Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

2017-09-13 Thread Ramesh Mani 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/#review185372
---




security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 63 (patched)


name variables as userRole. Follow this pattern



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 133 (patched)


Please Indent the methods to start at same position, check all the methods



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 141 (patched)


Please use Apache CollectionUtils.isEmpty() if possible. Check all the 
other occurances of other similar checks



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 206 (patched)


Please check if currentEncryptedPassword can be null?



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 209 (patched)


can existingRole be null? Please verify



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 217 (patched)


if UserRole is going to be not null 
do UserRole.equalsIgnoreCase(existingRole.get(0)). Verify similar check and 
correct it where ever needed.



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 242 (patched)


Change this flag variable to "isUserAuthorized"



security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
Lines 247 (patched)


Authorized?


- Ramesh Mani


On Sept. 14, 2017, 4:33 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61553/
> ---
> 
> (Updated Sept. 14, 2017, 4:33 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1730
> https://issues.apache.org/jira/browse/RANGER-1730
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Actual :
> Provide utility to list user according to role.
> 
> Expected :
> Utility to list users for the given role based on thier authorization
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
>  PRE-CREATION 
>   
> security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml cb1aad2 
> 
> 
> Diff: https://reviews.apache.org/r/61553/diff/3/
> 
> 
> Testing
> ---
> 
> Tested on Simple against all roles
> Tested on Secure against all roles
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

[jira] [Commented] (RANGER-1774) When the security admin and mysql service is not the same computer, the security admin was installed failed.

2017-09-13 Thread Pradeep Agrawal (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165763#comment-16165763
 ] 

Pradeep Agrawal commented on RANGER-1774:
-

Ranger is supported on MySQL 5.6 version onwards, though it can be installed on 
5.1 and 5.5. Check the prerequisite section 
[here|https://cwiki.apache.org/confluence/display/RANGER/Ranger+Installation+Guide].
 If the issue is specific to your environment then you can use manual 
workaround; if you are facing the same issue with any sub version of MySQL 5.6 
then let me know.

> When the security admin and mysql service is not the same computer, the 
> security admin was installed failed.
> 
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to 
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525  [JISQL] /usr/java/jdk/bin/java  -cp 
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '' -noheader 
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant 
> all privileges' command. That is the following code segment should be add the 
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ..
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with 
> grant option;\"" %(db_name,db_user, host)
> ..
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread Nitin Galave (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165747#comment-16165747
 ] 

Nitin Galave edited comment on RANGER-1778 at 9/14/17 5:13 AM:
---

I have created the [BUG | https://issues.apache.org/jira/browse/RANGER-1781] 
that handles the above case also as bug refers to all component.We are already 
working on it.
Can you please close this bug?


was (Author: nitin.galave):
I have created the [BUG | https://issues.apache.org/jira/browse/RANGER-1781] 
that handles the above case also as it applies to all component.We are already 
working on it.

> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The current logic is as following:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> Above logic is error. The right logic should be as following:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Control relation values between "database" and "url" when user switched 
> them.That is, we should control the linkage of the switch for  "database" and 
> "url".
> Please refer to 
> https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread Nitin Galave (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165747#comment-16165747
 ] 

Nitin Galave edited comment on RANGER-1778 at 9/14/17 5:07 AM:
---

I have created the [BUG | https://issues.apache.org/jira/browse/RANGER-1781] 
that handles the above case also as it applies to all component.We are already 
working on it.


was (Author: nitin.galave):
I have created the [BUG | https://issues.apache.org/jira/browse/RANGER-1781] 
that handles the above case also as it applies to all component.

> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The current logic is as following:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> Above logic is error. The right logic should be as following:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Control relation values between "database" and "url" when user switched 
> them.That is, we should control the linkage of the switch for  "database" and 
> "url".
> Please refer to 
> https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread Nitin Galave (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165747#comment-16165747
 ] 

Nitin Galave commented on RANGER-1778:
--

I have created the [BUG | https://issues.apache.org/jira/browse/RANGER-1781] 
that handles the above case also as it applies to all component.

> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The current logic is as following:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> Above logic is error. The right logic should be as following:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Control relation values between "database" and "url" when user switched 
> them.That is, we should control the linkage of the switch for  "database" and 
> "url".
> Please refer to 
> https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1781) RangerUI :Policy create/edit form should display only relevant accesses based on the user-selected resource.

2017-09-13 Thread Nitin Galave (JIRA) 
Nitin Galave created RANGER-1781:


 Summary: RangerUI :Policy create/edit form should display only 
relevant accesses based on the user-selected resource.
 Key: RANGER-1781
 URL: https://issues.apache.org/jira/browse/RANGER-1781
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.0.0
Reporter: Nitin Galave
Assignee: Nitin Galave


Policy create/edit form should display only applicable set of access 
permissions based on the policy resource (excludedAccesses property) and not 
the entire set of permissions defined for the service definition.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 61553: RANGER-1730 : Utility script that will list the users with a given role

2017-09-13 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61553/
---

(Updated Sept. 14, 2017, 4:33 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1730
https://issues.apache.org/jira/browse/RANGER-1730


Repository: ranger


Description
---

Actual :
Provide utility to list user according to role.

