[jira] [Updated] (RANGER-1828) Good coding practice-add additional headers in ranger
[ https://issues.apache.org/jira/browse/RANGER-1828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nikhil Purbhe updated RANGER-1828: -- Attachment: RANGER-1828 > Good coding practice-add additional headers in ranger > - > > Key: RANGER-1828 > URL: https://issues.apache.org/jira/browse/RANGER-1828 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nikhil Purbhe >Assignee: Nikhil Purbhe > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1828 > > > Good coding practice-add additional headers in ranger -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1176) Ranger admin does not allow to create / update a policy with only delegate admin permission
[ https://issues.apache.org/jira/browse/RANGER-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Galave updated RANGER-1176: - Attachment: RANGER-1176.patch > Ranger admin does not allow to create / update a policy with only delegate > admin permission > --- > > Key: RANGER-1176 > URL: https://issues.apache.org/jira/browse/RANGER-1176 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 0.5.0 >Reporter: Vipin Rathor >Assignee: Nitin Galave >Priority: Minor > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1176.patch > > > As of RANGER-436, a policy with empty access list is valid if delegated admin > is true. But the Ranger Admin UI doesn't allow user to create / update a > policy with only the 'delegate admin' permission for a user / group. > Expected Result: > Create / update policy with only 'delegate admin' permission should be > allowed via Ranger Admin UI > Actual Result: > Upon saving, the create page throws this error for user: > "Please add permission(s) for the selected User, else User will not be added." > And similar error for group: > "Please add permission(s) for the selected Group, else Group will not be > added." > Workaround: > As of now, the workaround is to create / update the policy via REST API. But > the only caveat is user will not be able to edit the policy again via Admin > UI. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62724: RANGER-1822 - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62724/#review187613 --- Ship it! Ship It! - Alejandro Fernandez On Oct. 2, 2017, 2:11 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62724/ > --- > > (Updated Oct. 2, 2017, 2:11 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1822 > https://issues.apache.org/jira/browse/RANGER-1822 > > > Repository: ranger > > > Description > --- > > This task is to remove the ssoEnabled accessors in > RangerSSOAuthenticationFilter. "ssoEnabled" is currently a class variable, > but it is overridden every time in the doFilter method. It should instead > just be created per-request in doFilter. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 481fe8e7 > > > Diff: https://reviews.apache.org/r/62724/diff/1/ > > > Testing > --- > > Tested with Knox. > > > Thanks, > > Colm O hEigeartaigh > >
Re: Review Request 62724: RANGER-1822 - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62724/#review187609 --- Ship it! Ship It! - Velmurugan Periasamy On Oct. 2, 2017, 2:11 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62724/ > --- > > (Updated Oct. 2, 2017, 2:11 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1822 > https://issues.apache.org/jira/browse/RANGER-1822 > > > Repository: ranger > > > Description > --- > > This task is to remove the ssoEnabled accessors in > RangerSSOAuthenticationFilter. "ssoEnabled" is currently a class variable, > but it is overridden every time in the doFilter method. It should instead > just be created per-request in doFilter. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 481fe8e7 > > > Diff: https://reviews.apache.org/r/62724/diff/1/ > > > Testing > --- > > Tested with Knox. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16199462#comment-16199462 ] Ramesh Mani commented on RANGER-1823: - [~Seymour Xu], I couldnt reproduce this issue locally. If it would have happend its a nasty one in terms of security. By looking into this code change, UPDATE should be access type for the operation which really does updat e like , TRUNCATE /INSERT / DELETE not on QUERY whose primary operation is to fetch data. Could you please check this out and put some debug logs from the cluster when you do this testing > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/#review187572 --- Ship it! Ship It! - Alejandro Fernandez On Oct. 10, 2017, 11:51 a.m., Endre Zoltan Kovacs wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62850/ > --- > > (Updated Oct. 10, 2017, 11:51 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1827 > https://issues.apache.org/jira/browse/RANGER-1827 > > > Repository: ranger > > > Description > --- > > created a microbenchmark for the policy evaluation engine > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java > 25f533476 > ranger-tools/pom.xml ff37fb3eb > > ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java > e6095cba2 > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java > PRE-CREATION > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > PRE-CREATION > ranger-tools/src/test/resources/log4j.properties 4ea9d854e > ranger-tools/src/test/resources/testdata/single-policy-template.json > PRE-CREATION > ranger-tools/src/test/resources/testdata/single-request-template.