[jira] [Updated] (RANGER-2036) Allow Auditor and KMS Auditor role user to Export of Excel and CSV

2018-04-02 Thread Mehul Parikh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mehul Parikh updated RANGER-2036:
-
Fix Version/s: (was: 1.0.1)
   1.1.0

> Allow Auditor and KMS Auditor role user to Export of Excel and CSV
> --
>
> Key: RANGER-2036
> URL: https://issues.apache.org/jira/browse/RANGER-2036
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
>
> From UI : Auditor and KMS Auditor role users should be able to export 
> policies to Excel and CSV ONLY FROM Reports page.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2040) Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.

2018-04-02 Thread Mehul Parikh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2040?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mehul Parikh updated RANGER-2040:
-
Fix Version/s: (was: 1.0.1)
   1.1.0

> Improvement in Analytics Metric of Ranger Admin and Ranger Kms for 
> Users/groups metric collection for Auditor Role.
> ---
>
> Key: RANGER-2040
> URL: https://issues.apache.org/jira/browse/RANGER-2040
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2040.patch
>
>
> Improvement in Analytics Metric of Ranger Admin and Ranger Kms for 
> Users/groups metric collection for Auditor Role.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2039) Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Mehul Parikh (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mehul Parikh updated RANGER-2039:
-
Fix Version/s: (was: 1.0.1)
   1.1.0

> Allow access to Audit tab for all users of role Keyadmin and KMS Auditor 
> -
>
> Key: RANGER-2039
> URL: https://issues.apache.org/jira/browse/RANGER-2039
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2039.patch
>
>
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV

2018-04-02 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66281/
---

(Updated April 3, 2018, 5:23 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: Ranger-2036
https://issues.apache.org/jira/browse/Ranger-2036


Repository: ranger


Description
---

>From UI : Auditor and KMS Auditor role users should be able to export policies 
>to Excel and CSV ONLY FROM Reports page.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 1bff815 
  security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
95ee3c7 
  security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 
3bd098d 


Diff: https://reviews.apache.org/r/66281/diff/1/


Testing
---

Tested that Auditor and KMS Auditor role users are able to download Excel and 
CSV only from report page


Thanks,

Fatima Khan

Re: Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.

2018-04-02 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66301/
---

(Updated April 3, 2018, 5:23 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2040
https://issues.apache.org/jira/browse/RANGER-2040


Repository: ranger


Description
---

Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups 
metric collection for Auditor Role.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java 
f1e18e5 
  
security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java 
345465d 


Diff: https://reviews.apache.org/r/66301/diff/1/


Testing
---

Tested that in user/groups metric collection we are getting Auditor role users.


Thanks,

Fatima Khan

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
---

(Updated April 3, 2018, 5:22 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2039
https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
---

Currently by default users having Keyadmin or KMS auditor role doesn't get 
access to Audits tab in Ranger UI, but ideally it should have audit access 
right so that when we login through keyadmin and KMS Auditor we should be able 
to view the KMS related audits and user/groups tab.


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/


Testing
---

Tested the by creating Auditor and KMS Auditor role user's get default access 
to users/groups tab and Audit tab


Thanks,

Fatima Khan

Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good practices

2018-04-02 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200338
---




kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 81-84 (original), 133-141 (patched)


The getEncryptedMK function can return null. This segment code has logic 
error if the getEncryptedMK return null.



kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 81-84 (original), 133-141 (patched)


The getEncryptedMK function can return null. This segment code has logic 
error if the getEncryptedMK return null.



kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Lines 211-219 (patched)


This segment code will throw exception if encryptedPwd.length > 1 and 
encryptedPwd.length < 7


- Qiang Zhang


On March 29, 2018, 12:10 p.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> ---
> 
> (Updated March 29, 2018, 12:10 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Code Improvement To Follow Best Practices.
> 
> 
> Diffs
> -
> 
>   kms/config/kms-webapp/dbks-site.xml 2fc5177 
>   kms/scripts/DBMK2HSM.sh 89c8c2d 
>   kms/scripts/HSMMK2DB.sh 2637cf6 
>   kms/scripts/importJCEKSKeys.sh d72c93e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
> 
> 
> Diff: https://reviews.apache.org/r/66357/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Updated] (RANGER-2054) Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-2054:

Affects Version/s: master

> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
>
> Key: RANGER-2054
> URL: https://issues.apache.org/jira/browse/RANGER-2054
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: master, 1.1.0
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Minor
>  Labels: patch
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2054-Fix-new-findBugs-in-RangerAdminClientImp.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66389: RANGER-2054:Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66389/#review200337
---


Ship it!




