index dc4bb52de..b02ed174a 100644
--- a/security-admin/scripts/ranger-admin-site-template.xml
+++ b/security-admin/scripts/ranger-admin-site-template.xml
@@ -160,6 +160,10 @@
ranger.audit.elasticsearch.urls
+
+ ranger.audit.elasticsearch.protocol
+
+
ranger.audit.elasticsearch.port
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 299a093a0..16864980d 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -94,6 +94,7 @@ javax_net_ssl_trustStore=$(get_prop
'javax_net_ssl_trustStore' $PROPFILE)
javax_net_ssl_trustStorePassword=$(get_prop 'javax_net_ssl_trustStorePassword'
$PROPFILE)
audit_store=$(get_prop 'audit_store' $PROPFILE)
audit_elasticsearch_urls=$(get_prop 'audit_elasticsearch_urls' $PROPFILE)
+audit_elasticsearch_protocol=$(get_prop 'audit_elasticsearch_protocol'
$PROPFILE)
audit_elasticsearch_port=$(get_prop 'audit_elasticsearch_port' $PROPFILE)
audit_elasticsearch_user=$(get_prop 'audit_elasticsearch_user' $PROPFILE)
audit_elasticsearch_password=$(get_prop 'audit_elasticsearch_password'
$PROPFILE)
@@ -811,6 +812,10 @@ update_properties() {
newPropertyValue=${audit_elasticsearch_urls}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+ propertyName=ranger.audit.elasticsearch.protocol
+ newPropertyValue=${audit_elasticsearch_protocol}
+ updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
propertyName=ranger.audit.elasticsearch.port
newPropertyValue=${audit_elasticsearch_port}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
diff --git a/security-admin/scripts/upgrade_admin.py
b/security-admin/scripts/upgrade_admin.py
index d340bc603..345ca6302 100755
--- a/security-admin/scripts/upgrade_admin.py
+++ b/security-admin/scripts/upgrade_admin.py
@@ -112,6 +112,7 @@ config2xmlMAP = {
'xa.scheduler.enabled':'ranger.scheduler.enabled',
'xa.audit.store':'ranger.audit.source.type',
'audit_elasticsearch_urls':'ranger.audit.elasticsearch.urls',
+ 'audit_elasticsearch_protocol':'ranger.audit.elasticsearch.protocol',
'audit_elasticsearch_port':'ranger.audit.elasticsearch.port',
'audit_elasticsearch_user':'ranger.audit.elasticsearch.user',
'audit_elasticsearch_password':'ranger.audit.elasticsearch.password',
diff --git
a/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java
b/security-admin/src/main/java/org/apache/ranger/elasticsearch/ElasticSearchAccessAuditsService.java
index 0ccd4fda2..a64cb111e 100644
(ranger) branch master updated: RANGER-4711: Auditing SHOW GRANT Hive Command
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2c90db088 RANGER-4711: Auditing SHOW GRANT Hive Command
2c90db088 is described below
commit 2c90db08864d8bfd7ece860902439ae5abbc4920
Author: Guru Thejus Arveti
AuthorDate: Thu Jun 6 15:31:20 2024 +0530
RANGER-4711: Auditing SHOW GRANT Hive Command
Change-Id: I591e7baa7bbad06593ccc2721a6f2a91962731e5
Signed-off-by: PradeeP AgrawaL
---
.../hive/authorizer/RangerHiveAuthorizer.java | 32 +-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index bcf8f2e07..4ba327337 100644
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -30,6 +30,8 @@ import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
@@ -892,6 +894,34 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
RangerHiveResource resource = new
RangerHiveResource(HiveObjectType.DATABASE, null);
RangerHiveAccessRequest request = new
RangerHiveAccessRequest(resource, user, groups, roles, hiveOpType.name(),
HiveAccessType.USE, context, sessionContext);
requests.add(request);
+ } else if (hiveOpType ==
HiveOperationType.SHOW_GRANT) {
+ String command =
context.getCommandString();
+ String regexForShowGrantCommand = "SHOW
GRANT\\s*(\\w+)?\\s*(\\w+)?\\s*ON\\s*(\\w+)?\\s*(\\S+)";
+ Pattern pattern =
Pattern.compile(regexForShowGrantCommand, Pattern.CASE_INSENSITIVE);
+ Matcher matcher =
pattern.matcher(command);
+
+ if (matcher.find()) {
+ String hiveObjectType =
matcher.group(3);
+ String hiveObjectValue =
matcher.group(4);
+
+ String dbName = hiveObjectValue;
+ String tableName = "";
+ if
(hiveObjectValue.contains(".")) {
+ String[] parts =
hiveObjectValue.split("\\.");
+ dbName = parts[0];
+ tableName = parts[1];
+ }
+
+ if
(hiveObjectType.toUpperCase().equals(HiveObjectType.DATABASE.name())) {
+ RangerHiveResource
resource = new RangerHiveResource(HiveObjectType.DATABASE, dbName);
+ RangerHiveAccessRequest
request = new RangerHiveAccessRequest(resource, user, groups, roles,
hiveOpType.name(), HiveAccessType.USE, context, sessionContext);
+ requests.add(request);
+ } else if
(hiveObjectType.toUpperCase().equals(HiveObjectType.TABLE.name())) {
+ RangerHiveResource
resource = new RangerHiveResource(HiveObjectType.TABLE, dbName, tableName);
+ RangerHiveAccessRequest
request = new RangerHiveAccessRequest(resource, user, groups, roles,
hiveOpType.name(), HiveAccessType.USE, context, sessionContext);
+ requests.add(request);
+ }
+ }
} else if ( hiveOpType ==
HiveOperationType.REPLDUMP) {
// This happens when REPL DUMP command
with null inputHObjs is sent in checkPrivileges()
// following parsing is done for Audit
info
@@ -1870,6 +1900,7 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
(ranger) branch master updated: RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new b209e6152 RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33 b209e6152 is described below commit b209e61528b3d01d463e43c0b0bff02657939b11 Author: Pradeep Agrawal AuthorDate: Wed Mar 20 13:42:28 2024 +0530 RANGER-4753: Upgrade Spring Security to 5.7.12 and spring framework to 5.3.33 Change-Id: Iadf5feb8a527c182958ad401a010a56ed20a5f7d --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 23bf43457..efd152040 100644 --- a/pom.xml +++ b/pom.xml @@ -200,9 +200,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.11 -5.3.32 -5.3.32 + 5.7.12 +5.3.33 +5.3.33 1.99.7 1.2.4 1.19
(ranger) branch master updated: RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new c45a1c0a6 RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32 c45a1c0a6 is described below commit c45a1c0a60b58a898f5b3387d11f5bc25e1f154e Author: Pradeep Agrawal AuthorDate: Mon Feb 26 20:58:45 2024 +0530 RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32 Change-Id: I476d2e6ad8c9c0f6dd096741e1773952b4fc63f4 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index b40fbcc5a..cec2390f2 100644 --- a/pom.xml +++ b/pom.xml @@ -200,9 +200,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.10 -5.3.29 -5.3.29 + 5.7.11 +5.3.32 +5.3.32 1.99.7 1.2.4 1.19
(ranger) branch master updated: RANGER-4689: Fix Ranger Javapatch failure even if service-defs do not exist in ranger DB
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 4280c517c RANGER-4689: Fix Ranger Javapatch failure even if
service-defs do not exist in ranger DB
4280c517c is described below
commit 4280c517c1e26009a01e30acc55a7de54cf5f7c1
Author: Pradeep Agrawal
AuthorDate: Tue Feb 6 15:12:28 2024 +0530
RANGER-4689: Fix Ranger Javapatch failure even if service-defs do not exist
in ranger DB
Change-Id: If3169baaeefe10e4cfd283031763286c320e1e27
---
.../PatchForHBaseServiceDefUpdate_J10035.java | 4 ++--
.../patch/PatchForHiveServiceDefUpdate_J10027.java | 4 ++--
...atchForMigratingOldRegimePolicyJson_J10046.java | 28 --
...PatchForOzoneServiceDefConfigUpdate_J10051.java | 4 ++--
.../PatchForOzoneServiceDefUpdate_J10041.java | 4 ++--
.../patch/PatchForTagServiceDefUpdate_J10028.java | 4 ++--
.../patch/PatchForUpdatingPolicyJson_J10019.java | 28 --
7 files changed, 42 insertions(+), 34 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
index 75fa78ad9..ecda77a4e 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHBaseServiceDefUpdate_J10035.java
@@ -137,8 +137,8 @@ public class PatchForHBaseServiceDefUpdate_J10035 extends
BaseLoader {
jsonPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
} else {
-logger.error("HBase service-definition does not exist in the
Ranger DAO.");
-return false;
+logger.error("HBase service-definition does not exist in the
Ranger DAO. No patching is needed!!");
+return true;
}
dbHBaseServiceDef =
svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HBASE_NAME);
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
index fa319bdb8..24cf14fa1 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForHiveServiceDefUpdate_J10027.java
@@ -137,8 +137,8 @@ public class PatchForHiveServiceDefUpdate_J10027 extends
BaseLoader {
jsonPreUpdate = xXServiceDefObj.getDefOptions();
serviceDefOptionsPreUpdate =
jsonStringToMap(jsonPreUpdate);
} else {
- logger.error("Hive service-definition does not
exist in the Ranger DAO.");
- return false;
+ logger.error("Hive service-definition does not
exist in the Ranger DAO. No patching is needed!!");
+ return true;
}
dbHiveServiceDef =
svcDBStore.getServiceDefByName(SERVICEDBSTORE_SERVICEDEFBYNAME_HIVE_NAME);
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
index dbffc5663..4dfe72aed 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
@@ -291,9 +291,10 @@ public class PatchForMigratingOldRegimePolicyJson_J10046
extends BaseLoader {
resourceNameIdMap.put(serviceType,
serviceDefResourceNameIDMap);
XXServiceDef dbServiceDef =
daoMgr.getXXServiceDef().findByName(serviceType);
-
- for (XXResourceDef resourceDef :
daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
-
serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
+ if (dbServiceDef != null) {
+ for (XXResourceDef resourceDef :
daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
+
serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
+ }
}
}
@@ -423,9 +424,10 @@ public class PatchForMigratingOldReg
(ranger) branch master updated: RANGER-4438: Read JAVA_OPTS in ranger db setup python script
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 9146ff44f RANGER-4438: Read JAVA_OPTS in ranger db setup python script
9146ff44f is described below
commit 9146ff44fc5bd7c27ca70c564c02cd98f8ab4a43
Author: Pradeep Agrawal
AuthorDate: Wed Sep 27 17:10:12 2023 +0530
RANGER-4438: Read JAVA_OPTS in ranger db setup python script
Change-Id: I9e68a77b95f1b4320d7af0b1642eb8c8438faff3
---
kms/scripts/db_setup.py | 44 +++-
kms/scripts/install.properties | 1 +
kms/scripts/setup.sh | 2 ++
security-admin/scripts/changepasswordutil.py | 7 +++--
security-admin/scripts/db_setup.py | 10 +--
security-admin/scripts/install.properties| 1 +
security-admin/scripts/setup.sh | 3 ++
7 files changed, 43 insertions(+), 25 deletions(-)
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index d21a6ac75..f1a6bce57 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -38,6 +38,10 @@ RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME")
if RANGER_KMS_HOME is None:
RANGER_KMS_HOME = os.getcwd()
+JAVA_OPTS = os.getenv("JAVA_OPTS")
+if JAVA_OPTS is None:
+ JAVA_OPTS = ""
+
def check_output(query):
if is_unix:
p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE)
@@ -135,14 +139,14 @@ class MysqlConf(BaseDB):
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
+ jisql_cmd = "%s %s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
else:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
+ jisql_cmd = "%s %s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\"
-noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,
path, self.db_override_jdbc_connection_string,user, password)
+ jisql_cmd = "%s %s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\"
-noheader -trim"
%(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path,
self.db_override_jdbc_connection_string,user, password)
else:
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
\"%s\" -p \"%s\" -noheader -trim"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host,
db_name,db_ssl_param,user, password)
+ jisql_cmd = "%s %s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
\"%s\" -p \"%s\" -noheader -trim"
%(self.JAVA_BIN,self.JAVA_OPTS,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path,
self.host, db_name,db_ssl_param,user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -227,14 +231,14 @@ class OracleConf(BaseDB):
[ranger] branch master updated: RANGER-4421: Upgrade Tomcat to 8.5.93
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 0b8eb1c15 RANGER-4421: Upgrade Tomcat to 8.5.93 0b8eb1c15 is described below commit 0b8eb1c15338de978adc5b80e92b39eb410d37d2 Author: Sanket-Shelar AuthorDate: Wed Sep 20 11:09:46 2023 +0530 RANGER-4421: Upgrade Tomcat to 8.5.93 Signed-off-by: Pradeep Agrawal Change-Id: I7e2353df31a92627f2e224565aad09d0bf2439ab --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9b6f5e62b..115580ada 100644 --- a/pom.xml +++ b/pom.xml @@ -206,7 +206,7 @@ 1.99.7 1.2.4 1.19 -8.5.89 +8.5.93 7.0.0 2.3 3.5.5
[ranger] branch master updated: RANGER-4422: Searching for users/groups with Sync source filter on the users/groups page leads to error on Oracle DB
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 58173c815 RANGER-4422: Searching for users/groups with Sync source
filter on the users/groups page leads to error on Oracle DB
58173c815 is described below
commit 58173c8154baea1b4616109bbd3acd8203f7fce0
Author: Pradeep Agrawal
AuthorDate: Wed Sep 20 15:51:28 2023 +0530
RANGER-4422: Searching for users/groups with Sync source filter on the
users/groups page leads to error on Oracle DB
Change-Id: I4e464eb85019dcd80ef86a35bb6916c8592368ff
---
.../src/main/java/org/apache/ranger/service/XGroupService.java | 2 +-
.../src/main/java/org/apache/ranger/service/XUserService.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
index 650760304..1f033b33d 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
@@ -81,7 +81,7 @@ public class XGroupService extends XGroupServiceBase {
"XXGroupUser groupUser", "obj.id =
groupUser.parentGroupId"));
searchFields.add(new SearchField("syncSource", "obj.syncSource",
- SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.FULL));
+ SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.PARTIAL));
createdByUserId =
PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1);
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
index d7c011ca3..166efe82c 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java
@@ -122,7 +122,7 @@ public class XUserService extends XUserServiceBase {
"xXPortalUser.id=xXPortalUserRole.userId and
xXPortalUser.loginId = obj.name "));
searchFields.add(new SearchField("syncSource", "obj.syncSource",
- SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.FULL));
+ SearchField.DATA_TYPE.STRING,
SearchField.SEARCH_TYPE.PARTIAL));
createdByUserId =
PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1);
[ranger] branch master updated: RANGER-4382: Improve exportCSV download time
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 80e67e076 RANGER-4382: Improve exportCSV download time
80e67e076 is described below
commit 80e67e07638ccbe13841c0f8daeff4afbd7f7621
Author: Pradeep Agrawal
AuthorDate: Fri Sep 8 14:47:35 2023 +0530
RANGER-4382: Improve exportCSV download time
Change-Id: Iafd2754259a5c158b0faed54a410f659cd9c1f8d
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 1028 ++--
.../java/org/apache/ranger/rest/ServiceREST.java | 49 +-
2 files changed, 519 insertions(+), 558 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 036dbfec6..84b096e9b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -4080,8 +4080,7 @@ public class ServiceDBStore extends AbstractServiceStore {
return false;
}
-private void writeExcel(List policies, String
excelFileName,
-HttpServletResponse response) throws IOException {
+ private void writeExcel(List policies, String
excelFileName, HttpServletResponse response) throws IOException {
Workbook workbook = null;
OutputStream outStream = null;
try {
@@ -4090,86 +4089,71 @@ public class ServiceDBStore extends
AbstractServiceStore {
createHeaderRow(sheet);
int rowCount = 0;
if (!CollectionUtils.isEmpty(policies)) {
+ Map svcNameToSvcType = new
HashMap<>();
for (RangerPolicy policy : policies) {
-List policyItems =
policy
-.getPolicyItems();
-List
rowFilterPolicyItems = policy
-
.getRowFilterPolicyItems();
-List
dataMaskPolicyItems = policy
-
.getDataMaskPolicyItems();
-List allowExceptions
= policy
-.getAllowExceptions();
-List denyExceptions
= policy
-.getDenyExceptions();
-List denyPolicyItems
= policy
-.getDenyPolicyItems();
-XXService xxservice =
daoMgr.getXXService().findByName(
-policy.getService());
-String serviceType = "";
-if (xxservice != null) {
-Long ServiceId =
xxservice.getType();
-XXServiceDef xxservDef =
daoMgr.getXXServiceDef()
-
.getById(ServiceId);
-if (xxservDef != null) {
-serviceType =
xxservDef.getName();
-}
-}
+ List policyItems =
policy.getPolicyItems();
+ List
rowFilterPolicyItems = policy.getRowFilterPolicyItems();
+ List
dataMaskPolicyItems = policy.getDataMaskPolicyItems();
+ List allowExceptions
= policy.getAllowExceptions();
+ List denyExceptions =
policy.getDenyExceptions();
+ List denyPolicyItems
= policy.getDenyPolicyItems();
+
+ String serviceType =
policy.getServiceType();
+ if (StringUtils.isBlank(serviceType)) {
+ serviceType =
svcNameToSvcType.get(policy.getService());
+ if
(StringUtils.isBlank(serviceType)) {
+ serviceType =
daoMgr.getXXServiceDef().findServiceDefTypeByServiceName(policy.getService());
+ if
(StringUtils.isNotB
[ranger] branch master updated: RANGER-4285: [Best practices] Change java patch seq J10057 to J10060
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 82af76567 RANGER-4285: [Best practices] Change java patch seq J10057
to J10060
82af76567 is described below
commit 82af76567cbdf663a48b3fcfaefaa3fc0e77aa8b
Author: Sanket-Shelar
AuthorDate: Thu Aug 31 12:51:14 2023 +0530
RANGER-4285: [Best practices] Change java patch seq J10057 to J10060
Signed-off-by: Pradeep Agrawal
Change-Id: I8bea7bb1f41f9d6ef87f4dde898657d22d2420e6
---
.../db/mysql/optimized/current/ranger_core_db_mysql.sql| 2 +-
.../db/oracle/optimized/current/ranger_core_db_oracle.sql | 2 +-
.../postgres/optimized/current/ranger_core_db_postgres.sql | 2 +-
.../optimized/current/ranger_core_db_sqlanywhere.sql | 2 +-
.../optimized/current/ranger_core_db_sqlserver.sql | 2 +-
...chForAllServiceDefForPolicyConditionUpdate_J10060.java} | 14 +++---
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index a5166a5b2..c4b729c9c 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1879,5 +1879,5 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10054',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10055',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10056',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
-INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10057',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10060',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 26db314bc..c3d236206 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2068,6 +2068,6 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10054',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10055',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10056',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
-INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10057',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10060',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 38ea16656..cf445bc59 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -2014,7 +2014,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10054',current_timestamp,'Ranger 3.0.0',current_timestamp
[ranger] branch master updated: RANGER-4353: Introduce option in Ranger to control retention period of x_trx_log table data
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new fde454390 RANGER-4353: Introduce option in Ranger to control retention
period of x_trx_log table data
fde454390 is described below
commit fde454390e99cb60db125a0ba2241e9807f77b39
Author: Pradeep AgrawaL
AuthorDate: Mon Aug 21 16:41:17 2023 +0530
RANGER-4353: Introduce option in Ranger to control retention period of
x_trx_log table data
Change-Id: Icd3bdade26181afaee2abb54fb866e10a24217e4
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 34 ++
.../org/apache/ranger/db/XXAuthSessionDao.java | 17 ++-
.../java/org/apache/ranger/db/XXTrxLogDao.java | 12
.../java/org/apache/ranger/rest/ServiceREST.java | 8 +++--
.../main/resources/META-INF/jpa_named_queries.xml | 7 +
.../main/resources/conf.dist/ranger-admin-site.xml | 9 ++
6 files changed, 78 insertions(+), 9 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index ed1ea0376..9b02229e1 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -253,6 +253,8 @@ public class ServiceDBStore extends AbstractServiceStore {
public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false;
public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0;
+ public static boolean SUPPORTS_PURGE_TRANSACTION_RECORDS = false;
+ public static Integer TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS = 0;
private static final String RANGER_PLUGIN_CONFIG_PREFIX =
"ranger.plugin.";
public static final String RANGER_PLUGIN_AUDIT_FILTERS =
"ranger.plugin.audit.filters";
@@ -398,6 +400,8 @@ public class ServiceDBStore extends AbstractServiceStore {
SUPPORTS_PURGE_LOGIN_RECORDS
= config.getBoolean("ranger.admin.init.purge.login_records", false);
LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS
= config.getInt("ranger.admin.init.purge.login_records.retention.days", 0);
+ SUPPORTS_PURGE_TRANSACTION_RECORDS
= config.getBoolean("ranger.admin.init.purge.transaction_records", false);
+
TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS =
config.getInt("ranger.admin.init.purge.transaction_records.retention.days", 0);
isRolesDownloadedByService =
config.getBoolean("ranger.support.for.service.specific.role.download", false);
SUPPORTS_IN_PLACE_POLICY_UPDATES=
SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" +
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES,
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT);
@@ -407,6 +411,8 @@ public class ServiceDBStore extends AbstractServiceStore {
LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS);
LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS);
LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" +
LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS);
+
LOG.info("SUPPORTS_PURGE_TRANSACTION_RECORDS=" +
SUPPORTS_PURGE_TRANSACTION_RECORDS);
+
LOG.info("TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS=" +
TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS);
LOG.info("isRolesDownloadedByService="
+ isRolesDownloadedByService);
LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" +
SUPPORTS_IN_PLACE_POLICY_UPDATES);
@@ -427,6 +433,9 @@ public class ServiceDBStore extends AbstractServiceStore {
if
(SUPPORTS_PURGE_LOGIN_RECORDS) {
removeAuthSessions(LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS);
}
+ if
(SUPPORTS_PURGE_TRANSACTION_RECORDS) {
+
removeTransactionLogs(TRANSACTION_RECORDS_RETENTION_PERIOD_IN_DAYS);
[ranger] branch master updated: RANGER-4337: Upgrade spring-framework and spring-security
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new f46357f16 RANGER-4337: Upgrade spring-framework and spring-security f46357f16 is described below commit f46357f1647aca98f10bb2e5824bde9955ad2fb2 Author: Pradeep AgrawaL AuthorDate: Tue Aug 1 15:31:37 2023 +0530 RANGER-4337: Upgrade spring-framework and spring-security --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index d4f626202..c7a860650 100644 --- a/pom.xml +++ b/pom.xml @@ -199,9 +199,9 @@ 1.7.32 8.11.2 2.4.1 - 5.7.8 -5.3.27 -5.3.27 + 5.7.10 +5.3.29 +5.3.29 1.99.7 1.2.4 1.19
