Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-23 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review189013
---



Hi Colm, I fixed the issue and updated it's patch according to your opinions. 
Thanks!

- pengjianhua


On 十月 24, 2017, 2:59 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated 十月 24, 2017, 2:59 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh 468e8a0b 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-23 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/
---

(Updated 十月 24, 2017, 2:59 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1846
https://issues.apache.org/jira/browse/RANGER-1846


Repository: ranger


Description
---

The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
equal to true.
This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
installer, we should enable it to control the necessary java version.


Diffs (updated)
-

  security-admin/scripts/setup.sh 468e8a0b 


Diff: https://reviews.apache.org/r/63145/diff/3/

Changes: https://reviews.apache.org/r/63145/diff/2-3/


Testing
---


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1810) Ranger supports plugin to enable, monitor and manage apache Sqoop2

2017-10-23 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-1810:

Attachment: (was: 
0001-RANGER-1810-Ranger-supports-plugin-to-enable-monitor.patch)

> Ranger supports plugin to enable, monitor and manage apache Sqoop2
> --
>
> Key: RANGER-1810
> URL: https://issues.apache.org/jira/browse/RANGER-1810
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Affects Versions: 1.0.0, master
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>  Labels: newbie, patch
> Attachments: 
> 0001-RANGER-1810-Ranger-supports-plugin-to-enable-monitor.patch, 
> 0001-RANGER-1810-Ranger-supports-plugin-to-enable-monitor_new.patch, 
> 1_SqoopServiceManager.jpg, 2_EditSqoopService.jpg, 
> 2_EditSqoopService_new.jpg, 3_ListSqoopPolicies.jpg, 4_EditSqoopPolicy.jpg, 
> 4_EditSqoopPolicy_new.jpg, 5_SqoopAuditLog.jpg, 6_SqoopPlugins.jpg
>
>
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.  
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> Our test specialists have rigorously tested this feature.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

2017-10-23 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/#review189003
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 23, 2017, 11:19 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63225/
> ---
> 
> (Updated Oct. 23, 2017, 11:19 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1781
> https://issues.apache.org/jira/browse/RANGER-1781
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch adds two service-def validations (a. for detecting cycles in 
> resource-def graph, and b. to ensure increasing level values in resource-def 
> hierarchies).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  d0f015d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  7a719ab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
>  3f2cc2a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  e8d85c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
>  1a48151 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
>  274028e 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
>  ca055ff 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
>  b779090 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
>  6b774f8 
> 
> 
> Diff: https://reviews.apache.org/r/63225/diff/2/
> 
> 
> Testing
> ---
> 
> Developed unit tests for additional validations.
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

2017-10-23 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/
---

(Updated Oct. 23, 2017, 11:19 p.m.)


Review request for ranger and Madhan Neethiraj.


Changes
---

Addressed review comments


Bugs: RANGER-1781
https://issues.apache.org/jira/browse/RANGER-1781


Repository: ranger


Description
---

This patch adds two service-def validations (a. for detecting cycles in 
resource-def graph, and b. to ensure increasing level values in resource-def 
hierarchies).


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 d0f015d 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
 7a719ab 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
 3f2cc2a 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 e8d85c5 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
 1a48151 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
 274028e 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
 ca055ff 
  
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
 b779090 
  
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
 6b774f8 


Diff: https://reviews.apache.org/r/63225/diff/2/

Changes: https://reviews.apache.org/r/63225/diff/1-2/


Testing
---

Developed unit tests for additional validations.
Ran all unit tests successfully.


Thanks,

Abhay Kulkarni

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

2017-10-23 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/#review188998
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
Lines 588 (patched)


Nitpick - mixing of spaces and tabs makes this harder to read.



agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
Lines 601 (patched)


Add some JavaDoc for this function


- Alejandro Fernandez


On Oct. 23, 2017, 9:45 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63225/
> ---
> 
> (Updated Oct. 23, 2017, 9:45 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1781
> https://issues.apache.org/jira/browse/RANGER-1781
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch adds two service-def validations (a. for detecting cycles in 
> resource-def graph, and b. to ensure increasing level values in resource-def 
> hierarchies).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  d0f015d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  7a719ab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
>  3f2cc2a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  e8d85c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
>  1a48151 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
>  274028e 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
>  ca055ff 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
>  b779090 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
>  6b774f8 
> 
> 
> Diff: https://reviews.apache.org/r/63225/diff/1/
> 
> 
> Testing
> ---
> 
> Developed unit tests for additional validations.
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

2017-10-23 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/#review188995
---


Ship it!




