Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188804
---


Ship it!




Ship It!

- Qiang Zhang


On Oct. 20, 2017, 2:02 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated Oct. 20, 2017, 2:02 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Qiang Zhang (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16212077#comment-16212077
 ] 

Qiang Zhang commented on RANGER-1672:
-

[~vperiasamy], I  can not  still add and modify the wiki page. Thanks!

> Ranger supports plugin to enable, monitor and manage apache kylin
> -
>
> Key: RANGER-1672
> URL: https://issues.apache.org/jira/browse/RANGER-1672
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>  Labels: newbie, patch
> Attachments: 
> 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, 
> KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, 
> KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg
>
>
> Apache Kylin is an open source Distributed Analytics Engine designed to 
> provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop 
> supporting extremely large datasets, original contributed from eBay Inc. 
> Apache Kylin lets user query massive data set at sub-second latency in 3 
> steps.
> 1. Identify a Star Schema on Hadoop.
> 2. Build Cube from the identified tables.
> 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or 
> RESTful API.
> We should support that using Ranger to control kylin's access rights for 
> project and cube.
> Specific implementation plan is as following:
> On the ranger website, administrators can configure policies to control user 
> access to projects and cube permissions.
> Kylin provides an abstract class and authorization interfaces for use by the 
> ranger plugin. kylin instantiates ranger plugin’s implementation class when 
> starting(this class extends the abstract class provided by kylin).
> Ranger plugin periodically polls ranger admin, updates the policy to the 
> local, and updates project and cube access rights based on policy information.
> In the Kylin side:
> 1. Kylin provides an abstract class that enables the ranger plugin's 
> implementation class to extend.
> 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin 
> implementation class's name.
> 3. Instantiate the ranger plugin implementation class when starting kylin.
> 4. kylin provides authorization interfaces for ranger plugin calls.
> 5. According to the ranger authorization configuration item, hide kylin's 
> authorization management page.
> 6. Using ranger manager access rights of the kylin does not affect kylin's 
> existing permissions functions and logic.
> In the Ranger side:
> 1. Ranger plugin will periodically polls ranger admin, updates the policy to 
> the local.
> 2. The ranger plugin invoking the authorization interfaces provided by kylin 
> to updates the project and cube access rights based on the policy information.
> reference link:https://issues.apache.org/jira/browse/KYLIN-2703



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63142: Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang 


> On 十月 19, 2017, 5:36 p.m., Alejandro Fernandez wrote:
> > hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
> > Lines 300 (patched)
> > 
> >
> > Doesn't this also have to set 
> > dfs.namenode.http-address.$cluster.$nn_id ?
> > 
> > and potentially https instead if SSL is enabled.

Here only use hdfs ipc, no use https (port: 50070 or 50470).


- Qiang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63142/#review188706
---


On 十月 19, 2017, 11:41 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63142/
> ---
> 
> (Updated 十月 19, 2017, 11:41 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1844
> https://issues.apache.org/jira/browse/RANGER-1844
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase ,like jdbc url in hive. In hdfs service, only need to 
> config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster ?old? 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000 ?new?
> 
> 
> Diffs
> -
> 
>   
> hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
>  c252213f 
> 
> 
> Diff: https://reviews.apache.org/r/63142/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Velmurugan Periasamy (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16212065#comment-16212065
 ] 

Velmurugan Periasamy commented on RANGER-1672:
--

[~zhangqiang2] - I have given you permissions, check it out and let me know. 