[ranger] branch master updated: RANGER-4308: Upgrade netty to 4.1.94-final
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 7cac1d330 RANGER-4308: Upgrade netty to 4.1.94-final 7cac1d330 is described below commit 7cac1d33090951e2f9dc62b51dc554d84083a03d Author: Pradeep AgrawaL AuthorDate: Thu Jul 6 12:38:56 2023 +0530 RANGER-4308: Upgrade netty to 4.1.94-final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9fc946731..518202b90 100644 --- a/pom.xml +++ b/pom.xml @@ -177,7 +177,7 @@ 3.0.0 1.10.19 5.1.49 -4.1.85.Final +4.1.94.Final 0.8 1.6.7 20211018.2
[ranger] branch master updated: RANGER-2895: Replace c3p0 connection pool with HikariCP
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 846031985 RANGER-2895: Replace c3p0 connection pool with HikariCP
846031985 is described below
commit 846031985cae70f7a8c5e92faf186948a302260e
Author: Pradeep AgrawaL
AuthorDate: Wed Jun 7 18:39:25 2023 +0530
RANGER-2895: Replace c3p0 connection pool with HikariCP
---
pom.xml| 4 +-
security-admin/pom.xml | 6 +-
.../scripts/ranger-admin-site-template.xml | 10 +--
security-admin/scripts/upgrade_admin.py| 9 +-
.../org/apache/ranger/db/RangerDaoManager.java | 6 --
.../org/apache/ranger/db/XXAccessAuditDao.java | 2 +-
.../src/main/resources/META-INF/persistence.xml| 10 ---
.../conf.dist/ranger-admin-default-site.xml| 18 ++--
.../main/webapp/META-INF/applicationContext.xml| 98 +++---
9 files changed, 32 insertions(+), 131 deletions(-)
diff --git a/pom.xml b/pom.xml
index 9a6667ad2..9fc946731 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,7 +87,7 @@
1.3.7
1.1.3
1.70
-0.9.5.5
+4.0.3
2.2.0-b23
3.1.0
8.29
@@ -176,7 +176,7 @@
3.0.2
3.0.0
1.10.19
-5.1.31
+5.1.49
4.1.85.Final
0.8
1.6.7
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 25aaa0e58..08d289590 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -46,9 +46,9 @@
${asm.all.version}
-com.mchange
-c3p0
-${c3p0.version}
+com.zaxxer
+HikariCP
+${HikariCP.version}
org.glassfish.hk2.external
diff --git a/security-admin/scripts/ranger-admin-site-template.xml
b/security-admin/scripts/ranger-admin-site-template.xml
index 037260f50..dc4bb52de 100644
--- a/security-admin/scripts/ranger-admin-site-template.xml
+++ b/security-admin/scripts/ranger-admin-site-template.xml
@@ -117,25 +117,21 @@
- ranger.jpa.jdbc.initialpoolsize
+ ranger.jpa.jdbc.idletimeout
- ranger.jpa.jdbc.maxidletime
+ ranger.jpa.jdbc.maxlifetime
- ranger.jpa.jdbc.maxstatements
+ ranger.jpa.jdbc.connectiontimeout
ranger.jpa.jdbc.preferredtestquery
-
- ranger.jpa.jdbc.idleconnectiontestperiod
-
-
ranger.jpa.jdbc.credential.alias
diff --git a/security-admin/scripts/upgrade_admin.py
b/security-admin/scripts/upgrade_admin.py
index 85f57b8ce..d340bc603 100755
--- a/security-admin/scripts/upgrade_admin.py
+++ b/security-admin/scripts/upgrade_admin.py
@@ -102,11 +102,10 @@ config2xmlMAP = {
'jdbc.password':'ranger.jpa.jdbc.password',
'jdbc.maxPoolSize':'ranger.jpa.jdbc.maxpoolsize',
'jdbc.minPoolSize':'ranger.jpa.jdbc.minpoolsize',
- 'jdbc.initialPoolSize':'ranger.jpa.jdbc.initialpoolsize',
- 'jdbc.maxIdleTime':'ranger.jpa.jdbc.maxidletime',
- 'jdbc.maxStatements':'ranger.jpa.jdbc.maxstatements',
- 'jdbc.preferredTestQuery':'ranger.jpa.jdbc.preferredtestquery',
-
'jdbc.idleConnectionTestPeriod':'ranger.jpa.jdbc.idleconnectiontestperiod',
+ 'jdbc.idleTimeout':'ranger.jpa.jdbc.idletimeout',
+ 'jdbc.maxLifetime':'ranger.jpa.jdbc.maxlifetime',
+ 'jdbc.connectionTimeout':'ranger.jpa.jdbc.connectiontimeout',
+'jdbc.preferredTestQuery':'ranger.jpa.jdbc.preferredTestQuery',
'xaDB.jdbc.credential.alias':'ranger.jpa.jdbc.credential.alias',
'xaDB.jdbc.credential.provider.path':'ranger.jpa.jdbc.credential.provider.path',
'xa.logs.base.dir':'ranger.logs.base.dir',
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java
b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java
index 44375e5ac..81f9a1681 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManager.java
@@ -38,9 +38,6 @@ public class RangerDaoManager extends RangerDaoManagerBase {
@PersistenceContext(unitName = "defaultPU")
private EntityManager em;
- @PersistenceContext(unitName = "loggingPU")
- private EntityManager loggingEM;
-
@Autowired
StringUtil stringUtil;
@@ -57,9 +54,6 @@ public class RangerDaoManager extends RangerDaoManagerBase {
logger.debug("RangerDa
[ranger] branch master updated: RANGER-4242: Ranger Upgrade is failing
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 2ab2fd44d RANGER-4242: Ranger Upgrade is failing
2ab2fd44d is described below
commit 2ab2fd44d1fcb004eb832abcda1bf46d40a2872a
Author: Pradeep Agrawal
AuthorDate: Tue May 23 11:05:30 2023 +0530
RANGER-4242: Ranger Upgrade is failing
---
...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 6 +++
...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java | 30 +-
...ForUpdateToUniqueResoureceSignature_J10053.java | 47 +++---
3 files changed, 76 insertions(+), 7 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
index f5f9f8956..e6c6954a4 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
@@ -370,6 +370,9 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
newPolicyForNewResource.setConditions(exPolicy.getConditions());
newPolicyForNewResource.setIsDenyAllElse(exPolicy.getIsDenyAllElse());
newPolicyForNewResource.setZoneName(exPolicy.getZoneName());
+
newPolicyForNewResource.setIsEnabled(exPolicy.getIsEnabled());
+
newPolicyForNewResource.setIsAuditEnabled(exPolicy.getIsAuditEnabled());
+
newPolicyForNewResource.setPolicyType(exPolicy.getPolicyType());
try {
if (isAllResources) {
@@ -406,6 +409,9 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
newPolicy.setResources(resForNewPol);
newPolicy.setResourceSignature(null);
newPolicy.setGuid(null);
+if (logger.isDebugEnabled()) {
+logger.debug("newPolicy:"+newPolicy);
+}
this.svcDBStore.createPolicy(newPolicy);
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
index e6ae57fc8..2c5939009 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
@@ -133,7 +133,7 @@ public class PatchPreSql_057_ForUpdateToUniqueGUID_J10052
extends BaseLoader {
isFirstElement = false;
continue;
}
-
RangerPolicy policy = svcStore.getPolicy(xxPolicy.getId());
+
RangerPolicy policy = getPolicy(xxPolicy);
if
(policy != null) {
guid = guidUtil.genGUID();
xxPolicy.setGuid(guid);
@@ -157,4 +157,32 @@ public class PatchPreSql_057_ForUpdateToUniqueGUID_J10052
extends BaseLoader {
logger.info("No zone or service found");
}
}
+
+ private RangerPolicy getPolicy(final XXPolicy xPolicy) {
+ final RangerPolicy ret;
+
+ if (xPolicy != null) {
+ String policyText = xPolicy.getPolicyText();
+ if (logger.isDebugEnabled()) {
+ logger.debug("Ranger Policy text:[" +
policyText + "]");
+ }
+ ret = JsonUtils.jsonToObject(policyText,
RangerPolicy.class);
+
+ if (ret != null) {
+ ret.setId(xPolicy.getId());
+ ret.setGuid(xPolicy.getGuid());
+ ret.setCreateTime(xPolicy.getCreateTime());
+ ret.setUpdateTime(xPolicy.getUpdateTime());
+ ret.setVersion(xPolicy.getVersion());
+ ret.setPolicyType(xPolicy.getPolicyType() ==
null ? RangerPolicy.PO
[ranger] branch master updated: RANGER-4274: Change sql patch sequence 075 to 066
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 88bcc539b RANGER-4274: Change sql patch sequence 075 to 066
88bcc539b is described below
commit 88bcc539bc32d31b6d2dfcfcf3b0e55cd424de20
Author: Pradeep Agrawal
AuthorDate: Thu Jun 15 11:13:00 2023 +0530
RANGER-4274: Change sql patch sequence 075 to 066
---
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql | 2 +-
...75-create-sz-role-ref-table.sql => 066-create-sz-role-ref-table.sql} | 0
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql| 2 +-
...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0
.../db/postgres/optimized/current/ranger_core_db_postgres.sql | 2 +-
...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0
.../db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql | 2 +-
...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0
.../db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql | 2 +-
...75-create-sz-ref-role-table.sql => 066-create-sz-ref-role-table.sql} | 0
10 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index ac1fa1509..a3b05d851 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1831,7 +1831,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
-INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('075',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('066',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/mysql/patches/075-create-sz-role-ref-table.sql
b/security-admin/db/mysql/patches/066-create-sz-role-ref-table.sql
similarity index 100%
rename from security-admin/db/mysql/patches/075-create-sz-role-ref-table.sql
rename to security-admin/db/mysql/patches/066-create-sz-role-ref-table.sql
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index a4d145de0..91ec963ed 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1992,7 +1992,7 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '059',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '060',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '065',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
-INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '075',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, '066',sys_extract_utc(systimestamp),'Ranger
3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval, 'DB_PATCHES',sys_extract_u
[ranger] 01/02: RANGER-4262: Upgrade aws-java-sdk to 1.12.481
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 27456a9c634cd3747da890a34d1d765d91685224 Author: Pradeep AgrawaL AuthorDate: Tue Jun 6 10:17:03 2023 +0530 RANGER-4262: Upgrade aws-java-sdk to 1.12.481 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3d4a755a2..ec01430fe 100644 --- a/pom.xml +++ b/pom.xml @@ -247,7 +247,7 @@ 0.8.0 2.10.6 9.31 -1.12.125 +1.12.481 2.3.0
[ranger] branch master updated (cb65abc86 -> 00267ed13)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from cb65abc86 RANGER-4274: updated security-zones to support admin-roles and audit-roles: fix unit test failures - #2 new 27456a9c6 RANGER-4262: Upgrade aws-java-sdk to 1.12.481 new 00267ed13 RANGER-4257: Upgrade Tomcat to 8.5.89 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
[ranger] 02/02: RANGER-4257: Upgrade Tomcat to 8.5.89
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 00267ed13ebd653c028a09cf5f0cf13abf4ed8a3 Author: Pradeep AgrawaL AuthorDate: Tue May 30 16:58:46 2023 +0530 RANGER-4257: Upgrade Tomcat to 8.5.89 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ec01430fe..9a6667ad2 100644 --- a/pom.xml +++ b/pom.xml @@ -205,7 +205,7 @@ 1.99.7 1.2.4 1.19 -8.5.86 +8.5.89 7.0.0 2.3 3.5.5
[ranger] branch ranger-2.4 updated: RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 23c42c7b0 RANGER-4255: Introduce option in Ranger to control retention
period of x_auth_sess table data
23c42c7b0 is described below
commit 23c42c7b0562a2c724ffa557e6a4723eaa7bb8d4
Author: Pradeep AgrawaL
AuthorDate: Thu May 25 18:21:54 2023 +0530
RANGER-4255: Introduce option in Ranger to control retention period of
x_auth_sess table data
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 42 ++
.../main/java/org/apache/ranger/biz/XUserMgr.java | 1 -
.../org/apache/ranger/db/XXAuthSessionDao.java | 19 --
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 15
.../java/org/apache/ranger/rest/ServiceREST.java | 39
.../main/resources/META-INF/jpa_named_queries.xml | 4 +++
.../main/resources/conf.dist/ranger-admin-site.xml | 8 +
7 files changed, 125 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index a871700b5..2b6bfd271 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -247,6 +247,8 @@ public class ServiceDBStore extends AbstractServiceStore {
public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES = false;
public static Integer RETENTION_PERIOD_IN_DAYS = 7;
public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
+ public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false;
+ public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0;
private static final String RANGER_PLUGIN_CONFIG_PREFIX =
"ranger.plugin.";
public static final String RANGER_PLUGIN_AUDIT_FILTERS =
"ranger.plugin.audit.filters";
@@ -389,9 +391,21 @@ public class ServiceDBStore extends AbstractServiceStore {
SUPPORTS_POLICY_DELTAS =
config.getBoolean("ranger.admin" +
RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA,
RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA_DEFAULT);
RETENTION_PERIOD_IN_DAYS =
config.getInt("ranger.admin.delta.retention.time.in.days", 7);
TAG_RETENTION_PERIOD_IN_DAYS =
config.getInt("ranger.admin.tag.delta.retention.time.in.days", 3);
+
+ SUPPORTS_PURGE_LOGIN_RECORDS
= config.getBoolean("ranger.admin.init.purge.login_records", false);
+ LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS
= config.getInt("ranger.admin.init.purge.login_records.retention.days", 0);
+
isRolesDownloadedByService =
config.getBoolean("ranger.support.for.service.specific.role.download", false);
SUPPORTS_IN_PLACE_POLICY_UPDATES=
SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" +
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES,
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT);
+ LOG.info("SUPPORTS_POLICY_DELTAS=" +
SUPPORTS_POLICY_DELTAS);
+ LOG.info("RETENTION_PERIOD_IN_DAYS=" +
RETENTION_PERIOD_IN_DAYS);
+
LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS);
+
LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS);
+
LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" +
LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS);
+ LOG.info("isRolesDownloadedByService="
+ isRolesDownloadedByService);
+
LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" +
SUPPORTS_IN_PLACE_POLICY_UPDATES);
+
TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
final ServiceDBStore dbStore = this;
@@ -406,6 +420,9 @@ public class ServiceDBStore extends AbstractServiceStore {
createGenericUsers();
resetPolicyUpdateLog(RETENTION_PERIOD_IN_DAYS,
RangerPolicyDelta.CHANGE_TYPE_RANGER_ADMIN
[ranger] branch master updated: RANGER-4255: Introduce option in Ranger to control retention period of x_auth_sess table data
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a07dbb804 RANGER-4255: Introduce option in Ranger to control retention
period of x_auth_sess table data
a07dbb804 is described below
commit a07dbb8049dab1419fb983fc685211675292af49
Author: Pradeep AgrawaL
AuthorDate: Thu May 25 18:21:54 2023 +0530
RANGER-4255: Introduce option in Ranger to control retention period of
x_auth_sess table data
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 36
.../org/apache/ranger/db/XXAuthSessionDao.java | 19 +--
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 15 +
.../java/org/apache/ranger/rest/ServiceREST.java | 39 ++
.../main/resources/META-INF/jpa_named_queries.xml | 4 +++
.../main/resources/conf.dist/ranger-admin-site.xml | 8 +
6 files changed, 119 insertions(+), 2 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 04aee289e..356b01f3c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -249,6 +249,8 @@ public class ServiceDBStore extends AbstractServiceStore {
public static boolean SUPPORTS_IN_PLACE_POLICY_UPDATES = false;
public static Integer RETENTION_PERIOD_IN_DAYS = 7;
public static Integer TAG_RETENTION_PERIOD_IN_DAYS = 3;
+ public static boolean SUPPORTS_PURGE_LOGIN_RECORDS = false;
+ public static Integer LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS = 0;
private static final String RANGER_PLUGIN_CONFIG_PREFIX =
"ranger.plugin.";
public static final String RANGER_PLUGIN_AUDIT_FILTERS =
"ranger.plugin.audit.filters";
@@ -391,12 +393,18 @@ public class ServiceDBStore extends AbstractServiceStore {
SUPPORTS_POLICY_DELTAS =
config.getBoolean("ranger.admin" +
RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA,
RangerCommonConstants.RANGER_ADMIN_SUFFIX_POLICY_DELTA_DEFAULT);
RETENTION_PERIOD_IN_DAYS =
config.getInt("ranger.admin.delta.retention.time.in.days", 7);
TAG_RETENTION_PERIOD_IN_DAYS =
config.getInt("ranger.admin.tag.delta.retention.time.in.days", 3);
+
+ SUPPORTS_PURGE_LOGIN_RECORDS
= config.getBoolean("ranger.admin.init.purge.login_records", false);
+ LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS
= config.getInt("ranger.admin.init.purge.login_records.retention.days", 0);
+
isRolesDownloadedByService =
config.getBoolean("ranger.support.for.service.specific.role.download", false);
SUPPORTS_IN_PLACE_POLICY_UPDATES=
SUPPORTS_POLICY_DELTAS && config.getBoolean("ranger.admin" +
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES,
RangerCommonConstants.RANGER_ADMIN_SUFFIX_IN_PLACE_POLICY_UPDATES_DEFAULT);
LOG.info("SUPPORTS_POLICY_DELTAS=" +
SUPPORTS_POLICY_DELTAS);
LOG.info("RETENTION_PERIOD_IN_DAYS=" +
RETENTION_PERIOD_IN_DAYS);
LOG.info("TAG_RETENTION_PERIOD_IN_DAYS=" + TAG_RETENTION_PERIOD_IN_DAYS);
+
LOG.info("SUPPORTS_PURGE_LOGIN_RECORDS=" + SUPPORTS_PURGE_LOGIN_RECORDS);
+
LOG.info("LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS=" +
LOGIN_RECORDS_RETENTION_PERIOD_IN_DAYS);
LOG.info("isRolesDownloadedByService="
+ isRolesDownloadedByService);
LOG.info("SUPPORTS_IN_PLACE_POLICY_UPDATES=" +
SUPPORTS_IN_PLACE_POLICY_UPDATES);
@@ -414,6 +422,9 @@ public class ServiceDBStore extends AbstractServiceStore {
createGenericUsers();
resetPolicyUpdateLog(RETENTION_PERIOD_IN_DAYS,
RangerPolicyDelta.CHANGE_TYPE_RANGER_ADMIN_START);
resetTagUpdateLog(TAG_RETENTION_PERIOD_IN_DAYS,
ServiceTags.TagsChangeType.RANGER_ADMIN_START);
+
[ranger] branch master updated: RANGER-4245: Upgrade derby, spring-ldap and testng libraries
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 56db102e8 RANGER-4245: Upgrade derby, spring-ldap and testng libraries 56db102e8 is described below commit 56db102e8804672367e539bcc4b90b8e7cdce9ad Author: Pradeep Agrawal AuthorDate: Mon May 22 16:19:18 2023 +0530 RANGER-4245: Upgrade derby, spring-ldap and testng libraries --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 29a38830e..ca1c5d5d3 100644 --- a/pom.xml +++ b/pom.xml @@ -111,7 +111,7 @@ 1.10.0 5.4.0 5.4.0 -10.11.1.1 +10.14.2.0 2.1.7 2.7.12 7.10.2 @@ -198,7 +198,7 @@ 1.7.32 1.7.32 8.11.2 -2.3.8.RELEASE +2.4.1 5.7.8 5.3.27 5.3.27 @@ -206,7 +206,7 @@ 1.2.4 1.19 8.5.86 -6.9.4 +7.0.0 2.3 3.5.5 4.2.1
[ranger] branch ranger-2.4 updated: RANGER-4241: Fix sql patch 65 syntax issue for oracle db
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 613c62c9c RANGER-4241: Fix sql patch 65 syntax issue for oracle db
613c62c9c is described below
commit 613c62c9cc32a00074600f9739153230cf8a25eb
Author: Pradeep Agrawal
AuthorDate: Tue May 16 19:53:31 2023 +0530
RANGER-4241: Fix sql patch 65 syntax issue for oracle db
---
.../065-add-uk-on-x_rms_service_resource-resource_signature.sql| 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git
a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
index f91dfef06..f19630ca8 100644
---
a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
+++
b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
@@ -12,7 +12,6 @@
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--- sync_source_info CLOB NOT NULL,
DECLARE
v_index_exists number:=0;
@@ -30,7 +29,7 @@ BEGIN
commit;
SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME =
upper('x_rms_svc_res_IDX_res_sgn') AND TABLE_NAME=
upper('x_rms_service_resource');
IF (v_index_exists > 0) THEN
-EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn ON
x_rms_service_resource(resource_signature)';
+EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn';
commit;
END IF;
[ranger] branch master updated: RANGER-4241: Fix sql patch 65 syntax issue for oracle db
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d1a5ee36a RANGER-4241: Fix sql patch 65 syntax issue for oracle db
d1a5ee36a is described below
commit d1a5ee36ac458fe9f87e7e6a5ae320a74c09f703
Author: Pradeep Agrawal
AuthorDate: Tue May 16 19:53:31 2023 +0530
RANGER-4241: Fix sql patch 65 syntax issue for oracle db
---
.../065-add-uk-on-x_rms_service_resource-resource_signature.sql| 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git
a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
index f91dfef06..f19630ca8 100644
---
a/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
+++
b/security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
@@ -12,7 +12,6 @@
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--- sync_source_info CLOB NOT NULL,
DECLARE
v_index_exists number:=0;
@@ -30,7 +29,7 @@ BEGIN
commit;
SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME =
upper('x_rms_svc_res_IDX_res_sgn') AND TABLE_NAME=
upper('x_rms_service_resource');
IF (v_index_exists > 0) THEN
-EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn ON
x_rms_service_resource(resource_signature)';
+EXECUTE IMMEDIATE 'DROP INDEX x_rms_svc_res_IDX_res_sgn';
commit;
END IF;
[ranger] branch master updated (54a2cd0a4 -> 576cb642a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 54a2cd0a4 RANGER-4235: security-zone persistence optimized to avoid creation of unnecessary ref table entries new dd6954457 RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15 new 576cb642a RANGER-4232: Upgrade Spring Security to 5.7.8 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: distro/src/main/assembly/admin-web.xml | 2 +- plugin-ozone/pom.xml | 9 + pom.xml| 10 +- ranger-ozone-plugin-shim/pom.xml | 9 + 4 files changed, 24 insertions(+), 6 deletions(-)
[ranger] 02/02: RANGER-4232: Upgrade Spring Security to 5.7.8
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit 576cb642af672532fd789a9405c1c4ee4d42e43d Author: Pradeep AgrawaL AuthorDate: Mon May 15 10:32:46 2023 +0530 RANGER-4232: Upgrade Spring Security to 5.7.8 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cd4d58fa4..29a38830e 100644 --- a/pom.xml +++ b/pom.xml @@ -199,7 +199,7 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.5 + 5.7.8 5.3.27 5.3.27 1.99.7
[ranger] 01/02: RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit dd6954457e27c1d9a4c827c6afea8a3e0952448e
Author: Pradeep Agrawal
AuthorDate: Mon May 8 13:30:15 2023 +0530
RANGER-4226: Upgrade Nimbus-JOSE-JWT and bcpkix-jdk15
---
distro/src/main/assembly/admin-web.xml | 2 +-
plugin-ozone/pom.xml | 9 +
pom.xml| 8
ranger-ozone-plugin-shim/pom.xml | 9 +
4 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/distro/src/main/assembly/admin-web.xml
b/distro/src/main/assembly/admin-web.xml
index b29b83347..245d9ca09 100644
--- a/distro/src/main/assembly/admin-web.xml
+++ b/distro/src/main/assembly/admin-web.xml
@@ -189,7 +189,7 @@
org.apache.ratis:ratis-proto:jar:${ratis.version}
org.apache.ratis:ratis-thirdparty-misc:jar:${ratis-thirdparty.version}
org.apache.commons:commons-compress:jar:1.4.1
- org.bouncycastle:bcpkix-jdk15on
+
org.bouncycastle:bcpkix-jdk15on:jar:${org.bouncycastle.bcpkix-jdk15on}
commons-net:commons-net:jar:${commons.net.version}
com.google.guava:guava
io.jaegertracing:jaeger-core:jar:1.6.0
diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml
index b832bd9a5..fa20ec382 100644
--- a/plugin-ozone/pom.xml
+++ b/plugin-ozone/pom.xml
@@ -88,6 +88,11 @@ limitations under the License.
