Re: Ranger 1.1 release

[Balaji Ganesan]

+1. Vel, thanks for taking the initiative.

On Fri, Jun 22, 2018 at 7:51 PM Jianhua Peng  wrote:

> +1
>
> Thank you,
> Jianhua Peng.
>
> On 2018/06/22 16:25:45, Velmurugan Periasamy  wrote:
> > Rangers:
> >
> > Now that support for Atlas 1.0 is added (
> https://issues.apache.org/jira/browse/RANGER-2136 <
> https://issues.apache.org/jira/browse/RANGER-2136>), I propose to release
> Ranger 1.1 (tentative first week of July).
> >
> > I request the community to resolve open JIRA’s marked for 1.1 in the
> next couple of weeks or move them to next release. My proposal is to call
> next release 2.0 and update master to 2.0.0-SNAPSHOT.
> >
> > Thank you,
> > Vel
>

Re: Ranger 1.1 release

[Jianhua Peng]

+1

Thank you,
Jianhua Peng.

On 2018/06/22 16:25:45, Velmurugan Periasamy  wrote: 
> Rangers:
> 
> Now that support for Atlas 1.0 is added 
> (https://issues.apache.org/jira/browse/RANGER-2136 
> ), I propose to release 
> Ranger 1.1 (tentative first week of July). 
> 
> I request the community to resolve open JIRA’s marked for 1.1 in the next 
> couple of weeks or move them to next release. My proposal is to call next 
> release 2.0 and update master to 2.0.0-SNAPSHOT. 
> 
> Thank you,
> Vel

Re: Ranger 1.1 release

[Ramesh Mani]

+1 for Ranger 1.1 release.


On 6/22/18, 9:25 AM, "Velmurugan Periasamy"  wrote:

>Rangers:
>
>Now that support for Atlas 1.0 is added
>(https://issues.apache.org/jira/browse/RANGER-2136
>), I propose to
>release Ranger 1.1 (tentative first week of July).
>
>I request the community to resolve open JIRA¹s marked for 1.1 in the next
>couple of weeks or move them to next release. My proposal is to call next
>release 2.0 and update master to 2.0.0-SNAPSHOT.
>
>Thank you,
>Vel

Re: Ranger 1.1 release

[Don Bosco Durai]

+1

Vel, thanks

Bosco


On 6/22/18, 9:25 AM, "Velmurugan Periasamy"  wrote:

Rangers:

Now that support for Atlas 1.0 is added 
(https://issues.apache.org/jira/browse/RANGER-2136 
), I propose to release 
Ranger 1.1 (tentative first week of July). 

I request the community to resolve open JIRA’s marked for 1.1 in the next 
couple of weeks or move them to next release. My proposal is to call next 
release 2.0 and update master to 2.0.0-SNAPSHOT. 

Thank you,
Vel

Re: Review Request 67694: RANGER-2139: UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files

[Cetin Sahin]

> On June 21, 2018, 7:44 p.m., Velmurugan Periasamy wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
> > Lines 543 (patched)
> > 
> >
> > MD5 is not recommended anymore.
> 
> Allen Wittenauer wrote:
> Agree that MD5 shouldn't be used for security purposes, but that isn't 
> the use case here.  Instead, it is only used to generate a simple checksum.  
> Using a more complex (and therefore more CPU intensive) hashing function 
> doesn't have much value.  If someone were to replace /etc/passwd with a file 
> that had an MD5 collision (the reason why MD5 shouldn't be used in the 
> majority of use cases) it would defeat the purpose; this code is only 
> triggered when the MD5s do not match.
> 
> Velmurugan Periasamy wrote:
> It is a good idea to use something like sha256Hex, so that source code 
> analysis tools such as coverity/fortify do not flag md5Hex usage as 
> vulnerable.

