[jira] [Commented] (RANGER-1661) Default policy for KMS audits is pointing to incorrect location
[ https://issues.apache.org/jira/browse/RANGER-1661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16077628#comment-16077628 ] bhavik patel commented on RANGER-1661: -- [~abajwa] I have checked on *master* as well as on *ranger-0.7* branches the default policy is pointing to "/ranger/audit/kms". > Default policy for KMS audits is pointing to incorrect location > --- > > Key: RANGER-1661 > URL: https://issues.apache.org/jira/browse/RANGER-1661 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0 >Reporter: Ali Bajwa > Fix For: 1.0.0, 0.7.2 > > Attachments: Screen Shot 2017-06-21 at 12.01.26 PM.png, Screen Shot > 2017-06-21 at 12.01.43 PM.png > > > After installing Ranger, there is policy for KMS audits already created in > HDFS policies...but it seems to be pointing incorrect location. It points to > /ranger/kms/audit but Ambari defaults xasecure.audit.destination.hdfs.dir to > hdfs://myhost:8020/ranger/audit > I believe the default policy should also point to /ranger/audit/kms > Env used: HDP 2.6.1.0-129 > $ rpm -qa | grep ranger > ranger_2_6_1_0_129-admin-0.7.0.2.6.1.0-129.x86_64 > $ rpm -qa | grep ambari > ambari-agent-2.5.0.3-7.x86_64 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 60696: In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60696/
---
Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
Bugs: RANGER-1678
https://issues.apache.org/jira/browse/RANGER-1678
Repository: ranger
Description (updated)
---
In agents-audit module, there are following two places of writing audit logs to
solr:
1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
2. org.apache.ranger.audit.destination.SolrAuditDestination.
Above classes use the same method( "MiscUtil.executePrivilegedAction") to send
the audit logs to solr. Codes is as following
final UpdateResponse response = MiscUtil.executePrivilegedAction(new
PrivilegedExceptionAction() {
@Override
public UpdateResponse run() throws Exception {
return solrClient.add(docs);
}
});
We should extract the common method to let our codes more cleaner and reduce
the possibility of new issue.
Diffs (updated)
-
agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
14ad791
agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java
e0c192c
agents-audit/src/main/java/org/apache/ranger/audit/utils/SolrAppUtil.java
PRE-CREATION
Diff: https://reviews.apache.org/r/60696/diff/1/
Testing
---
Thanks,
pengjianhua
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[
https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1678:
-
Attachment: 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch
> In different places to achieve the same function using repeat codes, new
> issue is perhaps generated when these functions are modified.
> --
>
> Key: RANGER-1678
> URL: https://issues.apache.org/jira/browse/RANGER-1678
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
> Fix For: master
>
> Attachments:
> 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch
>
>
> In agents-audit module, there are following two places of writing audit logs
> to solr:
> 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
> 2. org.apache.ranger.audit.destination.SolrAuditDestination.
> Above classes use the same method( "MiscUtil.executePrivilegedAction") to
> send the audit logs to solr. Codes is as following
> final UpdateResponse response = MiscUtil.executePrivilegedAction(new
> PrivilegedExceptionAction() {
> @Override
> public UpdateResponse run() throws Exception {
> return solrClient.add(docs);
> }
> });
> We should extract the common method to let our codes more cleaner and reduce
> the possibility of new issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[
https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1678:
-
Attachment: (was:
0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch)
> In different places to achieve the same function using repeat codes, new
> issue is perhaps generated when these functions are modified.
> --
>
> Key: RANGER-1678
> URL: https://issues.apache.org/jira/browse/RANGER-1678
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
> Fix For: master
>
>
> In agents-audit module, there are following two places of writing audit logs
> to solr:
> 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
> 2. org.apache.ranger.audit.destination.SolrAuditDestination.
> Above classes use the same method( "MiscUtil.executePrivilegedAction") to
> send the audit logs to solr. Codes is as following
> final UpdateResponse response = MiscUtil.executePrivilegedAction(new
> PrivilegedExceptionAction() {
> @Override
> public UpdateResponse run() throws Exception {
> return solrClient.add(docs);
> }
> });
> We should extract the common method to let our codes more cleaner and reduce
> the possibility of new issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (RANGER-1678) In different places to achieve the same function using repeat codes, new issue is perhaps generated when these functions are modified.