Expected :
Utility to list users for the given role based on thier authorization


Diffs (updated)
-

  security-admin/scripts/rolebasedusersearchutil.py PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
 PRE-CREATION 
  
security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
 PRE-CREATION 
  src/main/assembly/admin-web.xml cb1aad2 


Diff: https://reviews.apache.org/r/61553/diff/3/

Changes: https://reviews.apache.org/r/61553/diff/2-3/


Testing
---

Tested on Simple against all roles
Tested on Secure against all roles


Thanks,

Fatima Khan

[jira] [Created] (RANGER-1780) Optimize Audit Logging by Aggregating/Skipping similar AuthzAuditEvents

2017-09-13 Thread Alejandro Fernandez (JIRA) 
Alejandro Fernandez created RANGER-1780:
---

 Summary: Optimize Audit Logging by Aggregating/Skipping similar 
AuthzAuditEvents
 Key: RANGER-1780
 URL: https://issues.apache.org/jira/browse/RANGER-1780
 Project: Ranger
  Issue Type: Improvement
  Components: audit
Affects Versions: 0.7.1
Reporter: Alejandro Fernandez
 Fix For: 1.0.0


When processing a list of AuthzAuditEvents, a chain of them can be grouped (or 
rather 2...n skipped) if they share similar attributes (same user, access type, 
access result, time window during the access time, etc.

https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62313: RANGER-1647: Allow Ranger policy conditions to use tag attributes and values in Ranger -- ranger0.7 branch

2017-09-13 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62313/
---

(Updated Sept. 13, 2017, 11:33 p.m.)


Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan 
Periasamy.


Changes
---

Missed upgrade patch file


Bugs: RANGER-1647
https://issues.apache.org/jira/browse/RANGER-1647


Repository: ranger


Description
---

Merged https://reviews.apache.org/r/60140/ to ranger-0.7 branch and added patch 
file to handle upgrades.


Diffs (updated)
-

  
security-admin/src/main/java/org/apache/ranger/patch/PatchForTagServiceDefUpdate_J10008.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/62313/diff/2/

Changes: https://reviews.apache.org/r/62313/diff/1-2/


Testing
---

1. Performed basic functionality tests
2. Ran all the unit tests with successfully.


Thanks,

Sailaja Polavarapu

[jira] [Reopened] (RANGER-1647) Allow Ranger policy conditions to use tag attributes and values in Ranger

2017-09-13 Thread Sailaja Polavarapu (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu reopened RANGER-1647:


Changes to be merged to ranger-0.7 branch as well. Hence reopening the issue.

> Allow Ranger policy conditions to use tag attributes and values in Ranger
> -
>
> Key: RANGER-1647
> URL: https://issues.apache.org/jira/browse/RANGER-1647
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Affects Versions: 0.7.1
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1647-Allow-Ranger-policy-conditions-to-use-ta.patch
>
>
> Support user to enter the policy conditions in java script format which will 
> be evaluated and enforced by the policy engine in the component during ranger 
> policy evaluation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Review Request 62313: RANGER-1647: Allow Ranger policy conditions to use tag attributes and values in Ranger -- ranger0.7 branch

2017-09-13 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62313/
---

Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, and Velmurugan 
Periasamy.


Bugs: RANGER-1647
https://issues.apache.org/jira/browse/RANGER-1647


Repository: ranger


Description
---

Merged https://reviews.apache.org/r/60140/ to ranger-0.7 branch and added patch 
file to handle upgrades.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptConditionEvaluator.java
 48ffc38 
  
agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerScriptExecutionContext.java
 acd96be 
  agents-common/src/main/resources/service-defs/ranger-servicedef-tag.json 
3bad222 
  agents-common/src/test/resources/policyengine/resourceTags.json 9523ca0 
  agents-common/src/test/resources/policyengine/test_policyengine_owner.json 
82a6632 
  agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json 
04b9afe 
  
agents-common/src/test/resources/policyengine/test_policyengine_tag_hive_filebased.json
 c2cb0b3 


Diff: https://reviews.apache.org/r/62313/diff/1/


Testing
---

1. Performed basic functionality tests
2. Ran all the unit tests with successfully.


Thanks,

Sailaja Polavarapu

[jira] [Updated] (RANGER-1647) Allow Ranger policy conditions to use tag attributes and values in Ranger

2017-09-13 Thread Sailaja Polavarapu (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu updated RANGER-1647:
---
Fix Version/s: 0.7.2

> Allow Ranger policy conditions to use tag attributes and values in Ranger
> -
>
> Key: RANGER-1647
> URL: https://issues.apache.org/jira/browse/RANGER-1647
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Affects Versions: 0.7.1
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
> Fix For: 1.0.0, 0.7.2
>
> Attachments: 
> 0001-RANGER-1647-Allow-Ranger-policy-conditions-to-use-ta.patch
>
>
> Support user to enter the policy conditions in java script format which will 
> be evaluated and enforced by the policy engine in the component during ranger 
> policy evaluation.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (RANGER-1774) When the security admin and mysql service is not the same computer, the security admin was installed failed.