Ship It!

- pengjianhua


On 四月 2, 2018, 7:13 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66389/
> ---
> 
> (Updated 四月 2, 2018, 7:13 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2054
> https://issues.apache.org/jira/browse/RANGER-2054
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> 
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D
> 
> 
> Diffs
> -
> 
>   
> plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
>  0c465b3 
> 
> 
> Diff: https://reviews.apache.org/r/66389/diff/1/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66294: RANGER-1985: Code changes to support follow-up tasks

2018-04-02 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66294/
---

(Updated April 3, 2018, 1:01 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

Fixed PMD violations


Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985


Repository: ranger


Description
---

– Add other meta-data to sync source popup (like group search first enabled)
– Distinguish between full sync and incremental sync events
– Show synctime, last modified time in event time format
– In addition to #users/groups sync'ed from source, show added/updated users 
(explore this to see how best to show this without confusing users)


Diffs (updated)
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51cc 
  security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql 
2405a3ef 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776f 
  
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql 
e03e8937 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc7 
  
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql
 2227f011 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788cc 
  
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql
 26d857b5 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f1094 
  
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql
 362f4152 
  security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
56098338 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 85a96512 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
 bf6f6e15 
  security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
d8c66ca1 
  security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
fd2d8e11 
  security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
6fef928a 
  security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
47bd839d 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 7d85f33b 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 54a519a9 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 85cba3c5 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 45eeb1bc 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
 02387e11 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
 318138d4 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java 
9dfd3a55 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
 97b95a1f 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
 a50b0c76 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 9d3112dd 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 c58589ef 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java 
f078cb8d 
  
ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
 312ea9b8 


Diff: https://reviews.apache.org/r/66294/diff/3/

Changes: https://reviews.apache.org/r/66294/diff/2-3/


Testing
---

1. Performed functional tests with unix, file, and LDAP/AD as sync sources
2. Performed functional tests with different combinations of group search and 
user search with AD/LDAP as sync source
3. Also ran some functional tests with and without incremental sync and nested 
groups


Thanks,

Sailaja Polavarapu

Re: Review Request 66294: RANGER-1985: Code changes to support follow-up tasks

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66294/#review200327
---




ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
Line 112 (original), 112 (patched)


This creates a PMD violation. Could you please check? 

```



https://pmd.github.io/pmd-5.5.1/pmd-java/rules/java/unusedcode.html#UnusedFormalParameter;
 priority="3">
Avoid unused method parameters such as 'forceSync'.



```


- Velmurugan Periasamy


On April 2, 2018, 10:39 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66294/
> ---
> 
> (Updated April 2, 2018, 10:39 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> – Add other meta-data to sync source popup (like group search first enabled)
> – Distinguish between full sync and incremental sync events
> – Show synctime, last modified time in event time format
> – In addition to #users/groups sync'ed from source, show added/updated users 
> (explore this to see how best to show this without confusing users)
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51cc 
>   
> security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql 
> 2405a3ef 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776f 
>   
> security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql
>  e03e8937 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc7 
>   
> security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql
>  2227f011 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788cc 
>   
> security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql
>  26d857b5 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f1094 
>   
> security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql
>  362f4152 
>   
> security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
> 56098338 
>   
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
>  85a96512 
>   
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
>  bf6f6e15 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
> d8c66ca1 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
> fd2d8e11 
>   security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
> 6fef928a 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
> 47bd839d 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
>  7d85f33b 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
>  54a519a9 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
>  85cba3c5 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
>  45eeb1bc 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
>  02387e11 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
>  318138d4 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java
>  9dfd3a55 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
>  97b95a1f 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
>  a50b0c76 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
>  9d3112dd 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  c58589ef 
>   ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java 
> f078cb8d 
>   
> ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
>  312ea9b8 
> 
> 
> Diff: https://reviews.apache.org/r/66294/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Performed functional tests with unix, file, and LDAP/AD as sync sources
> 2. Performed functional tests with different combinations of group search and 
>

