Re: Review Request 68684: RANGER-2215: Can't copy and paste multiple paths into Ranger Admin UI for HDFS create policy
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68684/#review208746 --- Ship it! Ship It! - Gautam Borad On Sept. 11, 2018, 1:26 p.m., Nitin Galave wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68684/ > --- > > (Updated Sept. 11, 2018, 1:26 p.m.) > > > Review request for ranger, Gautam Borad, Mehul Parikh, and Velmurugan > Periasamy. > > > Bugs: RANGER-2215 > https://issues.apache.org/jira/browse/RANGER-2215 > > > Repository: ranger > > > Description > --- > > We have noticed an interesting issue with the Ranger Admin web UI. If you are > using a Hive policy, you can paste in multiple lines from the clipboard, and > each line will become a database, table, or column as desired. But for HDFS > policies, multiple HDFS paths cannot be pasted in from the clipboard > properly. They will just be treated as a single path. > > > Diffs > - > > security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js > e3d9635 > > > Diff: https://reviews.apache.org/r/68684/diff/1/ > > > Testing > --- > > Verified that multiple resource Paths can be copy-paste in HDFS Policy > separated by comma/space > > > Thanks, > > Nitin Galave > >
[jira] [Updated] (RANGER-2207) Allow resources to appear in column mask policies without being visible in access policies
[ https://issues.apache.org/jira/browse/RANGER-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2207: - Fix Version/s: 2.0.0 > Allow resources to appear in column mask policies without being visible in > access policies > -- > > Key: RANGER-2207 > URL: https://issues.apache.org/jira/browse/RANGER-2207 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Eric Alton >Assignee: Nitin Galave >Priority: Major > Fix For: 2.0.0 > > > In the service definition file, a resource can not be added to the list of > dataMaskDef resources without also declaring it as a resource for access > policies. Plugins should have the flexibility to define a resource for column > masking policies only. > For example, a plugin may only allow the creation of access policies at the > table level. Currently, for this plugin to add column masking policies with a > 'column' resource, 'column' would also have to be added to access policies. > This Jira requests the removal of this requirement, or at least the ability > to hide the resource in access policies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2218) Service-Definition update should not allow updates to names of resources, access-types, conditions or data-masks
[ https://issues.apache.org/jira/browse/RANGER-2218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2218: - Fix Version/s: 2.0.0 > Service-Definition update should not allow updates to names of resources, > access-types, conditions or data-masks > - > > Key: RANGER-2218 > URL: https://issues.apache.org/jira/browse/RANGER-2218 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: master >Reporter: Abhay Kulkarni >Priority: Major > Fix For: master, 2.0.0 > > > Updates to service definitions should not allow updating names of the > following components: > * Resources > * Access types > * Policy conditions > * Data Masks > In general, these updates are seldom needed and can be avoided by careful > design of service definition. Also, with a de-normalized database schema for > storing policies, it is expensive and inefficient to maintain and lookup > mapping from internal IDs to names for each of these components. By not > allowing updates to these names, there is no need to maintain ( or reference) > such mappings after updating (or reading) policy when using de-normalized > database schema. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Atlas version
Thanks. Filed https://issues.apache.org/jira/browse/RANGER-2228 I will work on the release. From: Colm O hEigeartaigh Sent: Tuesday, September 18, 2018 12:08 PM To: Velmurugan Periasamy Cc: dev@ranger.apache.org Subject: Re: Atlas version Sure, that makes sense to me. Colm. On Tue, Sep 18, 2018 at 5:04 PM Velmurugan Periasamy wrote: > Thank you Colm. My suggestion is to release Ranger 1.2.0 with Atlas > version 1.1.0 (which just got released). > > Master can continue tracking Atlas 2.0.0-SNAPSHOT, and 1.1+ lines can be > updated to Atlas 1.1.0. > > Thoughts? > > > From: Colm O hEigeartaigh > Sent: Tuesday, September 18, 2018 11:44 AM > To: dev@ranger.apache.org > Subject: Atlas version > > Hi all, > > I'm wondering if there's a reason that we rely on Atlas 2.0.0-SNAPSHOT > instead of 1.1.0? The build works fine with Atlas 1.1.0. In particular, we > released Ranger 1.1.0 with a dependency on an atlas SNAPSHOT which is not > great. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Updated] (RANGER-2228) Release Ranger 1.2.0