> Ranger supports plugin to enable, monitor and manage apache kylin
> -
>
> Key: RANGER-1672
> URL: https://issues.apache.org/jira/browse/RANGER-1672
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>  Labels: newbie, patch
> Attachments: 
> 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, 
> KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, 
> KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg
>
>
> Apache Kylin is an open source Distributed Analytics Engine designed to 
> provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop 
> supporting extremely large datasets, original contributed from eBay Inc. 
> Apache Kylin lets user query massive data set at sub-second latency in 3 
> steps.
> 1. Identify a Star Schema on Hadoop.
> 2. Build Cube from the identified tables.
> 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or 
> RESTful API.
> We should support that using Ranger to control kylin's access rights for 
> project and cube.
> Specific implementation plan is as following:
> On the ranger website, administrators can configure policies to control user 
> access to projects and cube permissions.
> Kylin provides an abstract class and authorization interfaces for use by the 
> ranger plugin. kylin instantiates ranger plugin’s implementation class when 
> starting(this class extends the abstract class provided by kylin).
> Ranger plugin periodically polls ranger admin, updates the policy to the 
> local, and updates project and cube access rights based on policy information.
> In the Kylin side:
> 1. Kylin provides an abstract class that enables the ranger plugin's 
> implementation class to extend.
> 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin 
> implementation class's name.
> 3. Instantiate the ranger plugin implementation class when starting kylin.
> 4. kylin provides authorization interfaces for ranger plugin calls.
> 5. According to the ranger authorization configuration item, hide kylin's 
> authorization management page.
> 6. Using ranger manager access rights of the kylin does not affect kylin's 
> existing permissions functions and logic.
> In the Ranger side:
> 1. Ranger plugin will periodically polls ranger admin, updates the policy to 
> the local.
> 2. The ranger plugin invoking the authorization interfaces provided by kylin 
> to updates the project and cube access rights based on the policy information.
> reference link:https://issues.apache.org/jira/browse/KYLIN-2703



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188803
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 20, 2017, 2:02 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated Oct. 20, 2017, 2:02 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/
---

(Updated 十月 20, 2017, 2:02 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1846
https://issues.apache.org/jira/browse/RANGER-1846


Repository: ranger


Description
---

The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
equal to true.
This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
installer, we should enable it to control the necessary java version.


Diffs (updated)
-

  security-admin/scripts/setup.sh e2a69b71 


Diff: https://reviews.apache.org/r/63145/diff/2/

Changes: https://reviews.apache.org/r/63145/diff/1-2/


Testing
---


Thanks,

pengjianhua

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread pengjianhua 


> On 十月 19, 2017, 5:51 p.m., Alejandro Fernandez wrote:
> > security-admin/scripts/setup.sh
> > Line 305 (original), 304 (patched)
> > 
> >
> > This will not work if the minor version ever changes to 2 digits, e.g., 
> > 1.10.0_1
> > 
> > Instead, concatenate 
> > export java_major_minor="$major.$minor"
> > 
> > if [[ "$java_major_minor" != "$JAVA_VERSION_REQUIRED" ]]; then
> >...

You are right. I fixed it and updated the patch. Thanks!


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188713
---


On 十月 19, 2017, 1 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated 十月 19, 2017, 1 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Madhan Neethiraj (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16212028#comment-16212028
 ] 

Madhan Neethiraj commented on RANGER-1672:
--

[~vperiasamy]/[~sneethiraj] - can you please update wiki permissions to enable 
[~zhangqiang2] add pages?

> Ranger supports plugin to enable, monitor and manage apache kylin
> -
>
> Key: RANGER-1672
> URL: https://issues.apache.org/jira/browse/RANGER-1672
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>  Labels: newbie, patch
> Attachments: 
> 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, 
> KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, 
> KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg
>
>
> Apache Kylin is an open source Distributed Analytics Engine designed to 
> provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop 
> supporting extremely large datasets, original contributed from eBay Inc. 
> Apache Kylin lets user query massive data set at sub-second latency in 3 
> steps.
> 1. Identify a Star Schema on Hadoop.
> 2. Build Cube from the identified tables.
> 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or 
> RESTful API.
> We should support that using Ranger to control kylin's access rights for 
> project and cube.
> Specific implementation plan is as following:
> On the ranger website, administrators can configure policies to control user 
> access to projects and cube permissions.
> Kylin provides an abstract class and authorization interfaces for use by the 
> ranger plugin. kylin instantiates ranger plugin’s implementation class when 
> starting(this class extends the abstract class provided by kylin).
> Ranger plugin periodically polls ranger admin, updates the policy to the 
> local, and updates project and cube access rights based on policy information.
> In the Kylin side:
> 1. Kylin provides an abstract class that enables the ranger plugin's 
> implementation class to extend.
> 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin 
> implementation class's name.
> 3. Instantiate the ranger plugin implementation class when starting kylin.
> 4. kylin provides authorization interfaces for ranger plugin calls.
> 5. According to the ranger authorization configuration item, hide kylin's 
> authorization management page.
> 6. Using ranger manager access rights of the kylin does not affect kylin's 
> existing permissions functions and logic.
> In the Ranger side:
> 1. Ranger plugin will periodically polls ranger admin, updates the policy to 
> the local.
> 2. The ranger plugin invoking the authorization interfaces provided by kylin 
> to updates the project and cube access rights based on the policy information.
> reference link:https://issues.apache.org/jira/browse/KYLIN-2703