httpcore
${httpcomponents.httpcore.version}
+
+org.bouncycastle
+bcpkix-jdk15on
+${org.bouncycastle.bcpkix-jdk15on}
+
org.apache.ozone
ozone-common
@@ -104,6 +109,10 @@ limitations under the License.
hdds-common
${ozone.version}
+
+org.bouncycastle
+*
+
org.apache.logging.log4j
*
diff --git a/pom.xml b/pom.xml
index 32d19d42c..cd4d58fa4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,7 @@
2.11.3
1.3.7
1.1.3
-1.55
+1.70
0.9.5.5
2.2.0-b23
3.1.0
@@ -241,12 +241,12 @@
1.6.4
1.3.8
1.0.2
-1.68
-1.59
+1.70
+1.70
8.4.0
0.8.0
2.10.6
-8.22.1
+9.31
1.12.125
diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml
index 303e7de51..de08a7c7d 100644
--- a/ranger-ozone-plugin-shim/pom.xml
+++ b/ranger-ozone-plugin-shim/pom.xml
@@ -77,6 +77,11 @@
httpcore
${httpcomponents.httpcore.version}
+
+org.bouncycastle
+bcpkix-jdk15on
+${org.bouncycastle.bcpkix-jdk15on}
+
org.apache.ozone
ozone-common
@@ -93,6 +98,10 @@
hdds-common
${ozone.version}
+
+org.bouncycastle
+*
+
org.apache.logging.log4j
*
[ranger] branch master updated: RANGER-4218: Fix for test failure in TestServiceDBStore
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new aea071ca7 RANGER-4218: Fix for test failure in TestServiceDBStore
aea071ca7 is described below
commit aea071ca7c029e45e08beb7392d50c582f0e0c68
Author: Pradeep Agrawal
AuthorDate: Fri May 5 16:15:37 2023 +0530
RANGER-4218: Fix for test failure in TestServiceDBStore
---
.../src/test/java/org/apache/ranger/biz/TestServiceDBStore.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index a468ed6f8..eadd64ab7 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -2431,7 +2431,7 @@ public void test47getMetricByTypeDenyconditions() throws
Exception {
Mockito.when(serviceDBStore.xUserMgr.getGroupsForUser("testUser2")).thenReturn(new
HashSet() {{ add("testServiceAdminGroup2"); }});
- result = serviceDBStore.isServiceAdminUser(rService.getName(),
"testUser1");
+ result = serviceDBStore.isServiceAdminUser(rService.getName(),
"testUser2");
Assert.assertTrue(result);
Mockito.verify(daoManager).getXXServiceConfigMap();
[ranger] branch master updated: RANGER-4139: Fix for Unapproved licenses error during ranger build
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new b9e5c79e4 RANGER-4139: Fix for Unapproved licenses error during ranger build b9e5c79e4 is described below commit b9e5c79e4ad45061be50209148654293dda110e4 Author: Pradeep Agrawal AuthorDate: Fri May 5 13:58:46 2023 +0530 RANGER-4139: Fix for Unapproved licenses error during ranger build --- pom.xml | 4 1 file changed, 4 insertions(+) diff --git a/pom.xml b/pom.xml index 95185bc69..32d19d42c 100644 --- a/pom.xml +++ b/pom.xml @@ -1195,6 +1195,10 @@ **/default_primary_config.json **/default_secondary_config.json **/babel.config.json + **/docs/src/site/resources/css/custom.css + **/docs/src/site/resources/ranger-logo.svg + **/docs/src/site/resources/override-banner.js + **/docs/src/site/resources/smooth-scroll.js
[ranger] branch ranger-2.4 updated: RANGER-4188: updatePolicy results in 400 status code
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new e052d7404 RANGER-4188: updatePolicy results in 400 status code
e052d7404 is described below
commit e052d740436962c91c892b91094bb28de1e4fdec
Author: Pradeep Agrawal
AuthorDate: Fri Apr 14 20:34:20 2023 +0530
RANGER-4188: updatePolicy results in 400 status code
---
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 2b4acbcbf..6e6541d13 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1757,7 +1757,7 @@ public class ServiceREST {
} else {
policy.setId(existingPolicy.getId());
}
- ret = updatePolicy(policy, null);
+ ret = updatePolicy(policy,
policy.getId());
}
} catch(WebApplicationException excp) {
throw excp;
[ranger] 02/02: RANGER-4220: Upgrade Spring Framework to 5.3.27
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git commit a928364ce86b3004419b1abf1038881bd5833ff5 Author: Pradeep AgrawaL AuthorDate: Wed May 3 14:25:27 2023 +0530 RANGER-4220: Upgrade Spring Framework to 5.3.27 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index efe7b5827..95185bc69 100644 --- a/pom.xml +++ b/pom.xml @@ -200,8 +200,8 @@ 8.11.2 2.3.8.RELEASE 5.7.5 -5.3.26 -5.3.26 +5.3.27 +5.3.27 1.99.7 1.2.4 1.19
[ranger] branch master updated (9f1dc5b4a -> a928364ce)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 9f1dc5b4a RANGER-4221: Enable File Sync Source for Ranger Usersync in Docker (#251) new 0069b38a7 RANGER-4188: updatePolicy results in 400 status code new a928364ce RANGER-4220: Upgrade Spring Framework to 5.3.27 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 4 ++-- security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)
[ranger] 01/02: RANGER-4188: updatePolicy results in 400 status code
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 0069b38a7f2ed0cfee89eb13ae30443815b17a51
Author: Pradeep Agrawal
AuthorDate: Fri Apr 14 20:34:20 2023 +0530
RANGER-4188: updatePolicy results in 400 status code
---
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 83086106b..3447eb20e 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1761,7 +1761,7 @@ public class ServiceREST {
} else {
policy.setId(existingPolicy.getId());
}
- ret = updatePolicy(policy, null);
+ ret = updatePolicy(policy,
policy.getId());
}
} catch(WebApplicationException excp) {
throw excp;
[ranger] branch master updated: RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade woodstox, commons-net, kerby and json-smart libraries versions
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 87c9f3b0d RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade
woodstox, commons-net, kerby and json-smart libraries versions
87c9f3b0d is described below
commit 87c9f3b0dff669d5dab4667f86d108c019480c80
Author: Pradeep AgrawaL
AuthorDate: Mon Apr 24 18:12:43 2023 +0530
RANGER-4204: RANGER-4205: RANGER-4206: RANGER-4212: Upgrade woodstox,
commons-net, kerby and json-smart libraries versions
---
credentialbuilder/pom.xml| 10 ++
distro/src/main/assembly/kms.xml | 4
pom.xml | 10 +-
3 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/credentialbuilder/pom.xml b/credentialbuilder/pom.xml
index 2d3cf446a..dea198b47 100644
--- a/credentialbuilder/pom.xml
+++ b/credentialbuilder/pom.xml
@@ -142,5 +142,15 @@
${slf4j.version}
test
+
+org.codehaus.woodstox
+stax2-api
+${codehaus.woodstox.stax2api.version}
+
+
+com.fasterxml.woodstox
+woodstox-core
+${fasterxml.woodstox.version}
+
diff --git a/distro/src/main/assembly/kms.xml b/distro/src/main/assembly/kms.xml
index 4b4a2ac8e..0de32ce19 100755
--- a/distro/src/main/assembly/kms.xml
+++ b/distro/src/main/assembly/kms.xml
@@ -90,6 +90,10 @@
com.fasterxml.jackson.core:jackson-core
com.fasterxml.jackson.core:jackson-annotations
com.fasterxml.jackson.core:jackson-databind
+
org.apache.kerby:kerb-core:jar:${kerby.version}
+
org.apache.kerby:kerb-util:jar:${kerby.version}
+
org.apache.kerby:kerb-crypto:jar:${kerby.version}
+
org.apache.kerby:kerby-asn1:jar:${kerby.version}
com.microsoft.azure:azure:jar:${com.microsoft.azure.version}
com.microsoft.azure:azure-keyvault:jar:${com.microsoft.azure.azure-keyvault.version}
com.microsoft.azure:azure-mgmt-keyvault:jar:${com.microsoft.azure.azure-mgmt-keyvault.version}
diff --git a/pom.xml b/pom.xml
index 285499c18..efe7b5827 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,7 +106,7 @@
3.3.2
1.2
2.2
-3.6
+3.9.0
1.6
1.10.0
5.4.0
@@ -157,12 +157,12 @@
0.9.94
3.2
3.2.11
-2.4.7
+2.4.10
1.0
1.3.9
4.13.1
2.8.1
-1.0.0
+2.0.3
1.4.0
3.1.3
1.10
@@ -209,8 +209,8 @@
6.9.4
2.3
3.5.5
-
3.1.4
-5.0.3
+
4.2.1
+5.4.0
2.14.0
2.14.0
1.0.0
[ranger] branch master updated: RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 2d9af0015 RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4 2d9af0015 is described below commit 2d9af00153e8326c7b5eb80e7c86e1e8988dfbdc Author: Pradeep Agrawal AuthorDate: Fri Mar 31 17:56:40 2023 +0530 RANGER-4163: Upgrade spring framework to 5.3.26 and jettison to 1.5.4 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index de0617e2a..df83bf5ce 100644 --- a/pom.xml +++ b/pom.xml @@ -150,7 +150,7 @@ 1.19.3 1.19.3 2.3.3 -1.5.2 +1.5.4 9.4.49.v20220914 0.9.94 3.2 @@ -198,8 +198,8 @@ 8.11.2 2.3.8.RELEASE 5.7.5 -5.3.23 -5.3.23 +5.3.26 +5.3.26 1.99.7 1.2.4 1.19
[ranger] 02/03: RANGER-4123: No policy found for given version
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 00f4934797e3481c739276cc0b7c4b70b7ec8584
Author: Pradeep AgrawaL
AuthorDate: Mon Mar 6 15:26:49 2023 +0530
RANGER-4123: No policy found for given version
---
.../org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java | 5 +
1 file changed, 5 insertions(+)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
index 6eb3315e7..9b99b942c 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
@@ -84,6 +84,7 @@ import org.apache.ranger.plugin.model.RangerValiditySchedule;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.service.RangerDataHistService;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
@@ -124,6 +125,9 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
@Autowired
XUserMgr xUserMgr;
+ @Autowired
+ RangerDataHistService dataHistService;
+
private final Map groupIdMap = new
HashMap<>();
private final Map userIdMap = new
HashMap<>();
private final Map> resourceNameIdMap = new
HashMap<>();
@@ -289,6 +293,7 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
addAccessDefRef(serviceType, policy.getId(), accesses);
addPolicyConditionDefRef(serviceType, policy.getId(),
conditions);
addDataMaskDefRef(serviceType, policy.getId(),
dataMasks);
+ dataHistService.createObjectDataHistory(policy,
RangerDataHistService.ACTION_UPDATE);
} catch (Exception e) {
logger.error("portPoliry(id=" + policy.getId() +")
failed!!");
logger.error("Offending policy:" + policyText);
[ranger] branch master updated (be40c58f7 -> 85cf0c2da)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
from be40c58f7 RANGER-4121: fix for NPE in service-zone update
new d5ae8af36 RANGER-4109: Add unique constraint on resource_signature
column of x_rms_service_resource table
new 00f493479 RANGER-4123: No policy found for given version
new 85cf0c2da RANGER-4127: Unable to delete the user if policy is created
by same user and added in the policy item
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../optimized/current/ranger_core_db_mysql.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 48 ++
.../optimized/current/ranger_core_db_oracle.sql| 3 +-
...n-x_rms_service_resource-resource_signature.sql | 50 +++
.../optimized/current/ranger_core_db_postgres.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 58 ++
.../current/ranger_core_db_sqlanywhere.sql | 4 +-
...-x_rms_service_resource-resource_signature.sql} | 15 +++---
.../optimized/current/ranger_core_db_sqlserver.sql | 12 ++---
...n-x_rms_service_resource-resource_signature.sql | 55
.../main/java/org/apache/ranger/biz/XUserMgr.java | 4 +-
.../patch/PatchForUpdatingPolicyJson_J10019.java | 5 ++
12 files changed, 240 insertions(+), 20 deletions(-)
create mode 100644
security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
create mode 100644
security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
create mode 100644
security-admin/db/postgres/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
copy
security-admin/db/sqlanywhere/patches/{050-create-index-for-resource-signature.sql
=> 065-add-uk-on-x_rms_service_resource-resource_signature.sql} (68%)
create mode 100644
security-admin/db/sqlserver/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
[ranger] 03/03: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 85cf0c2da119af379bc1f818ab6a47c2315a14a9
Author: Pradeep AgrawaL
AuthorDate: Thu Mar 9 14:35:17 2023 +0530
RANGER-4127: Unable to delete the user if policy is created by same user
and added in the policy item
---
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 49a74cd1e..b3aca3164 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2256,7 +2256,6 @@ public class XUserMgr extends XUserMgrBase {
List
xXPortalUserRoles=xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
- List xXPolicyList=xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : "+vXUser.getName());
if (force) {
//delete XXGroupUser mapping
@@ -2308,6 +2307,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
//delete XXPolicyItemUserPerm records of user
+ List
xXPolicyList=xXPolicyDao.findByUserId(id);
for(XXPolicy xXPolicy:xXPolicyList){
RangerPolicy rangerPolicy =
policyService.getPopulatedViewObject(xXPolicy);
List policyItems =
rangerPolicy.getPolicyItems();
@@ -2357,7 +2357,7 @@ public class XUserMgr extends XUserMgrBase {
}
} else {
boolean hasReferences=false;
-
+ List
xXPolicyList=xXPolicyDao.findByUserId(id);
if(vxGroupUserList!=null &&
vxGroupUserList.getListSize()>0){
hasReferences=true;
}
[ranger] 01/03: RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit d5ae8af36d589c78dd4fd2d5336c0cc0fee36eab
Author: Pradeep AgrawaL
AuthorDate: Tue Feb 28 12:45:41 2023 +0530
RANGER-4109: Add unique constraint on resource_signature column of
x_rms_service_resource table
---
.../optimized/current/ranger_core_db_mysql.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 48 ++
.../optimized/current/ranger_core_db_oracle.sql| 3 +-
...n-x_rms_service_resource-resource_signature.sql | 50 +++
.../optimized/current/ranger_core_db_postgres.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 58 ++
.../current/ranger_core_db_sqlanywhere.sql | 4 +-
...n-x_rms_service_resource-resource_signature.sql | 27 ++
.../optimized/current/ranger_core_db_sqlserver.sql | 12 ++---
...n-x_rms_service_resource-resource_signature.sql | 55
10 files changed, 252 insertions(+), 11 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 9a79fe8ad..66ae5060a 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1625,10 +1625,10 @@ CREATE TABLE `x_rms_service_resource` (
`service_resource_elements_text` text,
PRIMARY KEY (`id`),
UNIQUE KEY `x_rms_service_res_UK_guid` (`guid`),
+ UNIQUE KEY `x_rms_service_resource_UK_resource_signature`
(`resource_signature`),
CONSTRAINT `x_rms_service_res_FK_service_id` FOREIGN KEY (`service_id`)
REFERENCES `x_service` (`id`)
);
CREATE INDEX x_rms_service_resource_IDX_service_id ON
x_rms_service_resource(service_id);
-CREATE INDEX x_rms_service_resource_IDX_resource_signature ON
x_rms_service_resource(resource_signature);
CREATE TABLE `x_rms_notification` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -1813,6 +1813,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
new file mode 100644
index 0..303de0b86
--- /dev/null
+++
b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
@@ -0,0 +1,48 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+drop procedure if exists truncate_rms_tables;
+delimiter ;;
+create procedure truncate_rms_tables() begin
+SET FOREIGN_KEY_CHECKS = 0;
+truncate table x_rms_mapping_provider;
+truncate table x_rms_resource_mapping;
+truncate table x_rms_notification;
+truncate table x_rms_service_resource;
+SET FOREIGN_KEY_CHECKS = 1;
+end;;
+
+delimiter ;
+call truncate_rms_tables();
+
+commit;
+
+drop procedure if exists create_index_for_x_rms_service_resource;
+drop procedure if exists create_uniqueindex_for_x_rms_service_resource;
+
+delimiter
[ranger] 02/03: RANGER-4123: No policy found for given version
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5fe35623a444f5a5af816aecf1d787591933db78
Author: Pradeep AgrawaL
AuthorDate: Mon Mar 6 15:26:49 2023 +0530
RANGER-4123: No policy found for given version
---
.../org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java | 5 +
1 file changed, 5 insertions(+)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
index 6dcf3f264..31fd2de7d 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForUpdatingPolicyJson_J10019.java
@@ -83,6 +83,7 @@ import org.apache.ranger.plugin.model.RangerValiditySchedule;
import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.service.RangerDataHistService;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
@@ -119,6 +120,9 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
@Autowired
PolicyRefUpdater policyRefUpdater;
+ @Autowired
+ RangerDataHistService dataHistService;
+
private final Map groupIdMap = new
HashMap<>();
private final Map userIdMap = new
HashMap<>();
private final Map> resourceNameIdMap = new
HashMap<>();
@@ -284,6 +288,7 @@ public class PatchForUpdatingPolicyJson_J10019 extends
BaseLoader {
addAccessDefRef(serviceType, policy.getId(), accesses);
addPolicyConditionDefRef(serviceType, policy.getId(),
conditions);
addDataMaskDefRef(serviceType, policy.getId(),
dataMasks);
+ dataHistService.createObjectDataHistory(policy,
RangerDataHistService.ACTION_UPDATE);
} catch (Exception e) {
logger.error("portPoliry(id=" + policy.getId() +")
failed!!");
logger.error("Offending policy:" + policyText);
[ranger] 03/03: RANGER-4127: Unable to delete the user if policy is created by same user and added in the policy item
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 262d53cc2ce6bd21bf0493451e605a9990a405e9
Author: Pradeep AgrawaL
AuthorDate: Thu Mar 9 14:35:17 2023 +0530
RANGER-4127: Unable to delete the user if policy is created by same user
and added in the policy item
---
security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 2955bd513..e23fe6327 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2275,7 +2275,6 @@ public class XUserMgr extends XUserMgrBase {
List
xXPortalUserRoles=xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
- List xXPolicyList=xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : "+vXUser.getName());
if (force) {
//delete XXGroupUser mapping
@@ -2327,6 +2326,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
//delete XXPolicyItemUserPerm records of user
+ List
xXPolicyList=xXPolicyDao.findByUserId(id);
for(XXPolicy xXPolicy:xXPolicyList){
RangerPolicy rangerPolicy =
policyService.getPopulatedViewObject(xXPolicy);
List policyItems =
rangerPolicy.getPolicyItems();
@@ -2376,7 +2376,7 @@ public class XUserMgr extends XUserMgrBase {
}
} else {
boolean hasReferences=false;
-
+ List
xXPolicyList=xXPolicyDao.findByUserId(id);
if(vxGroupUserList!=null &&
vxGroupUserList.getListSize()>0){
hasReferences=true;
}
[ranger] 01/03: RANGER-4109: Add unique constraint on resource_signature column of x_rms_service_resource table
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 02e976602f9b827d888213f3077c980acc17765c
Author: Pradeep AgrawaL
AuthorDate: Tue Feb 28 12:45:41 2023 +0530
RANGER-4109: Add unique constraint on resource_signature column of
x_rms_service_resource table
---
.../optimized/current/ranger_core_db_mysql.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 48 ++
.../optimized/current/ranger_core_db_oracle.sql| 3 +-
...n-x_rms_service_resource-resource_signature.sql | 50 +++
.../optimized/current/ranger_core_db_postgres.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 58 ++
.../current/ranger_core_db_sqlanywhere.sql | 4 +-
...n-x_rms_service_resource-resource_signature.sql | 27 ++
.../optimized/current/ranger_core_db_sqlserver.sql | 12 ++---
...n-x_rms_service_resource-resource_signature.sql | 55
10 files changed, 252 insertions(+), 11 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index f36f7c02b..8d9db7849 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1625,10 +1625,10 @@ CREATE TABLE `x_rms_service_resource` (
`service_resource_elements_text` text,
PRIMARY KEY (`id`),
UNIQUE KEY `x_rms_service_res_UK_guid` (`guid`),
+ UNIQUE KEY `x_rms_service_resource_UK_resource_signature`
(`resource_signature`),
CONSTRAINT `x_rms_service_res_FK_service_id` FOREIGN KEY (`service_id`)
REFERENCES `x_service` (`id`)
);
CREATE INDEX x_rms_service_resource_IDX_service_id ON
x_rms_service_resource(service_id);
-CREATE INDEX x_rms_service_resource_IDX_resource_signature ON
x_rms_service_resource(resource_signature);
CREATE TABLE `x_rms_notification` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
@@ -1813,6 +1813,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('065',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('DB_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10001',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
new file mode 100644
index 0..303de0b86
--- /dev/null
+++
b/security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
@@ -0,0 +1,48 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+drop procedure if exists truncate_rms_tables;
+delimiter ;;
+create procedure truncate_rms_tables() begin
+SET FOREIGN_KEY_CHECKS = 0;
+truncate table x_rms_mapping_provider;
+truncate table x_rms_resource_mapping;
+truncate table x_rms_notification;
+truncate table x_rms_service_resource;
+SET FOREIGN_KEY_CHECKS = 1;
+end;;
+
+delimiter ;
+call truncate_rms_tables();
+
+commit;
+
+drop procedure if exists create_index_for_x_rms_service_resource;
+drop procedure if exists create_uniqueindex_for_x_rms_service_resource;
+
+delimiter
[ranger] branch ranger-2.4 updated (85f34ecf4 -> 262d53cc2)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
from 85f34ecf4 RANGER-4121: fix for NPE in service-zone update
new 02e976602 RANGER-4109: Add unique constraint on resource_signature
column of x_rms_service_resource table
new 5fe35623a RANGER-4123: No policy found for given version
new 262d53cc2 RANGER-4127: Unable to delete the user if policy is created
by same user and added in the policy item
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../optimized/current/ranger_core_db_mysql.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 48 ++
.../optimized/current/ranger_core_db_oracle.sql| 3 +-
...n-x_rms_service_resource-resource_signature.sql | 50 +++
.../optimized/current/ranger_core_db_postgres.sql | 3 +-
...n-x_rms_service_resource-resource_signature.sql | 58 ++
.../current/ranger_core_db_sqlanywhere.sql | 4 +-
...-x_rms_service_resource-resource_signature.sql} | 15 +++---
.../optimized/current/ranger_core_db_sqlserver.sql | 12 ++---
...n-x_rms_service_resource-resource_signature.sql | 55
.../main/java/org/apache/ranger/biz/XUserMgr.java | 4 +-
.../patch/PatchForUpdatingPolicyJson_J10019.java | 5 ++
12 files changed, 240 insertions(+), 20 deletions(-)
create mode 100644
security-admin/db/mysql/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
create mode 100644
security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
create mode 100644
security-admin/db/postgres/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
copy
security-admin/db/sqlanywhere/patches/{050-create-index-for-resource-signature.sql
=> 065-add-uk-on-x_rms_service_resource-resource_signature.sql} (68%)
create mode 100644
security-admin/db/sqlserver/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql
[ranger] branch ranger-2.4 updated: RANGER-4113: Upgrade tomcat to 8.5.86
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new a28c05a59 RANGER-4113: Upgrade tomcat to 8.5.86 a28c05a59 is described below commit a28c05a59cfb30060edbc0bdba3d3d4eae88755b Author: Pradeep Agrawal AuthorDate: Thu Mar 2 14:51:34 2023 +0530 RANGER-4113: Upgrade tomcat to 8.5.86 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2324996f7..e2e202123 100644 --- a/pom.xml +++ b/pom.xml @@ -200,7 +200,7 @@ 1.99.7 1.2.4 1.19 -8.5.79 +8.5.86 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-4113: Upgrade tomcat to 8.5.86
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new e817d996e RANGER-4113: Upgrade tomcat to 8.5.86 e817d996e is described below commit e817d996efc8f225f825c8bbc69756e1324dd20c Author: Pradeep Agrawal AuthorDate: Thu Mar 2 14:51:34 2023 +0530 RANGER-4113: Upgrade tomcat to 8.5.86 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 0c12c914c..3a039565d 100644 --- a/pom.xml +++ b/pom.xml @@ -203,7 +203,7 @@ 1.99.7 1.2.4 1.19 -8.5.83 +8.5.86 6.9.4 2.3 3.4.14
[ranger] branch master updated: RANGER-4112: Update servicedef by name results in 400 status code