Re: Review Request 66294: RANGER-1985: Code changes to support follow-up tasks

2018-04-02 Thread Sailaja Polavarapu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66294/
---

(Updated April 2, 2018, 10:39 p.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
---

re-generated the patch based on the latest changes from master


Bugs: RANGER-1985
https://issues.apache.org/jira/browse/RANGER-1985


Repository: ranger


Description
---

– Add other meta-data to sync source popup (like group search first enabled)
– Distinguish between full sync and incremental sync events
– Show synctime, last modified time in event time format
– In addition to #users/groups sync'ed from source, show added/updated users 
(explore this to see how best to show this without confusing users)


Diffs (updated)
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51cc 
  security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql 
2405a3ef 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776f 
  
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql 
e03e8937 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc7 
  
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql
 2227f011 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788cc 
  
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql
 26d857b5 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f1094 
  
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql
 362f4152 
  security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java 
56098338 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 85a96512 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java
 bf6f6e15 
  security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java 
d8c66ca1 
  security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java 
fd2d8e11 
  security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java 
6fef928a 
  security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java 
47bd839d 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
 7d85f33b 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java
 54a519a9 
  
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java
 85cba3c5 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 45eeb1bc 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java
 02387e11 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java
 318138d4 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java 
9dfd3a55 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java
 97b95a1f 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java
 a50b0c76 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
 9d3112dd 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
 c58589ef 
  ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java 
f078cb8d 
  
ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java
 312ea9b8 


Diff: https://reviews.apache.org/r/66294/diff/2/

Changes: https://reviews.apache.org/r/66294/diff/1-2/


Testing
---

1. Performed functional tests with unix, file, and LDAP/AD as sync sources
2. Performed functional tests with different combinations of group search and 
user search with AD/LDAP as sync source
3. Also ran some functional tests with and without incremental sync and nested 
groups


Thanks,

Sailaja Polavarapu

Re: Review Request 66294: RANGER-1985: Code changes to support follow-up tasks

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66294/#review200320
---




security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
Line 1221 (original), 1221 (patched)


Patch fails to apply. Please check. 

```
$ git apply --check -v < 
~/Downloads/0001-RANGER-1985-Code-changes-to-support-follow-up-tasks-.patch
Checking patch 
security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql...
Checking patch 
security-admin/db/mysql/patches/031-create-schema-for-usersync-audit-info.sql...
Checking patch 
security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql...
Checking patch 
security-admin/db/oracle/patches/031-create-schema-for-usersync-audit-info.sql...
Checking patch 
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql...
error: while searching for:
event_time TIMESTAMP DEFAULT NULL NULL,
user_name varchar(255) NOT  NULL,
sync_source varchar(128) NOT NULL,
no_of_users bigint(20) NOT NULL,
no_of_groups bigint(20) NOT NULL,
sync_source_info varchar(4000) NOT NULL,
session_id varchar(255) DEFAULT NULL,
primary key (id),

error: patch failed: 
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql:1221
error: 
security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql: patch 
does not apply
Checking patch 
security-admin/db/postgres/patches/031-create-schema-for-usersync-audit-info.sql...
Checking patch 
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql...
Checking patch 
security-admin/db/sqlanywhere/patches/031-create-schema-for-usersync-audit-info.sql...
Checking patch 
security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql...
Checking patch 
security-admin/db/sqlserver/patches/031-create-schema-for-usersync-audit-info.sql...
Checking patch 
security-admin/src/main/java/org/apache/ranger/entity/XXUgsyncAuditInfo.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoServiceBase.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/view/VXFileSyncSourceInfo.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/view/VXLdapSyncSourceInfo.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/view/VXUgsyncAuditInfo.java...
Checking patch 
security-admin/src/main/java/org/apache/ranger/view/VXUnixSyncSourceInfo.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/model/FileSyncSourceInfo.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/model/LdapSyncSourceInfo.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UgsyncAuditInfo.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/model/UnixSyncSourceInfo.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/process/FileSourceUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java...
Checking patch 
ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java...
Checking patch 
ugsync/src/test/java/org/apache/ranger/usergroupsync/PolicyMgrUserGroupBuilderTest.java...
```