Dear Velmurugan and Allen,

Thanks for your comments. I also do not think using MD5 impose any security 
risk in this context, but I will be happy to replace the digestion algorithm 
with a more stronger one if you think it is really necessary. At first place, I 
was more concerned about the performance rather than the security of 
/etc/passwd or /etc/group files. If UnixUserGroupBuilder checks the update too 
frequently (which is configurable in the Ranger context), using more secure 
digestion algoritm like SHA256 will be computationally heavier without any 
additional functional benefits.


- Cetin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67694/#review205204
---


On June 21, 2018, 7:16 p.m., Cetin Sahin wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67694/
> ---
> 
> (Updated June 21, 2018, 7:16 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2139
> https://issues.apache.org/jira/browse/RANGER-2139
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fixed the update detection issue on consecutive updates in 
> UnixUserGroupBuilder. The update detection logic is improved by verifying the 
> checksums in addition to last modification time.
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  ddab6294a 
> 
> 
> Diff: https://reviews.apache.org/r/67694/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Applied the patch to the master branch and verified that all unit tests 
> passed successfully.
> 
> 
> Thanks,
> 
> Cetin Sahin
> 
>

[jira] [Comment Edited] (RANGER-1300) S3 support

[Bolke de Bruin (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520697#comment-16520697
 ] 

Bolke de Bruin edited comment on RANGER-1300 at 6/22/18 7:05 PM:
-

[~madhan.neethiraj] thanks. Excellent, I am looking to integrate the proxy with 
Atlas as well. I'm not sure about the definition though. Firstly, it is tied to 
AWS while there are more s3 compatible implementations, e.g. ceph for which I 
am implementing. It is usable though from that perspective (not a blocker). I 
also moved away from using separate `bucket`, `pseudo-dir`, `object` cause that 
doesnt really make sense from a user's perspective. They copy paste a path and 
who knows the difference between pseudo-path and object? In addition ceph 
doesnt know about pseudo-dirs.


was (Author: bolke):
[~madhan.neethiraj] thanks. Excellent, I am looking to integrate the proxy with 
Atlas as well. I'm not sure about the definition though. Firstly, it is tied to 
AWS while there are more s3 compatible implementations, e.g. ceph for which I 
am implementing. It is usable though from that perspective. I also moved away 
from using separate `bucket`, `pseudo-dir`, `object` cause that doesnt really 
make sense from a user's perspective. They copy paste a path and who knows the 
difference between pseudo-path and object? In addition ceph doesnt know about 
pseudo-dirs.

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
> Attachments: ranger-servicedef-aws-s3.json
>
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Comment Edited] (RANGER-1300) S3 support

[Bolke de Bruin (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520697#comment-16520697
 ] 

Bolke de Bruin edited comment on RANGER-1300 at 6/22/18 7:05 PM:
-

[~madhan.neethiraj] thanks. Excellent, I am looking to integrate the proxy with 
Atlas as well. I'm not sure about the definition though. Firstly, it is tied to 
AWS while there are more s3 compatible implementations, e.g. ceph for which I 
am implementing. It is usable though from that perspective (not a blocker). I 
also moved away from using separate `bucket`, `pseudo-dir`, `object` cause that 
doesnt really make sense from a user's perspective. A user copy pastes a path. 
Who knows the difference between pseudo-path and object? In addition ceph 
doesnt know about pseudo-dirs.


was (Author: bolke):
[~madhan.neethiraj] thanks. Excellent, I am looking to integrate the proxy with 
Atlas as well. I'm not sure about the definition though. Firstly, it is tied to 
AWS while there are more s3 compatible implementations, e.g. ceph for which I 
am implementing. It is usable though from that perspective (not a blocker). I 
also moved away from using separate `bucket`, `pseudo-dir`, `object` cause that 
doesnt really make sense from a user's perspective. They copy paste a path and 
who knows the difference between pseudo-path and object? In addition ceph 
doesnt know about pseudo-dirs.

