[jira] [Updated] (RANGER-4427) Need a new API to get list of datasets for a datashare with request status
[ https://issues.apache.org/jira/browse/RANGER-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4427: --- Description: We need a new API to get list of datasets for a datashare with request status (was: We need a new API to get list of datasets for a datashare with request status UI Flow My Datashares > Shared With > Dataset list Requirment Need List of datasets that are mapped to a datashare ) > Need a new API to get list of datasets for a datashare with request status > -- > > Key: RANGER-4427 > URL: https://issues.apache.org/jira/browse/RANGER-4427 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > We need a new API to get list of datasets for a datashare with request status -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4427) Need a new API to get list of datasets for a datashare with request status
[ https://issues.apache.org/jira/browse/RANGER-4427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4427: --- Description: We need a new API to get list of datasets for a datashare with request status UI Flow My Datashares > Shared With > Dataset list Requirment Need List of datasets that are mapped to a datashare was:We need a new API to get list of datasets for a datashare with request status > Need a new API to get list of datasets for a datashare with request status > -- > > Key: RANGER-4427 > URL: https://issues.apache.org/jira/browse/RANGER-4427 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Assignee: Prashant Satam >Priority: Major > > We need a new API to get list of datasets for a datashare with request status > UI Flow > My Datashares > Shared With > Dataset list > Requirment > Need List of datasets that are mapped to a datashare -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Reopened] (RANGER-4035) support for policies to refer access-types using category, like Create/Read/Update/Delete/Manage
[ https://issues.apache.org/jira/browse/RANGER-4035?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj reopened RANGER-4035: -- RangerAccessTypeDef.category is not persisted in the database. > support for policies to refer access-types using category, like > Create/Read/Update/Delete/Manage > > > Key: RANGER-4035 > URL: https://issues.apache.org/jira/browse/RANGER-4035 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Madhan Neethiraj >Priority: Major > Fix For: 3.0.0 > > Attachments: RANGER-4035.patch > > > Ranger policy model supports setting up policies with fine-grained > permissions - like create/alter/drop/select/insert/update/truncate, > read/write/list/create/delete/mkdir. Supporting policies to specify > permissions as broad categories like CRUD, will make it easier for policy > authors - especially for tag-based policies. > In addition, it will also help to have a built-in access-type that captures > all other access-types - like ALL. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74698: RANGER-4035: DB schema update to persist XXAccessTypeDef.category
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74698/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Abhay Kulkarni, Monika Kachhadiya, Prashant Satam, Ramesh Mani, and Subhrat Chaudhary. Bugs: RANGER-4035 https://issues.apache.org/jira/browse/RANGER-4035 Repository: ranger Description --- - added column x_access_type_def.category - updated DB save/load modules to persist XXAccessTypeDef.category in the new column Diffs - agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java dc786a457 security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql 17092d486 security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql 7371cd6d0 security-admin/src/main/java/org/apache/ranger/entity/XXAccessTypeDef.java 200a51d33 security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java 86928193a Diff: https://reviews.apache.org/r/74698/diff/1/ Testing --- - verified that catagory specified in XXAccessTypeDef.category is persisted in the database Thanks, Madhan Neethiraj
[jira] [Assigned] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang reassigned RANGER-4481: - Assignee: Xuze Yang > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Assignee: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (was: (Entête de la société).docx) > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (Entête de la société).docx > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: (Entête de la société).docx, feasible solution > code.png, first http response.png, openjdk problem code.png, second http > request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776988#comment-17776988 ] Xuze Yang edited comment on RANGER-4481 at 10/26/23 2:52 AM: - Add a configuration item to enable RangerAdminRESTClient's getRolesIfUpdated()/getServicePoliciesIfUpdated()/getServiceTagsIfUpdated() use unauthenticated http request may involve a large amount of work. Because we should add this configuration item in all plugin component's configuration file. Another way, when the response code was 401, I tried to clear the supported cache through java reflection. This has been proven to be feasible. !feasible solution code.png! Now I don't know which modification method is more reasonable, or there are other better modification methods. [~madhan] [~kirbyzhou] was (Author: xuze yang): Add a configuration item to enable RangerAdminRESTClient's getRolesIfUpdated()/getServicePoliciesIfUpdated()/getServiceTagsIfUpdated() use unauthenticated http request may involve a large amount of work. Because we should add this configuration item in all plugin component's configuration file. Another way, when the response code was 401, I tried to clear the supported cache through java reflection. This has been proven to be feasible. !4.png! Now I don't know which modification method is more reasonable, or there are other better modification methods. [~madhan] [~kirbyzhou] > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776958#comment-17776958 ] Xuze Yang edited comment on RANGER-4481 at 10/26/23 2:52 AM: - {*}1. Problem phenomenon{*}: >From a certain moment on, the ranger plugin of resourcemanager0 has been >unable to pull policies, and the error log is 401. The kerberos service is >normal, and as a comparison, the ranger plugin of resourcemanager1 can pull >policies normally. Resourcemanager0's error log: {code:java} 2023-10-19 08:55:02,551 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:02,552 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:12,572 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:12,574 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn{code} *2. Problem Cause Analysis:* The normal process for the Ranger plugin to pull policies from the Ranger server: 1) For the first request, the server will reply with a 401 and carry "WWW Authenticate: Negotiate" in the HTTP header !first http response.png! 2) The internal httpUrlConnection class of Openjdk handles this by performing a kerberos authentication, and then placing the authentication result in the HTTP header field Authorization to request again !second http request.png! 3) Afterwards, the server can provide the correct response, such as a 200 response or a 304 response abnormal: When performing kerberos authentication, if the kdc service is abnormal, it will be determined that the service does not support kerberos authentication, and then this information will be stored in a global static map called 'supported'. Subsequent requests will be obtained from the 'supported' based on the server hostname to determine whether authentication methods are supported !openjdk problem code.png! *Therefore, once the first failure occurs, it will be determined that the service does not support authentication, and the second HTTP request will never be triggered, resulting in the inability to obtain policies from the service forever.* was (Author: xuze yang): {*}1. Problem phenomenon{*}: >From a certain moment on, the ranger plugin of resourcemanager0 has been >unable to pull policies, and the error log is 401. The kerberos service is >normal, and as a comparison, the ranger plugin of resourcemanager1 can pull >policies normally. Resourcemanager0's error log: {code:java} 2023-10-19 08:55:02,551 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:02,552 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:12,572 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn 2023-10-19 08:55:12,574 WARN org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies. secureMode=true, user=hadoop/hdp-hadoop-hdp-resourcemanager-1.hdp-hadoop-hdp-resourcemanager.yangxuze.svc.cluster.lo...@dahua.com (auth:KERBEROS), response={"httpStatusCode":401,"statusCode":0}, serviceName=default-Yarn{code} *2. Problem Cause Analysis:* The normal process for the Ranger plugin to pull policies from the Range
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (was: 2.png) > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (was: 4.png) > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: feasible solution code.png first http response.png openjdk problem code.png second http request.png > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (was: 1.png) > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4481) Add a configuration item to support Ranger client not using authentication
[ https://issues.apache.org/jira/browse/RANGER-4481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xuze Yang updated RANGER-4481: -- Attachment: (was: 3.png) > Add a configuration item to support Ranger client not using authentication > -- > > Key: RANGER-4481 > URL: https://issues.apache.org/jira/browse/RANGER-4481 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.1.0 >Reporter: Xuze Yang >Priority: Major > Attachments: feasible solution code.png, first http response.png, > openjdk problem code.png, second http request.png > > > As described in RANGER-3602, ranger supports downloading policies and roles > through unauthenticated http requests even if kerberos is enabled on the > server. > But in terms of the current implementation of RangerAdminRESTClient, whether > to enable authenticated HTTP requests depends on the service in which it is > located. For example, if the Hadoop service has kerberos enabled, then the > RangerAdminRESTClient in the HDFS and Yarn plugins will also use > authenticated HTTP requests. > I think this is not reasonable enough. In this case (both the Ranger server > and Hadoop are enabled for kerberos), the RangerAdminRESTClient of the HDFS > and Yarn plugins should also be allowed to download policies and roles > through unauthenticated HTTP requests. > The reason why I proposed this improvement is due to a bug I encountered in > our production environment. I will introduce the bug I encountered later. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4396) Dataset lookup is failing in GDS policy