2017-09-13 Thread peng.jianhua (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165446#comment-16165446
 ] 

peng.jianhua edited comment on RANGER-1774 at 9/13/17 11:10 PM:


[~vperiasamy], I configured the rangeradmin in install.properties to provide 
privileges (with grant option) to 'rangeradmin'@'%'.  I can see two records, 
which are the right result we hope, after executed "select user,host from 
mysql.user" command. Please refer to grant-privileges.png.
This problem only appears in a specific database version, such as 5.5.35-log, 
To be able to access specific version mysql, the ip address of the computer 
installed Ranger must be set explicitly.In other words, set the %, other 
machines can not also access the specific version mysql.
We should add the ip address of the computer installed Ranger. This has the 
following advantages:
1. Does not affect the existing program logic and functionality.
2. Resolved the problem that can not access specific mysql  version, such as 
the issue.

Do you agree with this view? That is to say we modify the issue to solve the 
problem and there is no any harm.


was (Author: peng.jianhua):
[~vperiasamy], I configured the rangeradmin in install.properties to provide 
privileges (with grant option) to 'rangeradmin'@'%'.  I can see two records, 
which are the right result we hope, after executed "select user,host from 
mysql.user" command. 
This problem only appears in a specific database version, such as 5.5.35-log, 
To be able to access specific version mysql, the ip address of the computer 
installed Ranger must be set explicitly.In other words, set the %, other 
machines can not also access the specific version mysql.
We should add the ip address of the computer installed Ranger. This has the 
following advantages:
1. Does not affect the existing program logic and functionality.
2. Resolved the problem that can not access specific mysql  version, such as 
the issue.

Do you agree with this view? That is to say we modify the issue to solve the 
problem and there is no any harm.

> When the security admin and mysql service is not the same computer, the 
> security admin was installed failed.
> 
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to 
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525  [JISQL] /usr/java/jdk/bin/java  -cp 
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '' -noheader 
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant 
> all privileges' command. That is the following code segment should be add the 
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ..
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with 
> grant option;\"" %(db_name,db_user, host)
> ..
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1774) When the security admin and mysql service is not the same computer, the security admin was installed failed.

2017-09-13 Thread peng.jianhua (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16165446#comment-16165446
 ] 

peng.jianhua commented on RANGER-1774:
--

[~vperiasamy], I configured the rangeradmin in install.properties to provide 
privileges (with grant option) to 'rangeradmin'@'%'.  I can see two records, 
which are the right result we hope, after executed "select user,host from 
mysql.user" command. 
This problem only appears in a specific database version, such as 5.5.35-log, 
To be able to access specific version mysql, the ip address of the computer 
installed Ranger must be set explicitly.In other words, set the %, other 
machines can not also access the specific version mysql.
We should add the ip address of the computer installed Ranger. This has the 
following advantages:
1. Does not affect the existing program logic and functionality.
2. Resolved the problem that can not access specific mysql  version, such as 
the issue.

Do you agree with this view? That is to say we modify the issue to solve the 
problem and there is no any harm.

> When the security admin and mysql service is not the same computer, the 
> security admin was installed failed.
> 
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to 
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525  [JISQL] /usr/java/jdk/bin/java  -cp 
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '' -noheader 
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant 
> all privileges' command. That is the following code segment should be add the 
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ..
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with 
> grant option;\"" %(db_name,db_user, host)
> ..
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1765) Add unique key constraint in x_group and x_group_users table

2017-09-13 Thread Pradeep Agrawal (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164713#comment-16164713
 ] 

Pradeep Agrawal commented on RANGER-1765:
-

Patch committed to Apache master branch : 
https://github.com/apache/ranger/commit/b83b168791ad7adb8d46032d0c111ee86c004fb8
Patch committed to Apache 0.7 branch : 
https://github.com/apache/ranger/commit/309abeff4118fc373d842297612bad18ebece2a1

> Add unique key constraint in x_group and x_group_users table
> 
>
> Key: RANGER-1765
> URL: https://issues.apache.org/jira/browse/RANGER-1765
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Critical
> Fix For: 1.0.0, 0.7.2
>
> Attachments: RANGER-1765-master.patch, RANGER-1765-ranger07.patch
>
>
> Currently, concurrent request to create a group or create group-users mapping 
> is causing duplicate entries of the same group in x_group table. This need to 
> be restricted in DB tables by creating relevant constraint on the table.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62181: RANGER-1765 : Add unique key constraint in x_group and x_group_users table

2017-09-13 Thread Pradeep Agrawal 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62181/#review185291
---


Ship it!




Ship It!