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63147: RANGER-1845 - Add support to configure JWT signature algorithms

2017-10-19 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63147/#review188714
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 19, 2017, 1:18 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63147/
> ---
> 
> (Updated Oct. 19, 2017, 1:18 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1845
> https://issues.apache.org/jira/browse/RANGER-1845
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The next Knox release will feature the ability to change the signature 
> algorithm from the default RS256. This task is to add support to specify a 
> signature algorithm in Ranger, which the received token must match. The new 
> configuration parameter is "ranger.sso.expected.sigalg" with a default value 
> of "RS256".
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  5e4207c9 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
>  b8246a9a 
> 
> 
> Diff: https://reviews.apache.org/r/63147/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it with Knox.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188713
---




security-admin/scripts/setup.sh
Line 305 (original), 304 (patched)


This will not work if the minor version ever changes to 2 digits, e.g., 
1.10.0_1

Instead, concatenate 
export java_major_minor="$major.$minor"

if [[ "$java_major_minor" != "$JAVA_VERSION_REQUIRED" ]]; then
   ...


- Alejandro Fernandez


On Oct. 19, 2017, 1 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated Oct. 19, 2017, 1 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63142: Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63142/#review188706
---




hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
Lines 300 (patched)


Doesn't this also have to set 
dfs.namenode.http-address.$cluster.$nn_id ?

and potentially https instead if SSL is enabled.


- Alejandro Fernandez


On Oct. 19, 2017, 11:41 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63142/
> ---
> 
> (Updated Oct. 19, 2017, 11:41 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1844
> https://issues.apache.org/jira/browse/RANGER-1844
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase ,like jdbc url in hive. In hdfs service, only need to 
> config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster ?old? 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000 ?new?
> 
> 
> Diffs
> -
> 
>   
> hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
>  c252213f 
> 
> 
> Diff: https://reviews.apache.org/r/63142/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Review Request 63147: RANGER-1845 - Add support to configure JWT signature algorithms

2017-10-19 Thread Colm O hEigeartaigh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63147/
---

Review request for ranger.


Bugs: RANGER-1845
https://issues.apache.org/jira/browse/RANGER-1845


Repository: ranger


Description
---

The next Knox release will feature the ability to change the signature 
algorithm from the default RS256. This task is to add support to specify a 
signature algorithm in Ranger, which the received token must match. The new 
configuration parameter is "ranger.sso.expected.sigalg" with a default value of 
"RS256".


Diffs
-

  
security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
 5e4207c9 
  
security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
 b8246a9a 


Diff: https://reviews.apache.org/r/63147/diff/1/


Testing
---

Tested it with Knox.


Thanks,

Colm O hEigeartaigh

[jira] [Updated] (RANGER-1845) Add support to configure JWT signature algorithms

2017-10-19 Thread Colm O hEigeartaigh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated RANGER-1845:

Attachment: 0001-RANGER-1845-Add-support-to-configure-JWT-signature-a.patch

> Add support to configure JWT signature algorithms
> -
>
> Key: RANGER-1845
> URL: https://issues.apache.org/jira/browse/RANGER-1845
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Reporter: Colm O hEigeartaigh
>Assignee: Colm O hEigeartaigh
>Priority: Minor
> Fix For: 1.0.0
>
> Attachments: 
> 0001-RANGER-1845-Add-support-to-configure-JWT-signature-a.patch
>
>
> The next Knox release will feature the ability to change the signature 
> algorithm from the default RS256. This task is to add support to specify a 
> signature algorithm in Ranger, which the received token must match. The new 
> configuration parameter is "ranger.sso.expected.sigalg" with a default value 
> of "RS256".