[ https://issues.apache.org/jira/browse/RANGER-4396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj resolved RANGER-4396. -- Resolution: Abandoned Policies for a dataset are authored from dataset details page, which doesn't require users to provide the dataset name. Hence this is not a valid issue. > Dataset lookup is failing in GDS policy > --- > > Key: RANGER-4396 > URL: https://issues.apache.org/jira/browse/RANGER-4396 > Project: Ranger > Issue Type: Sub-task > Components: admin >Reporter: Subhrat Chaudhary >Priority: Major > > In GDS policy, while selecting Dataset, Dataset lookup is failing with > NullPointerException -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4269) GDS context-enricher to find datasets relevant to accessed resource
[ https://issues.apache.org/jira/browse/RANGER-4269?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj reassigned RANGER-4269: Assignee: Madhan Neethiraj > GDS context-enricher to find datasets relevant to accessed resource > --- > > Key: RANGER-4269 > URL: https://issues.apache.org/jira/browse/RANGER-4269 > Project: Ranger > Issue Type: Sub-task > Components: plugins >Reporter: Madhan Neethiraj >Assignee: Madhan Neethiraj >Priority: Major > > Add a context enricher to find the datasets that include the resource being > accessed and make this details available in the evaluation context. This is > similar to RangerTagEnricher and RangerTagRefresher which add details of tags > associated with the accessed resource in the evaluation context. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4496) Decommission the use of log4j.xml files
Abhishek Kumar created RANGER-4496: -- Summary: Decommission the use of log4j.xml files Key: RANGER-4496 URL: https://issues.apache.org/jira/browse/RANGER-4496 Project: Ranger Issue Type: Task Components: Ranger Reporter: Abhishek Kumar Logback.xml is used across all modules to configure logging for ranger and other services including plugins. Use of log4j.xml is no longer in practice. Logging is configured using either logback.xml or log4j.xml but not both simultaneously. This Jira tracks changes to remove all log4j.xml files in the ranger codebase. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4495) Upgrade netty to 4.1.100-final
[ https://issues.apache.org/jira/browse/RANGER-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Velmurugan Periasamy updated RANGER-4495: - Summary: Upgrade netty to 4.1.100-final (was: CLONE - Upgrade netty to 4.1.100-final) > Upgrade netty to 4.1.100-final > -- > > Key: RANGER-4495 > URL: https://issues.apache.org/jira/browse/RANGER-4495 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > > Upgrade netty to 4.1.100-final or higher -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4495) CLONE - Upgrade netty to 4.1.100-final
[ https://issues.apache.org/jira/browse/RANGER-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pradeep Agrawal updated RANGER-4495: Description: Upgrade netty to 4.1.100-final or higher (was: Upgrade netty to 4.1.94-final) > CLONE - Upgrade netty to 4.1.100-final > -- > > Key: RANGER-4495 > URL: https://issues.apache.org/jira/browse/RANGER-4495 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > > Upgrade netty to 4.1.100-final or higher -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4495) CLONE - Upgrade netty to 4.1.100-final
Pradeep Agrawal created RANGER-4495: --- Summary: CLONE - Upgrade netty to 4.1.100-final Key: RANGER-4495 URL: https://issues.apache.org/jira/browse/RANGER-4495 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0 Reporter: Pradeep Agrawal Assignee: Pradeep Agrawal Fix For: 3.0.0 Upgrade netty to 4.1.94-final -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74690: RANGER-4266: gds info retrieval by plugins
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74690/#review225894 --- Ship it! Ship It! - Subhrat Chaudhary On Oct. 23, 2023, 8:36 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74690/ > --- > > (Updated Oct. 23, 2023, 8:36 p.m.) > > > Review request for ranger, Ankita Sinha, Abhay Kulkarni, Monika Kachhadiya, > Prashant Satam, Ramesh Mani, Subhrat Chaudhary, and Velmurugan Periasamy. > > > Bugs: RANGER-4266 > https://issues.apache.org/jira/browse/RANGER-4266 > > > Repository: ranger > > > Description > --- > > - REST API for plugins to download GDS info, similar to policies, tags, > userstore > - Ranger updates to increment gdsVersion in services > - updated plugins library to implicitly add GDS enricher > > > Diffs > - > > > agents-common/src/main/java/org/apache/ranger/admin/client/AbstractRangerAdminClient.java > a65c18708 > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminClient.java > 22a8121ca > > agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java > 9cd0fd263 > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java > df6307eb2 > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerAdminGdsInfoRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsEnricher.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerGdsInfoRetriever.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicyDelta.java > 6eae590c4 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 2f4af9763 > > agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java > 1c08e36ec > agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java > 794c265a3 > agents-common/src/main/java/org/apache/ranger/plugin/util/JsonUtilsV2.java > 9a8546b79 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTUtils.java > b265e8575 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java > 489476b28 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceGdsInfo.java > PRE-CREATION > > agents-common/src/main/java/org/apache/ranger/plugin/util/ServicePolicies.java > 225f8526b > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 19ecc1fc8 > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > ea98736a1 > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > 10986823d > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 055c31364 > security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java > f0e64d711 > security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetDao.java > ee2d4b67b > security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectDao.java > 4f214ff8d > security-admin/src/main/java/org/apache/ranger/db/XXGlobalStateDao.java > e28b607c9 > security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java > c0f9d5c4e > > security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java > 04f030b35 > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 4c0a106ad > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsBaseModelService.java > e7c54385f > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareInDatasetService.java > 569509d66 > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDataShareService.java > 6a93e44dc > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetInProjectService.java > d62040175 > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsDatasetService.java > 75833ea7b > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsProjectService.java > 4ccb063fe > > security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java > 4bdb09f4d > > security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java > 9bf7868d0 > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java > cd8fcc696 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 547913488 > security-admin/src/main/resources/conf.dist/security-applicationContext.xml > 807791f28 > security-admin/src/test/java/org/apache
Review Request 74697: RANGER:4494:get Dataset summary for logged in user based on dataset-policy.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74697/ --- Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika Kachhadiya, and Subhrat Chaudhary. Bugs: RANGER-4494 https://issues.apache.org/jira/browse/RANGER-4494 Repository: ranger Description --- We need a new API URI--->(/dataset/summary/sharedwithme) to extend the /dataset/summary API added in https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary for datasets which are shared with the logged in user, based on policy. Use of The API This API will return dataset summary objects which are accessible for the logged in user by the dataset policy Diffs - security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 4249b1121 security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java b1dc9d37d security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java f21d445c4 security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java 6c55fd029 Diff: https://reviews.apache.org/r/74697/diff/1/ Testing --- 1)Create dataset attach dataShare and shared-resource to it 2)create policy for the dataset and add the current logged in user in the dataset-policy (can add user directly/via role/via group) 3)use GET-API --> (/service/gds/dataset/summary/sharedwithme) you will only get dataset summary objects for whom the current user have access by the dataset-policy Request-> GET-API /service/gds/dataset/summary/sharedwithme Response ---> { "startIndex": 0, "pageSize": 200, "totalCount": 1, "resultSize": 1, "sortType": "datasetId", "sortBy": "asc", "queryTimeMS": 1698235573851, "list": [ { "id": 1, "guid": "d82106ea-191e-4f50-a3ac-45ba824bd293", "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 1698220723000, "updateTime": 1698232342000, "version": 6, "name": "Test_GDS_Dataset19", "description": "This is GDS description", "permissionForCaller": "AUDIT", "principalsCount": { "ROLE": 0, "USER": 0, "GROUP": 0 }, "projectsCount": 0, "totalResourceCount": 2, "dataShares": [ { "id": 1, "guid": "f635adcb-e77c-4a1d-a894-c8ceb9f8b577", "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 1698220777000, "updateTime": 1698220777000, "version": 1, "dataShareId": 1, "dataShareName": "RangerDataShare1", "serviceId": 1, "serviceName": "Ranger_hive", "zoneId": 2, "zoneName": "Ranger_hive", "resourceCount": 1, "shareStatus": "NONE" }, { "id": 2, "guid": "055f5f6f-6969-4226-825b-2c7607aeea7b", "isEnabled": true, "createdBy": "Admin", "updatedBy": "Admin", "createTime": 1698220783000, "updateTime": 1698220783000, "version": 1, "dataShareId": 2, "dataShareName": "RangerDataShare2", "serviceId": 1, "serviceName": "Ranger_hive", "zoneId": 2, "zoneName": "Ranger_hive", "resourceCount": 1, "shareStatus": "NONE" } ] } ], "listSize": 1 } Thanks, Prashant Satam