- Pradeep Agrawal


On Sept. 8, 2017, 4:12 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62181/
> ---
> 
> (Updated Sept. 8, 2017, 4:12 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1765
> https://issues.apache.org/jira/browse/RANGER-1765
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently, concurrent request to create a group or create group-users mapping 
> is causing duplicate entries of the same group in x_group table. This need to 
> be restricted in DB tables by creating relevant constraint on the table.
> 
> 
> Diffs
> -
> 
>   
> security-admin/db/mysql/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/oracle/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/postgres/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/sqlanywhere/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> c4710f2 
>   
> security-admin/db/sqlserver/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62181/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Tested Ranger Admin, Usersync, Ranger KMS with all database flavour.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Commented] (RANGER-1774) When the security admin and mysql service is not the same computer, the security admin was installed failed.

2017-09-13 Thread Velmurugan Periasamy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164702#comment-16164702
 ] 

Velmurugan Periasamy commented on RANGER-1774:
--

[~peng.jianhua] - did you provide privileges (with grant option)  to 
'rangeradmin'@'%' ? Ranger install expects users to provide a right db user 
with right privileges, so there is no security issue. 

> When the security admin and mysql service is not the same computer, the 
> security admin was installed failed.
> 
>
> Key: RANGER-1774
> URL: https://issues.apache.org/jira/browse/RANGER-1774
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: grant-privileges.png, mysql-version.png
>
>
> The security admin installed fail based on mysql 5.5.35-log version(refer to 
> mysql-version.png). The error log is as following:
> {code}
> 2017-09-12 13:21:05,525  [JISQL] /usr/java/jdk/bin/java  -cp 
> /usr/share/java/mysql-connector-java.jar:/opt/ZDH/parcels/lib/ranger/ranger-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.43.183.132/ranger -u 'rangeradmin' -p '' -noheader 
> -trim -c \; -query "SELECT version();"
> SQLException : SQL state: 28000 java.sql.SQLException: Access denied for user 
> 'rangeradmin'@'dap134-183' (using password: YES) ErrorCode: 1045
> {code}
> We should explicitly assign the ranger machine to access mysql using 'grant 
> all privileges' command. That is the following code segment should be add the 
> IP of the computer running security admin installer.
> {code:title=ranger/security-admin/scripts/dba_script.py|borderStyle=solid}
> hosts_arr =["%", "localhost"]
> if not self.host == "localhost": hosts_arr.append(self.host)
> for host in hosts_arr:
> ..
> query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with 
> grant option;\"" %(db_name,db_user, host)
> ..
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62074: RANGER-1765 : Add unique key constraint in x_group and x_group_users table

2017-09-13 Thread Pradeep Agrawal 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62074/#review185287
---


Ship it!




Ship It!

- Pradeep Agrawal


On Sept. 8, 2017, 4:14 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62074/
> ---
> 
> (Updated Sept. 8, 2017, 4:14 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1765
> https://issues.apache.org/jira/browse/RANGER-1765
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently, concurrent request to create a group or create group-users mapping 
> is causing duplicate entries of the same group in x_group table. This need to 
> be restricted in DB tables by creating relevant constraint on the table.
> 
> 
> Diffs
> -
> 
>   
> security-admin/db/mysql/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/oracle/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/postgres/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   
> security-admin/db/sqlanywhere/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> 68d3a05 
>   
> security-admin/db/sqlserver/patches/028-add-unique-constraint-on-table-x_group.sql
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62074/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Tested Ranger Admin, Usersync, Ranger KMS with all database flavour.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 62264: RANGER-1776:ranger-plugin-audit always show error.

2017-09-13 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62264/
---

(Updated 九月 13, 2017, 9:01 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Summary (updated)
-

RANGER-1776:ranger-plugin-audit always show error.


Bugs: RANGER-1776
https://issues.apache.org/jira/browse/RANGER-1776


Repository: ranger


Description
---

Ranger always show error , the reason is logJSON always return false :
AuditFileSpool.java
ret = consumerProvider.logJSON(lines);
if (!ret) {
// Need to log error after fixed interval
logError("Error sending logs to consumer. 
provider="
+ queueProvider.getName() + ", 
consumer="
+ consumerProvider.getName());
} else {
     
}
BufferedAuditProvider.java
   @Override
public boolean logJSON(Collection events) {
boolean ret = true;
for (String event : events) {
ret = logJSON(event);
if (!ret) {
break;
}
}
return false;
}

Here should return ret .


Diffs
-

  
agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java
 31b171e9 


Diff: https://reviews.apache.org/r/62264/diff/1/


Testing
---


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1776) ranger-plugin-audit always show error.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1776:
-
Summary: ranger-plugin-audit always show error.  (was: ranger-plugin-audit  
show log error.)

