Re: Review Request 74259: RANGER-3998: Support Ranger KMS integration with AWS KMS

2022-12-18 Thread Kirby Zhou 


> On 十二月 19, 2022, 6:07 a.m., bhavik patel wrote:
> > Is testing completed for this? Any plan to write utility script to migrate 
> > masterkey from ranger DB to aws kms and vice-versa?

Tested.

Migrate script is blocked by RANGER-3682, I want to simpify the code structrue 
of old KMS at first.


- Kirby


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74259/#review225008
---


On 十二月 19, 2022, 7:49 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74259/
> ---
> 
> (Updated 十二月 19, 2022, 7:49 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
> Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul 
> Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: ranger-3998
> https://issues.apache.org/jira/browse/ranger-3998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> AWS KMS is widely used by many customers.
> Therefore, RangerKMS should support hosting MasterKey to AWS KMS.
> 
> 
> Diffs
> -
> 
>   distro/src/main/assembly/kms.xml 4b4a2ac8e 
>   kms/config/kms-webapp/dbks-site.xml 258d331d8 
>   kms/pom.xml e97b993d7 
>   kms/scripts/install.properties 0e5da3c75 
>   kms/scripts/setup.sh f723e09bb 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerAWSKMSProvider.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> cb5739f61 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java 
> 1f0125967 
> 
> 
> Diff: https://reviews.apache.org/r/74259/diff/3/
> 
> 
> Testing
> ---
> 
> Tested under macos-13 and centos-8
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

Re: Review Request 74259: RANGER-3998: Support Ranger KMS integration with AWS KMS

2022-12-18 Thread Kirby Zhou 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74259/
---

(Updated 十二月 19, 2022, 7:49 a.m.)


Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul 
Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and 
Velmurugan Periasamy.


Changes
---

fix some typo, and support verify alias.


Bugs: ranger-3998
https://issues.apache.org/jira/browse/ranger-3998


Repository: ranger


Description
---

AWS KMS is widely used by many customers.
Therefore, RangerKMS should support hosting MasterKey to AWS KMS.


Diffs (updated)
-

  distro/src/main/assembly/kms.xml 4b4a2ac8e 
  kms/config/kms-webapp/dbks-site.xml 258d331d8 
  kms/pom.xml e97b993d7 
  kms/scripts/install.properties 0e5da3c75 
  kms/scripts/setup.sh f723e09bb 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerAWSKMSProvider.java 
PRE-CREATION 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
cb5739f61 
  kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java 
1f0125967 


Diff: https://reviews.apache.org/r/74259/diff/3/

Changes: https://reviews.apache.org/r/74259/diff/2-3/


Testing (updated)
---

Tested under macos-13 and centos-8


Thanks,

Kirby Zhou

Re: Review Request 74235: Repair Log Description & Update jQuery version

2022-12-18 Thread bhavik patel 


> On None, bhavik patel wrote:
> > Kindly create new Jira as RANGER-2897 already resolved.
> > 
> > Also verify the below use-cases on old and new UI:
> > 1. Resource Based/Tag Based/ KMS Service CRUD
> > 2. Zone & Unzone policy CRUD
> > 3. User/Group/ Role CRUD
> > 4. Zone CRUD
> > 6. reports/permissions/audits tab
> > 7. Export and import feature
> > 8. User password update
> 
> chen yu wrote:
> Thanks for reply
> But i have no account to create new Jira
> I had send email to create the account but had no reply
> I do not know how to get it

You can send a mail to community mailing list with the ID which you want to 
create; PMC member will craete ID for you.