Ship It!

- Madhan Neethiraj


On Oct. 23, 2017, 9:45 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63225/
> ---
> 
> (Updated Oct. 23, 2017, 9:45 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1781
> https://issues.apache.org/jira/browse/RANGER-1781
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch adds two service-def validations (a. for detecting cycles in 
> resource-def graph, and b. to ensure increasing level values in resource-def 
> hierarchies).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  d0f015d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  7a719ab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
>  3f2cc2a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  e8d85c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
>  1a48151 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
>  274028e 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
>  ca055ff 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
>  b779090 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
>  6b774f8 
> 
> 
> Diff: https://reviews.apache.org/r/63225/diff/1/
> 
> 
> Testing
> ---
> 
> Developed unit tests for additional validations.
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

2017-10-23 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/
---

Review request for ranger and Madhan Neethiraj.


Bugs: RANGER-1781
https://issues.apache.org/jira/browse/RANGER-1781


Repository: ranger


Description
---

This patch adds two service-def validations (a. for detecting cycles in 
resource-def graph, and b. to ensure increasing level values in resource-def 
hierarchies).


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
 d0f015d 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
 7a719ab 
  
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
 3f2cc2a 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
 e8d85c5 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
 1a48151 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
 274028e 
  
agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
 ca055ff 
  
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
 b779090 
  
agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
 6b774f8 


Diff: https://reviews.apache.org/r/63225/diff/1/


Testing
---

Developed unit tests for additional validations.
Ran all unit tests successfully.


Thanks,

Abhay Kulkarni

[jira] [Comment Edited] (RANGER-1851) Enhance Ranger Hive Plugin to support authorization for KILL QUERY command

2017-10-23 Thread Ramesh Mani (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16215522#comment-16215522
 ] 

Ramesh Mani edited comment on RANGER-1851 at 10/23/17 5:57 PM:
---

[~bosco], some effort on associating the "actions" with resource is done in 
this JIRA https://issues.apache.org/jira/browse/RANGER-1781
Please check this out and give your inputs on this
pinging [~madhan.neethiraj] [~abhayk]


was (Author: rmani):
[~bosco], some effort on associating the "action" with resource is done in this 
JIRA https://issues.apache.org/jira/browse/RANGER-1781
Please check this out and give your inputs on this
pinging [~madhan.neethiraj] [~abhayk]

> Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
> --
>
> Key: RANGER-1851
> URL: https://issues.apache.org/jira/browse/RANGER-1851
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> With the HIVE-17483 JIRA,  Hive has introduced a way to kill query  and 
> in hive its a privileged  action for Hive Admin Role. In order for the Ranger 
> Hive Authorizer to support authorization, we need to enhance the ranger hive 
> authorizer. Current Hive implementation is to Kill Query in a HiveService 
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped 
> into NAME SPACEs and kill query can be run against them. When 
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization, 
> it will be sending the HIVE SERVICE in the context with the COMMAND that is 
> executed.  
> With all the details proposal is to have 
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive 
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service 
> Admin" to group Kill Query operation.
> - "Service Admin"  permission will enable hive ranger plugin to isolate 
> various admin operations in this case "Kill Query" and in future if hive 
> introduces other operations which are done at "HIVE SERVICE level" , group 
> them under this and authorize.
>- "Service Admin" won't be able to do  DATABASE / TABLE / COLUMN 
> operations as this will all be taken care by the existing 
> DATABASE/TABLE/COLUMN level permission model.
> [~madhan.neethiraj] [~vperiasamy][~thejas][~bosco][~sneethiraj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (RANGER-1851) Enhance Ranger Hive Plugin to support authorization for KILL QUERY command

2017-10-23 Thread Ramesh Mani (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16215522#comment-16215522
 ] 

