Apache Ranger - Release 2.1.0 - release date soon ?
All Rangers: Currently we have around 316 issues resolved in Version 2.1.0. Can we quickly do a release of version 2.1.0 ? Any PMC member or committer interested in being a release coordinator for Ranger Release 2.1.0 ? Thanks, Selva-
Review Request 72765: RANGER-2948: Ranger plugins to support a hook to register plugin chains
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72765/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-2948 https://issues.apache.org/jira/browse/RANGER-2948 Repository: ranger Description --- Ranger plugins authorize access based on resource-based and classification-based policies defined in a service. RangerBasePlugin abstraction in plugins-common library deals with details of retrieving/refreshing of policies/classifications from Ranger Admin, caching retrieved policies/classifications, building policy-engine, etc. Enhancing this abstraction to support additional plugins that can influence authorization decision, for example by consulting another system, can help address deployment specific needs. Diffs - agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java 479a50c91 agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerChainedPluginConfig.java PRE-CREATION agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java 43ddf0bc2 agents-common/src/main/java/org/apache/ranger/authorization/utils/JsonUtils.java 74555eefd agents-common/src/main/java/org/apache/ranger/authorization/utils/StringUtil.java 4e959bccd agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java 4c60efecd agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerUserStoreEnricher.java cc892d8fd agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceResource.java 67230c6de agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java 794d3cba4 agents-common/src/main/java/org/apache/ranger/plugin/service/RangerChainedPlugin.java PRE-CREATION agents-common/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerCustomConditionMatcherTest.java 2c708d7b6 agents-common/src/test/resources/policyengine/test_policyengine_tag_hive_filebased.json 21d936af9 Diff: https://reviews.apache.org/r/72765/diff/1/ Testing --- Passes all unit tests Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-2948) Ranger plugins to support a hook to register plugin chains
[ https://issues.apache.org/jira/browse/RANGER-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-2948: -- Assignee: Abhay Kulkarni > Ranger plugins to support a hook to register plugin chains > -- > > Key: RANGER-2948 > URL: https://issues.apache.org/jira/browse/RANGER-2948 > Project: Ranger > Issue Type: Improvement > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Abhay Kulkarni >Priority: Major > > Ranger plugins authorize access based on resource-based and > classification-based policies defined in a service. RangerBasePlugin > abstraction in plugins-common library deals with details of > retrieving/refreshing of policies/classifications from Ranger Admin, caching > retrieved policies/classifications, building policy-engine, etc. Enhancing > this abstraction to support additional plugins that can influence > authorization decision, for example by consulting another system, can help > address deployment specific needs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2948) Ranger plugins to support a hook to register plugin chains
Madhan Neethiraj created RANGER-2948: Summary: Ranger plugins to support a hook to register plugin chains Key: RANGER-2948 URL: https://issues.apache.org/jira/browse/RANGER-2948 Project: Ranger Issue Type: Improvement Components: plugins Reporter: Madhan Neethiraj Ranger plugins authorize access based on resource-based and classification-based policies defined in a service. RangerBasePlugin abstraction in plugins-common library deals with details of retrieving/refreshing of policies/classifications from Ranger Admin, caching retrieved policies/classifications, building policy-engine, etc. Enhancing this abstraction to support additional plugins that can influence authorization decision, for example by consulting another system, can help address deployment specific needs. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (RANGER-2923) Changing data type of sync_source_info column to accommodate more characters
[ https://issues.apache.org/jira/browse/RANGER-2923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mahesh Hanumant Bandal resolved RANGER-2923. Fix Version/s: 2.1.0 Resolution: Fixed commit id : [https://github.com/apache/ranger/commit/5c5c297a9c66f1a41a8dddf1c0148690b1d1438e] > Changing data type of sync_source_info column to accommodate more characters > > > Key: RANGER-2923 > URL: https://issues.apache.org/jira/browse/RANGER-2923 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Mahesh Hanumant Bandal >Assignee: Mahesh Hanumant Bandal >Priority: Major > Fix For: 2.1.0 > > > Insert values for the column "sync_source_info" under table > "x_ugsync_audit_info" can go beyond the maximum length of column. (currently > limit is VARCHAR 4000). > Now changing data type to different db flavours as follows : > mysql : VARCHAR => MEDIUMTEXT > oracle : VARCHAR => CLOB > postgres : VARCHAR => TEXT > sqlanywhere : VARCHAR => TEXT > sqlserver : VARCHAR => nvarchar(max) -- This message was sent by Atlassian Jira (v8.3.4#803005)
Info required: Ranger policy evaluation hierarchical
Hello Rangers,
Needed some clarification with how the policy hierarchical evaluation works
for following criteria.
{"resources":
[
{
"itemId": 1,
* "name": "catalog",*
"type": "string",
"mandatory": true,
"level": 10,
"matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":true },
"label": "Presto Catalog",
"accessTypeRestrictions":["select", "update", "create", "drop",
"alter", "lock"],
"isValidLeaf": true
},
{
"itemId": 2,
* "name": "schema",*
"type": "string",
"level": 20,
* "parent": "catalog",*
"mandatory": true,
"matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":true },
"label": " Presto Table",
"accessTypeRestrictions":["select", "update", "create", "drop",
"alter", "index", "lock"],
"isValidLeaf": true
}
]
}
And my policy details as below,
Catalog
Schema
User
Permission
testCat1
testSch1
user1
ALL
With the above setting If i execute
1. rangerPlugin.isAccessAllowed(Resource(testCat1) with perm SELECT==>
*FALSE*
2. rangerPlugin.isAccessAllowed(Resource(testCat1, testSch1) with perm
SELECT==>*TRUE*
Why not *case 1*. return TRUE in this case?
In an ideal world it should have been *TRUE*, since there are some items
for User1 which he has got valid access to. And servicedef contains a
parent/child relationship.
Please shed some light around this,
FYI:
Example servicedef is copied from Presto, And the codes are psuedo.
Thanks,
RameshByndoor
[jira] [Updated] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
[ https://issues.apache.org/jira/browse/RANGER-2947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-2947: -- Description: Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] *Solution* Added validation to check for serviceType provided in import policy to it's service. was:Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] > [Ranger][Policy Import] Usage of serviceType config while importing ranger > policy for any service > - > > Key: RANGER-2947 > URL: https://issues.apache.org/jira/browse/RANGER-2947 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > Observed that serviceType config is currently not used while importing a > ranger policy, so we can give any random value or a different service name > [from the service name to which import should happen] > *Solution* > Added validation to check for serviceType provided in import policy to > it's service. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-2947) [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service
Dineshkumar Yadav created RANGER-2947: - Summary: [Ranger][Policy Import] Usage of serviceType config while importing ranger policy for any service Key: RANGER-2947 URL: https://issues.apache.org/jira/browse/RANGER-2947 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Observed that serviceType config is currently not used while importing a ranger policy, so we can give any random value or a different service name [from the service name to which import should happen] -- This message was sent by Atlassian Jira (v8.3.4#803005)
