Apache Ranger - Release 2.1.0 - release date soon ?
All Rangers: Currently we have around 316 issues resolved in Version 2.1.0. Can we quickly do a release of version 2.1.0 ? Any PMC member or committer interested in being a release coordinator for Ranger Release 2.1.0 ? Thanks, Selva-
Review Request 72765: RANGER-2948: Ranger plugins to support a hook to register plugin chains
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72765/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2948 https://issues.apache.org/jira/browse/RANGER-2948 Repository: ranger Description --- Ranger plugins authorize access based on resource-based and classification-based policies defined in a service. RangerBasePlugin abstraction in plugins-common library deals with details of retrieving/refreshing of policies/classifications from Ranger Admin, caching retrieved policies/classifications, building policy-engine, etc. Enhancing this abstraction to support additional plugins that can influence authorization decision, for example by consulting another system, can help address deployment specific needs. Diffs - agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 479a50c91 agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerChainedPluginConfig.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java 43ddf0bc2 agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 74555eefd agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 4e959bccd agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 4c60efecd agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java cc892d8fd agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java 67230c6de agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 794d3cba4 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerChainedPlugin.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java 2c708d7b6 agents-common/src/test/resources/policyengine/test_policyengine_tag_hive_filebased.json 21d936af9 Diff: https://reviews.apache.org/r/72765/diff/1/ Testing --- Passes all unit tests Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-2948) Ranger plugins to support a hook to register plugin chains
[ https://issues.apache.org/jira/browse/RANGER-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-2948: -- Assignee: Abhay Kulkarni > Ranger plugins to support a hook to register plugin chains > -- > > Key: RANGER-2948 > URL: https://issues.apache.org/jira/browse/RANGER-2948 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > > Ranger plugins authorize access based on resource-based and > classification-based policies defined in a service. RangerBasePlugin > abstraction in plugins-common library deals with details of > retrieving/refreshing of policies/classifications from Ranger Admin, caching > retrieved policies/classifications, building policy-engine, etc. Enhancing > this abstraction to support additional plugins that can influence > authorization decision, for example by consulting another system, can help > address deployment specific needs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2948) Ranger plugins to support a hook to register plugin chains
Madhan Neethiraj created RANGER-2948: Summary: Ranger plugins to support a hook to register plugin chains Key: RANGER-2948 URL: https://issues.apache.org/jira/browse/RANGER-2948 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Madhan Neethiraj Ranger plugins authorize access based on resource-based and classification-based policies defined in a service. RangerBasePlugin abstraction in plugins-common library deals with details of retrieving/refreshing of policies/classifications from Ranger Admin, caching retrieved policies/classifications, building policy-engine, etc. Enhancing this abstraction to support additional plugins that can influence authorization decision, for example by consulting another system, can help address deployment specific needs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2923) Changing data type of sync_source_info column to accommodate more characters
[ https://issues.apache.org/jira/browse/RANGER-2923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mahesh Hanumant Bandal resolved RANGER-2923. Fix Version/s: 2.1.0 Resolution: Fixed commit id : [https://github.com/apache/ranger/commit/5c5c297a9c66f1a41a8dddf1c0148690b1d1438e] > Changing data type of sync_source_info column to accommodate more characters > > > Key: RANGER-2923 > URL: https://issues.apache.org/jira/browse/RANGER-2923 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > > Insert values for the column "sync_source_info" under table > "x_ugsync_audit_info" can go beyond the maximum length of column. (currently > limit is VARCHAR 4000). > Now changing data type to different db flavours as follows : > mysql : VARCHAR => MEDIUMTEXT > oracle : VARCHAR => CLOB > postgres : VARCHAR => TEXT > sqlanywhere : VARCHAR => TEXT > sqlserver : VARCHAR => nvarchar(max) -- This message was sent by Atlassian Jira (v8.3.4#803005)
Info required: Ranger policy evaluation hierarchical
Hello Rangers, Needed some clarification with how the policy hierarchical evaluation works for following criteria. {"resources": [ { "itemId": 1, * "name": "catalog",* "type": "string", "mandatory": true, "level": 10, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard":true, "ignoreCase":true }, "label": "Presto Catalog", "accessTypeRestrictions":["select", "update", "create", "drop", "alter", "lock"], "isValidLeaf": true }, { "itemId": 2, * "name": "schema",* "type": "string", "level": 20, * "parent": "catalog",* "mandatory": true, "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", "matcherOptions": { "wildCard":true, "ignoreCase":true }, "label": " Presto Table", "accessTypeRestrictions":["select", "update", "create", "drop", "alter", "index", "lock"], "isValidLeaf": true } ] } And my policy details as below, Catalog Schema User Permission testCat1 testSch1 user1 ALL With the above setting If i execute 1. rangerPlugin.isAccessAllowed(Resource(testCat1) with perm SELECT==> *FALSE* 2. rangerPlugin.isAccessAllowed(Resource(testCat1, testSch1) with perm SELECT==>*TRUE* Why not *case 1*. return TRUE in this case? In an ideal world it should have been *TRUE*, since there are some items for User1 which he has got valid access to. And servicedef contains a parent/child relationship. Please shed some light around this, FYI: Example servicedef is copied from Presto, And the codes are psuedo. Thanks, RameshByndoor
[jira] [Updated] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
[ https://issues.apache.org/jira/browse/RANGER-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-2947: -- Description: Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] *Solution* Added validation to check for serviceType provided in import policy to it's service. was:Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] > [Ranger][Policy Import] Usage of serviceType config while importing ranger > policy for any service > - > > Key: RANGER-2947 > URL: https://issues.apache.org/jira/browse/RANGER-2947 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > Observed that serviceType config is currently not used while importing a > ranger policy, so we can give any random value or a different service name > [from the service name to which import should happen] > *Solution* > Added validation to check for serviceType provided in import policy to > it's service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
Dineshkumar Yadav created RANGER-2947: - Summary: [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service Key: RANGER-2947 URL: https://issues.apache.org/jira/browse/RANGER-2947 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] -- This message was sent by Atlassian Jira (v8.3.4#803005)