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
> Attachments: ranger-servicedef-aws-s3.json
>
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-1300) S3 support

[Bolke de Bruin (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520697#comment-16520697
 ] 

Bolke de Bruin commented on RANGER-1300:


[~madhan.neethiraj] thanks. Excellent, I am looking to integrate the proxy with 
Atlas as well. I'm not sure about the definition though. Firstly, it is tied to 
AWS while there are more s3 compatible implementations, e.g. ceph for which I 
am implementing. It is usable though from that perspective. I also moved away 
from using separate `bucket`, `pseudo-dir`, `object` cause that doesnt really 
make sense from a user's perspective. They copy paste a path and who knows the 
difference between pseudo-path and object? In addition ceph doesnt know about 
pseudo-dirs.

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
> Attachments: ranger-servicedef-aws-s3.json
>
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67697: RANGER-2140: Upgrade spring and guava libraries

[Velmurugan Periasamy]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67697/#review205245
---




pom.xml
Line 159 (original), 158 (patched)


I get test failures with this patch. Please check and fix them.

```

---
Test set: org.apache.ranger.services.knox.KnoxRangerTest

---
Tests run: 10, Failures: 5, Errors: 0, Skipped: 0, Time elapsed: 16.777 s 
<<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest
testHDFSAllowed(org.apache.ranger.services.knox.KnoxRangerTest)  Time 
elapsed: 1.8 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <500>.

at 
org.apache.ranger.services.knox.KnoxRangerTest.makeWebHDFSInvocation(KnoxRangerTest.java:207)
at 
org.apache.ranger.services.knox.KnoxRangerTest.testHDFSAllowed(KnoxRangerTest.java:133)

testSolrAllowed(org.apache.ranger.services.knox.KnoxRangerTest)  Time 
elapsed: 0.031 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <403>.

at 
org.apache.ranger.services.knox.KnoxRangerTest.makeSolrInvocation(KnoxRangerTest.java:317)
at 
org.apache.ranger.services.knox.KnoxRangerTest.testSolrAllowed(KnoxRangerTest.java:173)

testKafkaAllowed(org.apache.ranger.services.knox.KnoxRangerTest)  Time 
elapsed: 0.024 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <403>.

at 
org.apache.ranger.services.knox.KnoxRangerTest.makeKafkaInvocation(KnoxRangerTest.java:287)
at 
org.apache.ranger.services.knox.KnoxRangerTest.testKafkaAllowed(KnoxRangerTest.java:163)

testStormUiAllowed(org.apache.ranger.services.knox.KnoxRangerTest)  Time 
elapsed: 0.022 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <403>.

at 
org.apache.ranger.services.knox.KnoxRangerTest.makeStormUIInvocation(KnoxRangerTest.java:238)
at 
org.apache.ranger.services.knox.KnoxRangerTest.testStormUiAllowed(KnoxRangerTest.java:143)

testHBaseAllowed(org.apache.ranger.services.knox.KnoxRangerTest)  Time 
elapsed: 0.017 s  <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <200> but was <403>.

at 
org.apache.ranger.services.knox.KnoxRangerTest.makeHBaseInvocation(KnoxRangerTest.java:267)
at 
org.apache.ranger.services.knox.KnoxRangerTest.testHBaseAllowed(KnoxRangerTest.java:153)
```


- Velmurugan Periasamy


On June 22, 2018, 7:32 a.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67697/
> ---
> 
> (Updated June 22, 2018, 7:32 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, deepak sharma, Gautam Borad, Mehul 
> Parikh, suja s, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2140
> https://issues.apache.org/jira/browse/RANGER-2140
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Here I am proposing to change Guava version to 25.1, currently there are 
> three different version are being used. Also proposing to change Spring 
> Security to 4.2.7 and Spring Framework to 4.3.18.
> 
> 
> Diffs
> -
> 
>   kms/pom.xml 9ca9270 
>   plugin-atlas/pom.xml a1f0c37 
>   pom.xml 0795210 
>   src/main/assembly/kms.xml 7fbc141 
>   src/main/assembly/plugin-atlas.xml 8f4a64c 
>   src/main/assembly/plugin-kms.xml 6d15f2a 
>   src/main/assembly/plugin-solr.xml de30bfb 
>   ugsync/pom.xml c636f9f 
>   unixauthclient/pom.xml f859fff 
>   unixauthservice/pom.xml c4fe07d 
> 
> 
> Diff: https://reviews.apache.org/r/67697/diff/1/
> 
> 
> Testing
> ---
> 
> Tested Ranger admin installation, user login, usersync and other crud 
> operations on service, policy, user and group module.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 67700: RANGER-2141 : Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

[Velmurugan Periasamy]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67700/#review205244
---


Ship it!