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new fa2c6e03c RANGER-4112: Update servicedef by name results in 400 status
code
fa2c6e03c is described below
commit fa2c6e03c7761ab60cf686ecaeb69bec2267ef47
Author: Pradeep AgrawaL
AuthorDate: Tue Feb 28 16:55:05 2023 +0530
RANGER-4112: Update servicedef by name results in 400 status code
---
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java | 2 +-
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +-
.../src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java| 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 4ad6058cc..85cd7dd67 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -278,7 +278,7 @@ public class PublicAPIsv2 {
serviceDef.setGuid(existingServiceDef.getGuid());
}
- return serviceREST.updateServiceDef(serviceDef, null);
+ return serviceREST.updateServiceDef(serviceDef,
serviceDef.getId());
}
/*
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 9e2fb66b4..5542250aa 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -332,7 +332,7 @@ public class ServiceREST {
// if serviceDef.id is null, then set param 'id' into
serviceDef Object
if (serviceDef.getId() == null) {
serviceDef.setId(id);
- } else if(!serviceDef.getId().equals(id)) {
+ } else if(StringUtils.isBlank(serviceDef.getName()) &&
!serviceDef.getId().equals(id)) {
throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST ,
"serviceDef Id mismatch", true);
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
index 53750a041..73a593e9f 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
@@ -317,7 +317,7 @@ public class TestPublicAPIsv2 {
RangerServiceDef rangerServiceDef = rangerServiceDef();
String name = rangerServiceDef.getName();
Mockito.when(serviceREST.getServiceDefByName(name)).thenReturn(rangerServiceDef);
- Mockito.when(serviceREST.updateServiceDef(rangerServiceDef,
null)).thenReturn(rangerServiceDef);
+ Mockito.when(serviceREST.updateServiceDef(rangerServiceDef,
rangerServiceDef.getId())).thenReturn(rangerServiceDef);
RangerServiceDef dbRangerServiceDef =
publicAPIsv2.updateServiceDefByName(rangerServiceDef, name);
Assert.assertNotNull(dbRangerServiceDef);
Assert.assertEquals(dbRangerServiceDef, rangerServiceDef);
@@ -325,7 +325,7 @@ public class TestPublicAPIsv2 {
rangerServiceDef.getId());
Assert.assertEquals(dbRangerServiceDef.getName(),
rangerServiceDef.getName());
- Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef,
null);
+ Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef,
dbRangerServiceDef.getId());
Mockito.verify(serviceREST).getServiceDefByName(name);
}
[ranger] branch ranger-2.4 updated: RANGER-4112: Update servicedef by name results in 400 status code
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 1a9c169f0 RANGER-4112: Update servicedef by name results in 400 status
code
1a9c169f0 is described below
commit 1a9c169f07e82f48688fc8fd012a9641fc40dc18
Author: Pradeep AgrawaL
AuthorDate: Tue Feb 28 16:55:05 2023 +0530
RANGER-4112: Update servicedef by name results in 400 status code
---
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java | 2 +-
security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java | 2 +-
.../src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java| 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 4ad6058cc..85cd7dd67 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -278,7 +278,7 @@ public class PublicAPIsv2 {
serviceDef.setGuid(existingServiceDef.getGuid());
}
- return serviceREST.updateServiceDef(serviceDef, null);
+ return serviceREST.updateServiceDef(serviceDef,
serviceDef.getId());
}
/*
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index fac25878e..e11d8efd8 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -332,7 +332,7 @@ public class ServiceREST {
// if serviceDef.id is null, then set param 'id' into
serviceDef Object
if (serviceDef.getId() == null) {
serviceDef.setId(id);
- } else if(!serviceDef.getId().equals(id)) {
+ } else if(StringUtils.isBlank(serviceDef.getName()) &&
!serviceDef.getId().equals(id)) {
throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST ,
"serviceDef Id mismatch", true);
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
index 53750a041..73a593e9f 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
@@ -317,7 +317,7 @@ public class TestPublicAPIsv2 {
RangerServiceDef rangerServiceDef = rangerServiceDef();
String name = rangerServiceDef.getName();
Mockito.when(serviceREST.getServiceDefByName(name)).thenReturn(rangerServiceDef);
- Mockito.when(serviceREST.updateServiceDef(rangerServiceDef,
null)).thenReturn(rangerServiceDef);
+ Mockito.when(serviceREST.updateServiceDef(rangerServiceDef,
rangerServiceDef.getId())).thenReturn(rangerServiceDef);
RangerServiceDef dbRangerServiceDef =
publicAPIsv2.updateServiceDefByName(rangerServiceDef, name);
Assert.assertNotNull(dbRangerServiceDef);
Assert.assertEquals(dbRangerServiceDef, rangerServiceDef);
@@ -325,7 +325,7 @@ public class TestPublicAPIsv2 {
rangerServiceDef.getId());
Assert.assertEquals(dbRangerServiceDef.getName(),
rangerServiceDef.getName());
- Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef,
null);
+ Mockito.verify(serviceREST).updateServiceDef(rangerServiceDef,
dbRangerServiceDef.getId());
Mockito.verify(serviceREST).getServiceDefByName(name);
}
[ranger] branch ranger-2.4 updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 1f7e5a025 RANGER-3825: Ranger admin user is unable to change another
user email after the upgrade
1f7e5a025 is described below
commit 1f7e5a025f537fa54e9a0929340aaa8a7d8f1465
Author: pradeep
AuthorDate: Wed Sep 28 19:27:36 2022 +0530
RANGER-3825: Ranger admin user is unable to change another user email after
the upgrade
---
.../src/main/java/org/apache/ranger/biz/UserMgr.java | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index f921654cc..eaaa15a11 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -530,17 +530,17 @@ public class UserMgr {
MessageEnums.OPER_NO_PERMISSION, null, null, ""
+ changeEmail);
}
- } else {
- String encryptedOldPwd =
encrypt(gjUser.getLoginId(), changeEmail.getOldPassword());
+ } else {
+ String encryptedOldPwd = encrypt(gjUser.getLoginId(),
changeEmail.getOldPassword());
+ if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
+ encryptedOldPwd =
encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword());
if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
- logger.info("changeEmailAddress().
Invalid password. changeEmail="
- + changeEmail);
- throw restErrorUtil.createRESTException(
-
"serverMsg.userMgrWrongPassword",
-
MessageEnums.OPER_NO_PERMISSION, null, null, ""
- +
changeEmail);
+ logger.info("changeEmailAddress().
Invalid password. changeEmail=" + changeEmail);
+ throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
+
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
}
}
+ }
// Normalize email. Make it lower case
gjUser.setEmailAddress(stringUtil.normalizeEmail(changeEmail
[ranger] branch master updated: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 32687a172 RANGER-3825: Ranger admin user is unable to change another
user email after the upgrade
32687a172 is described below
commit 32687a172b0da31cf01b285a0123a81dcd7e6da9
Author: pradeep
AuthorDate: Wed Sep 28 19:27:36 2022 +0530
RANGER-3825: Ranger admin user is unable to change another user email after
the upgrade
---
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 086c6e5d7..d5393603e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -472,9 +472,12 @@ public class UserMgr {
} else {
String encryptedOldPwd = encrypt(gjUser.getLoginId(),
changeEmail.getOldPassword());
if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
- logger.info("changeEmailAddress(). Invalid
password. changeEmail=" + changeEmail);
- throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
-
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
+ encryptedOldPwd =
encryptWithOlderAlgo(gjUser.getLoginId(), changeEmail.getOldPassword());
+ if (!stringUtil.equals(encryptedOldPwd,
gjUser.getPassword())) {
+ logger.info("changeEmailAddress().
Invalid password. changeEmail=" + changeEmail);
+ throw
restErrorUtil.createRESTException("serverMsg.userMgrWrongPassword",
+
MessageEnums.OPER_NO_PERMISSION, null, null, "" + changeEmail);
+ }
}
}
[ranger] branch master updated: RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 677b1c40c RANGER-3977: Fix Ranger TagRest API
deleteTagResourceMapByGuid
677b1c40c is described below
commit 677b1c40c04e84abbdd7121e54997a7e7d46ea3f
Author: pradeep
AuthorDate: Thu Nov 24 00:10:53 2022 +0530
RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
---
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java | 2 +-
security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 0d29a95ca..443188f9a 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -1004,7 +1004,7 @@ public class TagREST {
try {
RangerTagResourceMap exist =
validator.preDeleteTagResourceMapByGuid(guid);
-tagStore.deleteServiceResource(exist.getId());
+tagStore.deleteTagResourceMap(exist.getId());
} catch(Exception excp) {
LOG.error("deleteTagResourceMapByGuid(" + guid + ") failed", excp);
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
index 7fba152a9..5986d5182 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
@@ -1184,7 +1184,7 @@ public class TestTagREST {
} catch (Exception e) {
}
try {
-
Mockito.doNothing().when(tagStore).deleteServiceResource(oldTagResourceMap.getId());
+
Mockito.doNothing().when(tagStore).deleteTagResourceMap(oldTagResourceMap.getId());
} catch (Exception e) {
}
@@ -1197,7 +1197,7 @@ public class TestTagREST {
} catch (Exception e) {
}
try {
-
Mockito.verify(tagStore).deleteServiceResource(oldTagResourceMap.getId());
+
Mockito.verify(tagStore).deleteTagResourceMap(oldTagResourceMap.getId());
} catch (Exception e) {
}
}
[ranger] branch ranger-2.4 updated: RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new c72e2e377 RANGER-3977: Fix Ranger TagRest API
deleteTagResourceMapByGuid
c72e2e377 is described below
commit c72e2e3778847ea9988f958e6cf8eb49e1388a3f
Author: pradeep
AuthorDate: Thu Nov 24 00:10:53 2022 +0530
RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid
---
security-admin/src/main/java/org/apache/ranger/rest/TagREST.java | 2 +-
security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 36c6a4bc9..f8898b75b 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -934,7 +934,7 @@ public class TagREST {
try {
RangerTagResourceMap exist =
validator.preDeleteTagResourceMapByGuid(guid);
-tagStore.deleteServiceResource(exist.getId());
+tagStore.deleteTagResourceMap(exist.getId());
} catch(Exception excp) {
LOG.error("deleteTagResourceMapByGuid(" + guid + ") failed", excp);
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
index 7fba152a9..5986d5182 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
@@ -1184,7 +1184,7 @@ public class TestTagREST {
} catch (Exception e) {
}
try {
-
Mockito.doNothing().when(tagStore).deleteServiceResource(oldTagResourceMap.getId());
+
Mockito.doNothing().when(tagStore).deleteTagResourceMap(oldTagResourceMap.getId());
} catch (Exception e) {
}
@@ -1197,7 +1197,7 @@ public class TestTagREST {
} catch (Exception e) {
}
try {
-
Mockito.verify(tagStore).deleteServiceResource(oldTagResourceMap.getId());
+
Mockito.verify(tagStore).deleteTagResourceMap(oldTagResourceMap.getId());
} catch (Exception e) {
}
}
[ranger] branch ranger-2.4 updated: RANGER-3960: Upgrade spring-security version to 5.7.5
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 731be8363 RANGER-3960: Upgrade spring-security version to 5.7.5 731be8363 is described below commit 731be8363bc1db15b2a2a999c3d56e3d2eb27b8e Author: pradeep AuthorDate: Tue Nov 8 19:52:59 2022 +0530 RANGER-3960: Upgrade spring-security version to 5.7.5 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index da3bc6a7b..1e72609ff 100644 --- a/pom.xml +++ b/pom.xml @@ -194,9 +194,9 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.2 -5.3.21 -5.3.21 + 5.7.5 +5.3.23 +5.3.23 1.99.7 1.2.4 1.19
[ranger] branch master updated: RANGER-3960: Upgrade spring-security version to 5.7.5
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 73f1a3b22 RANGER-3960: Upgrade spring-security version to 5.7.5 73f1a3b22 is described below commit 73f1a3b22848e43da0d1aad86ea59dd491c568ad Author: pradeep AuthorDate: Tue Nov 8 19:52:59 2022 +0530 RANGER-3960: Upgrade spring-security version to 5.7.5 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index fc2c2a585..6925feb06 100644 --- a/pom.xml +++ b/pom.xml @@ -196,9 +196,9 @@ 1.7.32 8.11.2 2.3.8.RELEASE - 5.7.2 -5.3.21 -5.3.21 + 5.7.5 +5.3.23 +5.3.23 1.99.7 1.2.4 1.19
[ranger] branch ranger-2.4 updated: RANGER-3852: performance and scalability analyzer tool for apache ranger
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 97c508d99 RANGER-3852: performance and scalability analyzer tool for apache ranger 97c508d99 is described below commit 97c508d99e9bb99282575d100ae4365d92dd8aa9 Author: Fateh Singh AuthorDate: Fri Aug 12 23:13:13 2022 -0700 RANGER-3852: performance and scalability analyzer tool for apache ranger Signed-off-by: pradeep --- pom.xml| 4 + ranger-tools/src/main/python/README.md | 95 +++ ranger-tools/src/main/python/config/README.md | 94 +++ ranger-tools/src/main/python/outputs/README.md | 27 ++ .../src/main/python/performance_analyzer.py| 237 + .../python/ranger_performance_tool/__init__.py | 17 ++ .../python/ranger_performance_tool/perf_globals.py | 48 .../ranger_perf_assets/__init__.py | 17 ++ .../ranger_perf_assets/default_primary_config.json | 38 +++ .../default_secondary_config.json | 58 .../ranger_perf_assets/path.py | 21 ++ .../ranger_perf_object_stores/__init__.py | 17 ++ .../base_object_stores.py | 237 + .../ranger_perf_object_stores/random_generators.py | 188 + .../service_object_stores.py | 189 + .../ranger_perf_utils/__init__.py | 0 .../ranger_perf_utils/config_utils.py | 85 ++ .../ranger_perf_utils/dataframe_utils.py | 129 + .../ranger_perf_utils/extra_unused_utils.py| 99 +++ .../ranger_perf_utils/logging_utils.py | 293 + ranger-tools/src/main/python/requirements.txt | 22 ++ .../src/main/python/setup_performance_analyzer.py | 55 22 files changed, 1970 insertions(+) diff --git a/pom.xml b/pom.xml index 570227ce2..eaa4f6d65 100644 --- a/pom.xml +++ b/pom.xml @@ -1161,6 +1161,10 @@ **/package-lock.json **/ranger_es_schema.json **/venv/** +**/requirements.txt +**/__init__.py +**/default_primary_config.json +**/default_secondary_config.json diff --git a/ranger-tools/src/main/python/README.md b/ranger-tools/src/main/python/README.md new file mode 100644 index 0..4763a1d51 --- /dev/null +++ b/ranger-tools/src/main/python/README.md @@ -0,0 +1,95 @@ + + +# Performance and Scalability Analyzer for Apache Ranger +## Documentation +Run the below command to generate pydocs for the package. Code base has doc strings describing the methods and classes from which the document is generated. + +```bash +> python -m pydoc -b +``` + +Other README files can be found in the following directory: + +```/config/README.md```: Describes the primary and secondary config files which the user has to modify + +```/outputs/README.md```: Describes the output files generated by the analyzer + +## Server side installation +```bash +> sudo apt-get install sysstat +or +> sudo yum install sysstat +``` +```ranger.accesslog.pattern``` to include the `%D` in the access pattern so that the tomcat server also logs the api execution time + +## Client side Installation + +Use the package manager [pip](https://pip.pypa.io/en/stable/) to install requirements for running the performance tests. +Ensure right path to requirements.txt is given. + +```bash +> pip install -r requirements.txt + +> apt-get install sshpass +or +> brew install hudochenkov/sshpass/sshpass +``` + + +## Usage +```cd``` into ```python``` directory before executing below commands + +First time usage or to reset the config files: +```bash +> python setup_performance_analyzer.py +``` + +Subsequent usage: +Fill out the config details (```primary_config.json``` and ```secondary_config.json```) in ```/config``` folder or keep default + +For multiple api testing (Uses values from config file). + +usage: + +```bash +> python3 performance_analyzer.py +``` + +For single api testing (Command line arguments override config file values) + +usage: + +```bash +> python performance_analyzer.py --ranger_url --calls --api --username --password --client_ip --ssh_host --ssh_user --ssh_password +``` + +Example command: + +```bash +> python3 performance_analyzer.py --ranger_url http://ranger_host:ranger_admin_port --calls 10 --api create_policy --username admin --password Admin123 --client_ip vpn_ip_client_in_logs --ssh_host ranger_host --ssh_user ssh_user --ssh_password ssh_password +``` + +## Description of tools used +System metric
[ranger] branch master updated: RANGER-3852: performance and scalability analyzer tool for apache ranger
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new c3f1c4a6a RANGER-3852: performance and scalability analyzer tool for apache ranger c3f1c4a6a is described below commit c3f1c4a6ad2ee0c805ad29f0efb265569e0d2cf0 Author: Fateh Singh AuthorDate: Fri Aug 12 23:13:13 2022 -0700 RANGER-3852: performance and scalability analyzer tool for apache ranger Signed-off-by: pradeep --- pom.xml| 4 + ranger-tools/src/main/python/README.md | 95 +++ ranger-tools/src/main/python/config/README.md | 94 +++ ranger-tools/src/main/python/outputs/README.md | 27 ++ .../src/main/python/performance_analyzer.py| 237 + .../python/ranger_performance_tool/__init__.py | 17 ++ .../python/ranger_performance_tool/perf_globals.py | 48 .../ranger_perf_assets/__init__.py | 17 ++ .../ranger_perf_assets/default_primary_config.json | 38 +++ .../default_secondary_config.json | 58 .../ranger_perf_assets/path.py | 21 ++ .../ranger_perf_object_stores/__init__.py | 17 ++ .../base_object_stores.py | 237 + .../ranger_perf_object_stores/random_generators.py | 188 + .../service_object_stores.py | 189 + .../ranger_perf_utils/__init__.py | 0 .../ranger_perf_utils/config_utils.py | 85 ++ .../ranger_perf_utils/dataframe_utils.py | 129 + .../ranger_perf_utils/extra_unused_utils.py| 99 +++ .../ranger_perf_utils/logging_utils.py | 293 + ranger-tools/src/main/python/requirements.txt | 22 ++ .../src/main/python/setup_performance_analyzer.py | 55 22 files changed, 1970 insertions(+) diff --git a/pom.xml b/pom.xml index 8698e67e5..7c794c833 100644 --- a/pom.xml +++ b/pom.xml @@ -1178,6 +1178,10 @@ **/package-lock.json **/ranger_es_schema.json **/venv/** +**/requirements.txt +**/__init__.py +**/default_primary_config.json +**/default_secondary_config.json diff --git a/ranger-tools/src/main/python/README.md b/ranger-tools/src/main/python/README.md new file mode 100644 index 0..4763a1d51 --- /dev/null +++ b/ranger-tools/src/main/python/README.md @@ -0,0 +1,95 @@ + + +# Performance and Scalability Analyzer for Apache Ranger +## Documentation +Run the below command to generate pydocs for the package. Code base has doc strings describing the methods and classes from which the document is generated. + +```bash +> python -m pydoc -b +``` + +Other README files can be found in the following directory: + +```/config/README.md```: Describes the primary and secondary config files which the user has to modify + +```/outputs/README.md```: Describes the output files generated by the analyzer + +## Server side installation +```bash +> sudo apt-get install sysstat +or +> sudo yum install sysstat +``` +```ranger.accesslog.pattern``` to include the `%D` in the access pattern so that the tomcat server also logs the api execution time + +## Client side Installation + +Use the package manager [pip](https://pip.pypa.io/en/stable/) to install requirements for running the performance tests. +Ensure right path to requirements.txt is given. + +```bash +> pip install -r requirements.txt + +> apt-get install sshpass +or +> brew install hudochenkov/sshpass/sshpass +``` + + +## Usage +```cd``` into ```python``` directory before executing below commands + +First time usage or to reset the config files: +```bash +> python setup_performance_analyzer.py +``` + +Subsequent usage: +Fill out the config details (```primary_config.json``` and ```secondary_config.json```) in ```/config``` folder or keep default + +For multiple api testing (Uses values from config file). + +usage: + +```bash +> python3 performance_analyzer.py +``` + +For single api testing (Command line arguments override config file values) + +usage: + +```bash +> python performance_analyzer.py --ranger_url --calls --api --username --password --client_ip --ssh_host --ssh_user --ssh_password +``` + +Example command: + +```bash +> python3 performance_analyzer.py --ranger_url http://ranger_host:ranger_admin_port --calls 10 --api create_policy --username admin --password Admin123 --client_ip vpn_ip_client_in_logs --ssh_host ranger_host --ssh_user ssh_user --ssh_password ssh_password +``` + +## Description of tools used +System metrics on s
[ranger] branch ranger-2.4 updated: RANGER-3914: Change sync_source column's datatype from varchar to text
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 1b4f70410 RANGER-3914: Change sync_source column's datatype from
varchar to text
1b4f70410 is described below
commit 1b4f70410d6d602e9bbed3710bd812d9cf62
Author: pradeep
AuthorDate: Thu Sep 15 22:30:16 2022 +0530
RANGER-3914: Change sync_source column's datatype from varchar to text
---
.../optimized/current/ranger_core_db_mysql.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 38 +++
.../optimized/current/ranger_core_db_oracle.sql| 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 34 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 77 ++
.../optimized/current/ranger_core_db_postgres.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 44 +
.../current/ranger_core_db_sqlanywhere.sql | 20 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 42
.../optimized/current/ranger_core_db_sqlserver.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 75 +
20 files changed, 371 insertions(+), 89 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 309c4196b..f36f7c02b 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -115,9 +115,9 @@ CREATE TABLE `x_portal_user` (
`email` varchar(512) DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`user_src` int(11) NOT NULL DEFAULT '0',
- `notes` varchar(4000) DEFAULT NULL,
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `notes` text DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
`old_passwords` text DEFAULT NULL,
`password_updated_time` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
@@ -272,14 +272,14 @@ CREATE TABLE `x_group` (
`added_by_id` bigint(20) DEFAULT NULL,
`upd_by_id` bigint(20) DEFAULT NULL,
`group_name` varchar(767) NOT NULL,
- `descr` varchar(4000) NOT NULL,
+ `descr` text DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`group_type` int(11) NOT NULL DEFAULT '0',
`cred_store_id` bigint(20) DEFAULT NULL,
`group_src` INT NOT NULL DEFAULT 0,
`is_visible` INT(11) NOT NULL DEFAULT '1',
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `x_group_UK_group_name` (`group_name`),
KEY `x_group_FK_added_by_id` (`added_by_id`),
@@ -321,12 +321,12 @@ CREATE TABLE `x_user` (
`added_by_id` bigint(20) DEFAULT NULL,
`upd_by_id` bigint(20) DEFAULT NULL,
`user_name` varchar(767) NOT NULL,
- `descr` varchar(4000) NOT NULL,
+ `descr` text DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`cred_store_id` bigint(20) DEFAULT NULL,
`is_visible` INT(11) NOT NULL DEFAULT '1',
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `x_user_FK_added_by_id` (`added_by_id`),
KEY `x_user_FK_upd_by_id` (`upd_by_id`),
@@ -1812,6 +1812,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('057',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at