- bhavik


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74235/#review224954
---


On None, chen yu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74235/
> ---
> 
> Review request for ranger, bhavik patel, Colm O hEigeartaigh, Madhan 
> Neethiraj, and Mahesh Bandal.
> 
> 
> Bugs: RANGER-2897
> https://issues.apache.org/jira/browse/RANGER-2897
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> repair the wrong Log Description and update jQuery version to the lastest 
> version3.6.1
> 
> 
> Diffs
> -
> 
>   
> ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java
>  2ad56ef2ca 
>   security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.5.1.js 
> f2fa5e8589 
>   security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.5.1.min.js 
> d467083b62 
>   security-admin/src/main/webapp/libs/bower/jquery/js/jquery-3.6.1.min.js 
> PRE-CREATION 
>   security-admin/src/main/webapp/login.jsp ad82ea9eb4 
>   security-admin/src/main/webapp/scripts/Init.js 5909f93a9f 
> 
> 
> Diff: https://reviews.apache.org/r/74235/diff/1/
> 
> 
> Testing
> ---
> 
> check whether the log display is normal
> verified that all existing unit tests pass successfully
> 
> 
> Thanks,
> 
> chen yu
> 
>

Re: Review Request 74259: RANGER-3998: Support Ranger KMS integration with AWS KMS

2022-12-18 Thread bhavik patel 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74259/#review225008
---



Is testing completed for this? Any plan to write utility script to migrate 
masterkey from ranger DB to aws kms and vice-versa?

- bhavik patel


On Dec. 16, 2022, 10:27 a.m., Kirby Zhou wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74259/
> ---
> 
> (Updated Dec. 16, 2022, 10:27 a.m.)
> 
> 
> Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
> Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul 
> Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: ranger-3998
> https://issues.apache.org/jira/browse/ranger-3998
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> AWS KMS is widely used by many customers.
> Therefore, RangerKMS should support hosting MasterKey to AWS KMS.
> 
> 
> Diffs
> -
> 
>   distro/src/main/assembly/kms.xml 4b4a2ac8e 
>   kms/config/kms-webapp/dbks-site.xml 258d331d8 
>   kms/pom.xml e97b993d7 
>   kms/scripts/install.properties 0e5da3c75 
>   kms/scripts/setup.sh f723e09bb 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerAWSKMSProvider.java 
> PRE-CREATION 
>   kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java 
> cb5739f61 
> 
> 
> Diff: https://reviews.apache.org/r/74259/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Kirby Zhou
> 
>

[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression

2022-12-18 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary updated RANGER-4023:
--
Description: 
We added the support for user/attribute based expressions in masking condition 
in RANGER-3865 . When only the mask condition has an user/group attribute based 
expression, RangerUserStoreEnricher is not enabled in plugin end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees is '0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.

  was:
We added the support for user/attribute based expressions in masking condition 
in https://issues.apache.org/jira/browse/RANGER-3865[link 
title|http://example.com] . When only the mask condition has an user/group 
attribute based expression, RangerUserStoreEnricher is not enabled in plugin 
end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees is '0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.


> UserStoreEnricher is not enabled if only mask conditon has attribute based 
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0
>
>
> We added the support for user/attribute based expressions in masking 
> condition in RANGER-3865 . When only the mask condition has an user/group 
> attribute based expression, RangerUserStoreEnricher is not enabled in plugin 
> end.
> Steps to reproduce (for Hive):
>  * Create a resource based access policy:
>  ** Resources: database=testdb, table=employee, column=*
>  ** Allow condition policy item: group=public, permissions=select
>  * Create a masking policy:
>  ** Resources: database=testdb, table=employee, column=salary
>  ** Allow condition policy item: group=public, permissions=select
>  ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
> salary ELSE '0' END)*
>  * Add following attributes to the user jack:
>  ** *employee_id : 1,2*
>  * We have following data in Hive:
>  ** 
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
>  * When *select * from testdb.employee;* query is executed, the expectation 
> is {*}salary of the employee john and jane should be displayed as it is, 
> while for others it should be 0{*}. In actual result, salary of all the 
> employees is '0'.
>  * In plugin end, the RangerUserstore cache file userstore.json is not 
> created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression

2022-12-18 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary updated RANGER-4023:
--
Description: 
We added the support for user/attribute based expressions in masking condition 
in https://issues.apache.org/jira/browse/RANGER-3865[link 
title|http://example.com] . When only the mask condition has an user/group 
attribute based expression, RangerUserStoreEnricher is not enabled in plugin 
end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees is '0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.

  was:
We added the support for user/attribute based expressions in masking condition 
in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only the mask 
condition has an user/group attribute based expression, RangerUserStoreEnricher 
is not enabled in plugin end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees is '0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.