Ship It!

- Velmurugan Periasamy


On June 22, 2018, 11:04 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67700/
> ---
> 
> (Updated June 22, 2018, 11:04 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2141
> https://issues.apache.org/jira/browse/RANGER-2141
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
> need to add that in consolidated db schema.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7942367 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> f607192 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 7d61d3f 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  45d2c01 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> e3013b5 
> 
> 
> Diff: https://reviews.apache.org/r/67700/diff/1/
> 
> 
> Testing
> ---
> 
> 1) Java patch execution was skipped during Ranger installation and patch were 
> marked executed in x_db_version_h table (manual installation).
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Commented] (RANGER-2134) Ranger Storm Plugin fails to download policies with Storm autocreds in classpath

[Ramesh Mani (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520656#comment-16520656
 ] 

Ramesh Mani commented on RANGER-2134:
-

Commit link :

http://git-wip-us.apache.org/repos/asf/ranger/commit/2c64ee2c 

> Ranger Storm Plugin fails to download policies with Storm autocreds in 
> classpath
> 
>
> Key: RANGER-2134
> URL: https://issues.apache.org/jira/browse/RANGER-2134
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master, 1.1.0
>Reporter: Ramesh Mani
>Assignee: Ramesh Mani
>Priority: Major
> Fix For: master, 1.1.0
>
>
> Ranger Storm Plugin fails to download policies with Storm autocreds in 
> classpath. Issue is caused by the jersey-bundle being in the Ranger 
> class-loader which causes  NoClassDefFoundError when plugin gets loaded.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67700: RANGER-2141 : Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

[Ramesh Mani]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67700/#review205241
---


Ship it!




Ship It!

- Ramesh Mani


On June 22, 2018, 11:04 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67700/
> ---
> 
> (Updated June 22, 2018, 11:04 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2141
> https://issues.apache.org/jira/browse/RANGER-2141
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
> need to add that in consolidated db schema.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7942367 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> f607192 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 7d61d3f 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  45d2c01 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> e3013b5 
> 
> 
> Diff: https://reviews.apache.org/r/67700/diff/1/
> 
> 
> Testing
> ---
> 
> 1) Java patch execution was skipped during Ranger installation and patch were 
> marked executed in x_db_version_h table (manual installation).
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Comment Edited] (RANGER-1300) S3 support

[Madhan Neethiraj (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520572#comment-16520572
 ] 

Madhan Neethiraj edited comment on RANGER-1300 at 6/22/18 4:45 PM:
---

[~bolke] - great start! Recently Atlas community has added types for S3 - which 
include aws_s3_bucket, aws_s3_pseudo_dir and aws_s3_object (ATLAS-2708); also 
updated Atlas hook for Hive to recognize S3 path references in DDL/DML and 
populate Atlas with appropriate S3 entities (ATLAS-2760). It might be useful to 
model Ranger resources to be in sync with Atlas entity-types. Please review 
resource-definitions in the attached  [^ranger-servicedef-aws-s3.json] . 
Access-types in this service-def only have get/put/delete of objects. Your 
service-def cover bucket level as well - which is better. Let's continue to 
take this further. Thanks!


was (Author: madhan.neethiraj):
[~bolke] - great start! Recently Atlas community has added types for S3 - which 
include aws_s3_bucket, aws_s3_pseudo_dir and aws_s3_object (ATLAS-2708); also 
updated Atlas hook for Hive to recognize S3 path references in DDL/DML and 
populate Atlas with appropriate S3 entities (ATLAS-2760). It might be useful to 
model Ranger resources to be in sync with Atlas entity-types. Please review 
resource-definitions in the attached ranger-servicedef-aws-s3.json. 
Access-types in this service-def only have get/put/delete of objects. Your 
service-def cover bucket level as well - which is better. Let's continue to 
take this further. Thanks!