[ranger] branch master updated: RANGER-3914: Change sync_source column's datatype from varchar to text
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3444c6625 RANGER-3914: Change sync_source column's datatype from
varchar to text
3444c6625 is described below
commit 3444c6625e26c12a477ca0204c8a9712e2f86d4b
Author: pradeep
AuthorDate: Thu Sep 15 22:30:16 2022 +0530
RANGER-3914: Change sync_source column's datatype from varchar to text
---
.../optimized/current/ranger_core_db_mysql.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 38 +++
.../optimized/current/ranger_core_db_oracle.sql| 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 34 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 77 ++
.../optimized/current/ranger_core_db_postgres.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 44 +
.../current/ranger_core_db_sqlanywhere.sql | 20 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 42
.../optimized/current/ranger_core_db_sqlserver.sql | 19 +++---
...playName-col-in-x_service_def_and_x_service.sql | 6 +-
...cSource-col-in-x_user-x_portal_user-x_group.sql | 6 +-
...c-col-datatype-x_user-x_portal_user-x_group.sql | 75 +
20 files changed, 371 insertions(+), 89 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 833ffa0e0..9a79fe8ad 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -115,9 +115,9 @@ CREATE TABLE `x_portal_user` (
`email` varchar(512) DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`user_src` int(11) NOT NULL DEFAULT '0',
- `notes` varchar(4000) DEFAULT NULL,
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `notes` text DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
`old_passwords` text DEFAULT NULL,
`password_updated_time` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
@@ -272,14 +272,14 @@ CREATE TABLE `x_group` (
`added_by_id` bigint(20) DEFAULT NULL,
`upd_by_id` bigint(20) DEFAULT NULL,
`group_name` varchar(767) NOT NULL,
- `descr` varchar(4000) NOT NULL,
+ `descr` text DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`group_type` int(11) NOT NULL DEFAULT '0',
`cred_store_id` bigint(20) DEFAULT NULL,
`group_src` INT NOT NULL DEFAULT 0,
`is_visible` INT(11) NOT NULL DEFAULT '1',
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `x_group_UK_group_name` (`group_name`),
KEY `x_group_FK_added_by_id` (`added_by_id`),
@@ -321,12 +321,12 @@ CREATE TABLE `x_user` (
`added_by_id` bigint(20) DEFAULT NULL,
`upd_by_id` bigint(20) DEFAULT NULL,
`user_name` varchar(767) NOT NULL,
- `descr` varchar(4000) NOT NULL,
+ `descr` text DEFAULT NULL,
`status` int(11) NOT NULL DEFAULT '0',
`cred_store_id` bigint(20) DEFAULT NULL,
`is_visible` INT(11) NOT NULL DEFAULT '1',
- `other_attributes` varchar(4000) DEFAULT NULL,
- `sync_source` varchar(4000) DEFAULT NULL,
+ `other_attributes` text DEFAULT NULL,
+ `sync_source` text DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `x_user_FK_added_by_id` (`added_by_id`),
KEY `x_user_FK_upd_by_id` (`upd_by_id`),
@@ -1812,6 +1812,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('057',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('058',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('059',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('060',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by
[ranger] branch ranger-2.4 updated: RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 2ee1bb6f5 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
2ee1bb6f5 is described below
commit 2ee1bb6f57661c25175ee85af8e1e37dbb9759cb
Author: pradeep
AuthorDate: Wed Sep 14 19:17:30 2022 +0530
RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
---
.../src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java | 2 +-
.../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 51c28e3f3..095fc9abf 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -1381,7 +1381,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
* @param type the type to set
*/
public void setType(String type) {
- this.type = type;
+ this.type = type == null ? "" : type;
}
/**
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 9f7a3bbc6..2ba146dd5 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -1142,7 +1142,7 @@ public class RangerDefaultPolicyEvaluator extends
RangerAbstractPolicyEvaluator
if(policyItem != null &&
CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
for(RangerPolicyItemAccess itemAccess :
policyItem.getAccesses()) {
-
if(StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) {
+ if (itemAccess != null &&
StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) {
ret = itemAccess;
break;
[ranger] branch master updated: RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new bcba8b798 RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
bcba8b798 is described below
commit bcba8b798ed408694d997903f0dad02c612ca752
Author: pradeep
AuthorDate: Wed Sep 14 19:17:30 2022 +0530
RANGER-3911: NPE fix in RangerDefaultPolicyEvaluator
---
.../src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java | 2 +-
.../ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
index 51c28e3f3..095fc9abf 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java
@@ -1381,7 +1381,7 @@ public class RangerPolicy extends RangerBaseModelObject
implements java.io.Seria
* @param type the type to set
*/
public void setType(String type) {
- this.type = type;
+ this.type = type == null ? "" : type;
}
/**
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index 235e84477..006aeeecb 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -1142,7 +1142,7 @@ public class RangerDefaultPolicyEvaluator extends
RangerAbstractPolicyEvaluator
if(policyItem != null &&
CollectionUtils.isNotEmpty(policyItem.getAccesses())) {
for(RangerPolicyItemAccess itemAccess :
policyItem.getAccesses()) {
-
if(StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) {
+ if (itemAccess != null &&
StringUtils.equalsIgnoreCase(itemAccess.getType(), accessType)) {
ret = itemAccess;
break;
[ranger] branch ranger-2.4 updated: RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 81275777b RANGER-3837: Changed ensureAdminAccess and
getRoleIfAccessible so that both admins and service admins can now
get,create,edit,delete roles
81275777b is described below
commit 81275777bfa466806c50109d18922df5d909a876
Author: Fateh Singh
AuthorDate: Fri Jul 22 09:26:12 2022 -0700
RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both
admins and service admins can now get,create,edit,delete roles
Signed-off-by: pradeep
---
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 1434d11d3..6c475b484 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -909,7 +909,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
-if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
throw new Exception("User " + effectiveUser + " does not have
permission for this operation");
}
}
@@ -937,7 +937,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
-if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
existingRole = roleStore.getRole(roleName);
ensureRoleAccess(effectiveUser, userGroups, existingRole);
[ranger] branch master updated: RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both admins and service admins can now get,create,edit,delete roles
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new eaeaeb4ed RANGER-3837: Changed ensureAdminAccess and
getRoleIfAccessible so that both admins and service admins can now
get,create,edit,delete roles
eaeaeb4ed is described below
commit eaeaeb4ed3fbb0db1abe291e67769484aba20f9e
Author: Fateh Singh
AuthorDate: Fri Jul 22 09:26:12 2022 -0700
RANGER-3837: Changed ensureAdminAccess and getRoleIfAccessible so that both
admins and service admins can now get,create,edit,delete roles
Signed-off-by: pradeep
---
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 1e74a5ffd..a2ab49a88 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -909,7 +909,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
-if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
throw new Exception("User " + effectiveUser + " does not have
permission for this operation");
}
}
@@ -937,7 +937,7 @@ public class RoleREST {
effectiveUser = loggedInUser;
}
try {
-if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
+if (!bizUtil.isUserRangerAdmin(effectiveUser) &&
!svcStore.isServiceAdminUser(serviceName, effectiveUser)) {
existingRole = roleStore.getRole(roleName);
ensureRoleAccess(effectiveUser, userGroups, existingRole);
[ranger] 01/03: RANGER-3853: Persist db updates immediately using Transaction Management
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit e6d75b057604ba4cfe3509851240f57e384d9e6a
Author: Abhishek Kumar
AuthorDate: Tue Aug 9 14:53:04 2022 -0700
RANGER-3853: Persist db updates immediately using Transaction Management
Signed-off-by: pradeep
---
.../patch/PatchForSyncSourceUpdate_J10054.java | 74 +-
1 file changed, 57 insertions(+), 17 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
index bbde1a4df..99de47310 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
@@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
import java.util.List;
import java.util.Map;
@@ -39,6 +45,10 @@ public class PatchForSyncSourceUpdate_J10054 extends
BaseLoader{
@Autowired
RangerDaoManager daoManager;
+@Autowired
+@Qualifier(value = "transactionManager")
+PlatformTransactionManager txManager;
+
private static final Logger logger =
LoggerFactory.getLogger(PatchForSyncSourceUpdate_J10054.class);
@Override
@@ -87,23 +97,39 @@ public class PatchForSyncSourceUpdate_J10054 extends
BaseLoader{
if (StringUtils.isNotEmpty(otherAttributes) &&
StringUtils.isEmpty(syncSource)){
syncSource = (String) gson.fromJson(otherAttributes,
Map.class).get(UgsyncCommonConstants.SYNC_SOURCE);
xUser.setSyncSource(syncSource);
-if (StringUtils.isNotEmpty(syncSource)) {
-XXPortalUser xXPortalUser =
daoManager.getXXPortalUser().findByLoginId(xUser.getName());
-if (xXPortalUser != null && xXPortalUser.getUserSource()
== 0){
-/* updating the user source to external for users
which had some sync source prior to upgrade
- but the user source was marked internal to due bugs
which were fixed later.
- See RANGER-3297 for more info
-*/
-xXPortalUser.setUserSource(1);
-daoManager.getXXPortalUser().update(xXPortalUser);
-if (logger.isDebugEnabled()) {
-logger.debug("USER: Name: " + xUser.getName() + "
userSource changed to External");
+
+TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+
+String finalSyncSource = syncSource;
+try {
+txTemplate.execute(new TransactionCallback() {
+@Override
+public Object doInTransaction(TransactionStatus
status) {
+if (StringUtils.isNotEmpty(finalSyncSource)) {
+XXPortalUser xXPortalUser =
daoManager.getXXPortalUser().findByLoginId(xUser.getName());
+if (xXPortalUser != null &&
xXPortalUser.getUserSource() == 0){
+/* updating the user source to external for
users which had some sync source prior to upgrade
+ but the user source was marked internal to
due bugs which were fixed later.
+ See RANGER-3297 for more info
+*/
+xXPortalUser.setUserSource(1);
+
daoManager.getXXPortalUser().update(xXPortalUser);
+if (logger.isDebugEnabled()) {
+logger.debug("USER: Name: " +
xUser.getName() + " userSource changed to External");
+}
+}
+}
+daoManager.getXXUser().update(xUser);
+if (logger.isDebugEnabled()) {
+
[ranger] 03/03: RANGER-3857: Fix Ranger java patch J10055 performance issue
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 17494fbd3e65190ae8f462491784b9ed88db9513
Author: pradeep
AuthorDate: Sun Aug 14 02:42:56 2022 +0530
RANGER-3857: Fix Ranger java patch J10055 performance issue
---
...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 454 +
1 file changed, 279 insertions(+), 175 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
index 949967cd3..f5f9f8956 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
@@ -27,8 +27,8 @@ import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.RangerValidatorFactory;
@@ -45,6 +45,7 @@ import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import
org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
+import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
@@ -52,12 +53,20 @@ import
org.apache.ranger.plugin.model.validation.RangerValidator.Action;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.util.CLIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
@Component
public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
-private static final Logger logger =
Logger.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
+private static final Logger logger =
LoggerFactory.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
private static final String ACCESS_TYPE_UPDATE = "update";
private static final String ACCESS_TYPE_QUERY = "query";
private static final String ACCESS_TYPE_ADMIN = "solr_admin";
@@ -70,6 +79,8 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
private static final String ACCESS_TYPE_OTHERS_TAG = "solr:others";
private enum NEW_RESOURCE { admin, config, schema }
+private static final String SVC_ACCESS_TYPE_CONFIG_SUFFIX = "accessTypes";
+
private static final String SOLR_SVC_DEF_NAME =
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_SOLR_NAME;
private static RangerServiceDef embeddedSolrServiceDef = null;
@@ -85,6 +96,10 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
@Autowired
private RangerValidatorFactory validatorFactory;
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
public static void main(String[] args) {
logger.info("main()");
try {
@@ -121,20 +136,32 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
System.exit(1);
}
-if (updateSolrSvcDef() != null) {
-final Long resTypeSvcDefId = embeddedSolrServiceDef.getId();
-final Long tagSvcDefId =
EmbeddedServiceDefsUtil.instance().getTagServiceDefId();
-updateExistingRangerResPolicy(resTypeSvcDefId);
-updateExistingRangerTagPolicies(tagSvcDefId);
-
-deleteOldAccessTypeRefs(resTypeSvcDefId);
-deleteOldAccessTypeRefs(tagSvcDefId);
-} else {
-logger.error("Error while updating " + SOLR_SVC_DEF_NAME + "
service-def")
[ranger] 02/03: RANGER-3854: Persist db updates immediately using Transaction Management in J10056
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 062902f24ee9cfe439b19aa0c88236c6e6010b07
Author: Abhishek Kumar
AuthorDate: Wed Aug 10 12:56:39 2022 -0700
RANGER-3854: Persist db updates immediately using Transaction Management in
J10056
Signed-off-by: pradeep
---
.../PatchForExternalUserStatusUpdate_J10056.java | 29 +++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
index f1ed0978c..f4a122b38 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
@@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
@Component
public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader {
@@ -36,7 +42,11 @@ public class PatchForExternalUserStatusUpdate_J10056 extends
BaseLoader {
private static final Logger logger =
LoggerFactory.getLogger(PatchForExternalUserStatusUpdate_J10056.class);
@Autowired
- private RangerDaoManager rngrDaoMgr;
+ private RangerDaoManager daoManager;
+
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
public static void main(String[] args) {
try {
@@ -70,14 +80,27 @@ public class PatchForExternalUserStatusUpdate_J10056
extends BaseLoader {
}
private void updateExternalUserStatus() {
- XXPortalUserDao dao = this.rngrDaoMgr.getXXPortalUser();
+ XXPortalUserDao dao = this.daoManager.getXXPortalUser();
List xXPortalUsers =
dao.findByUserSourceAndStatus(RangerCommonEnums.USER_EXTERNAL,RangerCommonEnums.ACT_STATUS_DISABLED);
if(CollectionUtils.isNotEmpty(xXPortalUsers)) {
for (XXPortalUser xxPortalUser : xXPortalUsers) {
if (xxPortalUser != null) {
xxPortalUser.setStatus(RangerCommonEnums.ACT_STATUS_ACTIVE);
- dao.update(xxPortalUser, true);
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+
dao.update(xxPortalUser, true);
+ return null;
+ }
+ });
+ } catch (Throwable ex) {
+
logger.error("updateExternalUserStatus(): Failed to update DB for user: " +
xxPortalUser.getLoginId() + " ", ex);
+ throw new RuntimeException(ex);
+ }
}
}
}
[ranger] branch ranger-2.4 updated (a154956e2 -> 17494fbd3)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git from a154956e2 RANGER-3816: getResourceACLs() updated to handle macros in resource values new e6d75b057 RANGER-3853: Persist db updates immediately using Transaction Management new 062902f24 RANGER-3854: Persist db updates immediately using Transaction Management in J10056 new 17494fbd3 RANGER-3857: Fix Ranger java patch J10055 performance issue The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../PatchForExternalUserStatusUpdate_J10056.java | 29 +- ...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 454 + .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +++- 3 files changed, 362 insertions(+), 195 deletions(-)
[ranger] branch master updated: RANGER-3857: Fix Ranger java patch J10055 performance issue
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 8dd9cae37 RANGER-3857: Fix Ranger java patch J10055 performance issue
8dd9cae37 is described below
commit 8dd9cae3794b3f974146a5142f3e87b3f6917360
Author: pradeep
AuthorDate: Sun Aug 14 02:42:56 2022 +0530
RANGER-3857: Fix Ranger java patch J10055 performance issue
---
...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 408 -
1 file changed, 238 insertions(+), 170 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
index 4684923ca..f5f9f8956 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
@@ -56,7 +56,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
@Component
public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
@@ -90,6 +96,10 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
@Autowired
private RangerValidatorFactory validatorFactory;
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
public static void main(String[] args) {
logger.info("main()");
try {
@@ -126,20 +136,32 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
System.exit(1);
}
-if (updateSolrSvcDef() != null) {
-final Long resTypeSvcDefId = embeddedSolrServiceDef.getId();
-final Long tagSvcDefId =
EmbeddedServiceDefsUtil.instance().getTagServiceDefId();
-updateExistingRangerResPolicy(resTypeSvcDefId);
-updateExistingRangerTagPolicies(tagSvcDefId);
-
-deleteOldAccessTypeRefs(resTypeSvcDefId);
-deleteOldAccessTypeRefs(tagSvcDefId);
-} else {
-logger.error("Error while updating " + SOLR_SVC_DEF_NAME + "
service-def");
-throw new RuntimeException("Error while updating " +
SOLR_SVC_DEF_NAME + " service-def");
-}
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+ if (updateSolrSvcDef() == null)
{
+ throw new
RuntimeException("Error while updating " + SOLR_SVC_DEF_NAME + " service-def");
+ }
+ return null;
+ }
+ });
+ } catch (Throwable ex) {
+ logger.error("Error while updating " +
SOLR_SVC_DEF_NAME + " service-def");
+ throw new RuntimeException("Error while
updating " + SOLR_SVC_DEF_NAME + " service-def");
+ }
+
+ final Long resTypeSvcDefId =
embeddedSolrServiceDef.getId();
+ final Long tagSvcDefId =
EmbeddedServiceDefsUtil.instance().getTagServiceDefId();
+ updateExistingRangerResPolicy(resTypeSvcDefId);
+ updateExistingRangerTagPolicies(tagSvcDefId);
+
+ deleteOldAccessTypeRefs(resTypeSvcDefId);
+ deleteOldAccessTypeRefs(tagSvcDefId);
} catch (Exception e) {
-logger.error("Error whille executing
PatchForSolrSvcDefAndPoliciesUpdat
[ranger] 02/02: RANGER-3854: Persist db updates immediately using Transaction Management in J10056
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 1671b142aed7b7f37257a94f71ea0bce6708b709
Author: Abhishek Kumar
AuthorDate: Wed Aug 10 12:56:39 2022 -0700
RANGER-3854: Persist db updates immediately using Transaction Management in
J10056
Signed-off-by: pradeep
---
.../PatchForExternalUserStatusUpdate_J10056.java | 29 +++---
1 file changed, 26 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
index f1ed0978c..f4a122b38 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForExternalUserStatusUpdate_J10056.java
@@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
@Component
public class PatchForExternalUserStatusUpdate_J10056 extends BaseLoader {
@@ -36,7 +42,11 @@ public class PatchForExternalUserStatusUpdate_J10056 extends
BaseLoader {
private static final Logger logger =
LoggerFactory.getLogger(PatchForExternalUserStatusUpdate_J10056.class);
@Autowired
- private RangerDaoManager rngrDaoMgr;
+ private RangerDaoManager daoManager;
+
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
public static void main(String[] args) {
try {
@@ -70,14 +80,27 @@ public class PatchForExternalUserStatusUpdate_J10056
extends BaseLoader {
}
private void updateExternalUserStatus() {
- XXPortalUserDao dao = this.rngrDaoMgr.getXXPortalUser();
+ XXPortalUserDao dao = this.daoManager.getXXPortalUser();
List xXPortalUsers =
dao.findByUserSourceAndStatus(RangerCommonEnums.USER_EXTERNAL,RangerCommonEnums.ACT_STATUS_DISABLED);
if(CollectionUtils.isNotEmpty(xXPortalUsers)) {
for (XXPortalUser xxPortalUser : xXPortalUsers) {
if (xxPortalUser != null) {
xxPortalUser.setStatus(RangerCommonEnums.ACT_STATUS_ACTIVE);
- dao.update(xxPortalUser, true);
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+ try {
+ txTemplate.execute(new
TransactionCallback() {
+ @Override
+ public Object
doInTransaction(TransactionStatus status) {
+
dao.update(xxPortalUser, true);
+ return null;
+ }
+ });
+ } catch (Throwable ex) {
+
logger.error("updateExternalUserStatus(): Failed to update DB for user: " +
xxPortalUser.getLoginId() + " ", ex);
+ throw new RuntimeException(ex);
+ }
}
}
}
[ranger] branch master updated (4ec6c5599 -> 1671b142a)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git from 4ec6c5599 RANGER-3816: getResourceACLs() updated to handle macros in resource values new c4ee5a860 RANGER-3853: Persist db updates immediately using Transaction Management new 1671b142a RANGER-3854: Persist db updates immediately using Transaction Management in J10056 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../PatchForExternalUserStatusUpdate_J10056.java | 29 - .../patch/PatchForSyncSourceUpdate_J10054.java | 74 +- 2 files changed, 83 insertions(+), 20 deletions(-)
[ranger] 01/02: RANGER-3853: Persist db updates immediately using Transaction Management
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit c4ee5a860424e335025b7eaa261c2289c9c93301
Author: Abhishek Kumar
AuthorDate: Tue Aug 9 14:53:04 2022 -0700
RANGER-3853: Persist db updates immediately using Transaction Management
Signed-off-by: pradeep
---
.../patch/PatchForSyncSourceUpdate_J10054.java | 74 +-
1 file changed, 57 insertions(+), 17 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
index bbde1a4df..99de47310 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSyncSourceUpdate_J10054.java
@@ -28,7 +28,13 @@ import org.apache.ranger.util.CLIUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
import java.util.List;
import java.util.Map;
@@ -39,6 +45,10 @@ public class PatchForSyncSourceUpdate_J10054 extends
BaseLoader{
@Autowired
RangerDaoManager daoManager;
+@Autowired
+@Qualifier(value = "transactionManager")
+PlatformTransactionManager txManager;
+
private static final Logger logger =
LoggerFactory.getLogger(PatchForSyncSourceUpdate_J10054.class);
@Override
@@ -87,23 +97,39 @@ public class PatchForSyncSourceUpdate_J10054 extends
BaseLoader{
if (StringUtils.isNotEmpty(otherAttributes) &&
StringUtils.isEmpty(syncSource)){
syncSource = (String) gson.fromJson(otherAttributes,
Map.class).get(UgsyncCommonConstants.SYNC_SOURCE);
xUser.setSyncSource(syncSource);
-if (StringUtils.isNotEmpty(syncSource)) {
-XXPortalUser xXPortalUser =
daoManager.getXXPortalUser().findByLoginId(xUser.getName());
-if (xXPortalUser != null && xXPortalUser.getUserSource()
== 0){
-/* updating the user source to external for users
which had some sync source prior to upgrade
- but the user source was marked internal to due bugs
which were fixed later.