> ranger-plugin-audit always show error.
> --
>
> Key: RANGER-1776
> URL: https://issues.apache.org/jira/browse/RANGER-1776
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER_1776-ranger-plugin-audit-show-log-error.patch
>
>
> Ranger always show error , the reason is logJSON always return false :
> {code}
> AuditFileSpool.java
> ret = consumerProvider.logJSON(lines);
>   if (!ret) {
>   // Need to log error after fixed interval
>   logError("Error sending logs to consumer. 
> provider="
>   + queueProvider.getName() + ", 
> consumer="
>   + consumerProvider.getName());
>   } else {
>  
> }
> {code}
> {code}
> BufferedAuditProvider.java
>@Override
>   public boolean logJSON(Collection events) {
>   boolean ret = true;
>   for (String event : events) {
>   ret = logJSON(event);
>   if (!ret) {
>   break;
>   }
>   }
>   return false;
>   }
> {code}
> Here should return ret.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62269: The Ranger can not refresh screen and hide child menu when user clicks menu

2017-09-13 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62269/
---

(Updated 九月 13, 2017, 8:53 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Summary (updated)
-

The Ranger can not refresh screen and hide child menu when user clicks menu


Bugs: RANGER-1777
https://issues.apache.org/jira/browse/RANGER-1777


Repository: ranger


Description (updated)
---

Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger can not 
refresh screen and hide child menu.
At most web-menu-button ,such as 
https://issues.apache.org/jira/projects/RANGER, the sub-memu-buttons should be 
hide when you click menu.(see normal.jpg).
When you click "Access Manage" or "Settings" menu, the sub-memu-buttons is not 
hide(see ranger-not-hide.jpg) in Ranger. 
We should modify the control logic of Ranger menu to keep consistent with 
https://issues.apache.org/jira/projects/RANGER.


Diffs
-

  security-admin/src/main/webapp/scripts/views/common/TopNav.js bc5d17c4 


Diff: https://reviews.apache.org/r/62269/diff/1/


Testing
---


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1777) The Ranger can not refresh screen and hide child menu when user clicks menu

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1777:
-
Attachment: (was: ranger-hide.jpg)

> The Ranger can not refresh screen and hide child menu when user clicks menu
> ---
>
> Key: RANGER-1777
> URL: https://issues.apache.org/jira/browse/RANGER-1777
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER-1777-A-button-problem.patch, normal.jpg, 
> ranger-not-hide.jpg
>
>
> Like https://issues.apache.org/jira/projects/RANGER, related web screen will 
> be refresh and child menu will be hided when user clicked menu. But Ranger 
> can not refresh screen and hide child menu.
> At most web-menu-button ,such as  
> https://issues.apache.org/jira/projects/RANGER, the sub-memu-buttons should 
> be hide when you click menu.(see normal.jpg).
> When you click "Access Manage" or "Settings" menu, the sub-memu-buttons is 
> not hide(see ranger-not-hide.jpg) in Ranger. 
> We should modify the control logic of Ranger menu to  keep consistent with 
> https://issues.apache.org/jira/projects/RANGER.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1777) The Ranger can not refresh screen and hide child menu when user clicks menu

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1777:
-
Description: 
Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger can not 
refresh screen and hide child menu.

At most web-menu-button ,such as  
https://issues.apache.org/jira/projects/RANGER, the sub-memu-buttons should be 
hide when you click menu.(see normal.jpg).
When you click "Access Manage" or "Settings" menu, the sub-memu-buttons is not 
hide(see ranger-not-hide.jpg) in Ranger. 
We should modify the control logic of Ranger menu to  keep consistent with 
https://issues.apache.org/jira/projects/RANGER.

  was:
Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger can not 
refresh screen and hide child menu.

At most web-menu-button ,such as http://issues.apache.org. When you click ,the 
sub-memu-buttons should be hide(see normal.jpg).
Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when you 
click "Admin" button,it's ok(see ranger-hide.jpg).
So I think it's better to be modifyed in Ranger JS code.


> The Ranger can not refresh screen and hide child menu when user clicks menu
> ---
>
> Key: RANGER-1777
> URL: https://issues.apache.org/jira/browse/RANGER-1777
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER-1777-A-button-problem.patch, normal.jpg, 
> ranger-hide.jpg, ranger-not-hide.jpg
>
>
> Like https://issues.apache.org/jira/projects/RANGER, related web screen will 
> be refresh and child menu will be hided when user clicked menu. But Ranger 
> can not refresh screen and hide child menu.
> At most web-menu-button ,such as  
> https://issues.apache.org/jira/projects/RANGER, the sub-memu-buttons should 
> be hide when you click menu.(see normal.jpg).
> When you click "Access Manage" or "Settings" menu, the sub-memu-buttons is 
> not hide(see ranger-not-hide.jpg) in Ranger. 
> We should modify the control logic of Ranger menu to  keep consistent with 
> https://issues.apache.org/jira/projects/RANGER.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1777) The Ranger can not refresh screen and hide child menu when user clicks menu

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1777:
-
Description: 
Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger can not 
refresh screen and hide child menu.

At most web-menu-button ,such as http://issues.apache.org. When you click ,the 
sub-memu-buttons should be hide(see normal.jpg).
Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when you 
click "Admin" button,it's ok(see ranger-hide.jpg).
So I think it's better to be modifyed in Ranger JS code.

  was:
Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger does 
not refresh screen and hide child menu.

At most web-menu-button ,such as http://issues.apache.org. When you click ,the 
sub-memu-buttons should be hide(see normal.jpg).
Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when you 
click "Admin" button,it's ok(see ranger-hide.jpg).
So I think it's better to be modifyed in Ranger JS code.