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
> Attachments: ranger-servicedef-aws-s3.json
>
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (RANGER-1300) S3 support

[Madhan Neethiraj (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Madhan Neethiraj updated RANGER-1300:
-
Attachment: ranger-servicedef-aws-s3.json

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
> Attachments: ranger-servicedef-aws-s3.json
>
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67694: RANGER-2139: UnixUserGroupBuilder fails to detect consecutive updates on UNIX passwd and group files

[Velmurugan Periasamy]

> On June 21, 2018, 7:44 p.m., Velmurugan Periasamy wrote:
> > ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
> > Lines 543 (patched)
> > 
> >
> > MD5 is not recommended anymore.
> 
> Allen Wittenauer wrote:
> Agree that MD5 shouldn't be used for security purposes, but that isn't 
> the use case here.  Instead, it is only used to generate a simple checksum.  
> Using a more complex (and therefore more CPU intensive) hashing function 
> doesn't have much value.  If someone were to replace /etc/passwd with a file 
> that had an MD5 collision (the reason why MD5 shouldn't be used in the 
> majority of use cases) it would defeat the purpose; this code is only 
> triggered when the MD5s do not match.

It is a good idea to use something like sha256Hex, so that source code analysis 
tools such as coverity/fortify do not flag md5Hex usage as vulnerable.


- Velmurugan


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67694/#review205204
---


On June 21, 2018, 7:16 p.m., Cetin Sahin wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67694/
> ---
> 
> (Updated June 21, 2018, 7:16 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-2139
> https://issues.apache.org/jira/browse/RANGER-2139
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fixed the update detection issue on consecutive updates in 
> UnixUserGroupBuilder. The update detection logic is improved by verifying the 
> checksums in addition to last modification time.
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/UnixUserGroupBuilder.java
>  ddab6294a 
> 
> 
> Diff: https://reviews.apache.org/r/67694/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Applied the patch to the master branch and verified that all unit tests 
> passed successfully.
> 
> 
> Thanks,
> 
> Cetin Sahin
> 
>

[jira] [Commented] (RANGER-1300) S3 support

[Madhan Neethiraj (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-1300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520572#comment-16520572
 ] 

Madhan Neethiraj commented on RANGER-1300:
--

[~bolke] - great start! Recently Atlas community has added types for S3 - which 
include aws_s3_bucket, aws_s3_pseudo_dir and aws_s3_object (ATLAS-2708); also 
updated Atlas hook for Hive to recognize S3 path references in DDL/DML and 
populate Atlas with appropriate S3 entities (ATLAS-2760). It might be useful to 
model Ranger resources to be in sync with Atlas entity-types. Please review 
resource-definitions in the attached ranger-servicedef-aws-s3.json. 
Access-types in this service-def only have get/put/delete of objects. Your 
service-def cover bucket level as well - which is better. Let's continue to 
take this further. Thanks!

> S3 support
> --
>
> Key: RANGER-1300
> URL: https://issues.apache.org/jira/browse/RANGER-1300
> Project: Ranger
>  Issue Type: New Feature
>  Components: plugins
>Reporter: Jose
>Priority: Major
>
> As more and more people are deploying hadoop into AWS and as S3 is used in 
> lots of application. It'd be nice to have S3 support built into Ranger.
> It's not a trivial task. Right now Ranger Storage support (only hdfs) runs 
> directly in the Namenode



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Ranger 1.1 release

[Velmurugan Periasamy]

Rangers:

Now that support for Atlas 1.0 is added 
(https://issues.apache.org/jira/browse/RANGER-2136 
), I propose to release 
Ranger 1.1 (tentative first week of July). 