Ramesh Mani edited comment on RANGER-1851 at 10/23/17 5:56 PM:
---

[~bosco], some effort on associating the "action" with resource is done in this 
JIRA https://issues.apache.org/jira/browse/RANGER-1781
Please check this out and give your inputs on this
pinging [~madhan.neethiraj] [~abhayk]


was (Author: rmani):
[~bosco], some effort one associating the "action" with resource is done in 
this JIRA https://issues.apache.org/jira/browse/RANGER-1781
Please check this out and give your inputs on this
pinging [~madhan.neethiraj] [~abhayk]

> Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
> --
>
> Key: RANGER-1851
> URL: https://issues.apache.org/jira/browse/RANGER-1851
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> With the HIVE-17483 JIRA,  Hive has introduced a way to kill query  and 
> in hive its a privileged  action for Hive Admin Role. In order for the Ranger 
> Hive Authorizer to support authorization, we need to enhance the ranger hive 
> authorizer. Current Hive implementation is to Kill Query in a HiveService 
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped 
> into NAME SPACEs and kill query can be run against them. When 
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization, 
> it will be sending the HIVE SERVICE in the context with the COMMAND that is 
> executed.  
> With all the details proposal is to have 
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive 
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service 
> Admin" to group Kill Query operation.
> - "Service Admin"  permission will enable hive ranger plugin to isolate 
> various admin operations in this case "Kill Query" and in future if hive 
> introduces other operations which are done at "HIVE SERVICE level" , group 
> them under this and authorize.
>- "Service Admin" won't be able to do  DATABASE / TABLE / COLUMN 
> operations as this will all be taken care by the existing 
> DATABASE/TABLE/COLUMN level permission model.
> [~madhan.neethiraj] [~vperiasamy][~thejas][~bosco][~sneethiraj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1851) Enhance Ranger Hive Plugin to support authorization for KILL QUERY command

2017-10-23 Thread Ramesh Mani (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-1851:

Affects Version/s: (was: 0.7.1)

> Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
> --
>
> Key: RANGER-1851
> URL: https://issues.apache.org/jira/browse/RANGER-1851
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> With the HIVE-17483 JIRA,  Hive has introduced a way to kill query  and 
> in hive its a privileged  action for Hive Admin Role. In order for the Ranger 
> Hive Authorizer to support authorization, we need to enhance the ranger hive 
> authorizer. Current Hive implementation is to Kill Query in a HiveService 
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped 
> into NAME SPACEs and kill query can be run against them. When 
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization, 
> it will be sending the HIVE SERVICE in the context with the COMMAND that is 
> executed.  
> With all the details proposal is to have 
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive 
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service 
> Admin" to group Kill Query operation.
> - "Service Admin"  permission will enable hive ranger plugin to isolate 
> various admin operations in this case "Kill Query" and in future if hive 
> introduces other operations which are done at "HIVE SERVICE level" , group 
> them under this and authorize.
>- "Service Admin" won't be able to do  DATABASE / TABLE / COLUMN 
> operations as this will all be taken care by the existing 
> DATABASE/TABLE/COLUMN level permission model.
> [~madhan.neethiraj] [~vperiasamy][~thejas][~bosco][~sneethiraj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1851) Enhance Ranger Hive Plugin to support authorization for KILL QUERY command

2017-10-23 Thread Ramesh Mani (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ramesh Mani updated RANGER-1851:

Affects Version/s: 1.0.0

> Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
> --
>
> Key: RANGER-1851
> URL: https://issues.apache.org/jira/browse/RANGER-1851
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, master
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> With the HIVE-17483 JIRA,  Hive has introduced a way to kill query  and 
> in hive its a privileged  action for Hive Admin Role. In order for the Ranger 
> Hive Authorizer to support authorization, we need to enhance the ranger hive 
> authorizer. Current Hive implementation is to Kill Query in a HiveService 
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped 
> into NAME SPACEs and kill query can be run against them. When 
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization, 
> it will be sending the HIVE SERVICE in the context with the COMMAND that is 
> executed.  
> With all the details proposal is to have 
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive 
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service 
> Admin" to group Kill Query operation.
> - "Service Admin"  permission will enable hive ranger plugin to isolate 
> various admin operations in this case "Kill Query" and in future if hive 
> introduces other operations which are done at "HIVE SERVICE level" , group 
> them under this and authorize.
>- "Service Admin" won't be able to do  DATABASE / TABLE / COLUMN 
> operations as this will all be taken care by the existing 
> DATABASE/TABLE/COLUMN level permission model.
> [~madhan.neethiraj] [~vperiasamy][~thejas][~bosco][~sneethiraj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1781) RangerUI :Policy create/edit form should display only relevant accesses based on the user-selected resource.