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/62850/diff/3/ > > > Testing > --- > > A parameterized JUnit test that tests the performance of RangerPolicyEngine > under increasing load of number of policies and concurrent calls. > a cross product of the input parameters are generated and fed into the test > method. > > This microbenchmark includes a warm-up phase so that any of the JIT > performance optimizations happen before the measurement of the policy > engine's performance. > > > File Attachments > > > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > > Thanks, > > Endre Zoltan Kovacs > >
[jira] [Created] (RANGER-1828) Good coding practice-add additional headers in ranger
Nikhil Purbhe created RANGER-1828: - Summary: Good coding practice-add additional headers in ranger Key: RANGER-1828 URL: https://issues.apache.org/jira/browse/RANGER-1828 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Nikhil Purbhe Assignee: Nikhil Purbhe Fix For: 1.0.0, 0.7.2 Good coding practice-add additional headers in ranger -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1828) Good coding practice-add additional headers in ranger
[ https://issues.apache.org/jira/browse/RANGER-1828?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nikhil Purbhe updated RANGER-1828: -- Affects Version/s: 1.0.0 > Good coding practice-add additional headers in ranger > - > > Key: RANGER-1828 > URL: https://issues.apache.org/jira/browse/RANGER-1828 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 1.0.0 >Reporter: Nikhil Purbhe >Assignee: Nikhil Purbhe > Fix For: 1.0.0, 0.7.2 > > > Good coding practice-add additional headers in ranger -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/#review187516 --- Ship it! Ship It! - Endre Zoltan Kovacs On Oct. 10, 2017, 11:51 a.m., Endre Zoltan Kovacs wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62850/ > --- > > (Updated Oct. 10, 2017, 11:51 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1827 > https://issues.apache.org/jira/browse/RANGER-1827 > > > Repository: ranger > > > Description > --- > > created a microbenchmark for the policy evaluation engine > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java > 25f533476 > ranger-tools/pom.xml ff37fb3eb > > ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java > e6095cba2 > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java > PRE-CREATION > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > PRE-CREATION > ranger-tools/src/test/resources/log4j.properties 4ea9d854e > ranger-tools/src/test/resources/testdata/single-policy-template.json > PRE-CREATION > ranger-tools/src/test/resources/testdata/single-request-template.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/62850/diff/3/ > > > Testing > --- > > A parameterized JUnit test that tests the performance of RangerPolicyEngine > under increasing load of number of policies and concurrent calls. > a cross product of the input parameters are generated and fed into the test > method. > > This microbenchmark includes a warm-up phase so that any of the JIT > performance optimizations happen before the measurement of the policy > engine's performance. > > > File Attachments > > > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > > Thanks, > > Endre Zoltan Kovacs > >
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/ --- (Updated Oct. 10, 2017, 11:51 a.m.) Review request for ranger. Changes --- moved generated .csv under /target/ so maven build won't fail b/c of it's presence Bugs: RANGER-1827 https://issues.apache.org/jira/browse/RANGER-1827 Repository: ranger Description --- created a microbenchmark for the policy evaluation engine Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java 25f533476 ranger-tools/pom.xml ff37fb3eb ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java e6095cba2 ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java PRE-CREATION ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java PRE-CREATION ranger-tools/src/test/resources/log4j.properties 4ea9d854e ranger-tools/src/test/resources/testdata/single-policy-template.json PRE-CREATION ranger-tools/src/test/resources/testdata/single-request-template.json PRE-CREATION Diff: https://reviews.apache.org/r/62850/diff/3/ Changes: https://reviews.apache.org/r/62850/diff/2-3/ Testing --- A parameterized JUnit test that tests the performance of RangerPolicyEngine under increasing load of number of policies and concurrent calls. a cross product of the input parameters are generated and fed into the test method. This microbenchmark includes a warm-up phase so that any of the JIT performance optimizations happen before the measurement of the policy engine's performance. File Attachments 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch Thanks, Endre Zoltan Kovacs