I request the community to resolve open JIRA’s marked for 1.1 in the next 
couple of weeks or move them to next release. My proposal is to call next 
release 2.0 and update master to 2.0.0-SNAPSHOT. 

Thank you,
Vel

Re: Review Request 67700: RANGER-2141 : Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

[Pradeep Agrawal]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67700/#review205235
---


Ship it!




Ship It!

- Pradeep Agrawal


On June 22, 2018, 11:04 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67700/
> ---
> 
> (Updated June 22, 2018, 11:04 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2141
> https://issues.apache.org/jira/browse/RANGER-2141
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
> need to add that in consolidated db schema.
> 
> 
> Diffs
> -
> 
>   security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7942367 
>   security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql 
> f607192 
>   security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
> 7d61d3f 
>   
> security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
>  45d2c01 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> e3013b5 
> 
> 
> Diff: https://reviews.apache.org/r/67700/diff/1/
> 
> 
> Testing
> ---
> 
> 1) Java patch execution was skipped during Ranger installation and patch were 
> marked executed in x_db_version_h table (manual installation).
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Updated] (RANGER-2141) Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

[bhavik patel (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

bhavik patel updated RANGER-2141:
-
Attachment: RANGER-2141-master.patch

> Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema
> ---
>
> Key: RANGER-2141
> URL: https://issues.apache.org/jira/browse/RANGER-2141
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 1.1.0
>Reporter: Mehul Parikh
>Assignee: bhavik patel
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: RANGER-2141-master.patch
>
>
> As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
> need to add that in consolidated db schema. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Review Request 67700: RANGER-2141 : Add PatchForKafkaServiceDefUpdate_J10015.java in consolidated DB schema

[bhavik patel]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67700/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2141
https://issues.apache.org/jira/browse/RANGER-2141


Repository: ranger


Description
---

As part of RANGER-2117, PatchForKafkaServiceDefUpdate_J10015.java was added, 
need to add that in consolidated db schema.


Diffs
-

  security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 7942367 
  security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql f607192 
  security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 
7d61d3f 
  
security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql 
45d2c01 
  security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
e3013b5 


Diff: https://reviews.apache.org/r/67700/diff/1/


Testing
---

1) Java patch execution was skipped during Ranger installation and patch were 
marked executed in x_db_version_h table (manual installation).


Thanks,

bhavik patel

Re: Review Request 67642: RANGER-2132 : Add unit tests for org.apache.ranger.common package

[bhavik patel]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67642/
---

(Updated June 22, 2018, 8:49 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-2132
https://issues.apache.org/jira/browse/RANGER-2132


Repository: ranger


Description
---

Fix Coverity Scan issue


Diffs (updated)
-

  security-admin/src/test/java/org/apache/ranger/common/TestDateUtil.java 
8b7d34f 
  security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java 
0daf7f1 
  security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java 
90a93ae 


Diff: https://reviews.apache.org/r/67642/diff/2/

Changes: https://reviews.apache.org/r/67642/diff/1-2/


Testing
---


Thanks,

bhavik patel

[jira] [Updated] (RANGER-2140) Upgrade spring and guava libraries

[Pradeep Agrawal (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Pradeep Agrawal updated RANGER-2140:

Attachment: 0001-RANGER-2140-Upgrade-spring-and-guava-libraries.patch

> Upgrade spring and guava libraries
> --
>
> Key: RANGER-2140
> URL: https://issues.apache.org/jira/browse/RANGER-2140
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Affects Versions: 1.0.0, 1.1.0, 1.0.1
>Reporter: Pradeep Agrawal
>Assignee: Pradeep Agrawal
>Priority: Major
> Fix For: 1.1.0
>
> Attachments: 0001-RANGER-2140-Upgrade-spring-and-guava-libraries.patch
>
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 67642: RANGER-2132 : Add unit tests for org.apache.ranger.common package