2017-10-23 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1781:
-
Fix Version/s: 1.0.0

> RangerUI :Policy create/edit form should display only relevant accesses based 
> on the user-selected resource.
> 
>
> Key: RANGER-1781
> URL: https://issues.apache.org/jira/browse/RANGER-1781
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0
>Reporter: Nitin Galave
>Assignee: Nitin Galave
> Fix For: 1.0.0
>
>
> Policy create/edit form should display only applicable set of access 
> permissions based on the policy resource (excludedAccesses property) and not 
> the entire set of permissions defined for the service definition.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1851) Enhance Ranger Hive Plugin to support authorization for KILL QUERY command

2017-10-23 Thread Ramesh Mani (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16215522#comment-16215522
 ] 

Ramesh Mani commented on RANGER-1851:
-

[~bosco], some effort one associating the "action" with resource is done in 
this JIRA https://issues.apache.org/jira/browse/RANGER-1781
Please check this out and give your inputs on this
pinging [~madhan.neethiraj] [~abhayk]

> Enhance Ranger Hive Plugin to support authorization for KILL QUERY command
> --
>
> Key: RANGER-1851
> URL: https://issues.apache.org/jira/browse/RANGER-1851
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 0.7.1
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Critical
>
> With the HIVE-17483 JIRA,  Hive has introduced a way to kill query  and 
> in hive its a privileged  action for Hive Admin Role. In order for the Ranger 
> Hive Authorizer to support authorization, we need to enhance the ranger hive 
> authorizer. Current Hive implementation is to Kill Query in a HiveService 
> which can be LLAP / HIVESERVER2 , later these HIVE SERVICEs can be grouped 
> into NAME SPACEs and kill query can be run against them. When 
> HiveServer2/LLAP Ranger Plugin sends the request to Ranger for Authorization, 
> it will be sending the HIVE SERVICE in the context with the COMMAND that is 
> executed.  
> With all the details proposal is to have 
> 1) In Ranger Hive Service Definition, we will have a new Resource "Hive 
> Service" to authorize.
> 2) In Ranger Hive Permission Model, we will have a new Permission "Service 
> Admin" to group Kill Query operation.
> - "Service Admin"  permission will enable hive ranger plugin to isolate 
> various admin operations in this case "Kill Query" and in future if hive 
> introduces other operations which are done at "HIVE SERVICE level" , group 
> them under this and authorize.
>- "Service Admin" won't be able to do  DATABASE / TABLE / COLUMN 
> operations as this will all be taken care by the existing 
> DATABASE/TABLE/COLUMN level permission model.
> [~madhan.neethiraj] [~vperiasamy][~thejas][~bosco][~sneethiraj]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1855) Importing and translating policies from Apache Sentry

2017-10-23 Thread Srikanth Venkat (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16215486#comment-16215486
 ] 

Srikanth Venkat commented on RANGER-1855:
-

[~coheig] Can you provide feedback on this idea and any other requirements that 
are needed to be specified for this?

> Importing and translating policies from Apache Sentry 
> --
>
> Key: RANGER-1855
> URL: https://issues.apache.org/jira/browse/RANGER-1855
> Project: Ranger
>  Issue Type: New Feature
>  Components: Ranger
>Reporter: Srikanth Venkat
>Priority: Critical
>
> As an enterprise security admin, I would like to be able to translate or bulk 
> import RBAC based access control polices from Apache Sentry so that I can 
> enhance my access control and authorization entitlements as ABAC based 
> policies within Ranger with dynamic policy conditions.
> Implementation considerations:
> # Given an Apache Sentry policy repository be able to translate authz 
> policies from either Sentry policy store DB or using the policy export tool 
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61309948 . 
> # If Sentry has REST APIs to support exporting from its policy store, perhaps 
> some of our community members can comment on whether there is a better way to 
> provide the policy translation and import into Ranger policy store.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1855) Importing and translating policies from Apache Sentry

