[jira] [Commented] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831445#comment-15831445
]
Qiang Zhang commented on RANGER-1316:
-
[~ankita.sinha], I agree with you. We have tested the codes in regular mode and
startup Ranger KMS successfully. Could you please tell me how to test in SSL
mode, I'd like to have a testing. Could you please provide some error logs and
documents so that we can help you to resolve the issue. Currently we are
analysis the functions in SSL mode, we will follow up this issue.
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Qiang Zhang
>Assignee: Ankita Sinha
>Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ..
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ..
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ankita Sinha updated RANGER-1316:
-
Attachment: RANGER-1316.patch
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Qiang Zhang
>Assignee: Ankita Sinha
>Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch,
> RANGER-1316.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ..
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ..
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Review Request 55754: Ranger-Admin enable security mode should not depend on configuration logdir
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55754/ --- Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. Bugs: RANGER-1316 https://issues.apache.org/jira/browse/RANGER-1316 Repository: ranger Description --- To choose Ranger Admin or Ranger KMS for server start was depended on "logDir", so now this is being refactored and decision is made on basis of "servername". Some code imporvement is being taken care. Diffs - embeddedwebserver/scripts/ranger-admin-services.sh ee467fc embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 7ebba8a kms/scripts/ranger-kms 80181d7 Diff: https://reviews.apache.org/r/55754/diff/ Testing --- Tested Patch for the following scenarios : 1. Ranger Admin and Ranger KMS on Simple Cluster 2. Ranger Admin and Ranger KMS on Secure Cluster 3. Ranger Admin and Ranger KMS on Secure + SSL Cluster Thanks, Ankita Sinha
[jira] [Commented] (RANGER-1316) Ranger-Admin enable security mode should not depend on configuration logdir
[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831682#comment-15831682
]
Ankita Sinha commented on RANGER-1316:
--
Thanks [~zhangqiang2], you can refer this
[Doc|http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.4.0/bk_Security_Guide/content/configure_ambari_ranger_ssl_public_ca_certs_admin.html]
for configuring Ranger in SSL environment.
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Qiang Zhang
>Assignee: Ankita Sinha
>Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch,
> RANGER-1316.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ..
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ..
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (RANGER-1311) Ranger UI changes to support non-US characters in username related fields
[ https://issues.apache.org/jira/browse/RANGER-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mehul Parikh updated RANGER-1311: - Attachment: RANGER-1311.patch > Ranger UI changes to support non-US characters in username related fields > - > > Key: RANGER-1311 > URL: https://issues.apache.org/jira/browse/RANGER-1311 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.7.0 >Reporter: Mehul Parikh >Assignee: Mehul Parikh > Fix For: 0.7.0 > > Attachments: RANGER-1311.patch > > > Allow non US characters in username, firstname, lastname and groupname > fields. > So that, usersync source like LDAP / AD having names of users / groups that > contains non US characters then those can be saved in Ranger and also be > shown properly on UI. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Review Request 55797: RANGER-1311 : Ranger UI changes to support non-US characters in username related fields
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55797/ --- Review request for ranger, Don Bosco Durai, Gautam Borad, Madhan Neethiraj, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-1311 https://issues.apache.org/jira/browse/RANGER-1311 Repository: ranger Description --- Allow non US characters in username, firstname, lastname and groupname fields. Diffs - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 7ebba8a security-admin/src/main/java/org/apache/ranger/common/StringUtil.java a46858d security-admin/src/main/webapp/scripts/models/VXGroup.js a399de2 security-admin/src/main/webapp/scripts/models/VXPortalUser.js b031974 security-admin/src/main/webapp/scripts/modules/XAOverrides.js b23318e security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 3d2612b security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js c6851c2 security-admin/src/main/webapp/scripts/utils/XAUtils.js ee401ee security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b66b801 security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js 38ee737 security-admin/src/main/webapp/scripts/views/users/GroupCreate.js 41678ab security-admin/src/main/webapp/scripts/views/users/UserCreate.js b0fc105 security-admin/src/main/webapp/scripts/views/users/UserForm.js adf2f8b security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 5b6faa7 security-admin/src/main/webapp/styles/xa.css e2abab9 Diff: https://reviews.apache.org/r/55797/diff/ Testing --- Verified : * CRUD operations on service with Non US characters in username field. * verified display of user having Non-US characters. * Verified policy creation for the users having non-US characters in username. * Verified creation and updation of users / groups having non-US characters in username or groupname. * Verified login for such users as well. Thanks, Mehul Parikh
