Re: Review Request 74218: RANGER-3983: Support getColumnMasks and getRowFilters in Trino SPI 376+

[ziyue yang]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74218/
---

(Updated Nov. 29, 2022, 9:12 a.m.)


Review request for ranger and Madhan Neethiraj.


Repository: ranger


Description
---

- 
https://github.com/trinodb/trino/commit/827de57a50426e804761044d24d96b8877b62b7e
- 
https://github.com/trinodb/trino/commit/ac8d2d472201eef7c9a3129bd72835f57f2c3faa
- https://issues.apache.org/jira/browse/RANGER-3983

The functions `getColumnMask` and `getRowFilter` were deprecated since trino 
376, and were removed in 401.

So we should adapt to that change in ranger implementation.


Diffs
-

  
plugin-trino/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
 cc06187f4 
  
plugin-trino/src/test/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControlTest.java
 d6c637e5a 
  
ranger-trino-plugin-shim/src/main/java/org/apache/ranger/authorization/trino/authorizer/RangerSystemAccessControl.java
 c6b234dc2 


Diff: https://reviews.apache.org/r/74218/diff/1/


Testing
---

/opt/maven/3.8.3/bin/mvn clean test

Passed


Thanks,

ziyue yang

Re: Review Request 74219: RANGER-3986: Upgrade trino guice dependency to 5.1.0

[ziyue yang]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74219/
---

(Updated Nov. 29, 2022, 9:12 a.m.)


Review request for ranger and Madhan Neethiraj.


Repository: ranger


Description
---

https://issues.apache.org/jira/browse/RANGER-3986


The latest trino SPI 403 is running on Java 17, which guice 4.x doesn't 
support. we should upgrade the guice version to make ranger-trino-plugin 
possible to running on JVM 17


Diffs
-

  pom.xml bcb93ed74 


Diff: https://reviews.apache.org/r/74219/diff/1/


Testing
---

Try to build - success

/opt/maven/3.8.3/bin/mvn clean package -P 'ranger-jdk11,!linux' -DskipTests 
-Dmaven.repo.local=/mnt/.m2

Try to run UT - success

/opt/maven/3.8.3/bin/mvn clean test -P 'ranger-jdk11,!linux' -DskipTests 
-Dmaven.repo.local=/mnt/.m2


Thanks,

ziyue yang

[GitHub] [ranger] chenyu-opensource closed pull request #192: [improve]repair Log Description

[GitBox]

chenyu-opensource closed pull request #192: [improve]repair Log Description
URL: https://github.com/apache/ranger/pull/192


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Review Request 74213: RANGER-3977: Fix Ranger TagRest API deleteTagResourceMapByGuid

[Dineshkumar Yadav]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74213/#review224918
---


Ship it!




Ship It!

- Dineshkumar Yadav


On Nov. 23, 2022, 6:57 p.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74213/
> ---
> 
> (Updated Nov. 23, 2022, 6:57 p.m.)
> 
> 
> Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, 
> Nikhil P, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3977
> https://issues.apache.org/jira/browse/RANGER-3977
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement:** Ranger's TagRest API deleteTagResourceMapByGuid is 
> calling deleteServiceResource() rather deleteTagResourceMap()
> 
> Sample curl request: curl -u 'admin:SecretPass@123' -X DELETE 
> 'http://localhost:6080/service/tags/tagresourcemap/guid/58fde8a1-5d01-485d-843b-c84bc60d0e5f'
>  -H 'Accept: application/json' -H 'Content-Type: application/json'
> 
> Response: 400 bad request
> 
> Error message: 
> 2022-11-23 23:26:32,132 INFO org.apache.ranger.common.RESTErrorUtil: Request 
> failed. loginId=admin, logMessage=XXServiceResource can't be d
> eleted
> javax.ws.rs.WebApplicationException
> ...
> 2022-11-23 23:26:32,133 INFO org.apache.ranger.common.RESTErrorUtil: 
> Validation error:logMessage=44, error=Exception [EclipseLink-4002] (Ecl
> ipse Persistence Services - 2.7.7.v20200504-69f2c2b80d): 
> org.eclipse.persistence.exceptions.DatabaseException
> Internal Exception: org.postgresql.util.PSQLException: ERROR: update or 
> delete on table "x_service_resource" violates foreign key constraint
>  "x_tag_res_map_fk_res_id" on table "x_tag_resource_map"
>   Detail: Key (id)=(44) is still referenced from table "x_tag_resource_map".
> Error Code: 0
> Call: DELETE FROM x_service_resource WHERE ((id = ?) AND (version = ?))
> bind => [2 parameters bound], 
> response=VXResponse={org.apache.ranger.view.VXResponse@39100f8statusCode={1} 
> msgDesc={XXServiceResourc
> e can't be deleted} 
> messageList={[VXMessage={org.apache.ranger.view.VXMessage@df9230fname={OPER_NOT_ALLOWED_FOR_STATE}
>  rbKey={xa.error.oper_
> not_allowed_for_state} message={Operation not allowed in current state} 
> objectId={44} fieldName={null} }]} }
> javax.ws.rs.WebApplicationException
> at 
> org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:56)
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 0d29a95ca 
>   security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java 
> 7fba152a9 
> 
> 
> Diff: https://reviews.apache.org/r/74213/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the above mentioned curl request with the proposed patch and request 
> completed successfully with response code 200 OK and output 
> 
> {"id":44,"guid":"58fde8a1-5d01-485d-843b-c84bc60d0e5f","isEnabled":true,"createdBy":"admin","updatedBy":"admin","createTime":1669122505391,"updateTime":1669122505391,"tagId":62,"resourceId":63}
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 74189: RANGER-3883 : POST/PUT REST API's work even when invalid user id or Id is used in the URL