[
https://issues.apache.org/jira/browse/RANGER-1678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1678:
-
Summary: In different places to achieve the same function using repeat
codes, new issue is perhaps generated when these functions are modified. (was:
In different places to achieve the same function using repeat codes, new issue
is perhaps generated when these functions is modified.)
> In different places to achieve the same function using repeat codes, new
> issue is perhaps generated when these functions are modified.
> --
>
> Key: RANGER-1678
> URL: https://issues.apache.org/jira/browse/RANGER-1678
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
> Fix For: master
>
> Attachments:
> 0001-RANGER-1678-In-different-places-to-achieve-the-same-.patch
>
>
> In agents-audit module, there are following two places of writing audit logs
> to solr:
> 1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
> 2. org.apache.ranger.audit.destination.SolrAuditDestination.
> Above classes use the same method( "MiscUtil.executePrivilegedAction") to
> send the audit logs to solr. Codes is as following
> final UpdateResponse response = MiscUtil.executePrivilegedAction(new
> PrivilegedExceptionAction() {
> @Override
> public UpdateResponse run() throws Exception {
> return solrClient.add(docs);
> }
> });
> We should extract the common method to let our codes more cleaner and reduce
> the possibility of new issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Created] (RANGER-1678) In different places to achieve the same function, once the function is modified, it is easy to miss one of them, thus importing a new issue. We should extract the common
peng.jianhua created RANGER-1678:
Summary: In different places to achieve the same function, once
the function is modified, it is easy to miss one of them, thus importing a new
issue. We should extract the common method for writing ranger audit logs to
solr.
Key: RANGER-1678
URL: https://issues.apache.org/jira/browse/RANGER-1678
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: peng.jianhua
Assignee: peng.jianhua
Fix For: master
In agents-audit module, there are following two places of writing audit logs to
solr:
1. org.apache.ranger.audit.provider.solr.SolrAuditProvider.
2. org.apache.ranger.audit.destination.SolrAuditDestination.
Above classes use the same method( "MiscUtil.executePrivilegedAction") to send
the audit logs to solr. Codes is as following
final UpdateResponse response = MiscUtil.executePrivilegedAction(new
PrivilegedExceptionAction() {
@Override
public UpdateResponse run() throws Exception {
return solrClient.add(docs);
}
});
We should extract the common method to let our codes more cleaner and reduce
the possibility of new issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[
https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1677:
-
Attachment: pic1.png
> Unable to login to Hadoop environment after opened Kerberos.
>
>
> Key: RANGER-1677
> URL: https://issues.apache.org/jira/browse/RANGER-1677
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
> Attachments: pic1.png
>
>
> The BaseClient class used following code to login user.
> String encryptedPwd = configHolder.getPassword();
> String password = PasswordUtils.decryptPassword(encryptedPwd);
> if ( configHolder.isKerberosAuthentication() ) {
> LOG.info("Init Login: using username/password");
> loginSubject = SecureClientLogin.loginUserWithPassword(userName,
> password);
> }
> else {
> LOG.info("Init Login: security not enabled, using username");
> loginSubject = SecureClientLogin.login(userName);
> }
> But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
> class.
> - String plainTextPwd =
> prop.getProperty(RANGER_LOGIN_PASSWORD);
> - try {
> - password =
> PasswordUtils.encryptPassword(plainTextPwd);
> - } catch (IOException e) {
> - throw new HadoopException("Unable to initialize
> login info", e);
> - }
> -
> +password = prop.getProperty(RANGER_LOGIN_PASSWORD);
> Please refer to pic1.png.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[
https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1677:
-
Attachment: (was: pic1.png)
> Unable to login to Hadoop environment after opened Kerberos.
>
>
> Key: RANGER-1677
> URL: https://issues.apache.org/jira/browse/RANGER-1677
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
>
> The BaseClient class used following code to login user.
> String encryptedPwd = configHolder.getPassword();
> String password = PasswordUtils.decryptPassword(encryptedPwd);
> if ( configHolder.isKerberosAuthentication() ) {
> LOG.info("Init Login: using username/password");
> loginSubject = SecureClientLogin.loginUserWithPassword(userName,
> password);
> }
> else {
> LOG.info("Init Login: security not enabled, using username");
> loginSubject = SecureClientLogin.login(userName);
> }
> But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
> class.