Re: Review Request 55797: RANGER-1311 : Ranger UI changes to support non-US characters in username related fields
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55797/#review162527 --- Ship it! Ship It! - Velmurugan Periasamy On Jan. 20, 2017, 11:53 p.m., Mehul Parikh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55797/ > --- > > (Updated Jan. 20, 2017, 11:53 p.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Madhan Neethiraj, > Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-1311 > https://issues.apache.org/jira/browse/RANGER-1311 > > > Repository: ranger > > > Description > --- > > Allow non US characters in username, firstname, lastname and groupname fields. > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java > 7ebba8a > security-admin/src/main/java/org/apache/ranger/common/StringUtil.java > a46858d > security-admin/src/main/webapp/scripts/models/VXGroup.js a399de2 > security-admin/src/main/webapp/scripts/models/VXPortalUser.js b031974 > security-admin/src/main/webapp/scripts/modules/XAOverrides.js b23318e > security-admin/src/main/webapp/scripts/modules/globalize/message/en.js > 3d2612b > security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js c6851c2 > security-admin/src/main/webapp/scripts/utils/XAUtils.js ee401ee > security-admin/src/main/webapp/scripts/views/policies/PermissionList.js > b66b801 > security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js > 38ee737 > security-admin/src/main/webapp/scripts/views/users/GroupCreate.js 41678ab > security-admin/src/main/webapp/scripts/views/users/UserCreate.js b0fc105 > security-admin/src/main/webapp/scripts/views/users/UserForm.js adf2f8b > security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js > 5b6faa7 > security-admin/src/main/webapp/styles/xa.css e2abab9 > > Diff: https://reviews.apache.org/r/55797/diff/ > > > Testing > --- > > Verified : > > * CRUD operations on service with Non US characters in username field. > * verified display of user having Non-US characters. > * Verified policy creation for the users having non-US characters in username. > * Verified creation and updation of users / groups having non-US characters > in username or groupname. > * Verified login for such users as well. > > > Thanks, > > Mehul Parikh > >
Re: Review Request 55650: RANGER-1313: Fix issue found during coverity scan in one of the ranger usersync unit tests
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55650/#review162528 --- Ship it! Ship It! - Velmurugan Periasamy On Jan. 17, 2017, 10:48 p.m., Sailaja Polavarapu wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55650/ > --- > > (Updated Jan. 17, 2017, 10:48 p.m.) > > > Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan > Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan > Periasamy. > > > Bugs: RANGER-1313 > https://issues.apache.org/jira/browse/RANGER-1313 > > > Repository: ranger > > > Description > --- > > Fixed few unit tests to use the correct variables. > > > Diffs > - > > ugsync/src/test/java/org/apache/ranger/usergroupsync/TestRegEx.java cf61d22 > > Diff: https://reviews.apache.org/r/55650/diff/ > > > Testing > --- > > Verified all the unit tests are run successfully. > > > Thanks, > > Sailaja Polavarapu > >
Re: Review Request 55649: RANGER-1295: Add-ons to support WASB in Ranger Authorization Model
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/55649/#review162530 --- Ship it! Ship It! - Velmurugan Periasamy On Jan. 17, 2017, 10:50 p.m., Ramesh Mani wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/55649/ > --- > > (Updated Jan. 17, 2017, 10:50 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan > Periasamy. > > > Repository: ranger > > > Description > --- > > RANGER-1295: Add-ons to support WASB in Ranger Authorization Model > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java > 3753a70 > agents-common/src/main/resources/service-defs/ranger-servicedef-wasb.json > PRE-CREATION > > Diff: https://reviews.apache.org/r/55649/diff/ > > > Testing > --- > > Tested creating a VM > > > Thanks, > > Ramesh Mani > >
[jira] [Commented] (RANGER-1295) Add-ons to support WASB in Ranger Authorization Model
[ https://issues.apache.org/jira/browse/RANGER-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15832736#comment-15832736 ] Ramesh Mani commented on RANGER-1295: - commit link http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/51c340ec > Add-ons to support WASB in Ranger Authorization Model > - > > Key: RANGER-1295 > URL: https://issues.apache.org/jira/browse/RANGER-1295 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Ramesh Mani >Assignee: Ramesh Mani > Fix For: 0.7.0 > > > Add-ons to support WASB in Ranger Authorization Model. This will gives an > option to add WASB as Service in the Ranger. > In ranger-admin-site.xml the parameter to include is > ranger.supportedcomponents=tag,hdfs,hbase,hive,kms,knox,storm,yarn,kafka,solr,atlas,wasb > > This will add the WASB ServiceDef along with other services to Ranger. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