[Ramachandran Krishnan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74189/
---

(Updated Nov. 29, 2022, 11:44 a.m.)


Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.


Bugs: RANGER-3883
https://issues.apache.org/jira/browse/RANGER-3883


Repository: ranger


Description
---

When a POST request is made to the following APIs return 200 status code even 
when the userId is invalid .

When a POST/PUT request is made to the following APIs return 200 status code 
even when the userId or id is invalid.

Ranger is not honouring Id
/service/users/{USER_ID}/passwordchange
/service/users/{USER_ID}/emailchange
/assets/{id}
/permission/{id}
/services/{id}
/definitions/{id}
/secure/groups/{id}
/policies/{id}

Ideally, the APIs must return 404 or Bad request(400) not found when using an 
invalid userid or id in the URL

But in this case, the POST/PUT request results in status code 200 instead of 400


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java a0ba3b750 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java 2e7e90bb4 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
293107f24 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
9bccf1089 
  security-admin/src/main/java/org/apache/ranger/rest/UserREST.java 5fc18034b 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java dd12048ac 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
abd4b1c1c 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java 
2bf5ee6c9 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
1069f013d 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
375135a5a 
  security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java 
48cd7face 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
2b25ba813 


Diff: https://reviews.apache.org/r/74189/diff/3/

Changes: https://reviews.apache.org/r/74189/diff/2-3/


Testing
---


Thanks,

Ramachandran Krishnan

Re: Review Request 74189: RANGER-3883 : POST/PUT REST API's work even when invalid user id or Id is used in the URL

[Ramachandran Krishnan]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74189/
---

(Updated Nov. 29, 2022, 11:55 a.m.)


Review request for ranger, Don Bosco Durai, Kirby Zhou, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan 
Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.


Bugs: RANGER-3883
https://issues.apache.org/jira/browse/RANGER-3883


Repository: ranger


Description
---

When a POST request is made to the following APIs return 200 status code even 
when the userId is invalid .

When a POST/PUT request is made to the following APIs return 200 status code 
even when the userId or id is invalid.

Ranger is not honouring Id
/service/users/{USER_ID}/passwordchange
/service/users/{USER_ID}/emailchange
/assets/{id}
/permission/{id}
/services/{id}
/definitions/{id}
/secure/groups/{id}
/policies/{id}

Ideally, the APIs must return 404 or Bad request(400) not found when using an 
invalid userid or id in the URL

But in this case, the POST/PUT request results in status code 200 instead of 400


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java a0ba3b750 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java 2e7e90bb4 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
293107f24 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
9bccf1089 
  security-admin/src/main/java/org/apache/ranger/rest/UserREST.java 5fc18034b 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java dd12048ac 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
abd4b1c1c 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java 
2bf5ee6c9 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
1069f013d 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
375135a5a 
  security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java 
48cd7face 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
2b25ba813 


Diff: https://reviews.apache.org/r/74189/diff/4/

Changes: https://reviews.apache.org/r/74189/diff/3-4/


Testing
---


Thanks,

Ramachandran Krishnan

[jira] [Comment Edited] (RANGER-3975) Upgrade netty-all version to 4.1.85.Final

[Bhavik Patel (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-3975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17640659#comment-17640659
 ] 