[jira] [Commented] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198533#comment-16198533 ] Endre Kovacs commented on RANGER-1827: -- [~afernandez] I've just updated the diff and fixed the issues with the diff. i also excluded this performance test from executing while building the component. Also, could you please assign me to this jira ticket? Thanks & best regards, Endre > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/#review187514 --- Ship it! Ship It! - Endre Zoltan Kovacs On Oct. 10, 2017, 11:24 a.m., Endre Zoltan Kovacs wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62850/ > --- > > (Updated Oct. 10, 2017, 11:24 a.m.) > > > Review request for ranger. > > > Bugs: RANGER-1827 > https://issues.apache.org/jira/browse/RANGER-1827 > > > Repository: ranger > > > Description > --- > > created a microbenchmark for the policy evaluation engine > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java > 25f533476 > ranger-tools/.gitignore 5ac84b1c9 > ranger-tools/pom.xml ff37fb3eb > > ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java > e6095cba2 > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java > PRE-CREATION > > ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java > PRE-CREATION > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > PRE-CREATION > ranger-tools/src/test/resources/log4j.properties 4ea9d854e > ranger-tools/src/test/resources/testdata/single-policy-template.json > PRE-CREATION > ranger-tools/src/test/resources/testdata/single-request-template.json > PRE-CREATION > > > Diff: https://reviews.apache.org/r/62850/diff/2/ > > > Testing > --- > > A parameterized JUnit test that tests the performance of RangerPolicyEngine > under increasing load of number of policies and concurrent calls. > a cross product of the input parameters are generated and fed into the test > method. > > This microbenchmark includes a warm-up phase so that any of the JIT > performance optimizations happen before the measurement of the policy > engine's performance. > > > File Attachments > > > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch > > > Thanks, > > Endre Zoltan Kovacs > >
Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62850/ --- (Updated Oct. 10, 2017, 11:24 a.m.) Review request for ranger. Changes --- fixed issues: - added microsec to log message - added javadocs to classes and public methods - excluding benchmark from tests run during maven build of the project (can still execute it manually with cd ranger-tools && mvn clean test -Dtest=RangerPolicyEnginePerformanceTest) - formatting problems - added generated .csv file to .gitignore Bugs: RANGER-1827 https://issues.apache.org/jira/browse/RANGER-1827 Repository: ranger Description --- created a microbenchmark for the policy evaluation engine Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java 25f533476 ranger-tools/.gitignore 5ac84b1c9 ranger-tools/pom.xml ff37fb3eb ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java e6095cba2 ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java PRE-CREATION ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java PRE-CREATION ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java PRE-CREATION ranger-tools/src/test/resources/log4j.properties 4ea9d854e ranger-tools/src/test/resources/testdata/single-policy-template.json PRE-CREATION ranger-tools/src/test/resources/testdata/single-request-template.json PRE-CREATION Diff: https://reviews.apache.org/r/62850/diff/2/ Changes: https://reviews.apache.org/r/62850/diff/1-2/ Testing --- A parameterized JUnit test that tests the performance of RangerPolicyEngine under increasing load of number of policies and concurrent calls. a cross product of the input parameters are generated and fed into the test method. This microbenchmark includes a warm-up phase so that any of the JIT performance optimizations happen before the measurement of the policy engine's performance. File Attachments (updated) 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch Thanks, Endre Zoltan Kovacs
Re: Review Request 62724: RANGER-1822 - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62724/#review187513 --- Ship it! I'm not a commiter, but it seems a good bug fix - Zsombor Gegesy On Oct. 2, 2017, 2:11 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62724/ > --- > > (Updated Oct. 2, 2017, 2:11 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1822 > https://issues.apache.org/jira/browse/RANGER-1822 > > > Repository: ranger > > > Description > --- > > This task is to remove the ssoEnabled accessors in > RangerSSOAuthenticationFilter. "ssoEnabled" is currently a class variable, > but it is overridden every time in the doFilter method. It should instead > just be created per-request in doFilter. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 481fe8e7 > > > Diff: https://reviews.apache.org/r/62724/diff/1/ > > > Testing > --- > > Tested with Knox. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Commented] (RANGER-1823) Allowed TRUNCATE and INSERT to partition table when the policy item is only "SELECT"