[jira] [Updated] (RANGER-4493) Keep the UI behaviour for tag based and resource based services filtering for zone without any service
[ https://issues.apache.org/jira/browse/RANGER-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mugdha Varadkar updated RANGER-4493: Summary: Keep the UI behaviour for tag based and resource based services filtering for zone without any service (was: Keep the display for tag based and resource based services filtering for zone without any service) > Keep the UI behaviour for tag based and resource based services filtering for > zone without any service > -- > > Key: RANGER-4493 > URL: https://issues.apache.org/jira/browse/RANGER-4493 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Attachments: image (10).png, image (9).png > > > In Ranger admin, security zones can be now created without any > services/resources. > If a security zone is created without any service, and on the service manager > page, > if the resource based services are filtered based on the zone without any > service, > then the UI displays an image with the text "No Services". > But if the same service filtering is done for tag based services, then the UI > shows a service element for tag. > It will be better if the UI behaviour is consistent for both resource and tag > based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74696: RANGER-4360 : Error page 'Go back' button not redirecting to the right page.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74696/#review225893 --- Ship it! Ship It! - Mugdha Varadkar On Oct. 25, 2023, 10:53 a.m., Dhaval Rajpara wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74696/ > --- > > (Updated Oct. 25, 2023, 10:53 a.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Shah, Dineshkumar Yadav, > Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, > Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4360 > https://issues.apache.org/jira/browse/RANGER-4360 > > > Repository: ranger > > > Description > --- > > On error page Go back button not work properly > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js 20dece45f > security-admin/src/main/webapp/react-webapp/src/utils/fetchAPI.js fbdd91737 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx > c189c0a1b > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs.jsx > 6575dae24 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AuditLayout.jsx > 0537496f3 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/LoginSessionsLogs.jsx > 28d2bdb3e > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginStatusLogs.jsx > cf4727514 > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginsLog.jsx > 55caa90bd > > security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/UserSync.jsx > 0abe30017 > > security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyManager.jsx > 98ea88280 > security-admin/src/main/webapp/react-webapp/src/views/ErrorPage.jsx > 9e99e5077 > security-admin/src/main/webapp/react-webapp/src/views/Home.jsx 3dee1d086 > security-admin/src/main/webapp/react-webapp/src/views/Layout.jsx 49edc2861 > > security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/Permissions.jsx > 730d40103 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx > 60cc1f268 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListing.jsx > 6d6facb91 > > security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListingTabView.jsx > 44d9f1da9 > > security-admin/src/main/webapp/react-webapp/src/views/Reports/UserAccessLayout.jsx > e3d09c51e > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx > 91d2a3758 > > security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/ZoneListing.jsx > e672611dd > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx > 0b2f46bec > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx > 2df0c4d63 > security-admin/src/main/webapp/react-webapp/src/views/SideBar/SideBar.jsx > e0ad55d59 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/UserGroupRoleListing.jsx > bd829636e > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx > 332a3940d > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleListing.jsx > 8caecf058 > > security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx > dee4b196d > > > Diff: https://reviews.apache.org/r/74696/diff/1/ > > > Testing > --- > > Testing is in progress. > > > Thanks, > > Dhaval Rajpara > >
[jira] [Updated] (RANGER-4494) get Dataset summary for logged in user based on dataset-policy.
[ https://issues.apache.org/jira/browse/RANGER-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4494: --- Summary: get Dataset summary for logged in user based on dataset-policy. (was: get Dataset summary for logged in user based on policy.) > get Dataset summary for logged in user based on dataset-policy. > --- > > Key: RANGER-4494 > URL: https://issues.apache.org/jira/browse/RANGER-4494 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > We need a new API URI--->(/dataset/summary/sharedwithme) to extend the > /dataset/summary API added in > https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary > for datasets which are shared with the logged in user, based on policy. > Use of The API > This API will return dataset summary objects which are accessible for the > logged in user by the dataset policy -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4494) get Dataset summary for logged in user based on policy.