> - String plainTextPwd =
> prop.getProperty(RANGER_LOGIN_PASSWORD);
> - try {
> - password =
> PasswordUtils.encryptPassword(plainTextPwd);
> - } catch (IOException e) {
> - throw new HadoopException("Unable to initialize
> login info", e);
> - }
> -
> +password = prop.getProperty(RANGER_LOGIN_PASSWORD);
> Please refer to pic1.png.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Updated] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
[
https://issues.apache.org/jira/browse/RANGER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
peng.jianhua updated RANGER-1677:
-
Description:
The BaseClient class used following code to login user.
String encryptedPwd = configHolder.getPassword();
String password = PasswordUtils.decryptPassword(encryptedPwd);
if ( configHolder.isKerberosAuthentication() ) {
LOG.info("Init Login: using username/password");
loginSubject = SecureClientLogin.loginUserWithPassword(userName, password);
}
else {
LOG.info("Init Login: security not enabled, using username");
loginSubject = SecureClientLogin.login(userName);
}
But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
class.
- String plainTextPwd =
prop.getProperty(RANGER_LOGIN_PASSWORD);
- try {
- password =
PasswordUtils.encryptPassword(plainTextPwd);
- } catch (IOException e) {
- throw new HadoopException("Unable to initialize
login info", e);
- }
-
+password = prop.getProperty(RANGER_LOGIN_PASSWORD);
Please refer to pic1.png.
was:
The BaseClient class used following code to login user.
String encryptedPwd = configHolder.getPassword();
String password = PasswordUtils.decryptPassword(encryptedPwd);
if ( configHolder.isKerberosAuthentication() ) {
LOG.info("Init Login: using username/password");
loginSubject = SecureClientLogin.loginUserWithPassword(userName, password);
}
else {
LOG.info("Init Login: security not enabled, using username");
loginSubject = SecureClientLogin.login(userName);
}
But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
class.
- String plainTextPwd =
prop.getProperty(RANGER_LOGIN_PASSWORD);
- try {
- password =
PasswordUtils.encryptPassword(plainTextPwd);
- } catch (IOException e) {
- throw new HadoopException("Unable to initialize
login info", e);
- }
-
+password = prop.getProperty(RANGER_LOGIN_PASSWORD);
Please refer to pic1 and pic2.
> Unable to login to Hadoop environment after opened Kerberos.
>
>
> Key: RANGER-1677
> URL: https://issues.apache.org/jira/browse/RANGER-1677
> Project: Ranger
> Issue Type: Bug
> Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Labels: newbie, patch
>
> The BaseClient class used following code to login user.
> String encryptedPwd = configHolder.getPassword();
> String password = PasswordUtils.decryptPassword(encryptedPwd);
> if ( configHolder.isKerberosAuthentication() ) {
> LOG.info("Init Login: using username/password");
> loginSubject = SecureClientLogin.loginUserWithPassword(userName,
> password);
> }
> else {
> LOG.info("Init Login: security not enabled, using username");
> loginSubject = SecureClientLogin.login(userName);
> }
> But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
> class.
> - String plainTextPwd =
> prop.getProperty(RANGER_LOGIN_PASSWORD);
> - try {
> - password =
> PasswordUtils.encryptPassword(plainTextPwd);
> - } catch (IOException e) {
> - throw new HadoopException("Unable to initialize
> login info", e);
> - }
> -
> +password = prop.getProperty(RANGER_LOGIN_PASSWORD);
> Please refer to pic1.png.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Created] (RANGER-1677) Unable to login to Hadoop environment after opened Kerberos.
peng.jianhua created RANGER-1677:
Summary: Unable to login to Hadoop environment after opened
Kerberos.
Key: RANGER-1677
URL: https://issues.apache.org/jira/browse/RANGER-1677
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: peng.jianhua
Assignee: peng.jianhua
The BaseClient class used following code to login user.
String encryptedPwd = configHolder.getPassword();
String password = PasswordUtils.decryptPassword(encryptedPwd);
if ( configHolder.isKerberosAuthentication() ) {
LOG.info("Init Login: using username/password");
loginSubject = SecureClientLogin.loginUserWithPassword(userName, password);
}
else {
LOG.info("Init Login: security not enabled, using username");
loginSubject = SecureClientLogin.login(userName);
}
But the encrypt function was removed by RANGER-1571 in HadoopConfigHolder
class.
- String plainTextPwd =
prop.getProperty(RANGER_LOGIN_PASSWORD);
- try {
- password =
PasswordUtils.encryptPassword(plainTextPwd);
- } catch (IOException e) {
- throw new HadoopException("Unable to initialize
login info", e);
- }
-
+password = prop.getProperty(RANGER_LOGIN_PASSWORD);
Please refer to pic1 and pic2.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
