[jira] [Closed] (RANGER-2281) Support Trusted Proxy in ranger

2018-11-09 Thread Sailaja Polavarapu (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu closed RANGER-2281.
--

> Support Trusted Proxy in ranger
> ---
>
> Key: RANGER-2281
> URL: https://issues.apache.org/jira/browse/RANGER-2281
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> Ranger kerberos authentication module should support the notion of 
> proxy-user, who would be allowed to perform operations on behalf of other 
> users i.e. impersonate other users - similar to Hadoop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Commented] (RANGER-2049) Support doAs in Ranger Admin Portal / REST API

2018-11-09 Thread Sailaja Polavarapu (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16682087#comment-16682087
 ] 

Sailaja Polavarapu commented on RANGER-2049:


[~bosco],

 Didn't know that we have this Jira already. This is same as what I am working 
on. So I will mark https://issues.apache.org/jira/browse/RANGER-2281 as 
duplicate.

Thanks,

Sailaja.

> Support doAs in Ranger Admin Portal / REST API
> --
>
> Key: RANGER-2049
> URL: https://issues.apache.org/jira/browse/RANGER-2049
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Don Bosco Durai
>Priority: Major
>
> It will be good to support doAs in Ranger Admin and be consistent with other 
> components within Hadoop ecosystem. This will help proxies like Knox to front 
> Ranger Admin, but pass the calling user similar to WebHDFS in Ranger, which 
> will enable Ranger to do fine grain authorization and auditing.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (RANGER-2049) Support doAs in Ranger Admin Portal / REST API

2018-11-09 Thread Sailaja Polavarapu (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu updated RANGER-2049:
---
Fix Version/s: 2.0.0

> Support doAs in Ranger Admin Portal / REST API
> --
>
> Key: RANGER-2049
> URL: https://issues.apache.org/jira/browse/RANGER-2049
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Don Bosco Durai
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> It will be good to support doAs in Ranger Admin and be consistent with other 
> components within Hadoop ecosystem. This will help proxies like Knox to front 
> Ranger Admin, but pass the calling user similar to WebHDFS in Ranger, which 
> will enable Ranger to do fine grain authorization and auditing.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Resolved] (RANGER-2281) Support Trusted Proxy in ranger

2018-11-09 Thread Sailaja Polavarapu (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu resolved RANGER-2281.

Resolution: Fixed

Marking this as duplicate as there is already an older Jira on this.

> Support Trusted Proxy in ranger
> ---
>
> Key: RANGER-2281
> URL: https://issues.apache.org/jira/browse/RANGER-2281
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> Ranger kerberos authentication module should support the notion of 
> proxy-user, who would be allowed to perform operations on behalf of other 
> users i.e. impersonate other users - similar to Hadoop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Assigned] (RANGER-2049) Support doAs in Ranger Admin Portal / REST API

2018-11-09 Thread Sailaja Polavarapu (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu reassigned RANGER-2049:
--

Assignee: Sailaja Polavarapu

> Support doAs in Ranger Admin Portal / REST API
> --
>
> Key: RANGER-2049
> URL: https://issues.apache.org/jira/browse/RANGER-2049
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Don Bosco Durai
>Assignee: Sailaja Polavarapu
>Priority: Major
>
> It will be good to support doAs in Ranger Admin and be consistent with other 
> components within Hadoop ecosystem. This will help proxies like Knox to front 
> Ranger Admin, but pass the calling user similar to WebHDFS in Ranger, which 
> will enable Ranger to do fine grain authorization and auditing.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Commented] (RANGER-2281) Support Trusted Proxy in ranger

2018-11-09 Thread Don Bosco Durai (JIRA)


[ 
https://issues.apache.org/jira/browse/RANGER-2281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16682086#comment-16682086
 ] 

Don Bosco Durai commented on RANGER-2281:
-

[~spolavarapu] can you look into this JIRA also? 
https://issues.apache.org/jira/browse/RANGER-2049

I had created this with the intention that RangerAdmin will support doAs. If 
you feel they are the same, then we can close one of them.

Thanks

> Support Trusted Proxy in ranger
> ---
>
> Key: RANGER-2281
> URL: https://issues.apache.org/jira/browse/RANGER-2281
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> Ranger kerberos authentication module should support the notion of 
> proxy-user, who would be allowed to perform operations on behalf of other 
> users i.e. impersonate other users - similar to Hadoop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Assigned] (RANGER-2281) Support Trusted Proxy in ranger

2018-11-09 Thread Sailaja Polavarapu (JIRA)


 [ 
https://issues.apache.org/jira/browse/RANGER-2281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sailaja Polavarapu reassigned RANGER-2281:
--

Assignee: Sailaja Polavarapu

> Support Trusted Proxy in ranger
> ---
>
> Key: RANGER-2281
> URL: https://issues.apache.org/jira/browse/RANGER-2281
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: 2.0.0
>Reporter: Sailaja Polavarapu
>Assignee: Sailaja Polavarapu
>Priority: Major
> Fix For: 2.0.0
>
>
> Ranger kerberos authentication module should support the notion of 
> proxy-user, who would be allowed to perform operations on behalf of other 
> users i.e. impersonate other users - similar to Hadoop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Created] (RANGER-2281) Support Trusted Proxy in ranger