2017-10-23 Thread Srikanth Venkat (JIRA) 
Srikanth Venkat created RANGER-1855:
---

 Summary: Importing and translating policies from Apache Sentry 
 Key: RANGER-1855
 URL: https://issues.apache.org/jira/browse/RANGER-1855
 Project: Ranger
  Issue Type: New Feature
  Components: Ranger
Reporter: Srikanth Venkat
Priority: Critical


As an enterprise security admin, I would like to be able to translate or bulk 
import RBAC based access control polices from Apache Sentry so that I can 
enhance my access control and authorization entitlements as ABAC based policies 
within Ranger with dynamic policy conditions.

Implementation considerations:
# Given an Apache Sentry policy repository be able to translate authz policies 
from either Sentry policy store DB or using the policy export tool 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61309948 . 
# If Sentry has REST APIs to support exporting from its policy store, perhaps 
some of our community members can comment on whether there is a better way to 
provide the policy translation and import into Ranger policy store.






--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 63216: RANGER-1853: Masking functions based on custom masking of string types fails to unescape quotes properly.

2017-10-23 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63216/#review188938
---


Ship it!




Ship It!

- Velmurugan Periasamy


On Oct. 23, 2017, 2:21 p.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63216/
> ---
> 
> (Updated Oct. 23, 2017, 2:21 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-1853
> https://issues.apache.org/jira/browse/RANGER-1853
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a custom masking function is written which uses strings that need to be 
> quote in the UI, the quotes in the string are not unescaped properly. When 
> the policy with such incorrectly escaped stings is saved and executed, any 
> Hive queries that invoke this policy fail to parse causing Hive query to 
> throw a syntax error.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
> 73ea8fe 
> 
> 
> Diff: https://reviews.apache.org/r/63216/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Verified Policy CRUD using single quotes in the masking policy condition 
> working as expected i.e not escaping single quote after saving the policy.
> 2.Verified policy difference view for that policy (i.e in Audit Menu --> 
> Admin tab).
> 3.Also verified policy enforcement for custom masking condition.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Review Request 63216: RANGER-1853: Masking functions based on custom masking of string types fails to unescape quotes properly.

2017-10-23 Thread Nitin Galave 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63216/
---

Review request for ranger, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.


Bugs: RANGER-1853
https://issues.apache.org/jira/browse/RANGER-1853


Repository: ranger


Description
---

When a custom masking function is written which uses strings that need to be 
quote in the UI, the quotes in the string are not unescaped properly. When the 
policy with such incorrectly escaped stings is saved and executed, any Hive 
queries that invoke this policy fail to parse causing Hive query to throw a 
syntax error.


Diffs
-

  security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
73ea8fe 


Diff: https://reviews.apache.org/r/63216/diff/1/


Testing
---

1.Verified Policy CRUD using single quotes in the masking policy condition 
working as expected i.e not escaping single quote after saving the policy.
2.Verified policy difference view for that policy (i.e in Audit Menu --> Admin 
tab).
3.Also verified policy enforcement for custom masking condition.


Thanks,

Nitin Galave

[jira] [Updated] (RANGER-1853) Masking functions based on custom masking of string types fails to unescape quotes properly.

2017-10-23 Thread Nitin Galave (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nitin Galave updated RANGER-1853:
-
Attachment: RANGER-1853.patch

> Masking functions based on custom masking of string types fails to unescape 
> quotes properly.
> 
>
> Key: RANGER-1853
> URL: https://issues.apache.org/jira/browse/RANGER-1853
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, 0.7.2
>Reporter: Srikanth Venkat
>Assignee: Nitin Galave
> Fix For: 1.0.0, 0.7.2
>
> Attachments: RANGER-1853.patch
>
>
> When a custom masking function is written which uses strings that need to be 
> quote in the UI, the quotes in the string are not unescaped properly. When 
> the policy with such incorrectly escaped stings is saved and executed, any 
> Hive queries that invoke this policy fail to parse causing Hive query to 
> throw a syntax error.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1853) Masking functions based on custom masking of string types fails to unescape quotes properly.