Bhavik Patel edited comment on RANGER-3975 at 11/29/22 12:18 PM:
-

master branch commit link: 
https://github.com/apache/ranger/commit/618fe7ccb7826f2ec53a6a3f35ef13c0a84466a8


was (Author: bpatel):
master branch commit link:
[https://github.com/apache/ranger/commit/70b03177ada1ddfe5ffebcb107bdabf2dbdc87f5]
https://github.com/apache/ranger/commit/23bb60dc4cea2d8c8e9abeccdcd1a64b7f309e36

> Upgrade netty-all version to 4.1.85.Final
> -
>
> Key: RANGER-3975
> URL: https://issues.apache.org/jira/browse/RANGER-3975
> Project: Ranger
>  Issue Type: Improvement
>  Components: kms
>Reporter: Bhavik Patel
>Assignee: Bhavik Patel
>Priority: Major
> Attachments: 
> 0001-RANGER-3975-Upgrade-netty-all-version-to-4.1.85.Fina.patch
>
>
> Upgrade netty-all version to 4.1.85.Final



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-3823) Update commons-dbcp2 and commons-pool2

[Bhavik Patel (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bhavik Patel reassigned RANGER-3823:


Assignee: (was: Bhavik Patel)

> Update commons-dbcp2 and commons-pool2
> --
>
> Key: RANGER-3823
> URL: https://issues.apache.org/jira/browse/RANGER-3823
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Bhavik Patel
>Priority: Major
>
> Update commons-dbcp version to commons-dbcp2 – 2.9.0
> commons-pool to commons-pool2 - 2.11.1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74222: PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with no-solr.

[bhavik patel]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74222/#review224919
---


Ship it!




Ship It!

- bhavik patel


On Nov. 29, 2022, 2:32 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74222/
> ---
> 
> (Updated Nov. 29, 2022, 2:32 a.m.)
> 
> 
> Review request for ranger, Bhavik Bavishi, madhan, Madhan Neethiraj, Mateen 
> Mansoori, and Mehul Parikh.
> 
> 
> Bugs: RANGER-3990
> https://issues.apache.org/jira/browse/RANGER-3990
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> run db_setup.py to upgrade a old instance without solr, error occurs:
> 
> install.properties like that:
> 
> ```
> ranger.supportedcomponents=tag,hdfs,hive,yarn,kafka,kms,kudu ```
> 
> ```
> 
> 2022-11-28 16:19:49,949  [JISQL] 
> /sensorsdata/main/program/armada/jdk18292/jdk18292/bin/java  -cp 
> /sensorsdata/main/program/sp/commonjars/mysql-connector-java.jar:/sensorsdata/main/program/rogue/ranger-2.3.0-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.129.17.81:4000/kirby_ranger2?useSSL=false -u 'kirby_ranger' 
> -p '' -noheader -trim -c \;  -query "delete from x_db_version_h where 
> version = 'J10055' and active = 'N' and updated_by='ranger_admin';"
> 2022-11-28 16:19:50,298  [E] applying java patch 
> PatchForSolrSvcDefAndPoliciesUpdate_J10055 failed
> ```
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
>  4684923ca 
> 
> 
> Diff: https://reviews.apache.org/r/74222/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

[jira] [Commented] (RANGER-2976) User can not create external table in Hive Plugin

[Sugumar Srinivasan (Jira)]

[ 
https://issues.apache.org/jira/browse/RANGER-2976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17640696#comment-17640696
 ] 

Sugumar Srinivasan commented on RANGER-2976:


Hi All, 

Even I'm also facing the similar issue. Do we have any fix for this? 

Version Details are below:
 # Apache Hadoop - 3.3.4
 # Apache Hive - 3.1.3
 # Apache Ranger - 2.0.0

Thanks & Regards, 

Sugumar Srinivasan. 