> The Ranger can not refresh screen and hide child menu when user clicks menu
> ---
>
> Key: RANGER-1777
> URL: https://issues.apache.org/jira/browse/RANGER-1777
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER-1777-A-button-problem.patch, normal.jpg, 
> ranger-hide.jpg, ranger-not-hide.jpg
>
>
> Like https://issues.apache.org/jira/projects/RANGER, related web screen will 
> be refresh and child menu will be hided when user clicked menu. But Ranger 
> can not refresh screen and hide child menu.
> At most web-menu-button ,such as http://issues.apache.org. When you click 
> ,the sub-memu-buttons should be hide(see normal.jpg).
> Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
> button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when 
> you click "Admin" button,it's ok(see ranger-hide.jpg).
> So I think it's better to be modifyed in Ranger JS code.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1777) The Ranger can not refresh screen and hide child menu when user clicks menu

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1777:
-
Summary: The Ranger can not refresh screen and hide child menu when user 
clicks menu  (was: A button problem)

> The Ranger can not refresh screen and hide child menu when user clicks menu
> ---
>
> Key: RANGER-1777
> URL: https://issues.apache.org/jira/browse/RANGER-1777
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER-1777-A-button-problem.patch, normal.jpg, 
> ranger-hide.jpg, ranger-not-hide.jpg
>
>
> Like https://issues.apache.org/jira/projects/RANGER, related web screen will 
> be refresh and child menu will be hided when user clicked menu. But Ranger 
> does not refresh screen and hide child menu.
> At most web-menu-button ,such as http://issues.apache.org. When you click 
> ,the sub-memu-buttons should be hide(see normal.jpg).
> Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
> button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when 
> you click "Admin" button,it's ok(see ranger-hide.jpg).
> So I think it's better to be modifyed in Ranger JS code.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1777) A button problem

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1777:
-
Description: 
Like https://issues.apache.org/jira/projects/RANGER, related web screen will be 
refresh and child menu will be hided when user clicked menu. But Ranger does 
not refresh screen and hide child menu.

At most web-menu-button ,such as http://issues.apache.org. When you click ,the 
sub-memu-buttons should be hide(see normal.jpg).
Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when you 
click "Admin" button,it's ok(see ranger-hide.jpg).
So I think it's better to be modifyed in Ranger JS code.

  was:
At most web-menu-button ,such as http://issues.apache.org. When you click ,the 
sub-memu-buttons should be hide(see normal.jpg).
Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when you 
click "Admin" button,it's ok(see ranger-hide.jpg).
So I think it's better to be modifyed in Ranger JS code.


> A button problem
> 
>
> Key: RANGER-1777
> URL: https://issues.apache.org/jira/browse/RANGER-1777
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Attachments: 0001-RANGER-1777-A-button-problem.patch, normal.jpg, 
> ranger-hide.jpg, ranger-not-hide.jpg
>
>
> Like https://issues.apache.org/jira/projects/RANGER, related web screen will 
> be refresh and child menu will be hided when user clicked menu. But Ranger 
> does not refresh screen and hide child menu.
> At most web-menu-button ,such as http://issues.apache.org. When you click 
> ,the sub-memu-buttons should be hide(see normal.jpg).
> Else,at ranger web-menu-button, when you click "Access Manage" or "Settings" 
> button, the sub-memu-buttons is not hide(see ranger-not-hide.jpg). But when 
> you click "Admin" button,it's ok(see ranger-hide.jpg).
> So I think it's better to be modifyed in Ranger JS code.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1779) last resource gets duplicated during update policy if policy is created through public api rest call

2017-09-13 Thread Deepak Sharma (JIRA) 
Deepak Sharma created RANGER-1779:
-

 Summary: last resource gets duplicated during update policy if 
policy is created through public api rest call
 Key: RANGER-1779
 URL: https://issues.apache.org/jira/browse/RANGER-1779
 Project: Ranger
  Issue Type: Bug
  Components: admin
Affects Versions: master
Reporter: Deepak Sharma


scenario:
1) create a policy with multiple resource *,default using public api
2) go to ranger admin ui and update the policy without any change
3) again view the policy.

Issue:
default gets duplicated as resource in the policy.
and even new entry is added in resource map table for the last resource.





--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1778:
-
Issue Type: Bug  (was: Improvement)

> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The current logic is as following:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> Above logic is error. The right logic should be as following:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Control relation values between "database" and "url" when user switched 
> them.That is, we should control the linkage of the switch for  "database" and 
> "url".
> Please refer to 
> https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (RANGER-1779) last resource gets duplicated during update policy if policy is created through public api rest call

2017-09-13 Thread Deepak Sharma (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Deepak Sharma reassigned RANGER-1779:
-

Assignee: Nikhil Purbhe

> last resource gets duplicated during update policy if policy is created 
> through public api rest call
> 
>
> Key: RANGER-1779
> URL: https://issues.apache.org/jira/browse/RANGER-1779
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: master
>Reporter: Deepak Sharma
>Assignee: Nikhil Purbhe
>
> scenario:
> 1) create a policy with multiple resource *,default using public api
> 2) go to ranger admin ui and update the policy without any change
> 3) again view the policy.
> Issue:
> default gets duplicated as resource in the policy.
> and even new entry is added in resource map table for the last resource.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1778:
-
Description: 
The current logic is as following:
1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"

Above logic is error. The right logic should be as following:
1、If policy choose “database”, the  Permissions can not choose "Read" and 
"Write"
2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
3、Control relation values between "database" and "url" when user switched 
them.That is, we should control the linkage of the switch for  "database" and 
"url".

