Re: Review Request 73497: RANGER-3360: Best Practice: Use updated policy object after pruning the policy object
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73497/#review223300 --- Ship it! Ship It! - Pradeep Agrawal On Aug. 2, 2021, 8:13 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73497/ > --- > > (Updated Aug. 2, 2021, 8:13 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > and Velmurugan Periasamy. > > > Bugs: RANGER-3360 > https://issues.apache.org/jira/browse/RANGER-3360 > > > Repository: ranger > > > Description > --- > > Ensure that pruned policy (with the policy-items that have delegated-admin > flag set to false removed from copy of the original policy) is used when > building policy-engine for delegated-admin processing, > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java > 5c6083e6b > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 831b6d4ad > > > Diff: https://reviews.apache.org/r/73497/diff/1/ > > > Testing > --- > > Passed all unit tests. > > > Thanks, > > Abhay Kulkarni > >
Re: Review Request 73497: RANGER-3360: Best Practice: Use updated policy object after pruning the policy object
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73497/#review223299 --- Ship it! Ship It! - Velmurugan Periasamy On Aug. 2, 2021, 8:13 p.m., Abhay Kulkarni wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73497/ > --- > > (Updated Aug. 2, 2021, 8:13 p.m.) > > > Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, > and Velmurugan Periasamy. > > > Bugs: RANGER-3360 > https://issues.apache.org/jira/browse/RANGER-3360 > > > Repository: ranger > > > Description > --- > > Ensure that pruned policy (with the policy-items that have delegated-admin > flag set to false removed from copy of the original policy) is used when > building policy-engine for delegated-admin processing, > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java > 5c6083e6b > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 831b6d4ad > > > Diff: https://reviews.apache.org/r/73497/diff/1/ > > > Testing > --- > > Passed all unit tests. > > > Thanks, > > Abhay Kulkarni > >
Review Request 73497: RANGER-3360: Best Practice: Use updated policy object after pruning the policy object
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73497/ --- Review request for ranger, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-3360 https://issues.apache.org/jira/browse/RANGER-3360 Repository: ranger Description --- Ensure that pruned policy (with the policy-items that have delegated-admin flag set to false removed from copy of the original policy) is used when building policy-engine for delegated-admin processing, Diffs - agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerAbstractPolicyEvaluator.java 5c6083e6b agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java 831b6d4ad Diff: https://reviews.apache.org/r/73497/diff/1/ Testing --- Passed all unit tests. Thanks, Abhay Kulkarni
[jira] [Assigned] (RANGER-3360) Best Practice: Use updated policy object after pruning the policy object
[ https://issues.apache.org/jira/browse/RANGER-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhay Kulkarni reassigned RANGER-3360: -- Assignee: Abhay Kulkarni > Best Practice: Use updated policy object after pruning the policy object > > > Key: RANGER-3360 > URL: https://issues.apache.org/jira/browse/RANGER-3360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Pradeep Agrawal >Assignee: Abhay Kulkarni >Priority: Major > Fix For: 3.0.0, 2.2.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3360) Best Practice: Use updated policy object after pruning the policy object
[ https://issues.apache.org/jira/browse/RANGER-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3360: Summary: Best Practice: Use updated policy object after pruning the policy object (was: non delegate admin user are able to grant access even without having delegate admin priv) > Best Practice: Use updated policy object after pruning the policy object > > > Key: RANGER-3360 > URL: https://issues.apache.org/jira/browse/RANGER-3360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3360) non delegate admin user are able to grant access even without having delegate admin priv
[ https://issues.apache.org/jira/browse/RANGER-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3360: Description: (was: # create ranger admin policy for hrt_21 to allow all the privilege # use hrt_21 user to grant the privilege with grant option to user hrt_11 # use hrt_21 user to grant the privilege without grant option to user hrt_12 # use hrt_12 user to grant the privilege to any other user eg: hrt_13 Expected Result: hrt_12 should not be able to grant privilege to any other user as delegate admin/grant option is false for Actual Result: hrt_12 successfully able to grant privilege to other users audit shows that operation was allowed by the same policy when actor does not have delegate admin privilege) > non delegate admin user are able to grant access even without having delegate > admin priv > > > Key: RANGER-3360 > URL: https://issues.apache.org/jira/browse/RANGER-3360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (RANGER-3360) non delegate admin user are able to grant access even without having delegate admin priv
[ https://issues.apache.org/jira/browse/RANGER-3360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3360: Fix Version/s: (was: 2.0.1) 2.2.0 > non delegate admin user are able to grant access even without having delegate > admin priv > > > Key: RANGER-3360 > URL: https://issues.apache.org/jira/browse/RANGER-3360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.2.0 >Reporter: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > > # create ranger admin policy for hrt_21 to allow all the privilege > # use hrt_21 user to grant the privilege with grant option to user hrt_11 > # use hrt_21 user to grant the privilege without grant option to user hrt_12 > # use hrt_12 user to grant the privilege to any other user eg: hrt_13 > Expected Result: hrt_12 should not be able to grant privilege to any other > user as delegate admin/grant option is false for > Actual Result: hrt_12 successfully able to grant privilege to other users > audit shows that operation was allowed by the same policy when actor does not > have delegate admin privilege -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3360) non delegate admin user are able to grant access even without having delegate admin priv