> User can not create external table in Hive Plugin
> -
>
> Key: RANGER-2976
> URL: https://issues.apache.org/jira/browse/RANGER-2976
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Affects Versions: 2.0.0
>Reporter: Janus Chow
>Priority: Major
> Attachments: RANGER-2976.patch
>
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> A user "userA" want's to create an external table on "hdfs://test/testDir" 
> via Hive Metastore installed Ranger Hive plugin. Permission information is as 
> follows.
> {code:java}
> # id userA
> uid=3044(userA) gid=3044(userA) groups=992(supergroup)
> # hadoop fs -ls hdfs://test
> drwxrwxr-x   - userB supergroup          0 2019-01-01 00:00 
> hdfs://test/testDir
> # hadoop fs -ls hdfs://test/testDir
> -rw-rw-r--   3 userB supergroup    100 2019-01-01 00:00 
> hdfs://test/testDir/part-0-db98bf17-bda6-4da9-9ea4-d7c75e8d995e-c000.snappy.parquet{code}
> When "userA" is trying to create an external table on "hdfs://test/testDir" 
> with the following command, 
> {code:java}
> spark.sql("create table userA_test USING org.apache.spark.sql.parquet OPTIONS 
> ( path = 'hdfs://test/testDir')")
> {code}
> Ranger denied the operation with the following error message.
> {code:java}
> org.apache.hadoop.hive.ql.metadata.HiveException: 
> MetaException(message:Permission denied: user [userA] does not have [ALL] 
> privilege on [hdfs://test/testDir])
> {code}
> The reason is when Ranger is checking URI permission, it will check if the 
> user has FSAction.ALL on the URI if "userA" is not the owner of the HDFS 
> path, but HDFS file will not set the execution permission by default, so the 
> Ranger permission check will return false.
> I think in the getURIAccessType function in RangerHiveAuthorizer, we should 
> return FSAction.READ_WRITE instead of FSAction.ALL. For HDFS directory, 
> Hadoop will help us to add FSAction.EXECUTE when we are trying to do the 
> permission check, we can skip FSAction.EXECUTE here to work well with HDFS 
> files. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74222: PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing with no-solr.

[Madhan Neethiraj]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74222/#review224920
---




security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
Line 442 (original), 442 (patched)


This fix was already merged via RANGER-3857. Please verify.


- Madhan Neethiraj


On Nov. 29, 2022, 2:32 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74222/
> ---
> 
> (Updated Nov. 29, 2022, 2:32 a.m.)
> 
> 
> Review request for ranger, Bhavik Bavishi, madhan, Madhan Neethiraj, Mateen 
> Mansoori, and Mehul Parikh.
> 
> 
> Bugs: RANGER-3990
> https://issues.apache.org/jira/browse/RANGER-3990
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> run db_setup.py to upgrade a old instance without solr, error occurs:
> 
> install.properties like that:
> 
> ```
> ranger.supportedcomponents=tag,hdfs,hive,yarn,kafka,kms,kudu ```
> 
> ```
> 
> 2022-11-28 16:19:49,949  [JISQL] 
> /sensorsdata/main/program/armada/jdk18292/jdk18292/bin/java  -cp 
> /sensorsdata/main/program/sp/commonjars/mysql-connector-java.jar:/sensorsdata/main/program/rogue/ranger-2.3.0-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.129.17.81:4000/kirby_ranger2?useSSL=false -u 'kirby_ranger' 
> -p '' -noheader -trim -c \;  -query "delete from x_db_version_h where 
> version = 'J10055' and active = 'N' and updated_by='ranger_admin';"
> 2022-11-28 16:19:50,298  [E] applying java patch 
> PatchForSolrSvcDefAndPoliciesUpdate_J10055 failed
> ```
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForSolrSvcDefAndPoliciesUpdate_J10055.java
>  4684923ca 
> 
> 
> Diff: https://reviews.apache.org/r/74222/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

[Barbara Eckman via Review Board]

> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> >

Thank you for your comments, as always!


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 39 (patched)
> > 
> >
> > Consider renaming AllRangerUserStoreRetrievers to 
> > RangerMultiSourceUserStoreRetriever.

Cool.


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 42 (patched)
> > 
> >
> > To avoid creation of RangerRoleUtils for every call to 
> > retrieveUserStoreInfo(), in #246, consider replacing "RangerRoles 
> > rangerRoles" here with "RangerRoleUtil roleUtil". This should be refreshed 
> > only when role updates are downloaded in #62.

Yep.


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 43 (patched)
> > 
> >
> > allUserAttrsMap is used only within retrieveUserStoreInfo(). Consider 
> > moving #43 to within this method i.e. avoid instance member.

Yep, I thought of that last night after I uploaded the Diff.


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 44 (patched)
> > 
> >
> > enricherOptionsMap => retrieverOptions

Yep.  That name was from a much earlier version and never updated.