[ https://issues.apache.org/jira/browse/RANGER-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198446#comment-16198446 ] Haihui Xu commented on RANGER-1823: --- [~rmani] https://reviews.apache.org/r/62860/ Thanks for your review. > Allowed TRUNCATE and INSERT to partition table when the policy item is only > "SELECT" > > > Key: RANGER-1823 > URL: https://issues.apache.org/jira/browse/RANGER-1823 > Project: Ranger > Issue Type: Bug > Components: plugins >Affects Versions: 0.5.3, 0.7.1 >Reporter: Haihui Xu >Assignee: Haihui Xu > Fix For: 0.5.4, 1.0.0 > > Attachments: RANGER-1823-Allowed TRUNCATE and INSERT to partition > table when the policy item is only SELECT.patch > > > In beeline, useraa create table hive_test, such as : CREATE TABLE > hive_test(b string) PARTITIONED BY (a string); then in ranger admin UI add > a policy for userbb, the policy has only "SELECT" of table hive_test; in > beeline userbb execute "truncate table hive_test" / "insert into hive_test > partition(a=20171003) select 1 from hive_test" is allowed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1826) Import of bulk policies is causing OOM and Apparent Deadlock
[ https://issues.apache.org/jira/browse/RANGER-1826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198405#comment-16198405 ] Pradeep Agrawal commented on RANGER-1826: - Committed in Apache master branch: https://github.com/apache/ranger/commit/e0c1e355a94cdecdf60e6d9eb0c54ff6d3bd412d Committed in Apache ranger-0.7 branch: https://github.com/apache/ranger/commit/e656b9a0beb62e412eb70c6c26e90dc0039e8f3d > Import of bulk policies is causing OOM and Apparent Deadlock > > > Key: RANGER-1826 > URL: https://issues.apache.org/jira/browse/RANGER-1826 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.7.0, 1.0.0 >Reporter: Deepak Sharma >Assignee: Pradeep Agrawal > Fix For: 1.0.0, 0.7.2 > > Attachments: RANGER-1826-master-4.patch > > > while importing bulk polices around 1000, OOM error is thrown: > {code} > 2017-09-05 10:19:53,856 [http-bio-6080-exec-13] ERROR > org.apache.ranger.rest.ServiceREST (ServiceREST.java:1603) - > deletePolicy(282) failed > java.lang.OutOfMemoryError: Java heap space > 2017-09-05 10:19:53,857 [http-bio-6080-exec-13] INFO > org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request > failed. loginId=admin, logMessage=Java heap space > 2017-09-05 10:19:54,481 [http-bio-6080-exec-13] ERROR > org.apache.ranger.rest.ServiceREST (ServiceREST.java:2117) - Error while > importing policy from file!! > java.lang.OutOfMemoryError: GC overhead limit exceeded > 2017-09-05 10:19:54,483 [http-bio-6080-exec-13] INFO > org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:63) - Request > failed. loginId=admin, logMessage=GC overhead limit exceeded > javax.ws.rs.WebApplicationException > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56) > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:311) > at > org.apache.ranger.rest.ServiceREST.importPoliciesFromFile(ServiceREST.java:2125) > at > org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:700) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) > at > org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64) > {code} > then Increased the heap size: > ${JAVA_OPTS} -XX:MaxPermSize=256m -Xmx2048m -Xms1024m > then restarted the ranger service and imported the policies again: > it causes apparent deadlock > {code} > 2017-09-05 13:38:22,966 [Timer-0] WARN > com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector > (ThreadPoolAsynchronousRunner.java:608) - > com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector@6726e60e > -- APPARENT DEADLOCK!!! Creating emergency threads for unassigned pending > tasks! > {code} > and after sometime it starts giving OOM again: > {code} > 2017-09-05 13:50:54,670 [http-bio-6080-exec-4] ERROR > org.apache.ranger.rest.ServiceREST (ServiceREST.java:1603) - > deletePolicy(256) failed > java.lang.OutOfMemoryError: Java heap space > 2017-09-05 13:52:08,355 [zkCallback-2-thread-5-EventThread] WARN > org.apache.solr.common.cloud.ConnectionManager (ConnectionManager.java:183) - > zkClient received AuthFailed > 2017-09-05 13:52:20,662 [http-bio-6080-exec-4] INFO ? (?:?) - Request > failed. loginId=admin, logMessage=Java heap space > javax.ws.rs.WebApplicationException > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56) > at > org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:311) > at > org.apache.ranger.rest.ServiceREST.deletePolicy(ServiceREST.java:1605) > at > org.apache.ranger.rest.ServiceREST.deletePoliciesProvidedInServiceMap(ServiceREST.java:224 > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62841: RANGER-1826: Import of bulk policies is causing OutOfMemoryError and Apparent Deadlock