[ https://issues.apache.org/jira/browse/RANGER-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4494: --- Description: We need a new API URI--->(/dataset/summary/sharedwithme) to extend the /dataset/summary API added in https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary for datasets which are shared with the logged in user, based on policy. Use of The API This API will return dataset summary objects which are accessible for the logged in user by the dataset policy was:We need a new API URI--->(/dataset/summary/sharedwithme) to extend the /dataset/summary API added in https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary for datasets which are shared with the logged in user, based on policy. > get Dataset summary for logged in user based on policy. > --- > > Key: RANGER-4494 > URL: https://issues.apache.org/jira/browse/RANGER-4494 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > We need a new API URI--->(/dataset/summary/sharedwithme) to extend the > /dataset/summary API added in > https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary > for datasets which are shared with the logged in user, based on policy. > Use of The API > This API will return dataset summary objects which are accessible for the > logged in user by the dataset policy -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4494) get Dataset summary for logged in user based on policy.
[ https://issues.apache.org/jira/browse/RANGER-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam updated RANGER-4494: --- Description: We need a new API URI--->(/dataset/summary/sharedwithme) to extend the /dataset/summary API added in https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary for datasets which are shared with the logged in user, based on policy. > get Dataset summary for logged in user based on policy. > --- > > Key: RANGER-4494 > URL: https://issues.apache.org/jira/browse/RANGER-4494 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > > We need a new API URI--->(/dataset/summary/sharedwithme) to extend the > /dataset/summary API added in > https://issues.apache.org/jira/browse/RANGER-4446, to get the DatasetSummary > for datasets which are shared with the logged in user, based on policy. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4494) get Dataset summary for logged in user based on policy.
Prashant Satam created RANGER-4494: -- Summary: get Dataset summary for logged in user based on policy. Key: RANGER-4494 URL: https://issues.apache.org/jira/browse/RANGER-4494 Project: Ranger Issue Type: Bug Components: admin Reporter: Prashant Satam -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4494) get Dataset summary for logged in user based on policy.
[ https://issues.apache.org/jira/browse/RANGER-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Prashant Satam reassigned RANGER-4494: -- Assignee: Prashant Satam > get Dataset summary for logged in user based on policy. > --- > > Key: RANGER-4494 > URL: https://issues.apache.org/jira/browse/RANGER-4494 > Project: Ranger > Issue Type: Bug > Components: admin >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74667: RANGER-4376: Need to show Tag Policies for user when it has permission in "Tag Based Policies" module
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74667/#review225892 --- Ship it! Ship It! - Mugdha Varadkar On Oct. 25, 2023, 10:17 a.m., Brijesh Bhalala wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74667/ > --- > > (Updated Oct. 25, 2023, 10:17 a.m.) > > > Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan > Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. > > > Bugs: RANGER-4376 > https://issues.apache.org/jira/browse/RANGER-4376 > > > Repository: ranger > > > Description > --- > > By default user with user-role doesn't have permission on Tag Based Policies > modules. > > If in some case where user with user-role is given permission on Tag Based > Policies module and not on Resource Based Policies, then need to show tag > policies. > > Need to fix this corner case in Ranger Admin UI with react JS. > > > Diffs > - > > security-admin/src/main/webapp/react-webapp/src/App.jsx bc3cf9a7a > > security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/EditPermission.jsx > 5e51faf27 > > security-admin/src/main/webapp/react-webapp/src/views/Reports/UserAccessLayout.jsx > e3d09c51e > > > Diff: https://reviews.apache.org/r/74667/diff/2/ > > > Testing > --- > > Tested changes on a cluster setup with Ranger Admin build with React JS code > base. > > > Verified the "Tag Based Policies" Module with all user-role. > > > Thanks, > > Brijesh Bhalala > >