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63068: RANGER-1842 - Don't catch Throwables in the test code

2017-10-19 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63068/#review188675
---


Ship it!




Ship It!

- pengjianhua


On 十月 17, 2017, 10:04 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63068/
> ---
> 
> (Updated 十月 17, 2017, 10:04 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1842
> https://issues.apache.org/jira/browse/RANGER-1842
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In a couple of the tests, we are catching Throwables. This means that the 
> Assert.fail() conditions inside the try statement are ineffective.
> 
> 
> Diffs
> -
> 
>   
> kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/RangerMasterKeyTest.java
>  cac22502 
>   
> storm-agent/src/test/java/org/apache/ranger/authorization/storm/StormRangerAuthorizerTest.java
>  53173078 
> 
> 
> Diff: https://reviews.apache.org/r/63068/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 62751: RANGER-1824 - Upgrade Spring Framework to 3.2.18

2017-10-19 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62751/#review188674
---


Ship it!




Ship It!

- pengjianhua


On 十月 3, 2017, 2:09 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62751/
> ---
> 
> (Updated 十月 3, 2017, 2:09 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1824
> https://issues.apache.org/jira/browse/RANGER-1824
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When starting the Admin console, the following appears in the logs:
> 
> 2017-10-02 10:00:35,651 [localhost-startStop-1] WARN 
> org.springframework.security.core.SpringSecurityCoreVersion 
> (SpringSecurityCoreVersion.java:60) -  You are advised to use Spring 
> 3.2.18.RELEASE or later with this version. You are running: 3.2.10.RELEASE
> 
> We should update Spring to 3.2.18
> 
> 
> Diffs
> -
> 
>   pom.xml 3958014c 
> 
> 
> Diff: https://reviews.apache.org/r/62751/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the admin console started properly + can load policies etc.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1846
https://issues.apache.org/jira/browse/RANGER-1846


Repository: ranger


Description
---

The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
equal to true.
This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
installer, we should enable it to control the necessary java version.


Diffs
-

  security-admin/scripts/setup.sh e2a69b71 


Diff: https://reviews.apache.org/r/63145/diff/1/


Testing
---


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1846:
-
Attachment: 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch

> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
>
> Key: RANGER-1846
> URL: https://issues.apache.org/jira/browse/RANGER-1846
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: 
> 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch
>
>
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-19 Thread peng.jianhua (JIRA) 
peng.jianhua created RANGER-1846:


 Summary: This JAVA_VERSION_REQUIRED configuration item is invalid 
in security admin installer, we should enable it to control the necessary java 
version.
 Key: RANGER-1846
 URL: https://issues.apache.org/jira/browse/RANGER-1846
 Project: Ranger
  Issue Type: Bug
  Components: admin
Affects Versions: 1.0.0, master
Reporter: peng.jianhua
Assignee: peng.jianhua


The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
equal to true.
This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
installer, we should enable it to control the necessary java version.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1845) Add support to configure JWT signature algorithms

2017-10-19 Thread Colm O hEigeartaigh (JIRA) 
Colm O hEigeartaigh created RANGER-1845:
---

 Summary: Add support to configure JWT signature algorithms
 Key: RANGER-1845
 URL: https://issues.apache.org/jira/browse/RANGER-1845
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Priority: Minor
 Fix For: 1.0.0


The next Knox release will feature the ability to change the signature 
algorithm from the default RS256. This task is to add support to specify a 
signature algorithm in Ranger, which the received token must match. The new 
configuration parameter is "ranger.sso.expected.sigalg" with a default value of 
"RS256".