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 62 (patched)
> > 
> >
> > Consider sending existing roles version to getRolesIfUpdated() so that 
> > roles will be downloaded from Ranger only when there are updates.

Good.


> On Nov. 29, 2022, 5 a.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
> > Lines 55 (patched)
> > 
> >
> > To ensure httpClient is closed, consider moving #55 to within try() at 
> > #62.

good


- Barbara


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224914
---


On Nov. 28, 2022, 9:45 p.m., Barbara Eckman wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74142/
> ---
> 
> (Updated Nov. 28, 2022, 9:45 p.m.)
> 
> 
> Review request for ranger and madhan.
> 
> 
> Bugs: Ranger-3855
> https://issues.apache.org/jira/browse/Ranger-3855
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerExternalUserStoreRetriever class Ranger-3855
> 
> Ranger version 3.0.0 provides a means, via a context enricher, to add or 
> retrieve attributes to the database of users for whom Ranger controls access. 
> This permits syntax like "Dumbo" in $USER.aliases any Ranger policy 
> condition, including row and tag filters.   This greatly enhances the ability 
> to provide custom Attribute-based Access Control based on the specific 
> business needs of one's organization.
> 
> I believe that the original assumption was that such attributes would be 
> added to AD/LDAP and enter Ranger via regular user sync's. However, this 
> process does not currently work with Azure AD, which many organizations use. 
> Neither does it provide timely support for organizations for whom adding each 
> new attribute to AD would be subject to prolonged scrutiny by overworked 
> security teams.  
> 
> In the spirit of the RangerAdminUserStoreRetriever context enricher, we have 
> written a RangerExternalUserStoreRetriever class which adds arbitrary 
> attributes to Ranger users via external API calls, thus freeing additions to 
> the UserStore from dependency on AD/LDAP.   We have also written a 
> RangerRoleUserStoreRetriever class, which transforms role membership into 
> user attributes, for ease of use in complex policy conditions.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
>

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

[Barbara Eckman via Review Board]

> On Nov. 18, 2022, 6:02 p.m., Madhan Neethiraj wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
> > Lines 59 (patched)
> > 
> >
> > allUserAttrMap is initialized only in init(), which is called only 
> > once. Shouldn't this be updated in retrieveUserStoreInfo() as well?
> 
> Barbara Eckman wrote:
> I made it an instance member, and moved its initialization outside of 
> init() to line 42.  Does that not work?

Done.


- Barbara


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/#review224887
---


On Nov. 28, 2022, 9:45 p.m., Barbara Eckman wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74142/
> ---
> 
> (Updated Nov. 28, 2022, 9:45 p.m.)
> 
> 
> Review request for ranger and madhan.
> 
> 
> Bugs: Ranger-3855
> https://issues.apache.org/jira/browse/Ranger-3855
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RangerExternalUserStoreRetriever class Ranger-3855
> 
> Ranger version 3.0.0 provides a means, via a context enricher, to add or 
> retrieve attributes to the database of users for whom Ranger controls access. 
> This permits syntax like "Dumbo" in $USER.aliases any Ranger policy 
> condition, including row and tag filters.   This greatly enhances the ability 
> to provide custom Attribute-based Access Control based on the specific 
> business needs of one's organization.
> 
> I believe that the original assumption was that such attributes would be 
> added to AD/LDAP and enter Ranger via regular user sync's. However, this 
> process does not currently work with Azure AD, which many organizations use. 
> Neither does it provide timely support for organizations for whom adding each 
> new attribute to AD would be subject to prolonged scrutiny by overworked 
> security teams.  
> 
> In the spirit of the RangerAdminUserStoreRetriever context enricher, we have 
> written a RangerExternalUserStoreRetriever class which adds arbitrary 
> attributes to Ranger users via external API calls, thus freeing additions to 
> the UserStore from dependency on AD/LDAP.   We have also written a 
> RangerRoleUserStoreRetriever class, which transforms role membership into 
> user attributes, for ease of use in complex policy conditions.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/AllRangerUserStoreRetrievers.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/LICENSE
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/NOTICE
>  PRE-CREATION 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/README.md
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/74142/diff/7/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Barbara Eckman
> 
>

Re: Review Request 74142: RangerExternalUserStoreRetriever class Ranger-3855

[Barbara Eckman via Review Board]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74142/
---

(Updated Nov. 29, 2022, 10:52 p.m.)


Review request for ranger and madhan.