Review Request 74696: RANGER-4360 : Error page 'Go back' button not redirecting to the right page.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74696/ --- Review request for ranger, Brijesh Bhalala, Dhaval Shah, Dineshkumar Yadav, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-4360 https://issues.apache.org/jira/browse/RANGER-4360 Repository: ranger Description --- On error page Go back button not work properly Diffs - security-admin/src/main/webapp/react-webapp/src/utils/XAUtils.js 20dece45f security-admin/src/main/webapp/react-webapp/src/utils/fetchAPI.js fbdd91737 security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogs.jsx c189c0a1b security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AdminLogs.jsx 6575dae24 security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AuditLayout.jsx 0537496f3 security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/LoginSessionsLogs.jsx 28d2bdb3e security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginStatusLogs.jsx cf4727514 security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/PluginsLog.jsx 55caa90bd security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/UserSync.jsx 0abe30017 security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyManager.jsx 98ea88280 security-admin/src/main/webapp/react-webapp/src/views/ErrorPage.jsx 9e99e5077 security-admin/src/main/webapp/react-webapp/src/views/Home.jsx 3dee1d086 security-admin/src/main/webapp/react-webapp/src/views/Layout.jsx 49edc2861 security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/Permissions.jsx 730d40103 security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/AddUpdatePolicyForm.jsx 60cc1f268 security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListing.jsx 6d6facb91 security-admin/src/main/webapp/react-webapp/src/views/PolicyListing/PolicyListingTabView.jsx 44d9f1da9 security-admin/src/main/webapp/react-webapp/src/views/Reports/UserAccessLayout.jsx e3d09c51e security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx 91d2a3758 security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/ZoneListing.jsx e672611dd security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceDefinitions.jsx 0b2f46bec security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx 2df0c4d63 security-admin/src/main/webapp/react-webapp/src/views/SideBar/SideBar.jsx e0ad55d59 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/UserGroupRoleListing.jsx bd829636e security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/groups_details/GroupListing.jsx 332a3940d security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/role_details/RoleListing.jsx 8caecf058 security-admin/src/main/webapp/react-webapp/src/views/UserGroupRoleListing/users_details/UserListing.jsx dee4b196d Diff: https://reviews.apache.org/r/74696/diff/1/ Testing --- Testing is in progress. Thanks, Dhaval Rajpara
[jira] [Updated] (RANGER-4360) Error page 'Go back' button not redirecting to the right page
[ https://issues.apache.org/jira/browse/RANGER-4360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara updated RANGER-4360: --- Attachment: 0001-RANGER-4360.patch > Error page 'Go back' button not redirecting to the right page > -- > > Key: RANGER-4360 > URL: https://issues.apache.org/jira/browse/RANGER-4360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Dhaval Rajpara >Priority: Major > Attachments: 0001-RANGER-4360.patch > > > On error page Go back button not work properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4360) On error page Go back button not work properly
[ https://issues.apache.org/jira/browse/RANGER-4360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara reassigned RANGER-4360: -- Assignee: Dhaval Rajpara > On error page Go back button not work properly > -- > > Key: RANGER-4360 > URL: https://issues.apache.org/jira/browse/RANGER-4360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Dhaval Rajpara >Priority: Major > > On error page Go back button not work properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4360) Error page 'Go back' button not redirecting to the right page
[ https://issues.apache.org/jira/browse/RANGER-4360?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara updated RANGER-4360: --- Summary: Error page 'Go back' button not redirecting to the right page (was: On error page Go back button not work properly) > Error page 'Go back' button not redirecting to the right page > -- > > Key: RANGER-4360 > URL: https://issues.apache.org/jira/browse/RANGER-4360 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Dhaval Rajpara >Priority: Major > > On error page Go back button not work properly -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74667: RANGER-4376: Need to show Tag Policies for user when it has permission in "Tag Based Policies" module
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74667/ --- (Updated Oct. 25, 2023, 10:17 a.m.) Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. Bugs: RANGER-4376 https://issues.apache.org/jira/browse/RANGER-4376 Repository: ranger Description --- By default user with user-role doesn't have permission on Tag Based Policies modules. If in some case where user with user-role is given permission on Tag Based Policies module and not on Resource Based Policies, then need to show tag policies. Need to fix this corner case in Ranger Admin UI with react JS. Diffs (updated) - security-admin/src/main/webapp/react-webapp/src/App.jsx bc3cf9a7a security-admin/src/main/webapp/react-webapp/src/views/PermissionsModule/EditPermission.jsx 5e51faf27 security-admin/src/main/webapp/react-webapp/src/views/Reports/UserAccessLayout.jsx e3d09c51e Diff: https://reviews.apache.org/r/74667/diff/2/ Changes: https://reviews.apache.org/r/74667/diff/1-2/ Testing --- Tested changes on a cluster setup with Ranger Admin build with React JS code base. Verified the "Tag Based Policies" Module with all user-role. Thanks, Brijesh Bhalala