> UserStoreEnricher is not enabled if only mask conditon has attribute based 
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0
>
>
> We added the support for user/attribute based expressions in masking 
> condition in https://issues.apache.org/jira/browse/RANGER-3865[link 
> title|http://example.com] . When only the mask condition has an user/group 
> attribute based expression, RangerUserStoreEnricher is not enabled in plugin 
> end.
> Steps to reproduce (for Hive):
>  * Create a resource based access policy:
>  ** Resources: database=testdb, table=employee, column=*
>  ** Allow condition policy item: group=public, permissions=select
>  * Create a masking policy:
>  ** Resources: database=testdb, table=employee, column=salary
>  ** Allow condition policy item: group=public, permissions=select
>  ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
> salary ELSE '0' END)*
>  * Add following attributes to the user jack:
>  ** *employee_id : 1,2*
>  * We have following data in Hive:
>  ** 
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
>  * When *select * from testdb.employee;* query is executed, the expectation 
> is {*}salary of the employee john and jane should be displayed as it is, 
> while for others it should be 0{*}. In actual result, salary of all the 
> employees is '0'.
>  * In plugin end, the RangerUserstore cache file userstore.json is not 
> created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if only mask conditon has attribute based expression

2022-12-18 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary updated RANGER-4023:
--
Summary: UserStoreEnricher is not enabled if only mask conditon has 
attribute based expression  (was: UserStoreEnricher is not enabled if mask 
conditon has attribute based expression)

> UserStoreEnricher is not enabled if only mask conditon has attribute based 
> expression
> -
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0
>
>
> We added the support for user/attribute based expressions in masking 
> condition in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only 
> the mask condition has an user/group attribute based expression, 
> RangerUserStoreEnricher is not enabled in plugin end.
> Steps to reproduce (for Hive):
>  * Create a resource based access policy:
>  ** Resources: database=testdb, table=employee, column=*
>  ** Allow condition policy item: group=public, permissions=select
>  * Create a masking policy:
>  ** Resources: database=testdb, table=employee, column=salary
>  ** Allow condition policy item: group=public, permissions=select
>  ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
> salary ELSE '0' END)*
>  * Add following attributes to the user jack:
>  ** *employee_id : 1,2*
>  * We have following data in Hive:
>  ** 
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
>  * When *select * from testdb.employee;* query is executed, the expectation 
> is {*}salary of the employee john and jane should be displayed as it is, 
> while for others it should be 0{*}. In actual result, salary of all the 
> employees is '0'.
>  * In plugin end, the RangerUserstore cache file userstore.json is not 
> created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4023) UserStoreEnricher is not enabled if mask conditon has attribute based expression

2022-12-18 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary updated RANGER-4023:
--
Description: 
We added the support for user/attribute based expressions in masking condition 
in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only the mask 
condition has an user/group attribute based expression, RangerUserStoreEnricher 
is not enabled in plugin end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees is '0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.

  was:
We added the support for user/attribute based expressions in masking condition 
in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only the mask 
condition has an user/group attribute based expression, RangerUserStoreEnricher 
is not enabled in plugin end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${\{USER.employee_id}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees i s'0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.


