Re: Review Request 56069: RANGER-1336 : Audit based policy that has no policy item are not exported in CSV file
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56069/ --- (Updated Jan. 31, 2017, 4:58 a.m.) Review request for ranger, Ankita Sinha, Don Bosco Durai, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1336 https://issues.apache.org/jira/browse/RANGER-1336 Repository: ranger Description --- Audit policies that did not have any policy items were not exported in CSV file. This patch fixes that. Diffs (updated) - kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 021685c kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java 22fb03c security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9a4e571 Diff: https://reviews.apache.org/r/56069/diff/ Testing --- Applied patch on a locally setup Ranger and did the following steps: 1) Create a yarn policy without any policy item 2) Go to report page 3) Export as csv file Checked the csv file and the file had audit based yarn policy. Thanks, Gautam Borad
Re: Review Request 56035: RANGER-1334: Good coding practices in Ranger Usersync
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56035/ --- (Updated Jan. 30, 2017, 10:19 p.m.) Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. Changes --- fixed the code based on the review comments. Bugs: RANGER-1334 https://issues.apache.org/jira/browse/RANGER-1334 Repository: ranger Description --- Fixed few issues found in the recent changes in the usersync code. Diffs (updated) - ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java 0779918 ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java 0b909d1 ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 25c0824 Diff: https://reviews.apache.org/r/56035/diff/ Testing --- Confirmed all the unit tests ran successfully. Thanks, Sailaja Polavarapu
Review Request 56094: Ranger-1339: DENY and ALLOW EXCLUSION do not work with YARN
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56094/ --- Review request for ranger. Repository: ranger Description --- When a user is denied, or excluded from "allowed", the use of "admin-queue", but is allowed the "submit-app", he is actually unable to submit Yarn jobs at all. The reason is found to be that the "implied grants" are indiscriminately incorporated into allow/deny/allow-exception/deny-exception lists. Actually we need to differentiate two types of implications. The first implication is "equivalent implication". The second is "unequivalent implication". For the "ALL" permission, it is equivalent, meaning that "ALL" implies the all implied permissions together, and vice versa. So DENY "ALL" will rid of any and all other permissions from a user. For YARN's implication from "queue-admin" to "submit-app", it's not equivalent. While "queue-admin" implies "submit-app", it is not the other way around; namely that deny "admin-queue" to a user should not deny his "submit-app" permission. Thus the "implied grants" should not be incorporated from the allow-exception/deny lists if they do not carry the "all" semantics. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ffb9523 agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b0d103e agents-common/src/test/resources/policyengine/test_policyengine_yarn.json PRE-CREATION Diff: https://reviews.apache.org/r/56094/diff/ Testing --- Regression, manual, and newly added automated tests. Thanks, Yan Zhou
Re: Problem in "Editing JIRA issue in Apache Ranger" - INFRA ticket open ....
Thanks for creating them. Bosco On 1/30/17, 6:39 AM, "Selvamohan Neethiraj"wrote: I saw few discussions related to permission for creation of public comments and assigning JIRA(s) to others. I have created a INFRA- lira to get this fixed. https://issues.apache.org/jira/browse/INFRA-13423 Please let me know if you have come across any other issues after we graduated to Top Level Project (TLP). Thanks, Selva-
Review Request 56089: Fix issue uncovered by static code analysis
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56089/ --- Review request for ranger and Madhan Neethiraj. Bugs: RANGER-1329 https://issues.apache.org/jira/browse/RANGER-1329 Repository: ranger Description --- Fix issue uncovered by static code analysis Diffs - security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java a469513 Diff: https://reviews.apache.org/r/56089/diff/ Testing --- Built clean and ran unit tests successfully. Thanks, Abhay Kulkarni
[RESULT] [VOTE] Release Apache Ranger 0.6.3 - release candidate 1 (dev group vote)
