date:20170130

Re: Review Request 56069: RANGER-1336 : Audit based policy that has no policy item are not exported in CSV file

2017-01-30 Thread Gautam Borad


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56069/
---

(Updated Jan. 31, 2017, 4:58 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Madhan Neethiraj, 
Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan Periasamy.


Bugs: RANGER-1336
https://issues.apache.org/jira/browse/RANGER-1336


Repository: ranger


Description
---

Audit policies that did not have any policy items were not exported in CSV 
file. This patch fixes that.


Diffs (updated)
-

  kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 021685c 
  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java 
22fb03c 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
9a4e571 

Diff: https://reviews.apache.org/r/56069/diff/


Testing
---

Applied patch on a locally setup Ranger and did the following steps:

1) Create a yarn policy without any policy item
2) Go to report page
3) Export as csv file

Checked the csv file and the file had audit based yarn policy.


Thanks,

Gautam Borad

Re: Review Request 56035: RANGER-1334: Good coding practices in Ranger Usersync

2017-01-30 Thread Sailaja Polavarapu


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56035/
---

(Updated Jan. 30, 2017, 10:19 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan 
Periasamy.


Changes
---

fixed the code based on the review comments.


Bugs: RANGER-1334
https://issues.apache.org/jira/browse/RANGER-1334


Repository: ranger


Description
---

Fixed few issues found in the recent changes in the usersync code.


Diffs (updated)
-

  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 0779918 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 0b909d1 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 25c0824 

Diff: https://reviews.apache.org/r/56035/diff/


Testing
---

Confirmed all the unit tests ran successfully.


Thanks,

Sailaja Polavarapu

Review Request 56094: Ranger-1339: DENY and ALLOW EXCLUSION do not work with YARN

2017-01-30 Thread Yan Zhou

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56094/
---

Review request for ranger.

Repository: ranger

Description
---

When a user is denied, or excluded from "allowed", the use of "admin-queue",
but is allowed the "submit-app", he is actually unable to submit Yarn jobs at
all.

The reason is found to be that the "implied grants" are indiscriminately
incorporated into allow/deny/allow-exception/deny-exception lists. Actually we
need to differentiate two types of implications. The first implication is
"equivalent implication". The second is "unequivalent implication". For the
"ALL" permission, it is equivalent, meaning that "ALL" implies the all implied
permissions together, and vice versa. So DENY "ALL" will rid of any and all
other permissions from a user. For YARN's implication from "queue-admin" to
"submit-app", it's not equivalent. While "queue-admin" implies "submit-app", it
is not the other way around; namely that deny "admin-queue" to a user should
not deny his "submit-app" permission. Thus the "implied grants" should not be
incorporated from the allow-exception/deny lists if they do not carry the "all"
semantics.

Diffs
-

agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
ffb9523

agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
b0d103e
agents-common/src/test/resources/policyengine/test_policyengine_yarn.json
PRE-CREATION

Diff: https://reviews.apache.org/r/56094/diff/

Testing
---

Regression, manual, and newly added automated tests.

Thanks,

Yan Zhou

Re: Problem in "Editing JIRA issue in Apache Ranger" - INFRA ticket open ....

2017-01-30 Thread Don Bosco Durai

Thanks for creating them. 

Bosco


On 1/30/17, 6:39 AM, "Selvamohan Neethiraj"  wrote:

I saw few discussions related to permission for creation of public comments 
and assigning JIRA(s) to others. 

I have created a INFRA- lira to get this fixed.   
https://issues.apache.org/jira/browse/INFRA-13423

Please let me know if you have come across any other issues after we 
graduated to Top Level Project (TLP).

Thanks,
Selva-

Review Request 56089: Fix issue uncovered by static code analysis

2017-01-30 Thread Abhay Kulkarni


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56089/
---

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-1329
https://issues.apache.org/jira/browse/RANGER-1329


Repository: ranger


Description
---

Fix issue uncovered by static code analysis


Diffs
-

  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
a469513 

Diff: https://reviews.apache.org/r/56089/diff/


Testing
---

Built clean and ran unit tests successfully.


Thanks,

Abhay Kulkarni

[RESULT] [VOTE] Release Apache Ranger 0.6.3 - release candidate 1 (dev group vote)

2017-01-30 Thread Velmurugan Periasamy

Hello Rangers:

Thank you so much for your efforts to validate Apache Ranger 0.6.3 release 
candidate #1 and your feedback/vote.