Bugs: Ranger-3855
https://issues.apache.org/jira/browse/Ranger-3855


Repository: ranger


Description
---

RangerExternalUserStoreRetriever class Ranger-3855

Ranger version 3.0.0 provides a means, via a context enricher, to add or 
retrieve attributes to the database of users for whom Ranger controls access. 
This permits syntax like "Dumbo" in $USER.aliases any Ranger policy condition, 
including row and tag filters.   This greatly enhances the ability to provide 
custom Attribute-based Access Control based on the specific business needs of 
one's organization.

I believe that the original assumption was that such attributes would be added 
to AD/LDAP and enter Ranger via regular user sync's. However, this process does 
not currently work with Azure AD, which many organizations use. Neither does it 
provide timely support for organizations for whom adding each new attribute to 
AD would be subject to prolonged scrutiny by overworked security teams.  

In the spirit of the RangerAdminUserStoreRetriever context enricher, we have 
written a RangerExternalUserStoreRetriever class which adds arbitrary 
attributes to Ranger users via external API calls, thus freeing additions to 
the UserStore from dependency on AD/LDAP.   We have also written a 
RangerRoleUserStoreRetriever class, which transforms role membership into user 
attributes, for ease of use in complex policy conditions.


Diffs (updated)
-

  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromDataFile.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/GetFromURL.java
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/LICENSE
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/NOTICE
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/README.md
 PRE-CREATION 
  
agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/externalretrievers/RangerMultiSourceUserStoreRetriever.java
 PRE-CREATION 
  dev-support/spotbugsIncludeFile.xml 3621e8c08 


Diff: https://reviews.apache.org/r/74142/diff/8/

Changes: https://reviews.apache.org/r/74142/diff/7-8/


Testing
---


Thanks,

Barbara Eckman

[GitHub] [ranger] chenyu-opensource commented on pull request #193: [improve]Repair Log Description & Update jQuery version.

[GitBox]

chenyu-opensource commented on PR #193:
URL: https://github.com/apache/ranger/pull/193#issuecomment-1331723055

   @mneethiraj please review, thank you so much!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Resolved] (RANGER-3990) PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing when ranger.supportedcomponents excluding solr.

[kirby zhou (Jira)]

 [ 
https://issues.apache.org/jira/browse/RANGER-3990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

kirby zhou resolved RANGER-3990.

Resolution: Duplicate

> PatchForSolrSvcDefAndPoliciesUpdate_J10055 failing when 
> ranger.supportedcomponents excluding solr.
> --
>
> Key: RANGER-3990
> URL: https://issues.apache.org/jira/browse/RANGER-3990
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: 3.0.0, 2.3.0
>Reporter: kirby zhou
>Priority: Major
>
> When I set install.properties like that
>  
> {code:java}
> ranger.supportedcomponents=tag,hdfs,hive,yarn,kafka,kms,kudu {code}
> Then, run db_setup.py to upgrade a old instance, error occurs:
> {code:java}
> 2022-11-28 16:19:49,949  [JISQL] 
> /sensorsdata/main/program/armada/jdk18292/jdk18292/bin/java  -cp 
> /sensorsdata/main/program/sp/commonjars/mysql-connector-java.jar:/sensorsdata/main/program/rogue/ranger-2.3.0-admin/jisql/lib/*
>  org.apache.util.sql.Jisql -driver mysqlconj -cstring 
> jdbc:mysql://10.129.17.81:4000/kirby_ranger2?useSSL=false -u 'kirby_ranger' 
> -p '' -noheader -trim -c \;  -query "delete from x_db_version_h where 
> version = 'J10055' and active = 'N' and updated_by='ranger_admin';"
> 2022-11-28 16:19:50,298  [E] applying java patch 
> PatchForSolrSvcDefAndPoliciesUpdate_J10055 failed
>  {code}
>  
> {code:java}
> 437                 if (xXServiceDefObj == null) {
> 438                     logger.info(xXServiceDefObj + ": service-def not 
> found. No patching is needed");
> 439                     System.out.println(0);
> 440                 }
> 441 
> 442                 embeddedSolrResourceDefs = 
> embeddedSolrServiceDef.getResources();                 // ResourcesType
> 443                 dbSolrServiceDef         = 
> this.svcDBStore.getServiceDefByName(SOLR_SVC_DEF_NAME);
> 444                 dbSolrServiceDef.setResources(embeddedSolrResourceDefs);
>  {code}
> It seems that, line 439 should be replaced by  System.exit(0)
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)