[jira] [Commented] (RANGER-1661) Default policy for KMS audits is pointing to incorrect location
[ https://issues.apache.org/jira/browse/RANGER-1661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16077628#comment-16077628 ] bhavik patel commented on RANGER-1661: -- [~abajwa] I have checked on *master* as well as on *ranger-0.7* branches the default policy is pointing to "/ranger/audit/kms". > Default policy for KMS audits is pointing to incorrect location > --- > > Key: RANGER-1661 > URL: https://issues.apache.org/jira/browse/RANGER-1661 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Ali Bajwa > Fix For: 1.0.0, 0.7.2 > > Attachments: Screen Shot 2017-06-21 at 12.01.26 PM.png, Screen Shot > 2017-06-21 at 12.01.43 PM.png > > > After installing Ranger, there is policy for KMS audits already created in > HDFS policies...but it seems to be pointing incorrect location. It points to > /ranger/kms/audit but Ambari defaults xasecure.audit.destination.hdfs.dir to > hdfs://myhost:8020/ranger/audit > I believe the default policy should also point to /ranger/audit/kms > Env used: HDP 2.6.1.0-129 > $ rpm -qa | grep ranger > ranger_2_6_1_0_129-admin-0.7.0.2.6.1.0-129.x86_64 > $ rpm -qa | grep ambari > ambari-agent-2.5.0.3-7.x86_64 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 60696: In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60696/ --- Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. Bugs: RANGER-1678 https://issues.apache.org/jira/browse/RANGER-1678 Repository: ranger Description (updated) --- In agents-audit module, there are following two places of writing audit logs to solr: 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider. 2. org.apache.ranger.audit.destination.SolrAuditDestination. Above classes use the same method( "MiscUtil.executePrivilegedAction") to send the audit logs to solr. Codes is as following final UpdateResponse response = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { @Override public UpdateResponse run() throws Exception { return solrClient.add(docs); } }); We should extract the common method to let our codes more cleaner and reduce the possibility of new issue. Diffs (updated) - agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java 14ad791 agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java e0c192c agents-audit/src/main/java/org/apache/ranger/audit/utils/SolrAppUtil.java PRE-CREATION Diff: https://reviews.apache.org/r/60696/diff/1/ Testing --- Thanks, pengjianhua
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[ https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1678: - Attachment: 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch > In different places to achieve the same function using repeat codes, new > issue is perhaps generated when these functions are modified. > -- > > Key: RANGER-1678 > URL: https://issues.apache.org/jira/browse/RANGER-1678 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > Fix For: master > > Attachments: > 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch > > > In agents-audit module, there are following two places of writing audit logs > to solr: > 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider. > 2. org.apache.ranger.audit.destination.SolrAuditDestination. > Above classes use the same method( "MiscUtil.executePrivilegedAction") to > send the audit logs to solr. Codes is as following > final UpdateResponse response = MiscUtil.executePrivilegedAction(new > PrivilegedExceptionAction() { > @Override > public UpdateResponse run() throws Exception { > return solrClient.add(docs); > } > }); > We should extract the common method to let our codes more cleaner and reduce > the possibility of new issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[ https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1678: - Attachment: (was: 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch) > In different places to achieve the same function using repeat codes, new > issue is perhaps generated when these functions are modified. > -- > > Key: RANGER-1678 > URL: https://issues.apache.org/jira/browse/RANGER-1678 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > Fix For: master > > > In agents-audit module, there are following two places of writing audit logs > to solr: > 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider. > 2. org.apache.ranger.audit.destination.SolrAuditDestination. > Above classes use the same method( "MiscUtil.executePrivilegedAction") to > send the audit logs to solr. Codes is as following > final UpdateResponse response = MiscUtil.executePrivilegedAction(new > PrivilegedExceptionAction() { > @Override > public UpdateResponse run() throws Exception { > return