Hello Rangers: Thank you so much for your efforts to validate Apache Ranger 0.6.3 release candidate #1 and your feedback/vote. More than 72 hours have passed and the current vote thread is considered concluded and passes with the following resolution: Seven +1 votes from the following PPMC member(s): +1 Alok Lal +1 Colm O hEigeartaigh +1 Dilli Arumugam +1 Gautam Borad +1 Ramesh Mani +1 Selvamohan Neethiraj +1 Velmurugan Periasamy Three +1 votes from the following non-PPMC member(s): +1 Abhay Kulkarni +1 Sailaja Polavarapu +1 Sree V Zero -1 votes: I will notify private@ranger and wait an additional 72 hours for feedback from PMC before beginning the process of moving the release artifacts to the mirrors. Voting thread for reference - https://lists.apache.org/thread.html/781960ecf84e1d89555d6a53c6c83cea48e03074d9dd51c1e5d76bb1@%3Cdev.ranger.apache.org%3E Issues fixed in this release - https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6.3+-+Release+Notes Thank you, Vel > On Jan 27, 2017, at 12:56 PM, Ramesh Maniwrote: > > +1 (binding) > > Did full maven build of source from > https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6.3 > .tar.gz without issue. > > Verified some of the src files. > > Thanks, > Ramesh > > > > On 1/26/17, 12:50 PM, "Velmurugan Periasamy" wrote: > >> Rangers: >> >> Apache Ranger 0.6.3 release candidate #1 is now available for a vote >> within dev community. Links to release artifacts are given below. Could >> you please review and vote? Please note that this vote is being redone >> after Ranger has graduated from incubator to a TLP. >> >> The vote will be open for at least 72 hours or until necessary number of >> votes are reached. >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >> >> Here is my +1 >> >> Thank you, >> Vel >> >> Git tag for the release: >> https://github.com/apache/ranger/tree/ranger-0.6.3-rc1 (last commit id >> : bedbc4bda97b54113e166307596d8c62ce5d329f) >> Sources for the release: >> >> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6. >> 3.tar.gz >> >> Source release verification: >> PGP Signature: >> >> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6. >> 3.tar.gz.asc >> MD5/SHA Hash: >> >> https://dist.apache.org/repos/dist/dev/ranger/0.6.3-rc1/apache-ranger-0.6. >> 3.tar.gz.mds >> >> Keys to verify the signature of the release artifact are available at: >> https://people.apache.org/keys/group/ranger.asc >> >> >
Problem in "Editing JIRA issue in Apache Ranger" - INFRA ticket open ....
I saw few discussions related to permission for creation of public comments and assigning JIRA(s) to others. I have created a INFRA- lira to get this fixed. https://issues.apache.org/jira/browse/INFRA-13423 Please let me know if you have come across any other issues after we graduated to Top Level Project (TLP). Thanks, Selva-
Re: Review Request 56036: RANGER-1335:Solr for Audit Setup breaks Solr versions 5.5 and above
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56036/#review163485 --- Ship it! Ship It! - Don Bosco Durai On Jan. 29, 2017, 3:33 p.m., Paul Otto wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56036/ > --- > > (Updated Jan. 29, 2017, 3:33 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1335 > https://issues.apache.org/jira/browse/RANGER-1335 > > > Repository: ranger > > > Description > --- > > Remove AdminHandler block from solrconfig.xml as its presence breaks Solr 5.5 > and above. Ranger currently only supports Solr 5.2 and above, all of which > work without this block (was deprecated in versions >= 5.0 and < 5.5. > > > Diffs > - > > security-admin/contrib/solr_for_audit_setup/conf/solrconfig.xml > 3347f1b7b45158381b59ae2fec14fe0e10b8ba76 > security-admin/contrib/solr_for_audit_setup/conf/solrconfig.xml.j2 > 4e6df8aeb3a0895bce4f83f3db2d9611b850f2f3 > > Diff: https://reviews.apache.org/r/56036/diff/ > > > Testing > --- > > Manual testing done against multiple versions of Solr, using Chef Kitchen to > assist. > > > Thanks, > > Paul Otto > >
Review Request 56069: RANGER-1336 : Audit based policy that has no policy item are not exported in CSV file
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56069/ --- Review request for ranger, Ankita Sinha, Don Bosco Durai, Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, and Velmurugan Periasamy. Bugs: RANGER-1336 https://issues.apache.org/jira/browse/RANGER-1336 Repository: ranger Description --- Audit policies that did not have any policy items were not exported in CSV file. This patch fixes that. Diffs - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 9a4e571 Diff: https://reviews.apache.org/r/56069/diff/ Testing --- Applied patch on a locally setup Ranger and did the following steps: 1) Create a yarn policy without any policy item 2) Go to report page 3) Export as csv file Checked the csv file and the file had audit based yarn policy. Thanks, Gautam Borad