- See RANGER-3297 for more info
-*/
-xXPortalUser.setUserSource(1);
-daoManager.getXXPortalUser().update(xXPortalUser);
-if (logger.isDebugEnabled()) {
-logger.debug("USER: Name: " + xUser.getName() + "
userSource changed to External");
+
+TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+
+String finalSyncSource = syncSource;
+try {
+txTemplate.execute(new TransactionCallback() {
+@Override
+public Object doInTransaction(TransactionStatus
status) {
+if (StringUtils.isNotEmpty(finalSyncSource)) {
+XXPortalUser xXPortalUser =
daoManager.getXXPortalUser().findByLoginId(xUser.getName());
+if (xXPortalUser != null &&
xXPortalUser.getUserSource() == 0){
+/* updating the user source to external for
users which had some sync source prior to upgrade
+ but the user source was marked internal to
due bugs which were fixed later.
+ See RANGER-3297 for more info
+*/
+xXPortalUser.setUserSource(1);
+
daoManager.getXXPortalUser().update(xXPortalUser);
+if (logger.isDebugEnabled()) {
+logger.debug("USER: Name: " +
xUser.getName() + " userSource changed to External");
+}
+}
+}
+daoManager.getXXUser().update(xUser);
+if (logger.isDebugEnabled()) {
+
[ranger] 02/04: RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 1afad2b4e3521c315d90176f97ae3e6e5159f82b
Author: Kishor Gollapalliwar
AuthorDate: Thu May 12 14:20:40 2022 +0530
RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up
patch
Signed-off-by: Mehul Parikh
---
.../java/org/apache/ranger/rest/ServiceREST.java | 53 ++
1 file changed, 43 insertions(+), 10 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index f2f328e53..66f859540 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1957,12 +1957,21 @@ public class ServiceREST {
return ret;
}
+/**
+ * Resets/ removes service policy cache for given service.
+ * @param serviceName non-empty serviceName
+ * @return {@code true} if successfully reseted/ removed for given
service, {@code false} otherwise.
+ */
@GET
@Path("/policies/cache/reset")
@Produces({ "application/json", "application/xml" })
-public boolean resetPolicyCache(@QueryParam("name") String name) {
+public boolean resetPolicyCache(@QueryParam("serviceName") String
serviceName) {
if (LOG.isDebugEnabled()) {
-LOG.debug("==> ServiceREST.resetPolicyCache(" + name + ")");
+LOG.debug("==> ServiceREST.resetPolicyCache(" + serviceName + ")");
+}
+
+if (StringUtils.isEmpty(serviceName)) {
+throw restErrorUtil.createRESTException("Required parameter
[serviceName] is missing.", MessageEnums.INVALID_INPUT_DATA);
}
// check for ADMIN access
@@ -1970,13 +1979,11 @@ public class ServiceREST {
boolean isServiceAdmin = false;
String loggedInUser = bizUtil.getCurrentUserLoginId();
-if (StringUtils.isNotEmpty(name)) {
-try {
-RangerService rangerService =
svcStore.getServiceByName(name);
-isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService,
loggedInUser);
-} catch (Exception e) {
-LOG.warn("Failed to find if user [" + loggedInUser + "]
has service admin privileges on service [" + name + "]", e);
-}
+try {
+RangerService rangerService =
svcStore.getServiceByName(serviceName);
+isServiceAdmin = bizUtil.isUserServiceAdmin(rangerService,
loggedInUser);
+} catch (Exception e) {
+LOG.warn("Failed to find if user [" + loggedInUser + "] has
service admin privileges on service [" + serviceName + "]", e);
}
if (!isServiceAdmin) {
@@ -1984,7 +1991,7 @@ public class ServiceREST {
}
}
-boolean ret = svcStore.resetPolicyCache(name);
+boolean ret = svcStore.resetPolicyCache(serviceName);
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.resetPolicyCache(): ret=" + ret);
@@ -1993,6 +2000,32 @@ public class ServiceREST {
return ret;
}
+/**
+ * Resets/ removes service policy cache for all.
+ * @return {@code true} if successfully reseted/ removed, {@code false}
otherwise.
+ */
+@GET
+@Path("/policies/cache/reset-all")
+@Produces({ "application/json", "application/xml" })
+public boolean resetPolicyCacheAll() {
+if (LOG.isDebugEnabled()) {
+LOG.debug("==> ServiceREST.resetPolicyCacheAll()");
+}
+
+// check for ADMIN access
+if (!bizUtil.isAdmin()) {
+throw restErrorUtil.createRESTException("User cannot reset policy
cache", MessageEnums.OPER_NO_PERMISSION);
+}
+
+boolean ret = svcStore.resetPolicyCache(null);
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("<== ServiceREST.resetPolicyCacheAll(): ret=" + ret);
+}
+
+return ret;
+}
+
@GET
@Path("/policies/downloadExcel")
@Produces("application/ms-excel")
[ranger] 04/04: RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit f39efe2a9df9acc8e977af1142279f8e86ff
Author: Fateh Singh
AuthorDate: Fri Jul 22 12:37:24 2022 -0700
RANGER-3834 Unit test cases for RoleREST.java. Added getter for
RangerDaoManager in RoleRefUpdater instead of accessing the member variable
directly
Signed-off-by: pradeep
---
.../java/org/apache/ranger/biz/RoleDBStore.java| 4 +-
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +-
.../java/org/apache/ranger/rest/TestRoleREST.java | 931 +
3 files changed, 936 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index f501f2896..c19e3e1a1 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -391,13 +391,13 @@ public class RoleDBStore implements RoleStore {
public Set getRoleNames(String userName, Set
userGroups) throws Exception{
Set ret = new HashSet<>();
if (StringUtils.isNotEmpty(userName)) {
-List xxRoleRefUsers =
roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(userName);
+List xxRoleRefUsers =
roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(userName);
for (XXRoleRefUser xxRoleRefUser : xxRoleRefUsers) {
ret.add(getRole(xxRoleRefUser.getRoleId()));
}
}
for(String userGroup : userGroups) {
-List xxRoleRefGroups =
roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(userGroup);
+List xxRoleRefGroups =
roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(userGroup);
for (XXRoleRefGroup xxRoleRefGroup : xxRoleRefGroups) {
ret.add(getRole(xxRoleRefGroup.getRoleId()));
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 012d4c02f..66adac2b5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -74,7 +74,9 @@ public class RoleRefUpdater {
@Autowired
RangerBizUtil xaBizUtil;
-
+ public RangerDaoManager getRangerDaoManager() {
+ return daoMgr;
+ }
public void createNewRoleMappingForRefTable(RangerRole rangerRole,
Boolean createNonExistUserGroup) {
if (rangerRole == null) {
return;
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
new file mode 100644
index 0..e6d3420bd
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
@@ -0,0 +1,931 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ranger.rest;
+
+import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.biz.*;
+import org.apache.ranger.common.*;
+import org.apache.ranger.db.*;
+import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.RangerRole;
+import org.apache.ranger.plugin.model.validation.RangerRoleValidator;
+import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
+import org.apache.ranger.plugin.util.RangerRoles;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.service.RangerRoleService;
+import org.apache.ranger.service.XUserService;
+import org.apache.ranger.view.RangerRoleList;
+import org.apache.ranger.view.VXUser;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+imp
[ranger] 03/04: RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 672bba42bebac8f8e9fc7ab8f5b564fee7a9552b
Author: Fateh Singh
AuthorDate: Wed Jul 27 15:37:15 2022 -0700
RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
Signed-off-by: pradeep
---
.../org/apache/ranger/rest/TestServiceREST.java| 263 +++--
1 file changed, 243 insertions(+), 20 deletions(-)
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 09d55e89d..375135a5a 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -60,20 +60,12 @@ import org.apache.ranger.db.XXSecurityZoneRefServiceDao;
import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao;
import org.apache.ranger.db.XXServiceDao;
import org.apache.ranger.db.XXServiceDefDao;
-import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXSecurityZone;
-import org.apache.ranger.entity.XXSecurityZoneRefService;
-import org.apache.ranger.entity.XXSecurityZoneRefTagService;
-import org.apache.ranger.entity.XXService;
-import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.plugin.model.RangerPluginInfo;
-import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.*;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
@@ -102,14 +94,7 @@ import org.apache.ranger.service.RangerServiceDefService;
import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.service.RangerTransactionService;
import org.apache.ranger.service.XUserService;
-import org.apache.ranger.view.RangerExportPolicyList;
-import org.apache.ranger.view.RangerPluginInfoList;
-import org.apache.ranger.view.RangerPolicyList;
-import org.apache.ranger.view.RangerServiceDefList;
-import org.apache.ranger.view.RangerServiceList;
-import org.apache.ranger.view.VXResponse;
-import org.apache.ranger.view.VXString;
-import org.apache.ranger.view.VXUser;
+import org.apache.ranger.view.*;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Rule;
@@ -117,12 +102,17 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.MethodSorters;
+import org.mockito.Answers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import com.sun.jersey.core.header.FormDataContentDisposition;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import static org.mockito.ArgumentMatchers.eq;
@RunWith(MockitoJUnitRunner.class)
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@@ -138,7 +128,7 @@ public class TestServiceREST {
@Mock
RangerValidatorFactory validatorFactory;
- @Mock
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
RangerDaoManager daoManager;
@Mock
@@ -242,12 +232,19 @@ public class TestServiceREST {
private String capabilityVector;
+ private final String grantor = "test-grantor-1";
+
+ private final String owner_user = "test-owner-user-1";
+
+ private final String zone_name = "test-zone-1";
+
public void setup() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
UserSessionBase currentUserSession = ContextUtil
.getCurrentUserSession();
+ currentUserSession.setXXPortalUser(new XXPortalUser());
currentUserSession.setUserAdmin(true);
capabilityVector = Long.toHexString(new
RangerPluginCapability().getPluginCapabilities());
}
@@ -396,6 +393,59 @@ public class TestServiceREST {
sp.setServiceId(1l);
return sp;
}
+ private List createLongList(){
+ List list = new ArrayList();
+ list.add
[ranger] 01/04: RANGER-3724: Create Ranger Admin API to refresh policy cache
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit bcb17f48b425bdd880b978d469961ba388ddac7c
Author: Kishor Gollapalliwar
AuthorDate: Wed Apr 27 18:57:43 2022 +0530
RANGER-3724: Create Ranger Admin API to refresh policy cache
Signed-off-by: Mehul Parikh
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 14 +++
.../ranger/common/RangerServicePoliciesCache.java | 44 ++
.../java/org/apache/ranger/rest/ServiceREST.java | 42 +++--
3 files changed, 97 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index f58dcd2be..41fb3bb96 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -3022,6 +3022,20 @@ public class ServiceDBStore extends AbstractServiceStore
{
return ret;
}
+public boolean resetPolicyCache(final String serviceName) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("==> ServiceDBStore.resetPolicyCache(" + serviceName +
")");
+}
+
+boolean ret =
RangerServicePoliciesCache.getInstance().resetCache(serviceName);
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("<== ServiceDBStore.resetPolicyCache(): ret=" + ret);
+}
+
+return ret;
+}
+
private static class RangerPolicyDeltaComparator implements
Comparator, java.io.Serializable {
@Override
public int compare(RangerPolicyDelta me, RangerPolicyDelta
other) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
index ba38836ac..b1447829b 100644
---
a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
+++
b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java
@@ -139,6 +139,50 @@ public class RangerServicePoliciesCache {
return ret;
}
+/**
+ * Reset policy cache using serviceName if provided.
+ * If serviceName is empty, reset everything.
+ * @param serviceName
+ * @return true if was able to reset policy cache, false otherwise
+ */
+public boolean resetCache(final String serviceName) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("==> RangerServicePoliciesCache.resetCache({})",
serviceName);
+}
+
+boolean ret = false;
+synchronized (this) {
+if (!servicePoliciesMap.isEmpty()) {
+if (StringUtils.isBlank(serviceName)) {
+servicePoliciesMap.clear();
+if (LOG.isDebugEnabled()) {
+LOG.debug("RangerServicePoliciesCache.resetCache():
Removed policy caching for all services.");
+}
+ret = true;
+} else {
+ServicePoliciesWrapper removedServicePoliciesWrapper =
servicePoliciesMap.remove(serviceName.trim()); // returns null if key not found
+ret = removedServicePoliciesWrapper != null;
+
+if (ret) {
+if (LOG.isDebugEnabled()) {
+
LOG.debug("RangerServicePoliciesCache.resetCache(): Removed policy caching for
[{}] service.", serviceName);
+}
+} else {
+LOG.warn("RangerServicePoliciesCache.resetCache():
Caching for [{}] service not found, hence reset is skipped.", serviceName);
+}
+}
+} else {
+LOG.warn("RangerServicePoliciesCache.resetCache(): Policy
cache is already empty.");
+}
+}
+
+if (LOG.isDebugEnabled()) {
+LOG.debug("<== RangerServicePoliciesCache.resetCache(): ret={}",
ret);
+}
+
+return ret;
+}
+
private class ServicePoliciesWrapper {
final Long serviceId;
ServicePolicies servicePolicies;
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index ee5239480..f2f328e53 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1596,8 +1596,8 @@ public class ServiceREST {
LOG.debug("<== ServiceREST.secureRevokeAccess(" +
serviceName + ", " + re
[ranger] branch ranger-2.4 updated (e8f007c80 -> f39efe2a9)
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a change to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git from e8f007c80 RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource new bcb17f48b RANGER-3724: Create Ranger Admin API to refresh policy cache new 1afad2b4e RANGER-3724: Create Ranger Admin API to refresh policy cache -- follow-up patch new 672bba42b RANGER-3849 Unit test cases for ServiceREST.java to increase coverage new f39efe2a9 RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../java/org/apache/ranger/biz/RoleDBStore.java| 4 +- .../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +- .../java/org/apache/ranger/biz/ServiceDBStore.java | 14 + .../ranger/common/RangerServicePoliciesCache.java | 44 + .../java/org/apache/ranger/rest/ServiceREST.java | 75 +- .../java/org/apache/ranger/rest/TestRoleREST.java | 931 + .../org/apache/ranger/rest/TestServiceREST.java| 263 +- 7 files changed, 1309 insertions(+), 26 deletions(-) create mode 100644 security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
[ranger] branch master updated: RANGER-3834 Unit test cases for RoleREST.java. Added getter for RangerDaoManager in RoleRefUpdater instead of accessing the member variable directly
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 348ae02a4 RANGER-3834 Unit test cases for RoleREST.java. Added getter
for RangerDaoManager in RoleRefUpdater instead of accessing the member variable
directly
348ae02a4 is described below
commit 348ae02a46b7086114f0bca35d817b48f99643b3
Author: Fateh Singh
AuthorDate: Fri Jul 22 12:37:24 2022 -0700
RANGER-3834 Unit test cases for RoleREST.java. Added getter for
RangerDaoManager in RoleRefUpdater instead of accessing the member variable
directly
---
.../java/org/apache/ranger/biz/RoleDBStore.java| 4 +-
.../java/org/apache/ranger/biz/RoleRefUpdater.java | 4 +-
.../java/org/apache/ranger/rest/TestRoleREST.java | 933 +
3 files changed, 938 insertions(+), 3 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index f501f2896..c19e3e1a1 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -391,13 +391,13 @@ public class RoleDBStore implements RoleStore {
public Set getRoleNames(String userName, Set
userGroups) throws Exception{
Set ret = new HashSet<>();
if (StringUtils.isNotEmpty(userName)) {
-List xxRoleRefUsers =
roleRefUpdater.daoMgr.getXXRoleRefUser().findByUserName(userName);
+List xxRoleRefUsers =
roleRefUpdater.getRangerDaoManager().getXXRoleRefUser().findByUserName(userName);
for (XXRoleRefUser xxRoleRefUser : xxRoleRefUsers) {
ret.add(getRole(xxRoleRefUser.getRoleId()));
}
}
for(String userGroup : userGroups) {
-List xxRoleRefGroups =
roleRefUpdater.daoMgr.getXXRoleRefGroup().findByGroupName(userGroup);
+List xxRoleRefGroups =
roleRefUpdater.getRangerDaoManager().getXXRoleRefGroup().findByGroupName(userGroup);
for (XXRoleRefGroup xxRoleRefGroup : xxRoleRefGroups) {
ret.add(getRole(xxRoleRefGroup.getRoleId()));
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
index 012d4c02f..66adac2b5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
@@ -74,7 +74,9 @@ public class RoleRefUpdater {
@Autowired
RangerBizUtil xaBizUtil;
-
+ public RangerDaoManager getRangerDaoManager() {
+ return daoMgr;
+ }
public void createNewRoleMappingForRefTable(RangerRole rangerRole,
Boolean createNonExistUserGroup) {
if (rangerRole == null) {
return;
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
new file mode 100644
index 0..217c1bba3
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
@@ -0,0 +1,933 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ranger.rest;
+
+import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.biz.*;
+import org.apache.ranger.common.*;
+import org.apache.ranger.db.*;
+import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.RangerRole;
+import org.apache.ranger.plugin.model.validation.RangerRoleValidator;
+import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
+import org.apache.ranger.plugin.util.RangerRoles;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.service.RangerRoleService;
+import org.apache.ranger.ser
[ranger] branch master updated: RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3dc951065 RANGER-3849 Unit test cases for ServiceREST.java to increase
coverage
3dc951065 is described below
commit 3dc9510658c77dee1f1cd741497da0494c33cb68
Author: Fateh Singh
AuthorDate: Wed Jul 27 15:37:15 2022 -0700
RANGER-3849 Unit test cases for ServiceREST.java to increase coverage
Signed-off-by: pradeep
---
.../org/apache/ranger/rest/TestServiceREST.java| 263 +++--
1 file changed, 243 insertions(+), 20 deletions(-)
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 09d55e89d..375135a5a 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -60,20 +60,12 @@ import org.apache.ranger.db.XXSecurityZoneRefServiceDao;
import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao;
import org.apache.ranger.db.XXServiceDao;
import org.apache.ranger.db.XXServiceDefDao;
-import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXSecurityZone;
-import org.apache.ranger.entity.XXSecurityZoneRefService;
-import org.apache.ranger.entity.XXSecurityZoneRefTagService;
-import org.apache.ranger.entity.XXService;
-import org.apache.ranger.entity.XXServiceDef;
-import org.apache.ranger.plugin.model.RangerPluginInfo;
-import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.entity.*;
+import org.apache.ranger.plugin.model.*;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
-import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
import
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
@@ -102,14 +94,7 @@ import org.apache.ranger.service.RangerServiceDefService;
import org.apache.ranger.service.RangerServiceService;
import org.apache.ranger.service.RangerTransactionService;
import org.apache.ranger.service.XUserService;
-import org.apache.ranger.view.RangerExportPolicyList;
-import org.apache.ranger.view.RangerPluginInfoList;
-import org.apache.ranger.view.RangerPolicyList;
-import org.apache.ranger.view.RangerServiceDefList;
-import org.apache.ranger.view.RangerServiceList;
-import org.apache.ranger.view.VXResponse;
-import org.apache.ranger.view.VXString;
-import org.apache.ranger.view.VXUser;
+import org.apache.ranger.view.*;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Rule;
@@ -117,12 +102,17 @@ import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.junit.runners.MethodSorters;
+import org.mockito.Answers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import com.sun.jersey.core.header.FormDataContentDisposition;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import static org.mockito.ArgumentMatchers.eq;
@RunWith(MockitoJUnitRunner.class)
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@@ -138,7 +128,7 @@ public class TestServiceREST {
@Mock
RangerValidatorFactory validatorFactory;
- @Mock
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
RangerDaoManager daoManager;
@Mock
@@ -242,12 +232,19 @@ public class TestServiceREST {
private String capabilityVector;
+ private final String grantor = "test-grantor-1";
+
+ private final String owner_user = "test-owner-user-1";
+
+ private final String zone_name = "test-zone-1";
+
public void setup() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
UserSessionBase currentUserSession = ContextUtil
.getCurrentUserSession();
+ currentUserSession.setXXPortalUser(new XXPortalUser());
currentUserSession.setUserAdmin(true);
capabilityVector = Long.toHexString(new
RangerPluginCapability().getPluginCapabilities());
}
@@ -396,6 +393,59 @
[ranger] branch ranger-2.4 updated: RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new e8f007c80 RANGER-3824: Tag resource API error message is not proper
for duplicate resource & not able to update resource resource
e8f007c80 is described below
commit e8f007c80b80bd56803ce9857791851e7d8f864e
Author: pradeep
AuthorDate: Thu Jul 14 11:54:03 2022 +0530
RANGER-3824: Tag resource API error message is not proper for duplicate
resource & not able to update resource resource
---
.../src/main/java/org/apache/ranger/plugin/store/TagValidator.java | 1 +