[ https://issues.apache.org/jira/browse/RANGER-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2228: - Fix Version/s: (was: 1.1.0) 1.2.0 > Release Ranger 1.2.0 > > > Key: RANGER-2228 > URL: https://issues.apache.org/jira/browse/RANGER-2228 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: Velmurugan Periasamy >Priority: Major > Fix For: 1.2.0 > > > Track release activities for Ranger 1.2.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (RANGER-2228) Release Ranger 1.2.0
[ https://issues.apache.org/jira/browse/RANGER-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-2228: - Description: Track release activities for Ranger 1.2.0 (was: Track release activities for Ranger 1.1.0) > Release Ranger 1.2.0 > > > Key: RANGER-2228 > URL: https://issues.apache.org/jira/browse/RANGER-2228 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Velmurugan Periasamy >Assignee: Velmurugan Periasamy >Priority: Major > Fix For: 1.1.0 > > > Track release activities for Ranger 1.2.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (RANGER-2228) Release Ranger 1.2.0
Velmurugan Periasamy created RANGER-2228: Summary: Release Ranger 1.2.0 Key: RANGER-2228 URL: https://issues.apache.org/jira/browse/RANGER-2228 Project: Ranger Issue Type: Task Components: Ranger Reporter: Velmurugan Periasamy Assignee: Velmurugan Periasamy Fix For: 1.1.0 Track release activities for Ranger 1.1.0 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Atlas version
Sure, that makes sense to me. Colm. On Tue, Sep 18, 2018 at 5:04 PM Velmurugan Periasamy wrote: > Thank you Colm. My suggestion is to release Ranger 1.2.0 with Atlas > version 1.1.0 (which just got released). > > Master can continue tracking Atlas 2.0.0-SNAPSHOT, and 1.1+ lines can be > updated to Atlas 1.1.0. > > Thoughts? > > > From: Colm O hEigeartaigh > Sent: Tuesday, September 18, 2018 11:44 AM > To: dev@ranger.apache.org > Subject: Atlas version > > Hi all, > > I'm wondering if there's a reason that we rely on Atlas 2.0.0-SNAPSHOT > instead of 1.1.0? The build works fine with Atlas 1.1.0. In particular, we > released Ranger 1.1.0 with a dependency on an atlas SNAPSHOT which is not > great. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: Atlas version
Thank you Colm. My suggestion is to release Ranger 1.2.0 with Atlas version 1.1.0 (which just got released). Master can continue tracking Atlas 2.0.0-SNAPSHOT, and 1.1+ lines can be updated to Atlas 1.1.0. Thoughts? From: Colm O hEigeartaigh Sent: Tuesday, September 18, 2018 11:44 AM To: dev@ranger.apache.org Subject: Atlas version Hi all, I'm wondering if there's a reason that we rely on Atlas 2.0.0-SNAPSHOT instead of 1.1.0? The build works fine with Atlas 1.1.0. In particular, we released Ranger 1.1.0 with a dependency on an atlas SNAPSHOT which is not great. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Atlas version
Hi all, I'm wondering if there's a reason that we rely on Atlas 2.0.0-SNAPSHOT instead of 1.1.0? The build works fine with Atlas 1.1.0. In particular, we released Ranger 1.1.0 with a dependency on an atlas SNAPSHOT which is not great. Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[jira] [Updated] (RANGER-2190) Auto populate the relationship ends when relationship type is selected.
[ https://issues.apache.org/jira/browse/RANGER-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated RANGER-2190: Fix Version/s: (was: 1.1.0) > Auto populate the relationship ends when relationship type is selected. > --- > > Key: RANGER-2190 > URL: https://issues.apache.org/jira/browse/RANGER-2190 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 1.1.0 >Reporter: Ayub Pathan >Priority: Critical > > Currently relationship ends need to be manually populated by user and this > can be auto-populated whenever a relationship type is selected. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Review Request 68681: RANGER-2213 Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.90.