- Velmurugan Periasamy


On March 29, 2018, 4:17 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66294/
> ---
> 
> (Updated March 29, 2018, 4:17 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1985
> https://issues.apache.org/jira/browse/RANGER-1985
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> – Add other meta-data to sync source popup (like group

Re: Review Request 66357: RANGER-2017 : Ranger KMS encryption good practices

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66357/#review200319
---




kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java
Line 200 (original), 322 (patched)


Why is salt generated from password? Change to random values.


- Velmurugan Periasamy


On March 29, 2018, 12:10 p.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66357/
> ---
> 
> (Updated March 29, 2018, 12:10 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2017
> https://issues.apache.org/jira/browse/RANGER-2017
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Code Improvement To Follow Best Practices.
> 
> 
> Diffs
> -
> 
>   kms/config/kms-webapp/dbks-site.xml 2fc5177 
>   kms/scripts/DBMK2HSM.sh 89c8c2d 
>   kms/scripts/HSMMK2DB.sh 2637cf6 
>   kms/scripts/importJCEKSKeys.sh d72c93e 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java 5614c16 
> 
> 
> Diff: https://reviews.apache.org/r/66357/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified Ranger Kms is working as expected.
> 2. Import/Export of key's working as expected.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 66389: RANGER-2054:Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66389/#review200318
---


Ship it!




Ship It!

- Velmurugan Periasamy


On April 2, 2018, 7:13 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66389/
> ---
> 
> (Updated April 2, 2018, 7:13 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2054
> https://issues.apache.org/jira/browse/RANGER-2054
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> 
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D
> 
> 
> Diffs
> -
> 
>   
> plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
>  0c465b3 
> 
> 
> Diff: https://reviews.apache.org/r/66389/diff/1/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 66301: RANGER-2040 : Improvement in Analytics Metric of Ranger Admin and Ranger Kms for Users/groups metric collection for Auditor Role.

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66301/#review200317
---


Ship it!





security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java
Line 148 (original), 148 (patched)


Update the branch info to be master.


- Velmurugan Periasamy


On March 27, 2018, 9:23 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66301/
> ---
> 
> (Updated March 27, 2018, 9:23 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2040
> https://issues.apache.org/jira/browse/RANGER-2040
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Improvement in Analytics Metric of Ranger Admin and Ranger Kms for 
> Users/groups metric collection for Auditor Role.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/patch/cliutil/MetricUtil.java 
> f1e18e5 
>   
> security-admin/src/main/java/org/apache/ranger/view/VXMetricUserGroupCount.java
>  345465d 
> 
> 
> Diff: https://reviews.apache.org/r/66301/diff/1/
> 
> 
> Testing
> ---
> 
> Tested that in user/groups metric collection we are getting Auditor role 
> users.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66281: RANGER-2036 : Allow Auditor and KMS Auditor role user to Export of Excel and CSV

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66281/#review200316
---


Ship it!





security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
Line 50 (original), 50 (patched)


Update the branch to be master.


- Velmurugan Periasamy


On March 26, 2018, 1:36 p.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66281/
> ---
> 
> (Updated March 26, 2018, 1:36 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: Ranger-2036
> https://issues.apache.org/jira/browse/Ranger-2036
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> From UI : Auditor and KMS Auditor role users should be able to export 
> policies to Excel and CSV ONLY FROM Reports page.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 1bff815 
>   security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js 
> 95ee3c7 
>   security-admin/src/main/webapp/templates/reports/UserAccessLayout_tmpl.html 
> 3bd098d 
> 
> 
> Diff: https://reviews.apache.org/r/66281/diff/1/
> 
> 
> Testing
> ---
> 
> Tested that Auditor and KMS Auditor role users are able to download Excel and 
> CSV only from report page
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Velmurugan Periasamy 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200315
---


Ship it!





security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
Lines 1 (patched)


Please update the branch to be master.