1 file changed, 1 insertion(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
index 08b1e45fd..699e49e17 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
@@ -150,6 +150,7 @@ public class TagValidator {
if (ret == null) {
RangerServiceResourceSignature serializer = new
RangerServiceResourceSignature(resource);
resource.setResourceSignature(serializer.getSignature());
+ ret =
tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(),
resource.getResourceSignature());
}
return ret;
[ranger] branch master updated: RANGER-3824: Tag resource API error message is not proper for duplicate resource & not able to update resource resource
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a9fdb1beb RANGER-3824: Tag resource API error message is not proper
for duplicate resource & not able to update resource resource
a9fdb1beb is described below
commit a9fdb1beb1a43ff3cf3b638df1022e96414056ce
Author: pradeep
AuthorDate: Thu Jul 14 11:54:03 2022 +0530
RANGER-3824: Tag resource API error message is not proper for duplicate
resource & not able to update resource resource
---
.../src/main/java/org/apache/ranger/plugin/store/TagValidator.java | 1 +
1 file changed, 1 insertion(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
index 08b1e45fd..699e49e17 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagValidator.java
@@ -150,6 +150,7 @@ public class TagValidator {
if (ret == null) {
RangerServiceResourceSignature serializer = new
RangerServiceResourceSignature(resource);
resource.setResourceSignature(serializer.getSignature());
+ ret =
tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(),
resource.getResourceSignature());
}
return ret;
[ranger] branch ranger-2.4 updated: RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.4
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push:
new 382490b10 RANGER-3846: Ranger DB patch 058 failing when multiple
policies having same resourceSignature
382490b10 is described below
commit 382490b100531dd1d299cd82244ded66937f894a
Author: pradeep
AuthorDate: Mon Aug 1 14:50:07 2022 +0530
RANGER-3846: Ranger DB patch 058 failing when multiple policies having same
resourceSignature
---
.../apache/ranger/biz/RangerPolicyRetriever.java | 2 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 32 ++
.../java/org/apache/ranger/db/XXPortalUserDao.java | 21 +
...ForUpdateToUniqueResoureceSignature_J10053.java | 50 ++
.../main/resources/META-INF/jpa_named_queries.xml | 12 ++
5 files changed, 116 insertions(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 238fecd48..e94c37f7b 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -343,7 +343,7 @@ public class RangerPolicyRetriever {
ret = userScreenNames.get(userId);
if(ret == null) {
- XXPortalUser user =
daoMgr.getXXPortalUser().getById(userId);
+ XXPortalUser user =
daoMgr.getXXPortalUser().findById(userId);
if(user != null) {
ret =
user.getPublicScreenName();
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 54191d828..f329c0eff 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -18,7 +18,9 @@
package org.apache.ranger.db;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.persistence.NoResultException;
@@ -354,4 +356,34 @@ public class XXPolicyDao extends BaseDao {
}
return ret;
}
+
+ public Map
findDuplicatePoliciesByServiceAndResourceSignature() {
+ Map policies = new HashMap();
+ try {
+ List rows = (List)
getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList();
+ if (rows != null) {
+ for (Object[] row : rows) {
+ policies.put((String) row[0], (Long)
row[1]);
+ }
+ }
+ } catch (NoResultException e) {
+ return null;
+ } catch (Exception ex) {
+ }
+ return policies;
+ }
+
+ public List findByServiceIdAndResourceSignature(Long
serviceId, String policySignature) {
+ if (policySignature == null || serviceId == null) {
+ return new ArrayList();
+ }
+ try {
+ return
getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature",
tClass)
+ .setParameter("serviceId", serviceId)
+ .setParameter("resSignature",
policySignature)
+ .getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList();
+ }
+ }
}
\ No newline at end of file
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
index 8d15a324e..1787eeae6 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
@@ -128,4 +128,25 @@ public class XXPortalUserDao extends BaseDao
{
return null;
}
}
+
+ public XXPortalUser findById(Long id) {
+ XXPortalUser xXPortalUser = null;
+ if (id == null) {
+ return xXPortalUser;
+ }
+ try {
+ xXPortalUser = new XXPortalUser();
+ Object[] row = (Object[])
getEntityManager().createNamedQuery("XXPortalUser.findB
[ranger] branch master updated: RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 1199de317 RANGER-3846: Ranger DB patch 058 failing when multiple
policies having same resourceSignature
1199de317 is described below
commit 1199de3175a588aa4593773d94f0cb1a3235b216
Author: pradeep
AuthorDate: Mon Aug 1 14:50:07 2022 +0530
RANGER-3846: Ranger DB patch 058 failing when multiple policies having same
resourceSignature
---
.../apache/ranger/biz/RangerPolicyRetriever.java | 2 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 32 ++
.../java/org/apache/ranger/db/XXPortalUserDao.java | 21 +
...ForUpdateToUniqueResoureceSignature_J10053.java | 50 ++
.../main/resources/META-INF/jpa_named_queries.xml | 12 ++
5 files changed, 116 insertions(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
index 238fecd48..e94c37f7b 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java
@@ -343,7 +343,7 @@ public class RangerPolicyRetriever {
ret = userScreenNames.get(userId);
if(ret == null) {
- XXPortalUser user =
daoMgr.getXXPortalUser().getById(userId);
+ XXPortalUser user =
daoMgr.getXXPortalUser().findById(userId);
if(user != null) {
ret =
user.getPublicScreenName();
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 4677c37f3..dc58be3df 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -18,7 +18,9 @@
package org.apache.ranger.db;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.persistence.NoResultException;
@@ -356,4 +358,34 @@ public class XXPolicyDao extends BaseDao {
}
return ret;
}
+
+ public Map
findDuplicatePoliciesByServiceAndResourceSignature() {
+ Map policies = new HashMap();
+ try {
+ List rows = (List)
getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList();
+ if (rows != null) {
+ for (Object[] row : rows) {
+ policies.put((String) row[0], (Long)
row[1]);
+ }
+ }
+ } catch (NoResultException e) {
+ return null;
+ } catch (Exception ex) {
+ }
+ return policies;
+ }
+
+ public List findByServiceIdAndResourceSignature(Long
serviceId, String policySignature) {
+ if (policySignature == null || serviceId == null) {
+ return new ArrayList();
+ }
+ try {
+ return
getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature",
tClass)
+ .setParameter("serviceId", serviceId)
+ .setParameter("resSignature",
policySignature)
+ .getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList();
+ }
+ }
}
\ No newline at end of file
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
index 8d15a324e..1787eeae6 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
@@ -128,4 +128,25 @@ public class XXPortalUserDao extends BaseDao
{
return null;
}
}
+
+ public XXPortalUser findById(Long id) {
+ XXPortalUser xXPortalUser = null;
+ if (id == null) {
+ return xXPortalUser;
+ }
+ try {
+ xXPortalUser = new XXPortalUser();
+ Object[] row = (Object[])
getEntityManager().createNamedQuery("XXPortalUser.findB
[ranger] branch master updated: RANGER-3829: IncrementalSync value to be read from config (FIX)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3bd591fbd RANGER-3829: IncrementalSync value to be read from config
(FIX)
3bd591fbd is described below
commit 3bd591fbd1f0434b47263c2d99cf634f5ace8dd0
Author: Abhishek Kumar
AuthorDate: Mon Jul 18 18:49:20 2022 -0700
RANGER-3829: IncrementalSync value to be read from config (FIX)
Signed-off-by: pradeep
---
.../org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
index 550775f65..b1a6af183 100644
---
a/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
@@ -150,7 +150,7 @@ public class LdapUserGroupBuilder implements
UserGroupSource {
ugsyncAuditInfo = new UgsyncAuditInfo();
ldapSyncSourceInfo = new LdapSyncSourceInfo();
ldapSyncSourceInfo.setLdapUrl(ldapUrl);
- ldapSyncSourceInfo.setIncrementalSycn("True");
+
ldapSyncSourceInfo.setIncrementalSycn(Boolean.toString(config.isDeltaSyncEnabled()));
ldapSyncSourceInfo.setUserSearchEnabled(Boolean.toString(userSearchEnabled));
ldapSyncSourceInfo.setGroupSearchEnabled(Boolean.toString(groupSearchEnabled));
ldapSyncSourceInfo.setGroupSearchFirstEnabled(Boolean.toString(groupSearchFirstEnabled));
[ranger] branch master updated: RANGER-3813: Fix ConcurrentModificationException in UnixUserGroupBuilder
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c51fedfba RANGER-3813: Fix ConcurrentModificationException in
UnixUserGroupBuilder
c51fedfba is described below
commit c51fedfba9efb61c1ff7bf9b41f4db4b965fe1a7
Author: Abhishek Kumar
AuthorDate: Tue Jun 28 20:45:59 2022 -0700
RANGER-3813: Fix ConcurrentModificationException in UnixUserGroupBuilder
Signed-off-by: pradeep
---
.../unixusersync/process/UnixUserGroupBuilder.java | 134 -
1 file changed, 51 insertions(+), 83 deletions(-)
diff --git
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
index 7653dfdbe..d6b54c30a 100644
---
a/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
+++
b/ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
@@ -60,8 +60,7 @@ public class UnixUserGroupBuilder implements UserGroupSource {
static final String LINUX_GET_ALL_GROUPS_CMD = "getent group";
static final String LINUX_GET_GROUP_CMD = "getent group %s";
- // mainly for testing purposes
- // there might be a better way
+ // mainly for testing purposes, there might be a better way
static final String MAC_GET_ALL_USERS_CMD = "dscl . -readall /Users
UniqueID PrimaryGroupID | " +
"awk 'BEGIN { OFS = \":\"; ORS=\"\\n\"; i=0;}" +
"/RecordName: / {name = $2;i = 0;}/PrimaryGroupID: /
{gid = $2;}" +
@@ -107,7 +106,9 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
public static void main(String[] args) throws Throwable {
UnixUserGroupBuilder ugbuilder = new UnixUserGroupBuilder();
ugbuilder.init();
- ugbuilder.print();
+ if (LOG.isDebugEnabled()) {
+ ugbuilder.print();
+ }
}
public UnixUserGroupBuilder() {
@@ -185,11 +186,7 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
}
long TempGroupFileModifiedAt = new
File(unixGroupFile).lastModified();
- if (groupFileModifiedAt != TempGroupFileModifiedAt) {
- return true;
- }
-
- return false;
+ return groupFileModifiedAt != TempGroupFileModifiedAt;
}
@@ -225,12 +222,12 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
private void buildUserGroupInfo() throws Throwable {
- groupId2groupNameMap = new HashMap();
- sourceUsers = new HashMap<>();
- sourceGroups = new HashMap<>();
- sourceGroupUsers = new HashMap<>();
- groupUserTable = HashBasedTable.create();
- allGroups = new HashSet<>();
+ groupId2groupNameMap = new HashMap<>();
+ sourceUsers = new HashMap<>();
+ sourceGroups = new HashMap<>();
+ sourceGroupUsers = new HashMap<>();
+ groupUserTable = HashBasedTable.create();
+ allGroups= new HashSet<>();
if (OS.startsWith("Mac")) {
buildUnixGroupList(MAC_GET_ALL_GROUPS_CMD,
MAC_GET_GROUP_CMD, false);
@@ -245,11 +242,11 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
Iterator groupUserTableIterator =
groupUserTable.rowKeySet().iterator();
while (groupUserTableIterator.hasNext()) {
- String groupName = groupUserTableIterator.next();
- Map groupUsersMap =
groupUserTable.row(groupName);
- Set userSet = new HashSet();
- for(String userName : groupUsersMap.keySet()){
- //String transformUserName =
userNameTransform(entry.getKey());
+ String groupName =
groupUserTableIterator.next();
+ Map groupUsersMap =
groupUserTable.row(groupName);
+ Set userSet = new HashSet<>();
+
+ for (String userName : groupUsersMap.keySet()) {
if (sourceUsers.containsKey(userName)) {
userSet.add(userName);
}
@@ -266,23 +263,17 @@ public class UnixUserGroupBuilder implements
UserGroupSource {
private void print() {
for(String
[ranger] branch master updated: RANGER-3825: Ranger internal user is unable to change his password after the upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new e10a247cc RANGER-3825: Ranger internal user is unable to change his
password after the upgrade
e10a247cc is described below
commit e10a247cccb9db324a0ddbe3b53c3dcb4b271ad4
Author: pradeep
AuthorDate: Wed Jul 13 10:30:05 2022 +0530
RANGER-3825: Ranger internal user is unable to change his password after
the upgrade
---
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 53fa007aa..086c6e5d7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -1107,9 +1107,9 @@ public class UserMgr {
String sha256PasswordUpdateDisable =
PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false");
if
("false".equalsIgnoreCase(sha256PasswordUpdateDisable)) {
- saltEncodedpasswd = encodeString(password,
loginId, "MD5");
- } else {
saltEncodedpasswd = encodeString(password,
loginId, "SHA-256");
+ } else {
+ saltEncodedpasswd = encodeString(password,
loginId, "MD5");
}
}
[ranger] branch master updated: RANGER-3794: Improve performance of delete users/groups utility
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f59f3a7e4 RANGER-3794: Improve performance of delete users/groups
utility
f59f3a7e4 is described below
commit f59f3a7e47ed3673d62df6c2f74450185f6e3b02
Author: Fateh Singh
AuthorDate: Fri Jun 17 07:57:28 2022 -0700
RANGER-3794: Improve performance of delete users/groups utility
Signed-off-by: pradeep
---
security-admin/scripts/deleteUserGroupUtil.py | 83 +++
1 file changed, 35 insertions(+), 48 deletions(-)
diff --git a/security-admin/scripts/deleteUserGroupUtil.py
b/security-admin/scripts/deleteUserGroupUtil.py
index 1c9f58385..8bca54acb 100644
--- a/security-admin/scripts/deleteUserGroupUtil.py
+++ b/security-admin/scripts/deleteUserGroupUtil.py
@@ -14,13 +14,12 @@
import argparse
import os,sys
-import pycurl
import getpass
import logging
-try:
- from StringIO import StringIO as BytesIO
-except ImportError:
- from io import BytesIO
+import time
+import requests
+
+s = requests.Session()
def log(msg,type):
if type == 'info':
@@ -54,44 +53,25 @@ def printUsage():
log("[I] -debug: Enables debugging","info")
sys.exit(1)
-def processRequest(url,usernamepassword,data,method,isHttps,certfile,isDebug):
- buffer = BytesIO()
- header = BytesIO()
- c = pycurl.Curl()
- c.setopt(c.URL, url)
- c.setopt(pycurl.HTTPHEADER, ['Content-Type: application/json','Accept:
application/json'])
- c.setopt(pycurl.USERPWD, usernamepassword)
- c.setopt(pycurl.VERBOSE, 0)
- if isHttps==True:
- c.setopt(pycurl.SSL_VERIFYPEER,1)
- c.setopt(pycurl.SSL_VERIFYHOST,2)
- c.setopt(pycurl.CAINFO, certfile)
-
- c.setopt(c.WRITEFUNCTION ,buffer.write)
- c.setopt(c.HEADERFUNCTION,header.write)
- # setting proper method and parameters
- if method == 'get' :
- c.setopt(pycurl.HTTPGET, 1)
- elif method == 'delete' :
- c.setopt(pycurl.CUSTOMREQUEST, "DELETE")
- c.setopt(c.POSTFIELDS, str(data))
- else :
- log("[E] Unknown Http Request method found, only get or delete
method are allowed!","error")
+def processRequest(url, username, password, data, method, isHttps, certfile,
isDebug):
+ verify = isHttps
+ if isHttps:
+ verify = certfile
+ if method.lower() == 'get':
+ response = s.get(url, data=data, auth=(username,
password),verify=verify)
+ elif method.lower() == 'delete':
+ response = s.delete(url, data=data, auth=(username,
password),verify=verify)
+ else:
+ log("[E] Unsupported method"+method,'error')
+ pass
- c.perform()
- # getting response
- response = buffer.getvalue()
- headerResponse = header.getvalue()
- response_code=0
- response_code=str(c.getinfo(pycurl.RESPONSE_CODE))
- response_code=int(response_code)
- buffer.close()
- header.close()
- c.close()
+ #log("[I] Request time: %s seconds" %
str(response.elapsed.total_seconds()),"info")
+ response_code = response.status_code
if isDebug ==True or (response_code!=200 and response_code!=204):
- log('Request URL = ' + str(url), "info")
- log('Response= ' + str(headerResponse), "info")
+ log('Request URL = ' + str(url),'debug')
+ log('Response= ' + str(response.headers),'debug')
return response_code
+
def validateArgs(argv):
if(len(argv)<7):
log("[E] insufficient number of arguments. Found " +
str(len(argv)) + "; expected at least 7","error")
@@ -121,6 +101,7 @@ def validateArgs(argv):
printUsage()
def main(argv):
+ start_time = time.time()
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
inputPath=""
@@ -213,16 +194,18 @@ def main(argv):
if isUser==True and isGroup==True:
log("[E] -users and -groups both option were provided, only one
is allowed.","error")
printUsage()
+ io_time = 0
if password =="" :
+ io_start_time = time.time()
password=getpass.getpass("Enter Ranger Admin password : ")
-
- usernamepassword=user+":"+password
+ io_end_time = time.time()
+ io_time = io_end_time - io_start_time
url=host+'/service/xusers/secure/users/roles/userName/'+user
[ranger] branch master updated: RANGER-3806: Group's users mapping entry failing whenever primary key auto-increment is not set to 1 in db
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new ef641366b RANGER-3806: Group's users mapping entry failing whenever
primary key auto-increment is not set to 1 in db
ef641366b is described below
commit ef641366b861afb7a6451023e6a76ba35aea3f19
Author: pradeep
AuthorDate: Fri Jun 24 14:49:38 2022 +0530
RANGER-3806: Group's users mapping entry failing whenever primary key
auto-increment is not set to 1 in db
---
.../src/main/java/org/apache/ranger/service/XGroupUserService.java | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
index 9345e8180..5cfcb785c 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
@@ -305,8 +305,11 @@ public class XGroupUserService extends
xxGroupUser = new XXGroupUser();
groupUserMappingExists = false;
}
- xxGroupUser.setAddedByUserId(createdByUserId);
- xxGroupUser.setUpdatedByUserId(createdByUserId);
+ XXPortalUser xXPortalUser =
daoManager.getXXPortalUser().getById(createdByUserId);
+ if (xXPortalUser != null) {
+
xxGroupUser.setAddedByUserId(createdByUserId);
+
xxGroupUser.setUpdatedByUserId(createdByUserId);
+ }
if (groupUserMappingExists) {
xxGroupUser =
getDao().update(xxGroupUser);
[ranger] branch master updated: RANGER-3807: getUserRoles API gives 200 for non existing user passed to this API
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new d247fece1 RANGER-3807: getUserRoles API gives 200 for non existing
user passed to this API
d247fece1 is described below
commit d247fece105d926b4487cfd43fcefedad94c
Author: pradeep
AuthorDate: Fri Jun 24 16:40:46 2022 +0530
RANGER-3807: getUserRoles API gives 200 for non existing user passed to
this API
---
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index e00767643..d2bc59a02 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -698,6 +698,9 @@ public class RoleREST {
LOG.debug("==> getUserRoles()");
}
try {
+if (xUserService.getXUserByUserName(userName) == null) {
+throw
restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "User:" +
userName + " not found", false);
+}
Set roleList = roleStore.getRoleNames(userName,
userMgr.getGroupsForUser(userName));
for (RangerRole role : roleList) {
ret.add(role.getName());
[ranger] branch master updated: RANGER-3797 : Not able to create security zone for solr service after upgrade
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new fc7ad98fb RANGER-3797 : Not able to create security zone for solr
service after upgrade
fc7ad98fb is described below
commit fc7ad98fbb2ee7bb7d4cd3329abc438a73e0444a
Author: mateen.mansoori
AuthorDate: Tue Jun 21 16:11:53 2022 +0530
RANGER-3797 : Not able to create security zone for solr service after
upgrade
Signed-off-by: pradeep
---
...PatchForSolrSvcDefAndPoliciesUpdate_J10055.java | 56 ++
1 file changed, 46 insertions(+), 10 deletions(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
index 949967cd3..4684923ca 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
@@ -27,8 +27,8 @@ import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.RangerValidatorFactory;
@@ -45,6 +45,7 @@ import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import
org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
+import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
@@ -52,12 +53,14 @@ import
org.apache.ranger.plugin.model.validation.RangerValidator.Action;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.util.CLIUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class PatchForSolrSvcDefAndPoliciesUpdate_J10055 extends BaseLoader {
-private static final Logger logger =
Logger.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
+private static final Logger logger =
LoggerFactory.getLogger(PatchForSolrSvcDefAndPoliciesUpdate_J10055.class);
private static final String ACCESS_TYPE_UPDATE = "update";
private static final String ACCESS_TYPE_QUERY = "query";
private static final String ACCESS_TYPE_ADMIN = "solr_admin";
@@ -70,6 +73,8 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
private static final String ACCESS_TYPE_OTHERS_TAG = "solr:others";
private enum NEW_RESOURCE { admin, config, schema }
+private static final String SVC_ACCESS_TYPE_CONFIG_SUFFIX = "accessTypes";
+
private static final String SOLR_SVC_DEF_NAME =
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_SOLR_NAME;
private static RangerServiceDef embeddedSolrServiceDef = null;
@@ -134,7 +139,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
throw new RuntimeException("Error while updating " +
SOLR_SVC_DEF_NAME + " service-def");
}
} catch (Exception e) {
-logger.error("Error whille executing
PatchForSolrSvcDefAndPoliciesUpdate_J10055.", e);
+logger.error("Error whille executing
PatchForSolrSvcDefAndPoliciesUpdate_J10055 - ", e);
System.exit(1);
}
@@ -142,7 +147,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