Please refer to 
https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html

  was:
The Ranger Hive Plugin Web have some problems:
1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"

I will modify:
1、If policy choose “database”, the  Permissions can not choose "Read" and 
"Write"
2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
3、Add judge if choose  “database” or "url"


> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The current logic is as following:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> Above logic is error. The right logic should be as following:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Control relation values between "database" and "url" when user switched 
> them.That is, we should control the linkage of the switch for  "database" and 
> "url".
> Please refer to 
> https://community.hortonworks.com/questions/135781/ranger-hive-read-and-write-permissions.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1778) The logical of the policy details for Ranger Hive Plugin is error.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1778:
-
Summary: The logical of the policy details for Ranger Hive Plugin is error. 
 (was: Policy Details  should inprovement in Ranger Hive Plugin)

> The logical of the policy details for Ranger Hive Plugin is error.
> --
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The Ranger Hive Plugin Web have some problems:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> I will modify:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Add judge if choose  “database” or "url"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1778) Policy Details should inprovement in Ranger Hive Plugin

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1778?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1778:
-
Description: 
The Ranger Hive Plugin Web have some problems:
1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"

I will modify:
1、If policy choose “database”, the  Permissions can not choose "Read" and 
"Write"
2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
3、Add judge if choose  “database” or "url"

  was:
In Ranger Hive Plugin Web, have some problem:
1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"

I will modify:
1、If policy choose “database”, the  Permissions can not choose "Read" and 
"Write"
2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
3、Add judge if choose  “database” or "url"


> Policy Details  should inprovement in Ranger Hive Plugin
> 
>
> Key: RANGER-1778
> URL: https://issues.apache.org/jira/browse/RANGER-1778
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>
> The Ranger Hive Plugin Web have some problems:
> 1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
> 2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"
> I will modify:
> 1、If policy choose “database”, the  Permissions can not choose "Read" and 
> "Write"
> 2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
> 3、Add judge if choose  “database” or "url"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1778) Policy Details should inprovement in Ranger Hive Plugin

2017-09-13 Thread peng.jianhua (JIRA) 
peng.jianhua created RANGER-1778:


 Summary: Policy Details  should inprovement in Ranger Hive Plugin
 Key: RANGER-1778
 URL: https://issues.apache.org/jira/browse/RANGER-1778
 Project: Ranger
  Issue Type: Improvement
  Components: plugins, Ranger
Affects Versions: 1.0.0, master
Reporter: peng.jianhua
Assignee: peng.jianhua


In Ranger Hive Plugin Web, have some problem:
1、If policy choose “database”, the  Permissions can choose "Read" and "Write"
2、If policy choose “url”, the  Permissions can not  choose "Read" and "Write"

I will modify:
1、If policy choose “database”, the  Permissions can not choose "Read" and 
"Write"
2、If policy choose “url”, the  Permissions can only choose "Read" and "Write"
3、Add judge if choose  “database” or "url"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (RANGER-1654) HDFS plugin should support hdfs federation.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua resolved RANGER-1654.
--
Resolution: Invalid

> HDFS plugin should support hdfs federation.
> ---
>
> Key: RANGER-1654
> URL: https://issues.apache.org/jira/browse/RANGER-1654
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
>
> reference:
> http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/Federation.html
> Now the Ranger doesn't support  hdfs federation. We should support it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (RANGER-1655) Execute showPrivileges failure in hive client after installed ranger hive plugin.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua resolved RANGER-1655.
--
Resolution: Invalid

> Execute showPrivileges failure in hive client after installed ranger hive 
> plugin.
> -
>
> Key: RANGER-1655
> URL: https://issues.apache.org/jira/browse/RANGER-1655
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
>
> ERROR org.apache.hive.service.cli.operation.Operation: Error running hive 
> query:
> org.apache.hive.service.cli.HiveSQLException: Error while processing 
> statement: FAILED: Execution Error, return code 1 from 
> org.apache.hadoop.hive.ql.exec.DDLTask. showPrivileges() not implemented in 
> Ranger HiveAuthorizer
> at 
> org.apache.hive.service.cli.operation.Operation.toSQLException(Operation.java:387)
> at 
> org.apache.hive.service.cli.operation.SQLOperation.runQuery(SQLOperation.java:240)
> at 
> org.apache.hive.service.cli.operation.SQLOperation.access$400(SQLOperation.java:92)
> at 
> org.apache.hive.service.cli.operation.SQLOperation$2$1.run(SQLOperation.java:313)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> at 
> org.apache.hive.service.cli.operation.SQLOperation$2.run(SQLOperation.java:328)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: 
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  showPrivileges() not implemented in Ranger HiveAuthorizer
> at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerBase.throwNotImplementedException(RangerHiveAuthorizerBase.java:225)
> at 
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerBase.showPrivileges(RangerHiveAuthorizerBase.java:129)
> at org.apache.hadoop.hive.ql.exec.DDLTask.showGrants(DDLTask.java:737)
> at org.apache.hadoop.hive.ql.exec.DDLTask.execute(DDLTask.java:517)
> at org.apache.hadoop.hive.ql.exec.Task.executeTask(Task.java:197)
> at 
> org.apache.hadoop.hive.ql.exec.TaskRunner.runSequential(TaskRunner.java:100)
> at org.apache.hadoop.hive.ql.Driver.launchTask(Driver.java:1917)
> at org.apache.hadoop.hive.ql.Driver.execute(Driver.java:1586)
> at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1331)
> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1092)
> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1085)
> at 
> org.apache.hive.service.cli.operation.SQLOperation.runQuery(SQLOperation.java:238)
> ... 11 more