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1844) Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-1844:

Attachment: 0001-RANGER-1844-Ranger-admin-support-hdfs-HA-configurati.patch

> Ranger admin support hdfs HA configuration when creating hdfs service.
> --
>
> Key: RANGER-1844
> URL: https://issues.apache.org/jira/browse/RANGER-1844
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins, Ranger
>Affects Versions: master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
> Attachments: 
> 0001-RANGER-1844-Ranger-admin-support-hdfs-HA-configurati.patch
>
>
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
> to config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster 
>  【old】 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000【new】
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Review Request 63142: Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63142/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1844
https://issues.apache.org/jira/browse/RANGER-1844


Repository: ranger


Description
---

In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
mode,you have to config a lot of configs in hdfs_dev,such as:
Namenode URL *=hdfs://hdfscluster
===Add New Configurations===
dfs.nameservices=hdfscluster
dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
dfs.ha.namenodes.hdfscluster=nn1,nn2
dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
===End of add New Configurations===
And other big data components such as hbase,hive and so on can support HA 
without config
lots of "Add New Configurations",it is easy to config a url. like zk queue 
configuration in hbase ,like jdbc url in hive. In hdfs service, only need to 
config "fs.default.name" :
Namenode URL *=hdfs://hdfscluster ?old? 
Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000 ?new?


Diffs
-

  
hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java 
c252213f 


Diff: https://reviews.apache.org/r/63142/diff/1/


Testing
---


Thanks,

Qiang Zhang

[jira] [Updated] (RANGER-1844) Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-1844:

Issue Type: New Feature  (was: Bug)

> Ranger admin support hdfs HA configuration when creating hdfs service.
> --
>
> Key: RANGER-1844
> URL: https://issues.apache.org/jira/browse/RANGER-1844
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins, Ranger
>Affects Versions: master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
> to config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster 
>  【old】 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000【new】
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1844) Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-1844:

Description: 
In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
mode,you have to config a lot of configs in hdfs_dev,such as:
Namenode URL *=hdfs://hdfscluster
===Add New Configurations===
dfs.nameservices=hdfscluster
dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
dfs.ha.namenodes.hdfscluster=nn1,nn2
dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
===End of add New Configurations===

And other big data components such as hbase,hive and so on can support HA 
without config
lots of "Add New Configurations",it is easy to config a url. like zk queue 
configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
to config "fs.default.name" :

Namenode URL *=hdfs://hdfscluster   
   【old】 
Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000【new】

 

  was:
In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
mode,you have to config a lot of configs in hdfs_dev,such as:
Namenode URL *=hdfs://hdfscluster
===Add New Configurations===
dfs.nameservices=hdfscluster
dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
dfs.ha.namenodes.hdfscluster=nn1,nn2
dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
===End of add New Configurations===

And other big data components such as hbase,hive and so on can support HA 
without config
lots of "Add New Configurations",it is easy to config a url. like zk queue 
configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
to config "fs.default.name" :

Namenode URL *=hdfs://hdfscluster   
   old 
Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000new

 


> Ranger admin support hdfs HA configuration when creating hdfs service.
> --
>
> Key: RANGER-1844
> URL: https://issues.apache.org/jira/browse/RANGER-1844
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
> to config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster 
>  【old】 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000【new】
>  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1844) Ranger admin support hdfs HA configuration when creating hdfs service.

2017-10-19 Thread Qiang Zhang (JIRA) 
Qiang Zhang created RANGER-1844:
---

 Summary: Ranger admin support hdfs HA configuration when creating 
hdfs service.
 Key: RANGER-1844
 URL: https://issues.apache.org/jira/browse/RANGER-1844
 Project: Ranger
  Issue Type: Bug
  Components: plugins, Ranger
Affects Versions: master
Reporter: Qiang Zhang
Assignee: Qiang Zhang


In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
mode,you have to config a lot of configs in hdfs_dev,such as:
Namenode URL *=hdfs://hdfscluster
===Add New Configurations===
dfs.nameservices=hdfscluster
dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
dfs.ha.namenodes.hdfscluster=nn1,nn2
dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
===End of add New Configurations===