2017-10-23 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1853:
-
Reporter: Srikanth Venkat  (was: Nitin Galave)

> Masking functions based on custom masking of string types fails to unescape 
> quotes properly.
> 
>
> Key: RANGER-1853
> URL: https://issues.apache.org/jira/browse/RANGER-1853
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.0, 0.7.2
>Reporter: Srikanth Venkat
>Assignee: Nitin Galave
> Fix For: 1.0.0, 0.7.2
>
>
> When a custom masking function is written which uses strings that need to be 
> quote in the UI, the quotes in the string are not unescaped properly. When 
> the policy with such incorrectly escaped stings is saved and executed, any 
> Hive queries that invoke this policy fail to parse causing Hive query to 
> throw a syntax error.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1853) Masking functions based on custom masking of string types fails to unescape quotes properly.

2017-10-23 Thread Nitin Galave (JIRA) 
Nitin Galave created RANGER-1853:


 Summary: Masking functions based on custom masking of string types 
fails to unescape quotes properly.
 Key: RANGER-1853
 URL: https://issues.apache.org/jira/browse/RANGER-1853
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 1.0.0, 0.7.2
Reporter: Nitin Galave
Assignee: Nitin Galave
 Fix For: 1.0.0, 0.7.2


When a custom masking function is written which uses strings that need to be 
quote in the UI, the quotes in the string are not unescaped properly. When the 
policy with such incorrectly escaped stings is saved and executed, any Hive 
queries that invoke this policy fail to parse causing Hive query to throw a 
syntax error.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-23 Thread peng.jianhua (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16215035#comment-16215035
 ] 

peng.jianhua commented on RANGER-1846:
--

[~coheigea], you are right. I will modified it. Thanks!

> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
>
> Key: RANGER-1846
> URL: https://issues.apache.org/jira/browse/RANGER-1846
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch
>
>
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2

2017-10-23 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62710/#review188933
---


Ship it!




Ship It!

- pengjianhua


On 十月 23, 2017, 9 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62710/
> ---
> 
> (Updated 十月 23, 2017, 9 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1810
> https://issues.apache.org/jira/browse/RANGER-1810
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> PRE-CREATION 
>   plugin-sqoop/.gitignore PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION 
>   plugin-sqoop/pom.xml PRE-CREATION 
>   plugin-sqoop/scripts/install.properties PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-sqoop-plugin-shim/.gitignore PRE-CREATION 
>   ranger-sqoop-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3f8697e 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 811db0c 
>   src/main/assembly/admin-web.xml 4dc52fd 
>   src/main/assembly/plugin-sqoop.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62710/diff/4/
> 
> 
> Testing
> ---
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2

2017-10-23 Thread Colm O hEigeartaigh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62710/#review188931
---


Ship it!




Ship It!

- Colm O hEigeartaigh


On Oct. 23, 2017, 9 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62710/
> ---
> 
> (Updated Oct. 23, 2017, 9 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1810
> https://issues.apache.org/jira/browse/RANGER-1810
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> PRE-CREATION 
>   plugin-sqoop/.gitignore PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION 
>   plugin-sqoop/pom.xml PRE-CREATION 
>   plugin-sqoop/scripts/install.properties PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-sqoop-plugin-shim/.gitignore PRE-CREATION 
>   ranger-sqoop-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3f8697e 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 811db0c 
>   src/main/assembly/admin-web.xml 4dc52fd 
>   src/main/assembly/plugin-sqoop.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62710/diff/4/
> 
> 
> Testing
> ---
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

[jira] [Commented] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-23 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214974#comment-16214974
 ] 

Colm O hEigeartaigh commented on RANGER-1846:
-

We should change the logic so that only an error is thrown if the JDK version 
is less than the required version.

> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
>
> Key: RANGER-1846
> URL: https://issues.apache.org/jira/browse/RANGER-1846
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch
>
>
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Reopened] (RANGER-1846) This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

2017-10-23 Thread Colm O hEigeartaigh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh reopened RANGER-1846:
-

There is a regression here...