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (RANGER-1694) Execute 007-updateBlankPolicyName.sql failed in some mysql environment, which will cause ranger-admin start fail.

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua resolved RANGER-1694.
--
Resolution: Invalid

> Execute 007-updateBlankPolicyName.sql failed in some mysql environment, which 
> will cause ranger-admin start fail.
> -
>
> Key: RANGER-1694
> URL: https://issues.apache.org/jira/browse/RANGER-1694
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
>
> Environment:
> mysql  Ver 14.14 Distrib 5.5.35, for linux2.6 (x86_64).
> There are following error when installed ranger admin.
> Error executing: CREATE FUNCTION `getTempPolicyCount`(assetId bigint, resId 
> bigint) RETURNS int(11) BEGIN DECLARE tempPolicyCount int default 1; DECLARE 
> dbResourceId bigint; DECLARE exitLoop int DEFAULT FALSE; DECLARE policyList 
> CURSOR FOR   SELECT id from x_resource where asset_id = assetId; DECLARE 
> CONTINUE HANDLER FOR NOT FOUND SET exitLoop = true; OPEN policyList; 
> readPolicy : LOOP  FETCH policyList into dbResourceId; IF exitLoop 
> THENset tempPolicyCount = tempPolicyCount + 1;  
> LEAVE readPolicy;   END IF; IF (resId = dbResourceId) THEN
>   LEAVE readPolicy;   END IF; set tempPolicyCount = 
> tempPolicyCount + 1; END LOOP; CLOSE policyList; RETURN tempPolicyCount; END  
> java.sql.SQLException: This function has none of DETERMINISTIC, NO SQL, or 
> READS SQL DATA in its declaration and binary logging is enabled (you *might* 
> want to use the less safe log_bin_trust_function_creators variable)
> SQLException : SQL state: HY000 java.sql.SQLException: This function has none 
> of DETERMINISTIC, NO SQL, or READS SQL DATA in its declaration and binary 
> logging is enabled (you *might* want to use the less safe 
> log_bin_trust_function_creators variable) ErrorCode: 1418
> Lots of tables are not created in ranger db after installed ranger admin. So 
> start ranger admin fail.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (RANGER-1569) All security configuration data will be loss in big data platform when the ranger was halt. It is so serious that users can not afford this serious result at all once i

2017-09-13 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua resolved RANGER-1569.
--
Resolution: Invalid

> All security configuration data will be loss in big data platform when the 
> ranger was halt. It is so serious that users can not afford this serious 
> result at all once it happens.
> --
>
> Key: RANGER-1569
> URL: https://issues.apache.org/jira/browse/RANGER-1569
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: newbie
>
> Ranger is a framework to enable, monitor and manage comprehensive data 
> security across the Hadoop platform. All security configuration data will be 
> loss in big data platform when the ranger was halt. It is so serious that 
> users can not afford this serious result at all once it happens.
> We should provide high availability to solve this problem.
> We are developing the function.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62264: RANGER-1776 ranger-plugin-audit show log error.

2017-09-13 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62264/#review185267
---


Ship it!




Ship It!

- Qiang Zhang


On 九月 13, 2017, 1:32 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62264/
> ---
> 
> (Updated 九月 13, 2017, 1:32 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1776
> https://issues.apache.org/jira/browse/RANGER-1776
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger always show error , the reason is logJSON always return false :
> AuditFileSpool.java
> ret = consumerProvider.logJSON(lines);
>   if (!ret) {
>   // Need to log error after fixed interval
>   logError("Error sending logs to consumer. 
> provider="
>   + queueProvider.getName() + ", 
> consumer="
>   + consumerProvider.getName());
>   } else {
>  
> }
> BufferedAuditProvider.java
>@Override
>   public boolean logJSON(Collection events) {
>   boolean ret = true;
>   for (String event : events) {
>   ret = logJSON(event);
>   if (!ret) {
>   break;
>   }
>   }
>   return false;
>   }
> 
> Here should return ret .
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java
>  31b171e9 
> 
> 
> Diff: https://reviews.apache.org/r/62264/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>