[Zsombor Gegesy]

> On June 19, 2018, 10:05 a.m., Zsombor Gegesy wrote:
> > security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java
> > Line 110 (original), 112 (patched)
> > 
> >
> > Order of the elements in a set is not defined, this test could brake 
> > intermittenly. Why not compare as sets? 
> > Set expectedSet = new HashSet(Arrays.asList("hive", "hdfs", 
> > "knox"));
> > 
> > Set actualSet = 
> > jsonUtil.writeJsonToJavaObject("[\"hdfs\",\"hive\",\"knox\"]", 
> > HashSet.class);
> 
> bhavik patel wrote:
> We are passing the predefined json string to method  
> jsonUtil.writeJsonToJavaObject  which always result into fixed set having 
> same order of the elements.
> 
> It should not be an issues.
> However we can also compare using set as well.

Yes, it's a rare issue, the order of the items are VM dependent. I don't have 
access to more exotic JDK's - like an IBM JDK on Power - to test it. But I do 
know, that this order was changed between Java 6 and Java 7. Hopefully, they 
won't change it again, but we shouldnt take is as granted.


- Zsombor


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67642/#review204994
---


On June 19, 2018, 9:46 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67642/
> ---
> 
> (Updated June 19, 2018, 9:46 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
> Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2132
> https://issues.apache.org/jira/browse/RANGER-2132
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix Coverity Scan issue
> 
> 
> Diffs
> -
> 
>   security-admin/src/test/java/org/apache/ranger/common/TestDateUtil.java 
> 8b7d34f 
>   security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java 
> 0daf7f1 
>   security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java 
> 90a93ae 
> 
> 
> Diff: https://reviews.apache.org/r/67642/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

[jira] [Commented] (RANGER-2138) Add unit tests for org.apache.ranger.service package

[Fatima Amjad Khan (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520040#comment-16520040
 ] 

Fatima Amjad Khan commented on RANGER-2138:
---

Committed on [master| 
https://github.com/apache/ranger/commit/29fedc53fdc4a9df9f5857e754cf6fdcad488cef]

> Add unit tests for org.apache.ranger.service package
> 
>
> Key: RANGER-2138
> URL: https://issues.apache.org/jira/browse/RANGER-2138
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Fatima Amjad Khan
>Assignee: Fatima Amjad Khan
>Priority: Major
> Attachments: RANGER-2138.patch
>
>
> Add unit tests for org.apache.ranger.service package



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2132) Add unit tests for org.apache.ranger.common package

[bhavik patel (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520038#comment-16520038
 ] 

bhavik patel commented on RANGER-2132:
--

Set one is committed on master branch : 
https://github.com/apache/ranger/commit/4e04da6556c53aeb62af5f480db221933075b4d2

> Add unit tests for org.apache.ranger.common package
> ---
>
> Key: RANGER-2132
> URL: https://issues.apache.org/jira/browse/RANGER-2132
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Critical
> Attachments: RANGER-2132-master-01.patch, 
> RANGER-2132-master-03.patch, RANGER-2132-master-04.patch, 
> RANGER-2132-master.patch
>
>
> Add unit tests for org.apache.ranger.common package



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (RANGER-2137) Service Creation Failure, if user is not present in ranger database

[bhavik patel (JIRA)]

[ 
https://issues.apache.org/jira/browse/RANGER-2137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16520037#comment-16520037
 ] 

bhavik patel commented on RANGER-2137:
--

Commit link for master : 
https://github.com/apache/ranger/commit/ee20663d43468fa7fcc00315dfcfa25fa272404a

> Service Creation Failure, if user is not present in ranger database
> ---
>
> Key: RANGER-2137
> URL: https://issues.apache.org/jira/browse/RANGER-2137
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: bhavik patel
>Assignee: bhavik patel
>Priority: Major
> Attachments: RANGER-2137-master.patch
>
>
> Default policy creation fails, if user is not present in ranger which leads 
> to service creation failure.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)