- Velmurugan Periasamy


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> ---
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
> https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access 
> to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66245: Ranger Kafka default policy creation improvement

2018-04-02 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66245/#review200295
---




agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
Lines 136 (patched)


Hardcoding max of "3" policies doesn't look right. Instead, I would suggest 
to retrieve all defined indexes by scanning the configs - as shown below:

if (additionalDefaultPolicySetup) {
  final String PROP_POLICY_NAME_PREFIX = "policy.";
  final String PROP_POLICY_NAME_SUFFIX = ".name";

  List policyIndexes = new ArrayList<>();

  for (String configName : configs.keySet()) {
if (configName.startsWith(PROP_POLICY_NAME_PREFIX) && 
configName.endsWith(PROP_POLICY_NAME_SUFFIX)) {
  
policyIndexes.add(configName.substring(PROP_POLICY_NAME_PREFIX.length(), 
configName.length() - PROP_POLICY_NAME_SUFFIX.length());
}
  }

  for (String policyIndex : policyIndexes) {
StringpropertyPrefix  = "policy." + 
policyIndex + ".resource.";
Map policyResources = 
getResourcesForPrefix(resourcePropertyPrefix);

if (MapUtils.isNotEmpty(policyResources()){
  // ...
}
  }
}


- Madhan Neethiraj


On April 2, 2018, 9:04 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66245/
> ---
> 
> (Updated April 2, 2018, 9:04 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2029
> https://issues.apache.org/jira/browse/RANGER-2029
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger Kafka default policy creation improvement.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
>  d99f478 
>   
> plugin-kafka/src/main/java/org/apache/ranger/services/kafka/RangerServiceKafka.java
>  b7bbe98 
> 
> 
> Diff: https://reviews.apache.org/r/66245/diff/2/
> 
> 
> Testing
> ---
> 
> 1) Tested if required policies are getting created when required service 
> configs are given.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

[jira] [Updated] (RANGER-2020) Mandatory values are not filled then also able to create atlas policy

2018-04-02 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2020:
-
Reporter: Deepak Sharma  (was: Nixon Rodrigues)

> Mandatory values are not filled then also able to create atlas policy
> -
>
> Key: RANGER-2020
> URL: https://issues.apache.org/jira/browse/RANGER-2020
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.1.0
>Reporter: Deepak Sharma
>Assignee: Nixon Rodrigues
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2020.patch
>
>
> Steps to reproduce:-
> try to create a ranger policy for Atlas without giving the mandatory fields:
> eg: type-name, entity classification, entity name etc.
> but then also ranger policy creation is allowed



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1984) Hbase audit log records may not show all tags associated with accessed column

2018-04-02 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-1984:
-
Reporter: Deepak Sharma  (was: Abhay Kulkarni)

> Hbase audit log records may not show all tags associated with accessed column
> -
>
> Key: RANGER-1984
> URL: https://issues.apache.org/jira/browse/RANGER-1984
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins, Ranger
>Affects Versions: 1.0.0, 0.7.1
>Reporter: Deepak Sharma
>Assignee: Abhay Kulkarni
>Priority: Major
> Fix For: 1.0.0
>
>
> When a Hbase column is tagged with a classification,with an active tag and 
> resource policy that allows access, the audit log does not show the tag.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2023) Hive test connection / lookup failed in kerberos cluster.