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62841/#review187508 --- Ship it! Ship It! - Mehul Parikh On Oct. 10, 2017, 3:47 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62841/ > --- > > (Updated Oct. 10, 2017, 3:47 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, > Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, > Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-1826 > https://issues.apache.org/jira/browse/RANGER-1826 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** > While importing bulk policies around 1000, OOM error is thrown, increasing > the heap size is also not working as it seems EclipseLink holds all the > objects and states of SQL operations for each delete policy request. > > **Proposed Solution:** > To delete policies and its references rather relying on EclipseLink/JPA we > can send delete request using native query so that EclipseLink object won't > be created, and EclipseLink shall not hold too many objects in memory, which > shall remove the cause of java.lang.OutOfMemoryError. > > **Note:** Use of native query statement is discouraged so please suggest a > better solution or provide a working solution. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > bb43c53 > > security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java > 7d1f28c > security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java > c2832ea > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > d8f217d > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 976fd0c > > > Diff: https://reviews.apache.org/r/62841/diff/1/ > > > Testing > --- > > **Steps Performed (with patch):** > 1. After mvn Build; untar the Ranger module and updated install.properties > for MySQL DB flavor. > 2. Called setup.sh to execute Ranger setup script. > 3. Started Ranger admin and created a hdfs service 'hadoopdev'. > 4. Tried to import Policies. > > **Attempt-1:** When there are no policies except the default one in > 'hadoopdev'. > Tried Import operation with 1000 policies. > > **Expected Behavior:** > Policy import process should finish successfully. > > **Actual Behavior:** > Policy import process finished successfully. > > > **Attempt-2:** There are already 1000 policies in the hdfs service > 'hadoopdev'(policies created during the previous attempt) > Tried Import operation again with 1000 policies. > > **Expected Behavior:** > Policy import process should finish successfully. > > **Actual Behavior:** > Policy import process finished successfully. > > **Note:** > Patch has been tested on all supported DB Flavors. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 62724: RANGER-1822 - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62724/#review187505 --- Requesting review please, as it's blocking other patches. - Colm O hEigeartaigh On Oct. 2, 2017, 2:11 p.m., Colm O hEigeartaigh wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62724/ > --- > > (Updated Oct. 2, 2017, 2:11 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1822 > https://issues.apache.org/jira/browse/RANGER-1822 > > > Repository: ranger > > > Description > --- > > This task is to remove the ssoEnabled accessors in > RangerSSOAuthenticationFilter. "ssoEnabled" is currently a class variable, > but it is overridden every time in the doFilter method. It should instead > just be created per-request in doFilter. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java > 481fe8e7 > > > Diff: https://reviews.apache.org/r/62724/diff/1/ > > > Testing > --- > > Tested with Knox. > > > Thanks, > > Colm O hEigeartaigh > >
[jira] [Updated] (RANGER-1797) Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.
[ https://issues.apache.org/jira/browse/RANGER-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1797: - Summary: Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82. (was: Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.81.) > Tomcat Security Vulnerability Alert. The version of the tomcat for ranger > should upgrade to 7.0.82. > --- > > Key: RANGER-1797 > URL: https://issues.apache.org/jira/browse/RANGER-1797 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.0.0, master >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: patch > Attachments: > 0001-RANGER-1797-Tomcat-Security-Vulnerability-Alert.-The.patch > > > 【Security Vulnerability Alert】Tomcat Information leakage and remote code > execution vulnerabilities. > CVE ID: > {code} > CVE-2017-12615\CVE-2017-12616 > {code} > Description > {code} > CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with > HTTP PUTs enabled, it was possible to upload a JSP file to the server via a > specially crafted request. This JSP could then be requested and any code it > contained would be executed by the server. > CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to > 7.0.80, it was possible to use a specially crafted request, bypass security > constraints, or get the source code of JSPs for resources served by the > VirtualDirContext, thereby cased code disclosure. > {code} > Scope > {code} > CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 > CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 > {code} > Solution > {code} > The official release of the Apache Tomcat 7.0.81 version has fixed the two > vulnerabilities and recommends upgrading to the latest version. > {code} > Reference > {code} > https://tomcat.apache.org/security-7.html > http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62495/ --- (Updated Oct. 10, 2017, 7:01 a.m.) Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. Bugs: RANGER-1797 https://issues.apache.org/jira/browse/RANGER-1797 Repository: ranger Description --- [Security Vulnerability Alert] Tomcat Information leakage and remote code execution vulnerabilities. CVE ID: CVE-2017-12615\CVE-2017-12616 Description CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80, it was possible to use a specially crafted request, bypass security constraints, or get the source code of JSPs for resources served by the VirtualDirContext, thereby cased code disclosure. Scope CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 Solution The official release of the Apache Tomcat 7.0.81 version has fixed the two vulnerabilities and recommends upgrading to the latest version. Reference https://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 Diffs (updated) - pom.xml 3958014c Diff: https://reviews.apache.org/r/62495/diff/2/ Changes: https://reviews.apache.org/r/62495/diff/1-2/ Testing --- Thanks, pengjianhua
Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62495/ --- (Updated Oct. 10, 2017, 6:21 a.m.) Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang. Summary (updated) - RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82. Bugs: RANGER-1797 https://issues.apache.org/jira/browse/RANGER-1797 Repository: ranger Description (updated) --- [Security Vulnerability Alert] Tomcat Information leakage and remote code execution vulnerabilities. CVE ID: CVE-2017-12615\CVE-2017-12616 Description CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80, it was possible to use a specially crafted request, bypass security constraints, or get the source code of JSPs for resources served by the VirtualDirContext, thereby cased code disclosure. Scope CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 Solution The official release of the Apache Tomcat 7.0.81 version has fixed the two vulnerabilities and recommends upgrading to the latest version. Reference https://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 Diffs - pom.xml 3958014c Diff: https://reviews.apache.org/r/62495/diff/1/ Testing --- Thanks, pengjianhua
[jira] [Updated] (RANGER-1797) Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.
[ https://issues.apache.org/jira/browse/RANGER-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated RANGER-1797: - Description: 【Security Vulnerability Alert】Tomcat Information leakage and remote code execution vulnerabilities. CVE ID: {code} CVE-2017-12615\CVE-2017-12616 {code} Description {code} CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80, it was possible to use a specially crafted request, bypass security constraints, or get the source code of JSPs for resources served by the VirtualDirContext, thereby cased code disclosure. {code} Scope {code} CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 {code} Solution {code} The official release of the Apache Tomcat 7.0.81 version has fixed the two vulnerabilities and recommends upgrading to the latest version. {code} Reference {code} https://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 {code} was: 【Security Vulnerability Alert】Tomcat Information leakage and remote code execution vulnerabilities. CVE ID: {code} CVE-2017-12615\CVE-2017-12616 {code} Description {code} CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled, it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80, it was possible to use a specially crafted request, bypass security constraints, or get the source code of JSPs for resources served by the VirtualDirContext, thereby cased code disclosure. {code} Scope {code} CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 {code} Solution {code} The official release of the Apache Tomcat 7.0.81 version has fixed the two vulnerabilities and recommends upgrading to the latest version. {code} Reference {code} https://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 {code} > Tomcat Security Vulnerability Alert. The version of the tomcat for ranger > should upgrade to 7.0.82. > --- > > Key: RANGER-1797 > URL: https://issues.apache.org/jira/browse/RANGER-1797 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.0.0, master >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: patch > Attachments: > 0001-RANGER-1797-Tomcat-Security-Vulnerability-Alert.-The.patch > > > 【Security Vulnerability Alert】Tomcat Information leakage and remote code > execution vulnerabilities. > CVE ID: > {code} > CVE-2017-12615\CVE-2017-12616 > {code} > Description > {code} > CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with > HTTP PUTs enabled, it was possible to upload a JSP file to the server via a > specially crafted request. This JSP could then be requested and any code it > contained would be executed by the server. > CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to > 7.0.80, it was possible to use a specially crafted request, bypass security > constraints, or get the source code of JSPs for resources served by the > VirtualDirContext, thereby cased code disclosure. > {code} > Scope > {code} > CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79 > CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80 > {code} > Solution > {code} > The official release of the Apache Tomcat 7.0.81 version has fixed the two > vulnerabilities and recommends upgrading to the latest version. > {code} > Reference > {code} > https://tomcat.apache.org/security-7.html > http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 > https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)