Pradeep Agrawal created RANGER-3360: --- Summary: non delegate admin user are able to grant access even without having delegate admin priv Key: RANGER-3360 URL: https://issues.apache.org/jira/browse/RANGER-3360 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0, 2.2.0 Reporter: Pradeep Agrawal Fix For: 2.0.1, 3.0.0 # create ranger admin policy for hrt_21 to allow all the privilege # use hrt_21 user to grant the privilege with grant option to user hrt_11 # use hrt_21 user to grant the privilege without grant option to user hrt_12 # use hrt_12 user to grant the privilege to any other user eg: hrt_13 Expected Result: hrt_12 should not be able to grant privilege to any other user as delegate admin/grant option is false for Actual Result: hrt_12 successfully able to grant privilege to other users audit shows that operation was allowed by the same policy when actor does not have delegate admin privilege -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ranger] alvaroqueiroz commented on pull request #110: Python ranger_client call_api - add case for 404 response
alvaroqueiroz commented on pull request #110: URL: https://github.com/apache/ranger/pull/110#issuecomment-891028836 @mneethiraj ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Review Request 73496: RANGER-3359: Upgrade json-smart and nimbus-jose-jwt libraries
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73496/ --- Review request for ranger, Abhishek Kumar, Dhaval Shah, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-3359 https://issues.apache.org/jira/browse/RANGER-3359 Repository: ranger Description --- Here I am proposing to Upgrade json-smart version to 2.3.1 and nimbus-jose-jwt to 8.22.1 This patch will also fix the version inconsistency in different modules as different version of jars being pulled due to dependency. Diffs - agents-audit/pom.xml 0b16e53bd agents-common/pom.xml 39efb0c19 agents-cred/pom.xml 254d0c1f1 credentialbuilder/pom.xml 59d239bb5 embeddedwebserver/pom.xml 2d14f3abd kms/pom.xml b65b0b2b2 pom.xml 8d81988d4 security-admin/pom.xml f64e74781 Diff: https://reviews.apache.org/r/73496/diff/1/ Testing --- Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
[ https://issues.apache.org/jira/browse/RANGER-3359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-3359: Attachment: 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > Upgrade json-smart and nimbus-jose-jwt libraries > > > Key: RANGER-3359 > URL: https://issues.apache.org/jira/browse/RANGER-3359 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0, 2.2.0 > > Attachments: > 0001-RANGER-3359-Upgrade-json-smart-and-nimbus-jose-jwt-l.patch > > > Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version > to 8.22.1 and make it same in all the ranger modules. > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3359) Upgrade json-smart and nimbus-jose-jwt libraries
Pradeep Agrawal created RANGER-3359: --- Summary: Upgrade json-smart and nimbus-jose-jwt libraries Key: RANGER-3359 URL: https://issues.apache.org/jira/browse/RANGER-3359 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0, 2.2.0 Proposal to upgrade json-smart version to 2.3.1 and nimbus-jose-jwt version to 8.22.1 and make it same in all the ranger modules. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3259) [Ranger Audit Filter] Ranger role is allowed to delete, even if its used in audit filters
[ https://issues.apache.org/jira/browse/RANGER-3259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17391445#comment-17391445 ] Dineshkumar Yadav commented on RANGER-3259: --- Ranger-master commit [https://github.com/apache/ranger/commit/cfc033007bcafb1d115825a5c9ed23d4a1a30ee0] Ranger-2.2 commit [https://github.com/apache/ranger/commit/5b186d543a3c671bfdc792135266184ab5c585d9] > [Ranger Audit Filter] Ranger role is allowed to delete, even if its used in > audit filters > - > > Key: RANGER-3259 > URL: https://issues.apache.org/jira/browse/RANGER-3259 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.2.0 >Reporter: Abhishek Shukla >Assignee: Dineshkumar Yadav >Priority: Major > > Observed that we are able to delete ranger role, even if the role is used in > ranger audit filters in some service plugin. > > While if the same ranger role is present in some ranger policy we are not > allowed to delete the role unless we remove the role usage from policy OR > delete the policy itself. > cc [~rmani] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (RANGER-3349) Handling multiple grant role command for same user
[ https://issues.apache.org/jira/browse/RANGER-3349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17391348#comment-17391348 ] Dineshkumar Yadav commented on RANGER-3349: --- Ranger-master [https://github.com/apache/ranger/commit/b2406be6cfc79d004354222f218261f039d8c5df] Ranger-2.2 [https://github.com/apache/ranger/commit/a1ec8ebe898af4990c2f4dd24bc08923c0c168d7] > Handling multiple grant role command for same user > -- > > Key: RANGER-3349 > URL: https://issues.apache.org/jira/browse/RANGER-3349 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: suja s >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.2.0 > > > Scenario: > 1. User testuser1 is an admin on ranger side > 2. Open a hive beeline session as testuser1 > 3. Create role r1 > role r1 is created on ranger side with testuser1 as admin user for the role > 4. Execute command "grant r1 to user testuser1" > Expected - r1 should have no changes -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (RANGER-3358) Ranger - Upgrade Tomcat to 8.5.69
Mateen N Mansoori created RANGER-3358: - Summary: Ranger - Upgrade Tomcat to 8.5.69 Key: RANGER-3358 URL: https://issues.apache.org/jira/browse/RANGER-3358 Project: Ranger Issue Type: Task Components: Ranger Reporter: Mateen N Mansoori Currently Ranger is pulling in Tomcat 8.5.63, Upgrading to 8.5.69. -- This message was sent by Atlassian Jira (v8.3.4#803005)