And other big data components such as hbase,hive and so on can support HA 
without config
lots of "Add New Configurations",it is easy to config a url. like zk queue 
configuration in hbase,like jdbc url in hive.  In hdfs service, only need 
to config "fs.default.name" :

Namenode URL *=hdfs://hdfscluster   
   old 
Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000new

 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Qiang Zhang (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16210808#comment-16210808
 ] 

Qiang Zhang commented on RANGER-1672:
-

Hi [~madhan.neethiraj], Could you grant me to add and modify the wiki page? I 
will submit the installation guide documentation and operation manual for Kylin 
plugin and Sqoop2 plugin. Thanks a lot!

> Ranger supports plugin to enable, monitor and manage apache kylin
> -
>
> Key: RANGER-1672
> URL: https://issues.apache.org/jira/browse/RANGER-1672
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>  Labels: newbie, patch
> Attachments: 
> 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, 
> KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, 
> KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg
>
>
> Apache Kylin is an open source Distributed Analytics Engine designed to 
> provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop 
> supporting extremely large datasets, original contributed from eBay Inc. 
> Apache Kylin lets user query massive data set at sub-second latency in 3 
> steps.
> 1. Identify a Star Schema on Hadoop.
> 2. Build Cube from the identified tables.
> 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or 
> RESTful API.
> We should support that using Ranger to control kylin's access rights for 
> project and cube.
> Specific implementation plan is as following:
> On the ranger website, administrators can configure policies to control user 
> access to projects and cube permissions.
> Kylin provides an abstract class and authorization interfaces for use by the 
> ranger plugin. kylin instantiates ranger plugin’s implementation class when 
> starting(this class extends the abstract class provided by kylin).
> Ranger plugin periodically polls ranger admin, updates the policy to the 
> local, and updates project and cube access rights based on policy information.
> In the Kylin side:
> 1. Kylin provides an abstract class that enables the ranger plugin's 
> implementation class to extend.
> 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin 
> implementation class's name.
> 3. Instantiate the ranger plugin implementation class when starting kylin.
> 4. kylin provides authorization interfaces for ranger plugin calls.
> 5. According to the ranger authorization configuration item, hide kylin's 
> authorization management page.
> 6. Using ranger manager access rights of the kylin does not affect kylin's 
> existing permissions functions and logic.
> In the Ranger side:
> 1. Ranger plugin will periodically polls ranger admin, updates the policy to 
> the local.
> 2. The ranger plugin invoking the authorization interfaces provided by kylin 
> to updates the project and cube access rights based on the policy information.
> reference link:https://issues.apache.org/jira/browse/KYLIN-2703



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 61021: RANGER-1672:Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Qiang Zhang 


> On Sept. 27, 2017, 9:33 a.m., pengjianhua wrote:
> > The https://issues.apache.org/jira/browse/KYLIN-2703 I submitted had been 
> > resolved. Our test experts have rigorously tested this issue. At the same 
> > time the Kyligence company which is Apache kylin's main contributor will 
> > soon use this feature.
> 
> Colm O hEigeartaigh wrote:
> When will Kylin 2.2.0 be released? If we merge a dependency on a SNAPSHOT 
> version in Ranger, we can't release Ranger until Kylin is released. Do you 
> have any documentation on how to set up a simple test-scenario?
> 
> pengjianhua wrote:
> Ok. The Kylin 2.2.0 will be released  in late October.
> 
> Qiang Zhang wrote:
> Ok. I am writing install guide for the feature.
> 
> Qiang Zhang wrote:
> Hi Colm, Can you tell me how to build a document patch? Thanks!
> 
> Colm O hEigeartaigh wrote:
> I'm not sure what you mean by "document patch". What do you want to do 
> exactly?
> 
> Qiang Zhang wrote:
> I build patch for RANGER-1809 after writed installing guide for 
> RANGER-1672. I want to know which path the document is placed and how to 
> build the document patch. Thanks!
> 
> Colm O hEigeartaigh wrote:
> Well you could add it to the website, but it's probably easier just to 
> create a new wiki page, which is where all the rest of the Ranger 
> documentation lives:
> 
> https://cwiki.apache.org/confluence/display/RANGER/Index
> 
> Qiang Zhang wrote:
> I do not have permission to add or modify wiki page. How I submit the 
> installation guide documentation and operation manual for Kylin plugin and 
> Sqoop2 plugin?
> 
> Colm O hEigeartaigh wrote:
> I can add/modify pages, but I can't grant permission. Can you ask Madhan 
> to grant you access?