> UserStoreEnricher is not enabled if mask conditon has attribute based 
> expression
> 
>
> Key: RANGER-4023
> URL: https://issues.apache.org/jira/browse/RANGER-4023
> Project: Ranger
>  Issue Type: Bug
>  Components: plugins
>Reporter: Subhrat Chaudhary
>Priority: Major
> Fix For: 3.0.0
>
>
> We added the support for user/attribute based expressions in masking 
> condition in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only 
> the mask condition has an user/group attribute based expression, 
> RangerUserStoreEnricher is not enabled in plugin end.
> Steps to reproduce (for Hive):
>  * Create a resource based access policy:
>  ** Resources: database=testdb, table=employee, column=*
>  ** Allow condition policy item: group=public, permissions=select
>  * Create a masking policy:
>  ** Resources: database=testdb, table=employee, column=salary
>  ** Allow condition policy item: group=public, permissions=select
>  ** *Masking Option= Custom (CASE WHEN id IN (${{{}USER.employee_id{}}}) THEN 
> salary ELSE '0' END)*
>  * Add following attributes to the user jack:
>  ** *employee_id : 1,2*
>  * We have following data in Hive:
>  ** 
> ||id||name||salary||
> |1|john|5600|
> |2|jane|5300|
> |3|jack|6700|
> |4|harry|9500|
>  * When *select * from testdb.employee;* query is executed, the expectation 
> is {*}salary of the employee john and jane should be displayed as it is, 
> while for others it should be 0{*}. In actual result, salary of all the 
> employees is '0'.
>  * In plugin end, the RangerUserstore cache file userstore.json is not 
> created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4023) UserStoreEnricher is not enabled if mask conditon has attribute based expression

2022-12-18 Thread Subhrat Chaudhary (Jira) 
Subhrat Chaudhary created RANGER-4023:
-

 Summary: UserStoreEnricher is not enabled if mask conditon has 
attribute based expression
 Key: RANGER-4023
 URL: https://issues.apache.org/jira/browse/RANGER-4023
 Project: Ranger
  Issue Type: Bug
  Components: plugins
Reporter: Subhrat Chaudhary
 Fix For: 3.0.0


We added the support for user/attribute based expressions in masking condition 
in [#https://issues.apache.org/jira/browse/RANGER-3865] . When only the mask 
condition has an user/group attribute based expression, RangerUserStoreEnricher 
is not enabled in plugin end.

Steps to reproduce (for Hive):
 * Create a resource based access policy:
 ** Resources: database=testdb, table=employee, column=*
 ** Allow condition policy item: group=public, permissions=select
 * Create a masking policy:
 ** Resources: database=testdb, table=employee, column=salary
 ** Allow condition policy item: group=public, permissions=select
 ** *Masking Option= Custom (CASE WHEN id IN (${\{USER.employee_id}}) THEN 
salary ELSE '0' END)*
 * Add following attributes to the user jack:
 ** *employee_id : 1,2*
 * We have following data in Hive:
 ** 
||id||name||salary||
|1|john|5600|
|2|jane|5300|
|3|jack|6700|
|4|harry|9500|

 * When *select * from testdb.employee;* query is executed, the expectation is 
{*}salary of the employee john and jane should be displayed as it is, while for 
others it should be 0{*}. In actual result, salary of all the employees i s'0'.
 * In plugin end, the RangerUserstore cache file userstore.json is not created.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Review Request 74260: RANGER-4021: Fix shell syntax bug in kms setup.sh

2022-12-18 Thread Kirby Zhou 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74260/
---

Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, 
Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul 
Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and 
Velmurugan Periasamy.


Bugs: RANGER-4021
https://issues.apache.org/jira/browse/RANGER-4021


Repository: ranger


Description
---

```
echo "${prefix} $@" >> $LOGFILE
echo "${prefix} $@" 
```

Argument mixes string and array. Use * or separate argument.

```
if [[ ${useringrouparr[1]} =~ "(${unix_group})" ]] 
```

Don't quote right-hand side of =~, it'll match literally rather than as a regex.