2018-11-09 Thread Sailaja Polavarapu (JIRA)
Sailaja Polavarapu created RANGER-2281:
--

 Summary: Support Trusted Proxy in ranger
 Key: RANGER-2281
 URL: https://issues.apache.org/jira/browse/RANGER-2281
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: 2.0.0
Reporter: Sailaja Polavarapu
 Fix For: 2.0.0


Ranger kerberos authentication module should support the notion of proxy-user, 
who would be allowed to perform operations on behalf of other users i.e. 
impersonate other users - similar to Hadoop.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


Re: Review Request 69239: RANGER-2276:Email Address should be verified when Add New User in Ranger Admin

2018-11-09 Thread pengjianhua

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69239/#review210436
---




security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 31 (patched)


This path has conflicts, StringUtils is already defined in the latest code.

security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java:[89] 
error: org.apache.commons.lang.StringUtils is already defined in a single-type 
import


- pengjianhua


On 十一月 2, 2018, 7:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69239/
> ---
> 
> (Updated 十一月 2, 2018, 7:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2276
> https://issues.apache.org/jira/browse/RANGER-2276
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Click Add New User in Ranger Admin to create user,
> and fill in Email Address with a@b.c, user can be created successfully.
> But when you update the user with Email Address like x@y.z,
> update would be failed with the following message:
> Error:Please provide valid email address.
> Please refer screenshots:
> [UpdateUserWithEmail.jpg|https://issues.apache.org/jira/secure/attachment/12946646/UpdateUserWithEmail.jpg]
> Email Address should be verified when creating users like updating users.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java febf221 
> 
> 
> Diff: https://reviews.apache.org/r/69239/diff/1/
> 
> 
> Testing
> ---
> 
> Tested:
> Email Address is verified when Add New User in Ranger Admin.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>



Re: Review Request 69156: RANGER-2267 Add a icon to differentiate the status of the service

2018-11-09 Thread pengjianhua

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69156/#review210435
---


Ship it!




Ship It!

- pengjianhua


On 十月 31, 2018, 6:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69156/
> ---
> 
> (Updated 十月 31, 2018, 6:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2267
> https://issues.apache.org/jira/browse/RANGER-2267
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> On the Service Manager page, the enabled service and the disabled service are 
> displayed the same, and the user cannot distinguish between them.
> Add a icon lable to differentiate the status of the service
> 
> Modified screenshots:
> 
> https://issues.apache.org/jira/secure/attachment/12946338/Modify.PNG
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/templates/helpers/XAHelpers.js 27de701ae 
> 
> 
> Diff: https://reviews.apache.org/r/69156/diff/2/
> 
> 
> Testing
> ---
> 
> Test Result:
> 
> Tested.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>



Re: Review Request 69248: RANGER-2277 Kylin repository config missing "Common Name for Certificate"

2018-11-09 Thread pengjianhua

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69248/#review210434
---


Ship it!




Ship It!

- pengjianhua


On 十一月 5, 2018, 9:27 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69248/
> ---
> 
> (Updated 十一月 5, 2018, 9:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Nitin Galave, pengjianhua, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, sam  rome, Venkat Ranganathan, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2277
> https://issues.apache.org/jira/browse/RANGER-2277
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Currently there is no field for specifying "Common Name for Certificate" in 
> Kylin repository configuration. To get SSL setup between ranger admin and 
> Kylin plugin working, this field should be added to the repo config.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-kylin.json 
> 3e0f0a3fb 
> 
> 
> Diff: https://reviews.apache.org/r/69248/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>



Re: Review Request 69297: RANGER-2280:The emptyText of User Sync and Plugin Status should be reasonable

2018-11-09 Thread pengjianhua

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69297/#review210433
---


Ship it!




Ship It!

- pengjianhua


On 十一月 8, 2018, 7:08 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69297/
> ---
> 
> (Updated 十一月 8, 2018, 7:08 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, Velmurugan Periasamy, 
> and Zsombor Gegesy.
> 
> 
> Bugs: RANGER-2280
> https://issues.apache.org/jira/browse/RANGER-2280
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In the User Sync webpage under the Audit of Ranger Admin?
> if the form is empty, it will show emptyText:
> No plugin found!
> Refer screenshots:
> [AuditUserSyncNotFound|https://issues.apache.org/jira/secure/attachment/12947353/AuditUserSyncNotFound.jpg]
> The message shown above is not reasonable. It should be changed to:
> No user sync audit found!
> Fixed screenshots:
> [AuditUserSyncNotFound_Fix|https://issues.apache.org/jira/secure/attachment/12947354/AuditUserSyncNotFound_Fix.jpg]
> 
> Similar to User Sync, the emptyText of Plugin Status is not reasonable.
> It should be changed to:
> No plugin status found!
> Fixed screenshots:
> [AuditPluginStatusNotFound_Fix|https://issues.apache.org/jira/secure/attachment/12947352/AuditPluginStatusNotFound_Fix.jpg]
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js fe9566c 
> 
> 
> Diff: https://reviews.apache.org/r/69297/diff/1/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>