Re: Review Request 63209: RANGER-1644 changed crypto algorithm to a strong one
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63209/#review188920 --- @Endre Zoltan Kovacs : Have you tested plugins test-connection? If someone upgrade from ranger-0.6 to ranger-0.7 or master after then check plugins test-connection should not break, can you please confirm that. note: If you want to use stronger crypto algorithm than you can directly specify in ranger-admin-default-site.xml rather than changing default value in PasswordUtils.java - bhavik patel On Oct. 22, 2017, 3:46 p.m., Endre Zoltan Kovacs wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63209/ > --- > > (Updated Oct. 22, 2017, 3:46 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1644 > https://issues.apache.org/jira/browse/RANGER-1644 > > > Repository: ranger > > > Description > --- > > changing outdate hash algorigthms: MD5 => SHA512 > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java > 58cdd3531 > > agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java > 4e135aaa7 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > da650747d > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java > 3dd761a2b > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > 9dfc03df1 > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > 976fd0cb8 > > > Diff: https://reviews.apache.org/r/63209/diff/1/ > > > Testing > --- > > PasswordUtilsTest: added new unit test and updated previous ones > Added service update test: on service update new service password will be > encrypted with the new algorithm > > > Thanks, > > Endre Zoltan Kovacs > >
[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin
[ https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214621#comment-16214621 ] Qiang Zhang commented on RANGER-1672: - [~bosco], Ok. Thanks very much! > Ranger supports plugin to enable, monitor and manage apache kylin > - > > Key: RANGER-1672 > URL: https://issues.apache.org/jira/browse/RANGER-1672 > Project: Ranger > Issue Type: New Feature > Components: plugins >Reporter: Qiang Zhang >Assignee: Qiang Zhang > Labels: newbie, patch > Attachments: > 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, > KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, > KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg > > > Apache Kylin is an open source Distributed Analytics Engine designed to > provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop > supporting extremely large datasets, original contributed from eBay Inc. > Apache Kylin lets user query massive data set at sub-second latency in 3 > steps. > 1. Identify a Star Schema on Hadoop. > 2. Build Cube from the identified tables. > 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or > RESTful API. > We should support that using Ranger to control kylin's access rights for > project and cube. > Specific implementation plan is as following: > On the ranger website, administrators can configure policies to control user > access to projects and cube permissions. > Kylin provides an abstract class and authorization interfaces for use by the > ranger plugin. kylin instantiates ranger plugin’s implementation class when > starting(this class extends the abstract class provided by kylin). > Ranger plugin periodically polls ranger admin, updates the policy to the > local, and updates project and cube access rights based on policy information. > In the Kylin side: > 1. Kylin provides an abstract class that enables the ranger plugin's > implementation class to extend. > 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin > implementation class's name. > 3. Instantiate the ranger plugin implementation class when starting kylin. > 4. kylin provides authorization interfaces for ranger plugin calls. > 5. According to the ranger authorization configuration item, hide kylin's > authorization management page. > 6. Using ranger manager access rights of the kylin does not affect kylin's > existing permissions functions and logic. > In the Ranger side: > 1. Ranger plugin will periodically polls ranger admin, updates the policy to > the local. > 2. The ranger plugin invoking the authorization interfaces provided by kylin > to updates the project and cube access rights based on the policy information. > reference link:https://issues.apache.org/jira/browse/KYLIN-2703 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1847) Ranger Kafka Plugin sasl.enabled.mechanisms=PLAIN