2018-04-02 Thread Velmurugan Periasamy (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Velmurugan Periasamy updated RANGER-2023:
-
Reporter: Deepak Sharma  (was: Ramesh Mani)

> Hive test connection / lookup failed in kerberos cluster.
> -
>
> Key: RANGER-2023
> URL: https://issues.apache.org/jira/browse/RANGER-2023
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.1.0
>Reporter: Deepak Sharma
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: 1.1.0, 1.0.1
>
>
> Hive test connection / lookup failed in kerberos cluster . This is caused by 
> regression in https://issues.apache.org/jira/browse/RANGER-1713



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2039) Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2039:
--
Attachment: (was: RANGER-2039.patch)

> Allow access to Audit tab for all users of role Keyadmin and KMS Auditor 
> -
>
> Key: RANGER-2039
> URL: https://issues.apache.org/jira/browse/RANGER-2039
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.1
>
> Attachments: RANGER-2039.patch
>
>
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2039) Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Fatima Amjad Khan (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fatima Amjad Khan updated RANGER-2039:
--
Attachment: RANGER-2039.patch

> Allow access to Audit tab for all users of role Keyadmin and KMS Auditor 
> -
>
> Key: RANGER-2039
> URL: https://issues.apache.org/jira/browse/RANGER-2039
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.0.1
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Fix For: 1.0.1
>
> Attachments: RANGER-2039.patch
>
>
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Mehul Parikh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200279
---


Ship it!




Ship It!

- Mehul Parikh


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> ---
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
> https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access 
> to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200277
---


Ship it!




Ship It!

- Qiang Zhang


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> ---
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
> https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access 
> to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Fatima Khan 


> On April 2, 2018, 5:40 a.m., Pradeep Agrawal wrote:
> > security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10013.java
> > Lines 88 (patched)
> > 
> >
> > Is it okay to continue the flow if either of them is null

Yes even if any one of the module object is null then it will go as per the 
flow and if both module's object is null then it will log an a warning and exit.


- Fatima


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/#review200275
---


On April 2, 2018, 7:39 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66279/
> ---
> 
> (Updated April 2, 2018, 7:39 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
> Sailaja Polavarapu.
> 
> 
> Bugs: RANGER-2039
> https://issues.apache.org/jira/browse/RANGER-2039
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently by default users having Keyadmin or KMS auditor role doesn't get 
> access to Audits tab in Ranger UI, but ideally it should have audit access 
> right so that when we login through keyadmin and KMS Auditor we should be 
> able to view the KMS related audits and user/groups tab.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> 0634776 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 70f4bcc 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  d59788c 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> f67f109 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/66279/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the by creating Auditor and KMS Auditor role user's get default access 
> to users/groups tab and Audit tab
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 66279: RANGER-2039 : Allow access to Audit tab for all users of role Keyadmin and KMS Auditor

2018-04-02 Thread Fatima Khan 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66279/
---

(Updated April 2, 2018, 7:39 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and 
Sailaja Polavarapu.


Bugs: RANGER-2039
https://issues.apache.org/jira/browse/RANGER-2039


Repository: ranger


Description
---

Currently by default users having Keyadmin or KMS auditor role doesn't get 
access to Audits tab in Ranger UI, but ideally it should have audit access 
right so that when we login through keyadmin and KMS Auditor we should be able 
to view the KMS related audits and user/groups tab.


Diffs (updated)
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 65fc51c 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 0634776 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
70f4bcc 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
d59788c 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
f67f109 
  security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b3d3e96 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchGrantAuditPermissionToKeyRoleUser_J10014.java
 PRE-CREATION 


Diff: https://reviews.apache.org/r/66279/diff/2/

Changes: https://reviews.apache.org/r/66279/diff/1-2/


Testing
---

Tested the by creating Auditor and KMS Auditor role user's get default access 
to users/groups tab and Audit tab


Thanks,

Fatima Khan

[jira] [Commented] (RANGER-2054) Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Qiang Zhang (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16421989#comment-16421989
 ] 

Qiang Zhang commented on RANGER-2054:
-

Review Requet:
https://reviews.apache.org/r/66389/

Solution patch, please see attachment:
[patch|https://issues.apache.org/jira/secure/attachment/12917167/0001-RANGER-2054-Fix-new-findBugs-in-RangerAdminClientImp.patch]

> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
>
> Key: RANGER-2054
> URL: https://issues.apache.org/jira/browse/RANGER-2054
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Minor
>  Labels: patch
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2054-Fix-new-findBugs-in-RangerAdminClientImp.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-2054) Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Qiang Zhang (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-2054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Qiang Zhang updated RANGER-2054:

Attachment: 0001-RANGER-2054-Fix-new-findBugs-in-RangerAdminClientImp.patch

> Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test
> 
>
> Key: RANGER-2054
> URL: https://issues.apache.org/jira/browse/RANGER-2054
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 1.1.0
>Reporter: Qiang Zhang
>Assignee: Qiang Zhang
>Priority: Minor
>  Labels: patch
> Fix For: 1.1.0
>
> Attachments: 
> 0001-RANGER-2054-Fix-new-findBugs-in-RangerAdminClientImp.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> 
> *** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
>  68 in 
> org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
>  long)()
> 62 }
> 63 
> 64 java.nio.file.Path cachePath = FileSystems.getDefault()
> 65 .getPath(basedir, "/src/test/resources/" + 
> cacheFilename);
> 66 byte[] cacheBytes = Files.readAllBytes(cachePath);
> 67 
> >>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >>> Found reliance on default encoding: new String(byte[]).
> 68 return gson.fromJson(new String(cacheBytes), 
> ServicePolicies.class);
> 69 }
> 70 
> 71 @Override
> 72 public void grantAccess(GrantRevokeRequest request) throws 
> Exception {
> 73
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 66389: RANGER-2054:Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66389/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O hEigeartaigh, 
Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, Selvamohan Neethiraj, 
sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.


Bugs: RANGER-2054
https://issues.apache.org/jira/browse/RANGER-2054


Repository: ranger


Description
---

Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

*** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()
62 }
63 
64 java.nio.file.Path cachePath = FileSystems.getDefault()
65 .getPath(basedir, "/src/test/resources/" + 
cacheFilename);
66 byte[] cacheBytes = Files.readAllBytes(cachePath);
67 
>>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new String(byte[]).
68 return gson.fromJson(new String(cacheBytes), 
ServicePolicies.class);
69 }
70 
71 @Override
72 public void grantAccess(GrantRevokeRequest request) throws Exception 
{
73

To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D


Diffs
-

  
plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java
 0c465b3 


Diff: https://reviews.apache.org/r/66389/diff/1/


Testing
---

Tested


Thanks,

Qiang Zhang

Re: Ranger SSL Configuration Issues

2018-04-02 Thread vishal suvagia 
Hi Rohit,             The properties xasecure.policymgr.clientssl.truststore 
and xasecure.policymgr.clientssl.keystore, have the keystore and truststore 
files as values.
Kindly check if the files are accessible by the myService user which is trying 
to read the file, you might need to change the owner or provide an appropriate 
permission to the keystore / truststore so that the certificates are be 
readable by the service.


Thanks
Vishal Suvagia.
On Tuesday, 27 March, 2018, 1:18:01 AM IST, Zsombor  
wrote:  
 
 Hi,

 RANGER-1646 is for better error handling, even in 0.7.0, the actual
error was in the logs.
Why couldn't you just upgrade to 0.7.1 or even to 1.0? These plugins
are compatible with the server, there wasn't any breaking change in
the protocol.
Unfortunately, it's pretty hard to tell, what's are the common cause
for SSL failures, there can be a lot. File permission issues, password
mismatch, missing certificates, etc.
If I were you, I would either setup remote debugging, or compile a new
plugin, with RANGER-1646 applied to 0.7 + any debugging, which would
make sense.

Out of curiosity, I see, you are using Ranger in a custom application,
have you found any issue (apart from this SSL problem), which could be
improved ? Or any feature, which is missing for your use cases?