solrClient.add(docs); > } > }); > We should extract the common method to let our codes more cleaner and reduce > the possibility of new issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[ https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1678: - Summary: In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified. (was: In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions is modified.) > In different places to achieve the same function using repeat codes, new > issue is perhaps generated when these functions are modified. > -- > > Key: RANGER-1678 > URL: https://issues.apache.org/jira/browse/RANGER-1678 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > Fix For: master > > Attachments: > 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch > > > In agents-audit module, there are following two places of writing audit logs > to solr: > 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider. > 2. org.apache.ranger.audit.destination.SolrAuditDestination. > Above classes use the same method( "MiscUtil.executePrivilegedAction") to > send the audit logs to solr. Codes is as following > final UpdateResponse response = MiscUtil.executePrivilegedAction(new > PrivilegedExceptionAction() { > @Override > public UpdateResponse run() throws Exception { > return solrClient.add(docs); > } > }); > We should extract the common method to let our codes more cleaner and reduce > the possibility of new issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1678) In different places to achieve the same function, once the function is modified, it is easy to miss one of them, thus importing a new issue. We should extract the common
peng.jianhua created RANGER-1678: Summary: In different places to achieve the same function, once the function is modified, it is easy to miss one of them, thus importing a new issue. We should extract the common method for writing ranger audit logs to solr. Key: RANGER-1678 URL: https://issues.apache.org/jira/browse/RANGER-1678 Project: Ranger Issue Type: Bug Components: plugins Reporter: peng.jianhua Assignee: peng.jianhua Fix For: master In agents-audit module, there are following two places of writing audit logs to solr: 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider. 2. org.apache.ranger.audit.destination.SolrAuditDestination. Above classes use the same method( "MiscUtil.executePrivilegedAction") to send the audit logs to solr. Codes is as following final UpdateResponse response = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { @Override public UpdateResponse run() throws Exception { return solrClient.add(docs); } }); We should extract the common method to let our codes more cleaner and reduce the possibility of new issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[ https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1677: - Attachment: pic1.png > Unable to login to Hadoop environment after opened Kerberos. > > > Key: RANGER-1677 > URL: https://issues.apache.org/jira/browse/RANGER-1677 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > Attachments: pic1.png > > > The BaseClient class used following code to login user. > String encryptedPwd = configHolder.getPassword(); > String password = PasswordUtils.decryptPassword(encryptedPwd); > if ( configHolder.isKerberosAuthentication() ) { > LOG.info("Init Login: using username/password"); > loginSubject = SecureClientLogin.loginUserWithPassword(userName, > password); > } > else { > LOG.info("Init Login: security not enabled, using username"); > loginSubject = SecureClientLogin.login(userName); > } > But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder > class. > - String plainTextPwd = > prop.getProperty(RANGER_LOGIN_PASSWORD); > - try { > - password = > PasswordUtils.encryptPassword(plainTextPwd); > - } catch (IOException e) { > - throw new HadoopException("Unable to initialize > login info", e); > - } > - > +password = prop.getProperty(RANGER_LOGIN_PASSWORD); > Please refer to pic1.png. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[ https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1677: - Attachment: (was: pic1.png) > Unable to login to Hadoop environment after opened Kerberos. > > > Key: RANGER-1677 > URL: https://issues.apache.org/jira/browse/RANGER-1677 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > > The BaseClient class used following code to login user. > String encryptedPwd = configHolder.getPassword(); > String password = PasswordUtils.decryptPassword(encryptedPwd); > if ( configHolder.isKerberosAuthentication() ) { > LOG.info("Init Login: using username/password"); > loginSubject = SecureClientLogin.loginUserWithPassword(userName, > password); > } > else { > LOG.info("Init Login: security not enabled, using username"); > loginSubject = SecureClientLogin.login(userName); > } > But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder > class. > - String plainTextPwd = > prop.getProperty(RANGER_LOGIN_PASSWORD); > - try { > - password = > PasswordUtils.encryptPassword(plainTextPwd); > - } catch (IOException e) { > - throw new HadoopException("Unable to initialize > login info", e); > - } > - > +password = prop.getProperty(RANGER_LOGIN_PASSWORD); > Please refer to pic1.png. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[ https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1677: - Description: The BaseClient class used following code to login user. String encryptedPwd = configHolder.getPassword(); String password = PasswordUtils.decryptPassword(encryptedPwd); if ( configHolder.isKerberosAuthentication() ) { LOG.info("Init Login: using username/password"); loginSubject = SecureClientLogin.loginUserWithPassword(userName, password); } else { LOG.info("Init Login: security not enabled, using username"); loginSubject = SecureClientLogin.login(userName); } But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder class. - String plainTextPwd = prop.getProperty(RANGER_LOGIN_PASSWORD); - try { - password = PasswordUtils.encryptPassword(plainTextPwd); - } catch (IOException e) { - throw new HadoopException("Unable to initialize login info", e); - } - +password = prop.getProperty(RANGER_LOGIN_PASSWORD); Please refer to pic1.png. was: The BaseClient class used following code to login user. String encryptedPwd = configHolder.getPassword(); String password = PasswordUtils.decryptPassword(encryptedPwd); if ( configHolder.isKerberosAuthentication() ) { LOG.info("Init Login: using username/password"); loginSubject = SecureClientLogin.loginUserWithPassword(userName, password); } else { LOG.info("Init Login: security not enabled, using username"); loginSubject = SecureClientLogin.login(userName); } But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder class. - String plainTextPwd = prop.getProperty(RANGER_LOGIN_PASSWORD); - try { - password = PasswordUtils.encryptPassword(plainTextPwd); - } catch (IOException e) { - throw new HadoopException("Unable to initialize login info", e); - } - +password = prop.getProperty(RANGER_LOGIN_PASSWORD); Please refer to pic1 and pic2. > Unable to login to Hadoop environment after opened Kerberos. > > > Key: RANGER-1677 > URL: https://issues.apache.org/jira/browse/RANGER-1677 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: newbie, patch > > The BaseClient class used following code to login user. > String encryptedPwd = configHolder.getPassword(); > String password = PasswordUtils.decryptPassword(encryptedPwd); > if ( configHolder.isKerberosAuthentication() ) { > LOG.info("Init Login: using username/password"); > loginSubject = SecureClientLogin.loginUserWithPassword(userName, > password); > } > else { > LOG.info("Init Login: security not enabled, using username"); > loginSubject = SecureClientLogin.login(userName); > } > But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder > class. > - String plainTextPwd = > prop.getProperty(RANGER_LOGIN_PASSWORD); > - try { > - password = > PasswordUtils.encryptPassword(plainTextPwd); > - } catch (IOException e) { > - throw new HadoopException("Unable to initialize > login info", e); > - } > - > +password = prop.getProperty(RANGER_LOGIN_PASSWORD); > Please refer to pic1.png. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
peng.jianhua created RANGER-1677: Summary: Unable to login to Hadoop environment after opened Kerberos. Key: RANGER-1677 URL: https://issues.apache.org/jira/browse/RANGER-1677 Project: Ranger Issue Type: Bug Components: plugins Reporter: peng.jianhua Assignee: peng.jianhua The BaseClient class used following code to login user. String encryptedPwd = configHolder.getPassword(); String password = PasswordUtils.decryptPassword(encryptedPwd); if ( configHolder.isKerberosAuthentication() ) { LOG.info("Init Login: using username/password"); loginSubject = SecureClientLogin.loginUserWithPassword(userName, password); } else { LOG.info("Init Login: security not enabled, using username"); loginSubject = SecureClientLogin.login(userName); } But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder class. - String plainTextPwd = prop.getProperty(RANGER_LOGIN_PASSWORD); - try { - password = PasswordUtils.encryptPassword(plainTextPwd); - } catch (IOException e) { - throw new HadoopException("Unable to initialize login info", e); - } - +password = prop.getProperty(RANGER_LOGIN_PASSWORD); Please refer to pic1 and pic2. -- This message was sent by Atlassian JIRA (v6.4.14#64029)