[ https://issues.apache.org/jira/browse/RANGER-1847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214607#comment-16214607 ] Don Bosco Durai commented on RANGER-1847: - Yes, you should continue the discussion on the user mailing list. I personally have mostly used Kerberos with Kafka. But there might be others might have used your configuration. If not, one of can try to reproduce it. > Ranger Kafka Plugin sasl.enabled.mechanisms=PLAIN > - > > Key: RANGER-1847 > URL: https://issues.apache.org/jira/browse/RANGER-1847 > Project: Ranger > Issue Type: Test > Components: plugins >Affects Versions: 0.6.3, 0.7.1 > Environment: ubuntu stand-alone hobby environment >Reporter: Ronald van de Kuil >Priority: Minor > Fix For: 0.6.3 > > > I am such a NOOB hobby-ing away. And I like it. ;) > I figured I would give it a try to setup Kafka to use the > sasl.enabled.mechanisms of type PLAIN with ranger to do the authorisation and > the auditing (instead of GSSAPI). > I got it to work pretty far. KafkaServer gets into state SaslAuthenticated > with Zookeeper. > Next it loads the ranger kafka plugin. Then the RangerKafkaAuthorizer > complains about Kerberos. > I then updated the CLASSPATH and it complains about something else. > I am not sure how to classify this issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
[ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214590#comment-16214590 ] Don Bosco Durai commented on RANGER-1644: - [~andrewsmith87], is there any backward compatibility concerns? Would it affect anyone with an existing installation of Ranger? > Change the default Crypt Algo to use stronger cryptographic algo. > -- > > Key: RANGER-1644 > URL: https://issues.apache.org/jira/browse/RANGER-1644 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Critical > Attachments: > 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch > > > Change the default crypt algorithm to use a stronger cipher algorithm -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1672) Ranger supports plugin to enable, monitor and manage apache kylin
[ https://issues.apache.org/jira/browse/RANGER-1672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214588#comment-16214588 ] Don Bosco Durai commented on RANGER-1672: - [~zhangqiang2], can you try now? > Ranger supports plugin to enable, monitor and manage apache kylin > - > > Key: RANGER-1672 > URL: https://issues.apache.org/jira/browse/RANGER-1672 > Project: Ranger > Issue Type: New Feature > Components: plugins >Reporter: Qiang Zhang >Assignee: Qiang Zhang > Labels: newbie, patch > Attachments: > 0001-RANGER-1672-Ranger-supports-plugin-to-enable-monitor.patch, > KylinAuditLog.jpg, KylinPlugins.jpg, KylinPolicies.jpg, > KylinServiceEntry.jpg, NewKylinPolicy.jpg, NewKylinService.jpg > > > Apache Kylin is an open source Distributed Analytics Engine designed to > provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop > supporting extremely large datasets, original contributed from eBay Inc. > Apache Kylin lets user query massive data set at sub-second latency in 3 > steps. > 1. Identify a Star Schema on Hadoop. > 2. Build Cube from the identified tables. > 3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or > RESTful API. > We should support that using Ranger to control kylin's access rights for > project and cube. > Specific implementation plan is as following: > On the ranger website, administrators can configure policies to control user > access to projects and cube permissions. > Kylin provides an abstract class and authorization interfaces for use by the > ranger plugin. kylin instantiates ranger plugin’s implementation class when > starting(this class extends the abstract class provided by kylin). > Ranger plugin periodically polls ranger admin, updates the policy to the > local, and updates project and cube access rights based on policy information. > In the Kylin side: > 1. Kylin provides an abstract class that enables the ranger plugin's > implementation class to extend. > 2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin > implementation class's name. > 3. Instantiate the ranger plugin implementation class when starting kylin. > 4. kylin provides authorization interfaces for ranger plugin calls. > 5. According to the ranger authorization configuration item, hide kylin's > authorization management page. > 6. Using ranger manager access rights of the kylin does not affect kylin's > existing permissions functions and logic. > In the Ranger side: > 1. Ranger plugin will periodically polls ranger admin, updates the policy to > the local. > 2. The ranger plugin invoking the authorization interfaces provided by kylin > to updates the project and cube access rights based on the policy information. > reference link:https://issues.apache.org/jira/browse/KYLIN-2703 -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.