sudo -E ./setup.sh 
2017-10-23 12:13:18,739   - Running Ranger PolicyManager Web 
Application Install Script - 
2017-10-23 12:13:18,740  [I] uname=Linux
2017-10-23 12:13:18,742  [I] hostname=colm-Precision-M4800
2017-10-23 12:13:18,745  [I] DB_FLAVOR=MYSQL
2017-10-23 12:13:18,746  [I] Audit source=solr
2017-10-23 12:13:18,748  [I] Checking distribution name..
2017-10-23 12:13:18,814  [I] Found distribution : Ubuntu
2017-10-23 12:13:18,815  [I] check if command /opt/jdk1.8.0_144/bin/java exists
2017-10-23 12:13:18,816  [I] '/opt/jdk1.8.0_144/bin/java' command found
2017-10-23 12:13:18,865  [E] Java 1.7 is required, current java version is 
1.8.0_144



> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
>
> Key: RANGER-1846
> URL: https://issues.apache.org/jira/browse/RANGER-1846
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Fix For: 1.0.0, master
>
> Attachments: 
> 0001-RANGER-1846-This-JAVA_VERSION_REQUIRED-configuration.patch
>
>
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 61021: RANGER-1672:Ranger supports plugin to enable, monitor and manage apache kylin

2017-10-23 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61021/#review188928
---



Please refer to the kylin plugin installation guide.
https://cwiki.apache.org/confluence/display/RANGER/Kylin+Plugin

- Qiang Zhang


On Sept. 27, 2017, 9:19 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61021/
> ---
> 
> (Updated Sept. 27, 2017, 9:19 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1672
> https://issues.apache.org/jira/browse/RANGER-1672
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger supports plugin to enable, monitor and manage apache kylin
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> PRE-CREATION 
>   plugin-kylin/.gitignore PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-audit.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-kylin-security.xml PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-kylin/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-kylin/pom.xml PRE-CREATION 
>   plugin-kylin/scripts/install.properties PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/RangerServiceKylin.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinClient.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/KylinResourceMgr.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinCubeResponse.java
>  PRE-CREATION 
>   
> plugin-kylin/src/main/java/org/apache/ranger/services/kylin/client/json/model/KylinProjectResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-kylin-plugin-shim/.gitignore PRE-CREATION 
>   ranger-kylin-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-kylin-plugin-shim/src/main/java/org/apache/ranger/authorization/kylin/authorizer/RangerKylinAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 0e97818 
>   src/main/assembly/plugin-kylin.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/61021/diff/3/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2

2017-10-23 Thread Qiang Zhang 


> On 十月 20, 2017, 3:48 p.m., Colm O hEigeartaigh wrote:
> > Looks good thanks. Just three more changes:
> > 
> > a) Add a "hover over" hint for "Sqoop URL" in the Admin Console (e.g. 
> > should be "http://localhost:12000;)
> > b) Remove "password" from the UI as it's not used
> > c) Remove "password" from SqoopClient as it's not used.

OK, thanks.


- Qiang


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62710/#review188844
---


On 十月 23, 2017, 9 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62710/
> ---
> 
> (Updated 十月 23, 2017, 9 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1810
> https://issues.apache.org/jira/browse/RANGER-1810
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> PRE-CREATION 
>   plugin-sqoop/.gitignore PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION 
>   plugin-sqoop/pom.xml PRE-CREATION 
>   plugin-sqoop/scripts/install.properties PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-sqoop-plugin-shim/.gitignore PRE-CREATION 
>   ranger-sqoop-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3f8697e 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 811db0c 
>   src/main/assembly/admin-web.xml 4dc52fd 
>   src/main/assembly/plugin-sqoop.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62710/diff/4/
> 
> 
> Testing
> ---
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62882: Good coding practice-add additional headers in ranger

2017-10-23 Thread Mehul Parikh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62882/#review188924
---


Ship it!




Ship It!

- Mehul Parikh


On Oct. 17, 2017, 10:54 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62882/
> ---
> 
> (Updated Oct. 17, 2017, 10:54 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1828
> https://issues.apache.org/jira/browse/RANGER-1828
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice-add additional headers in ranger.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  721dd44 
> 
> 
> Diff: https://reviews.apache.org/r/62882/diff/2/
> 
> 
> Testing
> ---
> 
> 1)Verified if response contains additional headers on simple ranger(http).
> 2)Verified if response contains additional headers on kerberized ranger.
> 3)Verified if response contains additional headers on SSL ranger(https).
> 4)Verified if response contains additional headers on kerberized+SSL ranger.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>