More than 72 hours have passed and the current vote thread is considered 
concluded and passes with the following resolution:

Seven +1 votes from the following PPMC member(s):
+1 Alok Lal
+1 Colm O hEigeartaigh
+1 Dilli Arumugam
+1 Gautam Borad
+1 Ramesh Mani
+1 Selvamohan Neethiraj
+1 Velmurugan Periasamy

Three +1 votes from the following non-PPMC member(s):
+1 Abhay Kulkarni
+1 Sailaja Polavarapu
+1 Sree V

Zero -1 votes:

I will notify private@ranger and wait an additional 72 hours for feedback from 
PMC before beginning the process of moving the release artifacts to the mirrors.

Voting thread for reference - 
https://lists.apache.org/thread.html/781960ecf84e1d89555d6a53c6c83cea48e03074d9dd51c1e5d76bb1@%3Cdev.ranger.apache.org%3E
 

Issues fixed in this release - 
https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6.3+-+Release+Notes

Thank you,
Vel


> On Jan 27, 2017, at 12:56 PM, Ramesh Mani  wrote:
> 
> +1 (binding) 
> 
> Did full maven build of source from
> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6.3
> .tar.gz without issue.
> 
> Verified some of the src files.
> 
> Thanks,
> Ramesh
> 
> 
> 
> On 1/26/17, 12:50 PM, "Velmurugan Periasamy"  wrote:
> 
>> Rangers:
>> 
>> Apache Ranger 0.6.3 release candidate #1 is now available for a vote
>> within dev community. Links to release artifacts are given below. Could
>> you please review and vote? Please note that this vote is being redone
>> after Ranger has graduated from incubator to a TLP.
>> 
>> The vote will be open for at least 72 hours or until necessary number of
>> votes are reached.
>> [ ] +1  approve
>> [ ] +0  no opinion
>> [ ] -1  disapprove (and reason why)
>> 
>> Here is my +1
>> 
>> Thank you,
>> Vel
>> 
>> Git tag for the release:
>> https://github.com/apache/ranger/tree/ranger-0.6.3-rc1  (last commit id
>> :  bedbc4bda97b54113e166307596d8c62ce5d329f)
>> Sources for the release:
>> 
>> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6.
>> 3.tar.gz
>> 
>> Source release verification:
>> PGP Signature:  
>> 
>> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6.
>> 3.tar.gz.asc 
>> MD5/SHA  Hash:
>> 
>> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6.
>> 3.tar.gz.mds 
>> 
>> Keys to verify the signature of the release artifact are available at:
>> https://people.apache.org/keys/group/ranger.asc
>> 
>> 
>

Problem in "Editing JIRA issue in Apache Ranger" - INFRA ticket open ....

2017-01-30 Thread Selvamohan Neethiraj

I saw few discussions related to permission for creation of public comments and 
assigning JIRA(s) to others. 

I have created a INFRA- lira to get this fixed.   
https://issues.apache.org/jira/browse/INFRA-13423

Please let me know if you have come across any other issues after we graduated 
to Top Level Project (TLP).

Thanks,
Selva-

Re: Review Request 56036: RANGER-1335:Solr for Audit Setup breaks Solr versions 5.5 and above

2017-01-30 Thread Don Bosco Durai


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56036/#review163485
---


Ship it!




Ship It!

- Don Bosco Durai


On Jan. 29, 2017, 3:33 p.m., Paul Otto wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56036/
> ---
> 
> (Updated Jan. 29, 2017, 3:33 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1335
> https://issues.apache.org/jira/browse/RANGER-1335
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Remove AdminHandler block from solrconfig.xml as its presence breaks Solr 5.5 
> and above. Ranger currently only supports Solr 5.2 and above, all of which 
> work without this block (was deprecated in versions >= 5.0 and < 5.5.
> 
> 
> Diffs
> -
> 
>   security-admin/contrib/solr_for_audit_setup/conf/solrconfig.xml 
> 3347f1b7b45158381b59ae2fec14fe0e10b8ba76 
>   security-admin/contrib/solr_for_audit_setup/conf/solrconfig.xml.j2 
> 4e6df8aeb3a0895bce4f83f3db2d9611b850f2f3 
> 
> Diff: https://reviews.apache.org/r/56036/diff/
> 
> 
> Testing
> ---
> 
> Manual testing done against multiple versions of Solr, using Chef Kitchen to 
> assist.
> 
> 
> Thanks,
> 
> Paul Otto
> 
>

Review Request 56069: RANGER-1336 : Audit based policy that has no policy item are not exported in CSV file