[ https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua resolved RANGER-1846. -- Resolution: Fixed Fix Version/s: master 1.0.0 > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. > > > Key: RANGER-1846 > URL: https://issues.apache.org/jira/browse/RANGER-1846 > Project: Ranger > Issue Type: Bug > Components: admin >Affects Versions: 1.0.0, master >Reporter: peng.jianhua >Assignee: peng.jianhua > Labels: patch > Fix For: 1.0.0, master > > Attachments: > 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch > > > The java version must be equal to or more than 1.8 when we set db_ssl_enabled > equal to true. > This JAVA_VERSION_REQUIRED configuration item is invalid in security admin > installer, we should enable it to control the necessary java version. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
[ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214370#comment-16214370 ] Endre Kovacs commented on RANGER-1644: -- Hi [~sneethiraj] please see attached patch / review request: https://reviews.apache.org/r/63209/ i changed the default MD5 with DES to SHA512 with AES 128 it is only 128, since that is the key length supported by default on the JVM without the need of downloading the JCE files. please let me know if i need to change / improve my solution. Best regards, Endre > Change the default Crypt Algo to use stronger cryptographic algo. > -- > > Key: RANGER-1644 > URL: https://issues.apache.org/jira/browse/RANGER-1644 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Critical > Attachments: > 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch > > > Change the default crypt algorithm to use a stronger cipher algorithm -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1827) micro benchmark for policy evaluation
[ https://issues.apache.org/jira/browse/RANGER-1827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214362#comment-16214362 ] Endre Kovacs commented on RANGER-1827: -- hi [~madhan.neethiraj], [~vperiasamy] Please let me know, if you have further change request. Best regards, Endre > micro benchmark for policy evaluation > - > > Key: RANGER-1827 > URL: https://issues.apache.org/jira/browse/RANGER-1827 > Project: Ranger > Issue Type: Test > Components: Ranger >Affects Versions: master >Reporter: Endre Kovacs >Assignee: Endre Kovacs >Priority: Minor > Labels: performance, test > Fix For: 1.0.0 > > Attachments: > 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch, > performance-chart-trie-enabled.html, performance-chart.html, > policy-evaluation-performance.png > > > implement micro benchmark testing the performance of RangerPolicyEngine at > different load of # of policies and # of concurrent users -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
[ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1644: - Attachment: 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch > Change the default Crypt Algo to use stronger cryptographic algo. > -- > > Key: RANGER-1644 > URL: https://issues.apache.org/jira/browse/RANGER-1644 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Critical > Attachments: > 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch > > > Change the default crypt algorithm to use a stronger cipher algorithm -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Review Request 63209: RANGER-1644 changed crypto algorithm to a strong one
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63209/ --- Review request for ranger. Bugs: RANGER-1644 https://issues.apache.org/jira/browse/RANGER-1644 Repository: ranger Description --- changing outdate hash algorigthms: MD5 => SHA512 Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 58cdd3531 agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java 4e135aaa7 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da650747d security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java 3dd761a2b security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03df1 security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 976fd0cb8 Diff: https://reviews.apache.org/r/63209/diff/1/ Testing --- PasswordUtilsTest: added new unit test and updated previous ones Added service update test: on service update new service password will be encrypted with the new algorithm Thanks, Endre Zoltan Kovacs
[jira] [Updated] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
[ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs updated RANGER-1644: - Attachment: 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch stronger algorithm for password encryption. > Change the default Crypt Algo to use stronger cryptographic algo. > -- > > Key: RANGER-1644 > URL: https://issues.apache.org/jira/browse/RANGER-1644 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Critical > Attachments: > 0001-RANGER-1644-replacing-MD5-DES-with-SHA512-AES128.patch > > > Change the default crypt algorithm to use a stronger cipher algorithm -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (RANGER-1644) Change the default Crypt Algo to use stronger cryptographic algo.
[ https://issues.apache.org/jira/browse/RANGER-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Endre Kovacs reassigned RANGER-1644: Assignee: Endre Kovacs > Change the default Crypt Algo to use stronger cryptographic algo. > -- > > Key: RANGER-1644 > URL: https://issues.apache.org/jira/browse/RANGER-1644 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Critical > > Change the default crypt algorithm to use a stronger cipher algorithm -- This message was sent by Atlassian JIRA (v6.4.14#64029)