Ok. Thanks a lot!


- Qiang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61021/#review186391
---


On Sept. 27, 2017, 9:19 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61021/
> ---
> 
> (Updated Sept. 27, 2017, 9:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1672
> https://issues.apache.org/jira/browse/RANGER-1672
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger supports plugin to enable, monitor and manage apache kylin
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> PRE-CREATION 
>   plugin-kylin/.gitignore PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-kylin/pom.xml PRE-CREATION 
>   plugin-kylin/scripts/install.properties PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/RangerServiceKylin.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinResourceMgr.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinCubeResponse.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinProjectResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-kylin-plugin-shim/.gitignore PRE-CREATION 
>   ranger-kylin-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-kylin-plugin-shim/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 0e97818 
>   src/main/assembly/plugin-kylin.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/61021/diff/3/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 61021: RANGER-1672:Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-19 Thread Colm O hEigeartaigh 


> On Sept. 27, 2017, 9:33 a.m., pengjianhua wrote:
> > The https://issues.apache.org/jira/browse/KYLIN-2703 I submitted had been 
> > resolved. Our test experts have rigorously tested this issue. At the same 
> > time the Kyligence company which is Apache kylin's main contributor will 
> > soon use this feature.
> 
> Colm O hEigeartaigh wrote:
> When will Kylin 2.2.0 be released? If we merge a dependency on a SNAPSHOT 
> version in Ranger, we can't release Ranger until Kylin is released. Do you 
> have any documentation on how to set up a simple test-scenario?
> 
> pengjianhua wrote:
> Ok. The Kylin 2.2.0 will be released  in late October.
> 
> Qiang Zhang wrote:
> Ok. I am writing install guide for the feature.
> 
> Qiang Zhang wrote:
> Hi Colm, Can you tell me how to build a document patch? Thanks!
> 
> Colm O hEigeartaigh wrote:
> I'm not sure what you mean by "document patch". What do you want to do 
> exactly?
> 
> Qiang Zhang wrote:
> I build patch for RANGER-1809 after writed installing guide for 
> RANGER-1672. I want to know which path the document is placed and how to 
> build the document patch. Thanks!
> 
> Colm O hEigeartaigh wrote:
> Well you could add it to the website, but it's probably easier just to 
> create a new wiki page, which is where all the rest of the Ranger 
> documentation lives:
> 
> https://cwiki.apache.org/confluence/display/RANGER/Index
> 
> Qiang Zhang wrote:
> I do not have permission to add or modify wiki page. How I submit the 
> installation guide documentation and operation manual for Kylin plugin and 
> Sqoop2 plugin?

I can add/modify pages, but I can't grant permission. Can you ask Madhan to 
grant you access?


- Colm


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61021/#review186391
---


On Sept. 27, 2017, 9:19 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61021/
> ---
> 
> (Updated Sept. 27, 2017, 9:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1672
> https://issues.apache.org/jira/browse/RANGER-1672
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger supports plugin to enable, monitor and manage apache kylin
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> PRE-CREATION 
>   plugin-kylin/.gitignore PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-kylin/pom.xml PRE-CREATION 
>   plugin-kylin/scripts/install.properties PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/RangerServiceKylin.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinResourceMgr.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinCubeResponse.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinProjectResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-kylin-plugin-shim/.gitignore PRE-CREATION 
>   ranger-kylin-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-kylin-plugin-shim/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 0e97818 
>   src/main/assembly/plugin-kylin.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/61021/diff/3/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>