> On 九月 12, 2018, 8:37 a.m., Vishal Suvagia wrote: > > @Qiang Zhang, Kindly add the testing done with this patch ? I am verifying the issue according to “Testing Done” - Qiang --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68681/#review208553 --- On 九月 11, 2018, 3:07 a.m., Qiang Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68681/ > --- > > (Updated 九月 11, 2018, 3:07 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O > hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, > Ramesh Mani, Selvamohan Neethiraj, sam rome, Venkat Ranganathan, and > Velmurugan Periasamy. > > > Bugs: RANGER-2213 > https://issues.apache.org/jira/browse/RANGER-2213 > > > Repository: ranger > > > Description > --- > > [SECURITY] CVE-2018-1336 > Severity: High > Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, > 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. > Description: An improper handing of overflow in the UTF-8 decoder with > supplementary characters can lead to an infinite loop in the decoder causing > a Denial of Service. > > CVE-2018-8014 > Description: The defaults settings for the CORS filter provided in Apache > Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to > 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is > expected that users of the CORS filter will have configured it appropriately > for their environment rather than using it in the default configuration. > Therefore, it is expected that most users will not be impacted by this issue. > > CVE-2018-8034 > Description: The host name verification when using TLS with the WebSocket > client was missing. It is now enabled by default. > Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, > 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. > > > Diffs > - > > pom.xml ae3f4be4c > > > Diff: https://reviews.apache.org/r/68681/diff/1/ > > > Testing > --- > > 1. Modify the ssl configuration item in install.properties for the Ranger > Admin. > > **SSL config** > > db_ssl_enabled=true > db_ssl_required=true > db_ssl_verifyServerCertificate=true > javax_net_ssl_keyStore=/opt/ranger-1.1.0-admin/ssl/keystore > javax_net_ssl_keyStorePassword=hdp1234$ > javax_net_ssl_trustStore=/opt/ranger-1.1.0-admin/ssl/truststore > javax_net_ssl_trustStorePassword=hdp1234$ > ... > > > **--- PolicyManager CONFIG ** > > > policymgr_external_url=https://localhost:6182 > policymgr_http_enabled=false > policymgr_https_keystore_file=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify.jks > policymgr_https_keystore_keyalias=rangertomcatverify > policymgr_https_keystore_password=hdp1234$ > > > 2. Install the Ranger Admin > > > 3. Modify the ssl configuration item in install.properties for the usersync. > > > **POLICY_MGR_URL = http://policymanager.xasecure.net:6080** > > > POLICY_MGR_URL = https://sslrangerserver:6182 > > > **SSL Authentication** > > AUTH_SSL_ENABLED=false > AUTH_SSL_KEYSTORE_FILE=/opt/ranger-1.1.0-admin/ssl/keystore > AUTH_SSL_KEYSTORE_PASSWORD=hdp1234$ > AUTH_SSL_TRUSTSTORE_FILE=/opt/ranger-1.1.0-admin/ssl/truststore > AUTH_SSL_TRUSTSTORE_PASSWORD=hdp1234$ > > > 4. Install the Ranger usersync > > > 5. Modified the ssl configuration item in install.properties for the kms. > > > **POLICY_MGR_URL = http://policymanager.xasecure.net:6080** > > > POLICY_MGR_URL = https://sslrangerserver:6182 > db_ssl_enabled=true > db_ssl_required=true > db_ssl_verifyServerCertificate=true > db_ssl_auth_type=2-way > javax_net_ssl_keyStore=/opt/ranger-1.1.0-admin/ssl/keystore > javax_net_ssl_keyStorePassword=hdp1234$ > javax_net_ssl_trustStore=/opt/ranger-1.1.0-admin/ssl/truststore > javax_net_ssl_trustStorePassword=hdp1234$ > > > **SSL Client Certificate Information** > > > SSL_KEYSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-keystore.jks > SSL_KEYSTORE_PASSWORD=myKeyFilePassword > SSL_TRUSTSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-truststore.jks > SSL_TRUSTSTORE_PASSWORD=changeit > > > 6. Install the KMS > > > 7. Modified the ssl configuration item in install.properties for plugins > > > **POLICY_MGR_URL = http://policymanager.xasecure.net:6080** > > > POLICY_MGR_URL = https://sslrangerserver:6182 > > > **SSL Client Certificate Information** > > > SSL_KEYSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-keystore.jks > SSL_KEYSTORE_PASSWORD=myKeyFilePassword > SSL_TRUSTSTORE_FILE_PATH=/opt/ranger-1.1.0-admin/ssl/rangertomcatverify-truststore.jks > SSL_TRUSTSTORE_PASSWORD=changeit > > >