Diffs
-

  kms/scripts/setup.sh f723e09bb 


Diff: https://reviews.apache.org/r/74260/diff/1/


Testing
---

On Centos-7 and Centos-8


Thanks,

Kirby Zhou

Re: Review Request 74253: This script will help anyone to setup ranger within few minutes of downloading Apache Ranger Repo.

2022-12-18 Thread Kirby Zhou 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74253/#review225007
---




README.txt
Lines 43 (patched)


Please delete all trailing spaces and tabs.



ranger_in_docker
Lines 188 (patched)


Maybe it is too heavy to bring all things up?

Can use an option to specify whether to start only core including ranger, 
usersync, or other external components such as hive and kafka.


- Kirby Zhou


On 十二月 18, 2022, 9:38 p.m., Selvamohan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74253/
> ---
> 
> (Updated 十二月 18, 2022, 9:38 p.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4017
> https://issues.apache.org/jira/browse/RANGER-4017
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-4017: Able to run Apache Ranger after downloading the source from REPO 
> by executing a single command (& within few minutes)
> 
> 
> Diffs
> -
> 
>   README.txt fce972ab1b986e7f1d28cf4e35f086929cf9169a 
>   dev-support/ranger-docker/Dockerfile.ranger-base 
> a4bb9008ff6e0d16784e286d22ab353e26be811c 
>   dev-support/ranger-docker/docker-compose.ranger-build.yml 
> f0b5b05e0cb696722297a83b7a507dc954f43398 
>   ranger_in_docker PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/74253/diff/2/
> 
> 
> Testing
> ---
> 
> Tested the script in Mac (M2) and Linux (Ubundu) 
> Documented the execution steps in README.txt
> 
> 
> Thanks,
> 
> Selvamohan Neethiraj
> 
>

Re: Review Request 74253: This script will help anyone to setup ranger within few minutes of downloading Apache Ranger Repo.

2022-12-18 Thread Selvamohan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74253/
---

(Updated Dec. 18, 2022, 4:38 p.m.)


Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
and Velmurugan Periasamy.


Changes
---

Added fixes to start KMS service and build using Docker.


Bugs: RANGER-4017
https://issues.apache.org/jira/browse/RANGER-4017


Repository: ranger


Description
---

RANGER-4017: Able to run Apache Ranger after downloading the source from REPO 
by executing a single command (& within few minutes)


Diffs (updated)
-

  README.txt fce972ab1b986e7f1d28cf4e35f086929cf9169a 
  dev-support/ranger-docker/Dockerfile.ranger-base 
a4bb9008ff6e0d16784e286d22ab353e26be811c 
  dev-support/ranger-docker/docker-compose.ranger-build.yml 
f0b5b05e0cb696722297a83b7a507dc954f43398 
  ranger_in_docker PRE-CREATION 


Diff: https://reviews.apache.org/r/74253/diff/2/

Changes: https://reviews.apache.org/r/74253/diff/1-2/


Testing
---

Tested the script in Mac (M2) and Linux (Ubundu) 
Documented the execution steps in README.txt


Thanks,

Selvamohan Neethiraj

Re: Review Request 74253: This script will help anyone to setup ranger within few minutes of downloading Apache Ranger Repo.

2022-12-18 Thread Selvamohan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74253/
---

(Updated Dec. 18, 2022, 4:35 p.m.)


Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
and Velmurugan Periasamy.


Bugs: RANGER-4017
https://issues.apache.org/jira/browse/RANGER-4017


Repository: ranger


Description
---

RANGER-4017: Able to run Apache Ranger after downloading the source from REPO 
by executing a single command (& within few minutes)


Diffs
-

  README.txt fce972ab1 
  ranger_in_docker PRE-CREATION 


Diff: https://reviews.apache.org/r/74253/diff/1/


Testing
---

Tested the script in Mac (M2) and Linux (Ubundu) 
Documented the execution steps in README.txt


Thanks,

Selvamohan Neethiraj