Regards,
 Zsombor


On Mon, Mar 26, 2018 at 8:24 PM, rohit sinha  wrote:
> Also, earlier I was able to find a Jira which relates to our issue:
> https://issues.apache.org/jira/browse/RANGER-1646
>
> The Jira description says:
>
> This happens, because RangerRESTClient.getKeyManagers / getTrustManagers /
>> getSSLContext methods are catching the exceptions, and are returning null,
>> instead of failing fast, so the user could easily act and fix the issues
>
>
> I see that this has been fixed to give a proper error message in 0.7.1
> although since we are on 0.7.0 we are not able to get any helpful message.
> Looking through the logs and Ranger code we believe that the getTrustManagers
> is returning null in our case.
>
> In your experience, what are the common configuration issues which can
> cause getTrustManagers to return null?
>
> Any help will be highly appreciated.
>
> Thanks.
>
>
> Thanks,
> Rohit Sinha
>
>
> On Mon, Mar 26, 2018 at 11:18 AM, rohit sinha 
> wrote:
>
>> Thanks for your reply.
>> We are using Ranger 0.7.0
>>
>> We don't think there is an issue with Ranger SSL and suspect we are doing
>> incomplete or incorrect configuration. Can you please look at our SSL
>> configuration file shared in the previous email and point out if something
>> looks wrong?
>>
>> Also is there any documentation on how to configure a custom Ranger plugin
>> to talk to SSL enabled Ranger? We were only able to find HortonWorks
>> documentation on how to make existing (hdfs) plugin talk to SSL enabled
>> Ranger.
>>
>> Thanks.
>>
>>
>> Thanks,
>> Rohit Sinha
>>
>>
>> On Sun, Mar 25, 2018 at 11:58 PM, pengjianhua <35573...@qq.com> wrote:
>>
>>> Please tell me which version you are using. I tested the 0.7.0, 0.7.1,
>>> 1.0.0. There are no problems with these versions. Maybe your configuration
>>> is wrong.
>>>
>>>
>>> 在 2018年03月25日 04:48, rohit sinha 写道:
>>>
 *Hello,We have a ranger plugin which works perfectly fine with non-SSL
 Ranger but we turn on SSL for Ranger our plugin fails to talk to Ranger
 Server because some underlying Ranger classes fail to be initialized. We
 see the following error in the logs:2018-03-23 01:34:00,064 - ERROR
 [leader-election-election-master.services:o.a.r.p.u.PolicyRefresher@282]
 -
 PolicyRefresher(serviceName=myServicedev): failed to refresh policies.
 Will
 continue to use last known version of policies
 (-1)java.lang.IllegalArgumentException: SSLContext must not be null at

 com.sun.jersey.client.urlconnection.HTTPSProperties.(H
 TTPSProperties.java:106)
 ~[jersey-bundle-1.17.1.jar:1.17.1] at
 org.apache.ranger.plugin.util.RangerRESTClient.buildClient(R
 angerRESTClient.java:200)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.plugin.util.RangerRESTClient.getClient(Ran
 gerRESTClient.java:175)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.plugin.util.RangerRESTClient.getResource(R
 angerRESTClient.java:155)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.admin.client.RangerAdminRESTClient.createW
 ebResource(RangerAdminRESTClient.java:267)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.admin.client.RangerAdminRESTClient.access$
 200(RangerAdminRESTClient.java:47)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(R
 angerAdminRESTClient.java:107)
 ~[ranger-plugins-common-0.7.0.jar:0.7.0] at
 org.apache.ranger.admin.client.RangerAdminRESTClient$3.run(R

[jira] [Created] (RANGER-2054) Fix new findBugs in RangerAdminClientImpl.java for kylin plugin test

2018-04-02 Thread Qiang Zhang (JIRA) 
Qiang Zhang created RANGER-2054:
---

 Summary: Fix new findBugs in RangerAdminClientImpl.java for kylin 
plugin test
 Key: RANGER-2054
 URL: https://issues.apache.org/jira/browse/RANGER-2054
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Affects Versions: 1.1.0
Reporter: Qiang Zhang
Assignee: Qiang Zhang
 Fix For: 1.1.0



*** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()
62 }
63 
64 java.nio.file.Path cachePath = FileSystems.getDefault()
65 .getPath(basedir, "/src/test/resources/" + 
cacheFilename);
66 byte[] cacheBytes = Files.readAllBytes(cachePath);
67 
>>> CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new String(byte[]).
68 return gson.fromJson(new String(cacheBytes), 
ServicePolicies.class);
69 }
70 
71 @Override
72 public void grantAccess(GrantRevokeRequest request) throws Exception 
{
73

To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)