// For RANGER-3725 - Update atlas default audit filter
updateDefaultAuditFilter(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME);
} catch (Throwable t) {
- logger.error("Failed to update atlas default audit
filter, Error - ", t);
+ logger.error("Failed to update atlas default audit
filter - ", t);
System.exit(1);
}
@@ -159,6 +164,7 @@ public class PatchForSolrSvcDefAndPoliciesUpdate_J10055
extends BaseLoader {
filter
[ranger] branch master updated: RANGER-3795: Fix java patch J10033 and J10046 failure
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 81b928c89 RANGER-3795: Fix java patch J10033 and J10046 failure
81b928c89 is described below
commit 81b928c8956e2f8d5bf68d451c74f83abc01c48a
Author: pradeep
AuthorDate: Fri Jun 17 16:52:56 2022 +0530
RANGER-3795: Fix java patch J10033 and J10046 failure
---
.../src/main/java/org/apache/ranger/biz/XUserMgr.java | 2 +-
.../patch/PatchForKafkaServiceDefUpdate_J10033.java | 15 ---
.../PatchForMigratingOldRegimePolicyJson_J10046.java | 11 ++-
.../ranger/patch/PatchForUpdatingPolicyJson_J10019.java | 11 ++-
4 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 4f2527223..9af354d09 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -2492,7 +2492,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
- @Transactional(readOnly = false, propagation = Propagation.REQUIRED)
+ @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public VXUser createServiceConfigUser(String userName){
if (userName == null || "null".equalsIgnoreCase(userName) ||
userName.trim().isEmpty()) {
logger.error("User Name: "+userName);
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
index 9302c130f..9f0717a40 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForKafkaServiceDefUpdate_J10033.java
@@ -22,6 +22,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.RangerValidatorFactory;
@@ -96,6 +97,9 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
@Autowired
ServiceDBStore svcStore;
+ @Autowired
+ XUserMgr xUserMgr;
+
public static void main(String[] args) {
logger.info("main()");
try {
@@ -349,8 +353,13 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
}
XXUser xxUser =
daoMgr.getXXUser().findByUserName(user);
if (xxUser == null) {
- throw new RuntimeException(user
+ ": user does not exist. policy='" + xxPolicy.getName()
- + "' service='"
+ xxPolicy.getService() + "' user='" + user + "'");
+ logger.info(user +" user is not
found, adding user: "+user);
+
xUserMgr.createServiceConfigUser(user);
+ xxUser =
daoMgr.getXXUser().findByUserName(user);
+ if (xxUser == null) {
+ throw new
RuntimeException(user + ": user does not exist. policy='" + xxPolicy.getName()
+ + "' service='" +
xxPolicy.getService() + "' user='" + user + "'");
+ }
}
XXPolicyItemUserPerm xUserPerm = new
XXPolicyItemUserPerm();
xUserPerm.setUserId(xxUser.getId());
@@ -476,4 +485,4 @@ public class PatchForKafkaServiceDefUpdate_J10033 extends
BaseLoader {
}
return rangerPolicyItemAccesses;
}
-}
\ No newline at end of file
+}
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
index 74ea7b2c6..c40280629 100644
---
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
+++
b/securi
[ranger] branch master updated: RANGER-3782: Upgrade spring-security version to 5.6.5
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 2980d5a76 RANGER-3782: Upgrade spring-security version to 5.6.5 2980d5a76 is described below commit 2980d5a763e8087708f20c27efc3df7d4d9e8a02 Author: mateen.mansoori AuthorDate: Thu Jun 9 16:48:40 2022 +0530 RANGER-3782: Upgrade spring-security version to 5.6.5 Signed-off-by: pradeep --- pom.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 0e597e01d..12378a5b0 100644 --- a/pom.xml +++ b/pom.xml @@ -194,10 +194,10 @@ 1.7.32 1.7.32 8.6.3 -2.3.5.RELEASE - 5.6.3 -5.3.19 -5.3.19 +2.3.8.RELEASE + 5.6.5 +5.3.20 +5.3.20 1.99.7 1.2.4 1.19
[ranger] branch master updated: Update doc to reflect the Organization associated with me
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 7c39ffde5 Update doc to reflect the Organization associated with me 7c39ffde5 is described below commit 7c39ffde573c33b86fe49b0c235e2b4c5fd6435b Author: pradeep AuthorDate: Wed Jun 15 18:01:36 2022 +0530 Update doc to reflect the Organization associated with me --- docs/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pom.xml b/docs/pom.xml index 736b7a460..f83d6afee 100644 --- a/docs/pom.xml +++ b/docs/pom.xml @@ -356,7 +356,7 @@ Committer -Freestone Infotech +Cloudera
[ranger] branch master updated: RANGER-3791: Upgrade json-smart, gson and jersey-client libraries version
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new 37c664864 RANGER-3791: Upgrade json-smart, gson and jersey-client libraries version 37c664864 is described below commit 37c664864f96b3cf45b0220f5d4d8e26f7e0251b Author: pradeep AuthorDate: Wed Jun 15 01:57:22 2022 +0530 RANGER-3791: Upgrade json-smart, gson and jersey-client libraries version --- pom.xml | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 0e6771218..0e597e01d 100644 --- a/pom.xml +++ b/pom.xml @@ -82,7 +82,6 @@ 1.8.2 2.6 2.2.0 -2.5 2.11.3 2.11.3 1.3.7 @@ -118,7 +117,7 @@ 4.5.0.0 27.0-jre 1.2 -2.2.4 +2.9.0 4.0 3.3.0 1.0.0 @@ -144,7 +143,7 @@ 2.3.1 3.3 1.19.3 -2.6 +2.35 1.19.3 1.19.3 1.19.3 @@ -154,7 +153,7 @@ 0.9.94 3.2 3.2.11 -2.3 +2.4.7 1.0 1.3.9 4.13.1 @@ -243,7 +242,6 @@ 8.4.0 0.8.0 2.10.6 -2.3.1 8.22.1 1.12.125
[ranger] branch master updated: RANGER-3784: Upgrade netty to 4.1.77-final
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new baa903e20 RANGER-3784: Upgrade netty to 4.1.77-final baa903e20 is described below commit baa903e206e72aa2c391e14c2f83b31cbcb0829e Author: pradeep AuthorDate: Mon Jun 13 12:41:26 2022 +0530 RANGER-3784: Upgrade netty to 4.1.77-final --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 043e2c2e9..0e6771218 100644 --- a/pom.xml +++ b/pom.xml @@ -174,7 +174,7 @@ 3.0.0 1.10.19 5.1.31 -4.1.76.Final +4.1.77.Final 0.8 1.6.7 20211018.2
[ranger] branch master updated: RANGER-3780: Upgrade tomcat to 8.5.79
This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git The following commit(s) were added to refs/heads/master by this push: new ab096438c RANGER-3780: Upgrade tomcat to 8.5.79 ab096438c is described below commit ab096438cf44d1464f32081b4a087b365e57d6dd Author: pradeep AuthorDate: Thu Jun 2 20:57:13 2022 +0530 RANGER-3780: Upgrade tomcat to 8.5.79 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b0bdcc56f..043e2c2e9 100644 --- a/pom.xml +++ b/pom.xml @@ -202,7 +202,7 @@ 1.99.7 1.2.4 1.19 -8.5.78 +8.5.79 6.9.4 2.3 3.4.14
[ranger] branch ranger-2.3 updated: RANGER-3669 : Connection to DB fails for MySQL version above 8.0
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new 3391876d4 RANGER-3669 : Connection to DB fails for MySQL version above
8.0
3391876d4 is described below
commit 3391876d426dce64cc687e139b7def28f6b2b12b
Author: Vishal Suvagia
AuthorDate: Thu Apr 7 18:19:25 2022 +0530
RANGER-3669 : Connection to DB fails for MySQL version above 8.0
Issue:
db setup script needs to be updated to support MySql versions greater than
8.0
Changes:
Made changes to allow non-ssl connection with DB for Mysql version greater
than 8.0
made a fix to allow user to define the custom jdbc url which can be used in
db-setup.
Updated Ranger Admin db setup for missing change in RANGER-3647
Testing:
Validated changes locally.
---
kms/scripts/db_setup.py| 88 ++
kms/scripts/install.properties | 5 +++
security-admin/scripts/db_setup.py | 4 +-
3 files changed, 76 insertions(+), 21 deletions(-)
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 165e30d89..d21a6ac75 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -103,7 +103,7 @@ class BaseDB(object):
class MysqlConf(BaseDB):
# Constructor
- def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
+ def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,is_db_override_jdbc_connection_string,db_override_jdbc_connection_string):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
@@ -115,6 +115,8 @@ class MysqlConf(BaseDB):
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
+ self.is_db_override_jdbc_connection_string =
is_db_override_jdbc_connection_string
+ self.db_override_jdbc_connection_string =
db_override_jdbc_connection_string
def get_jisql_cmd(self, user, password ,db_name):
path = RANGER_KMS_HOME
@@ -127,11 +129,20 @@ class MysqlConf(BaseDB):
db_ssl_cert_param="
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
else:
db_ssl_cert_param="
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+ else:
+ if "useSSL" not in db_name:
+ db_ssl_param="?useSSL=false"
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
+ if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
+ else:
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
\"%s\" -p \"%s\" -n
[ranger] branch master updated: RANGER-3669 : Connection to DB fails for MySQL version above 8.0
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new ea3b88ec7 RANGER-3669 : Connection to DB fails for MySQL version above
8.0
ea3b88ec7 is described below
commit ea3b88ec71431e90126fcff13b293ebb3de32359
Author: Vishal Suvagia
AuthorDate: Thu Apr 7 18:19:25 2022 +0530
RANGER-3669 : Connection to DB fails for MySQL version above 8.0
Issue:
db setup script needs to be updated to support MySql versions greater than
8.0
Changes:
Made changes to allow non-ssl connection with DB for Mysql version greater
than 8.0
made a fix to allow user to define the custom jdbc url which can be used in
db-setup.
Updated Ranger Admin db setup for missing change in RANGER-3647
Testing:
Validated changes locally.
---
kms/scripts/db_setup.py| 88 ++
kms/scripts/install.properties | 5 +++
security-admin/scripts/db_setup.py | 4 +-
3 files changed, 76 insertions(+), 21 deletions(-)
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 165e30d89..d21a6ac75 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -103,7 +103,7 @@ class BaseDB(object):
class MysqlConf(BaseDB):
# Constructor
- def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
+ def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,is_db_override_jdbc_connection_string,db_override_jdbc_connection_string):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
@@ -115,6 +115,8 @@ class MysqlConf(BaseDB):
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
+ self.is_db_override_jdbc_connection_string =
is_db_override_jdbc_connection_string
+ self.db_override_jdbc_connection_string =
db_override_jdbc_connection_string
def get_jisql_cmd(self, user, password ,db_name):
path = RANGER_KMS_HOME
@@ -127,11 +129,20 @@ class MysqlConf(BaseDB):
db_ssl_cert_param="
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
else:
db_ssl_cert_param="
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
+ else:
+ if "useSSL" not in db_name:
+ db_ssl_param="?useSSL=false"
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
+ if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
+ else:
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
\"%s\" -p \"%s\" -noheader -t
[ranger] branch master updated: Revert "RANGER-3669 : Connection to DB fails for MySQL version above 8.0"
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 35b61fa41 Revert "RANGER-3669 : Connection to DB fails for MySQL
version above 8.0"
35b61fa41 is described below
commit 35b61fa412889c74163f7ac427d495e0a69f68ea
Author: pradeep
AuthorDate: Tue May 17 15:46:59 2022 +0530
Revert "RANGER-3669 : Connection to DB fails for MySQL version above 8.0"
This reverts commit fd9b789d096cac79fd8892c10349115d54d0a03b.
---
kms/scripts/db_setup.py| 80 +++---
kms/scripts/install.properties | 5 ---
security-admin/scripts/db_setup.py | 4 +-
3 files changed, 17 insertions(+), 72 deletions(-)
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 3c41b1edb..165e30d89 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -103,7 +103,7 @@ class BaseDB(object):
class MysqlConf(BaseDB):
# Constructor
- def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,is_db_override_jdbc_connection_string,db_override_jdbc_connection_string):
+ def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
@@ -115,8 +115,6 @@ class MysqlConf(BaseDB):
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
- self.is_db_override_jdbc_connection_string =
is_db_override_jdbc_connection_string
- self.db_override_jdbc_connection_string =
db_override_jdbc_connection_string
def get_jisql_cmd(self, user, password ,db_name):
path = RANGER_KMS_HOME
@@ -129,20 +127,11 @@ class MysqlConf(BaseDB):
db_ssl_cert_param="
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
else:
db_ssl_cert_param="
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
- else:
- if "useSSL" not in db_name:
- db_ssl_param="?useSSL=false"
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
- if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
- else:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
- if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\"
-noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,
path, self.db_override_jdbc_connection_string,user, pas
[ranger] branch ranger-2.3 updated: Revert "RANGER-3669 : Connection to DB fails for MySQL version above 8.0"
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new ce3223074 Revert "RANGER-3669 : Connection to DB fails for MySQL
version above 8.0"
ce3223074 is described below
commit ce32230744590110fe2eda4d1ddbdb86265f8767
Author: pradeep
AuthorDate: Tue May 17 15:49:00 2022 +0530
Revert "RANGER-3669 : Connection to DB fails for MySQL version above 8.0"
This reverts commit 55886d610926f1a5f7ac89d34da146089383707a.
---
kms/scripts/db_setup.py| 80 +++---
kms/scripts/install.properties | 5 ---
security-admin/scripts/db_setup.py | 4 +-
3 files changed, 17 insertions(+), 72 deletions(-)
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index 3c41b1edb..165e30d89 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -103,7 +103,7 @@ class BaseDB(object):
class MysqlConf(BaseDB):
# Constructor
- def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,is_db_override_jdbc_connection_string,db_override_jdbc_connection_string):
+ def __init__(self,
host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
@@ -115,8 +115,6 @@ class MysqlConf(BaseDB):
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
- self.is_db_override_jdbc_connection_string =
is_db_override_jdbc_connection_string
- self.db_override_jdbc_connection_string =
db_override_jdbc_connection_string
def get_jisql_cmd(self, user, password ,db_name):
path = RANGER_KMS_HOME
@@ -129,20 +127,11 @@ class MysqlConf(BaseDB):
db_ssl_cert_param="
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
else:
db_ssl_cert_param="
-Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s
-Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s "
%(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
- else:
- if "useSSL" not in db_name:
- db_ssl_param="?useSSL=false"
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
- if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u '%s' -p '%s'
-noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.db_override_jdbc_connection_string,user,password)
- else:
- jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
+ jisql_cmd = "%s %s -cp %s:%s/jisql/lib/*
org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u
'%s' -p '%s' -noheader -trim -c \;"
%(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
- if self.is_db_override_jdbc_connection_string == 'true'
and self.db_override_jdbc_connection_string is not None and
len(self.db_override_jdbc_connection_string) > 0:
- jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\*
org.apache.util.sql.Jisql -driver mysqlconj -cstring %s -u \"%s\" -p \"%s\"
-noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,
path, self.db_override_jdbc_connection_string,u
[ranger] branch master updated: RANGER-3752: Restrict duplicate access types entries in policy creation
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 3c2f61276 RANGER-3752: Restrict duplicate access types entries in
policy creation
3c2f61276 is described below
commit 3c2f6127609dd032452165d2cb3d4068de4cfe47
Author: pradeep
AuthorDate: Tue May 10 12:42:03 2022 +0530
RANGER-3752: Restrict duplicate access types entries in policy creation
---
.../plugin/model/validation/RangerPolicyValidator.java | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index fb6556b59..0a58bb36d 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -963,7 +963,10 @@ public class RangerPolicyValidator extends RangerValidator
{
LOG.debug("policy item accesses collection was
null/empty!");
} else {
Set accessTypes = getAccessTypes(serviceDef);
- for (RangerPolicyItemAccess access : accesses) {
+ Set uniqueAccesses = new HashSet<>();
+ Iterator accessTypeIterator =
accesses.iterator();
+ while (accessTypeIterator.hasNext()) {
+ RangerPolicyItemAccess access =
accessTypeIterator.next();
if (access == null) {
ValidationErrorCode error =
ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ACCESS;
failures.add(new
ValidationFailureDetailsBuilder()
@@ -975,7 +978,12 @@ public class RangerPolicyValidator extends RangerValidator
{
valid = false;
} else {
// we want to go through all elements
even though one may be bad so all failures are captured
- valid = isValidPolicyItemAccess(access,
failures, accessTypes) && valid;
+ if
(uniqueAccesses.contains(access.getType())) {
+ accessTypeIterator.remove();
+ } else {
+ valid =
isValidPolicyItemAccess(access, failures, accessTypes) && valid;
+
uniqueAccesses.add(access.getType());
+ }
}
}
}
[ranger] branch ranger-2.3 updated: RANGER-3747: Fix failing sql patches
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new 9f121a791 RANGER-3747: Fix failing sql patches
9f121a791 is described below
commit 9f121a7917128c3e96dcb98c03e6578ef7aa18bd
Author: pradeep
AuthorDate: Thu May 5 16:25:41 2022 +0530
RANGER-3747: Fix failing sql patches
---
.../patches/037-create-security-zone-schema.sql| 5 +-
.../patches/051-update-datatype-to-nvarchar.sql| 132 -
2 files changed, 104 insertions(+), 33 deletions(-)
diff --git
a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
index bc9921efe..e76b37bd3 100644
--- a/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
+++ b/security-admin/db/mysql/patches/037-create-security-zone-schema.sql
@@ -33,6 +33,9 @@ delimiter ;;
create procedure remove_x_policy_zone_id() begin
if exists (select * from information_schema.columns where
table_schema=database() and table_name = 'x_policy') then
if exists (select * from information_schema.columns where
table_schema=database() and table_name = 'x_policy' and column_name =
'zone_id') then
+if exists(select * FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE WHERE
REFERENCED_TABLE_NAME = 'x_security_zone' AND TABLE_SCHEMA = database() AND
TABLE_NAME = 'x_policy' AND CONSTRAINT_NAME = 'x_policy_FK_zone_id') then
+ALTER TABLE `x_policy` DROP FOREIGN KEY `x_policy_FK_zone_id`;
+end if;
ALTER TABLE `x_policy` DROP COLUMN `zone_id`;
end if;
end if;
@@ -237,11 +240,11 @@ create procedure add_security_zone_permissions() begin
call getXportalUIdByLoginId('admin', adminID);
call getXportalUIdByLoginId('rangerusersync', rangerusersyncID);
call getXportalUIdByLoginId('rangertagsync', rangertagsyncID);
- call getModulesIdByName('Security Zone', moduleIdSecurityZone);
if not exists (select * from x_modules_master where module='Security
Zone') then
INSERT INTO `x_modules_master`
(`create_time`,`update_time`,`added_by_id`,`upd_by_id`,`module`,`url`) VALUES
(UTC_TIMESTAMP(),UTC_TIMESTAMP(),adminID,adminID,'Security Zone','');
end if;
+ call getModulesIdByName('Security Zone', moduleIdSecurityZone);
if not exists (select * from x_user_module_perm where user_id=adminID
and module_id=moduleIdSecurityZone) then
INSERT INTO x_user_module_perm
(user_id,module_id,create_time,update_time,added_by_id,upd_by_id,is_allowed)
VALUES
(adminID,moduleIdSecurityZone,UTC_TIMESTAMP(),UTC_TIMESTAMP(),adminID,adminID,1);
end if;
diff --git
a/security-admin/db/sqlserver/patches/051-update-datatype-to-nvarchar.sql
b/security-admin/db/sqlserver/patches/051-update-datatype-to-nvarchar.sql
index 9307a205c..3819089a6 100644
--- a/security-admin/db/sqlserver/patches/051-update-datatype-to-nvarchar.sql
+++ b/security-admin/db/sqlserver/patches/051-update-datatype-to-nvarchar.sql
@@ -12,7 +12,6 @@
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
-
GO
DECLARE @SQL nvarchar(4000),
@@ -78,98 +77,167 @@ GO
IF (OBJECT_ID('x_group$x_group_UK_group_name') IS NOT NULL)
BEGIN
ALTER TABLE [dbo].[x_group] DROP CONSTRAINT x_group$x_group_UK_group_name;
+END
+GO
ALTER TABLE [dbo].[x_group] ALTER COLUMN group_name nvarchar(767);
ALTER TABLE [dbo].[x_group] ADD CONSTRAINT [x_group$x_group_UK_group_name]
UNIQUE (group_name);
ALTER TABLE [dbo].[x_group] ALTER COLUMN descr nvarchar(4000);
-END
GO
+IF (OBJECT_ID('x_group_users$x_group_users_UK_uid_gname') IS NOT NULL)
BEGIN
- ALTER TABLE [dbo].[x_group_users] DROP CONSTRAINT
[[x_group_users$x_group_users_UK_uid_gname];
- ALTER TABLE [dbo].[x_group_users] ALTER COLUMN group_name nvarchar(767);
- ALTER TABLE [dbo].[x_group_users] ADD CONSTRAINT
[[x_group_users$x_group_users_UK_uid_gname] UNIQUE (user_id,group_name);
+ ALTER TABLE [dbo].[x_group_users] DROP CONSTRAINT
[x_group_users$x_group_users_UK_uid_gname];
END
GO
- ALTER TABLE [dbo].[x_group_groups] ALTER COLUMN group_name nvarchar(1024);
+ ALTER TABLE [dbo].[x_group_users] ALTER COLUMN group_name nvarchar(767);
+ ALTER TABLE [dbo].[x_group_users] ADD CONSTRAINT
[x_group_users$x_group_users_UK_uid_gname] UNIQUE (user_id,group_name);
+ ALTER TABLE [dbo].[x_group_groups] ALTER COLUMN group_name nvarchar(1024);
GO
+
+IF (OBJECT_ID('df_x_security_zone_ref_group_group_name') IS NOT NULL)
+BEGIN
ALTER TABLE [dbo].[x_security_zone_ref_group] DROP CONSTRAINT
df_x_security_zone_ref_group_group_name;
- ALTER TABLE [dbo].[x_security_zone_ref_group] ALTER COLUMN group_name
nvarchar(767);
+END
+GO
+ ALTER