[jira] [Updated] (RANGER-4376) Need to show Tag Policies for user when it has permission in "Tag Based Policies" module
[ https://issues.apache.org/jira/browse/RANGER-4376?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4376: Attachment: 0002-RANGER-4376.patch > Need to show Tag Policies for user when it has permission in "Tag Based > Policies" module > > > Key: RANGER-4376 > URL: https://issues.apache.org/jira/browse/RANGER-4376 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.4.0 >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4376.patch, 0002-RANGER-4376.patch > > > By default user with user-role doesn't have permission on Tag Based Policies > modules. > If in some case where user with user-role is given permission on Tag Based > Policies module and not on Resource Based Policies, then need to show tag > policies. > Need to fix this corner case in Ranger Admin UI with react JS. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74625: RANGER-4438: Read JAVA_OPTS in ranger db setup python script
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74625/ --- (Updated Oct. 25, 2023, 10:10 a.m.) Review request for ranger, Abhishek Kumar, bhavik patel, Dhaval Shah, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Added fix for ranger-kms and addressed the review comment. Bugs: RANGER-4438 https://issues.apache.org/jira/browse/RANGER-4438 Repository: ranger Description --- **Problem Statement:** Currently db_setup.py file does not accepts or add JAVA_OPTS options in java commands executed from db_setup.py and changepasswordutil.py file. In certain environment user may need these options to execute the java commands successfully. **Proposed Solution:** In the proposed patch, db_setup.py and changepasswordutil.py file can read JAVA_OPTS from environment variable and pass that to java class run command being executed from the same file. Alternatively user can provide the same in install.propeties via java_opts property. setup.sh shall export the java_opts value as JAVA_OPTS environement variable. Diffs (updated) - kms/scripts/db_setup.py d21a6ac75 kms/scripts/install.properties 0e5da3c75 kms/scripts/setup.sh f723e09bb security-admin/scripts/changepasswordutil.py e45dab643 security-admin/scripts/db_setup.py 24502f4fb security-admin/scripts/install.properties b8e864e9a security-admin/scripts/setup.sh 750455f08 Diff: https://reviews.apache.org/r/74625/diff/2/ Changes: https://reviews.apache.org/r/74625/diff/1-2/ Testing --- Steps: 1. Exported a JAVA_OPTS option '-Xms1g' by running the command export JAVA_OPTS='-Xms1g' on the console. 2. Added debug statement in db_setup.py file to print java class run command which are usually executed when db_setup.py is called. 2. Executed the setup.sh file 3. setup.sh command executed succesfully and can see debug logs with added JAVA_OPTS '-Xms1g' Thanks, Pradeep Agrawal
[jira] [Updated] (RANGER-4492) Optimize "plugins/definitions" API Call for Initial Load in Multiple Ranger-React Modules
[ https://issues.apache.org/jira/browse/RANGER-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala updated RANGER-4492: Attachment: 0001-RANGER-4492.patch > Optimize "plugins/definitions" API Call for Initial Load in Multiple > Ranger-React Modules > - > > Key: RANGER-4492 > URL: https://issues.apache.org/jira/browse/RANGER-4492 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4492.patch > > > In Ranger React, we have already implemented the "plugins/definitions" API > call at the initial load for optimization. > This optimization is currently implemented on the Service Manager page and > needs to be extended to the following modules: > 1)Audit > 2)Report > 3)Security Zone > 4)Key Manager > This enhancement aims to improve the initial load performance by efficiently > utilizing the "plugins/definitions" API call across multiple modules within > Ranger-React. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74695: RANGER-4492: Optimize "plugins/definitions" API Call for Initial Load in Multiple Ranger-React Modules
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74695/ --- Review request for ranger, Dhaval Rajpara, Dineshkumar Yadav, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, Nikunj Pansuriya, and Nitin Galave. Bugs: RANGER-4492 https://issues.apache.org/jira/browse/RANGER-4492 Repository: ranger Description --- In Ranger React, we have already implemented the "plugins/definitions" API call at the initial load for optimization. This optimization is currently implemented on the Service Manager page and needs to be extended to the following modules: 1)Audit 2)Report 3)Security Zone 4)Key Manager This enhancement aims to improve the initial load performance by efficiently utilizing the "plugins/definitions" API call across multiple modules within Ranger-React. Diffs - security-admin/src/main/webapp/react-webapp/src/views/AuditEvent/AccessLogDetail.jsx dc75efe50 security-admin/src/main/webapp/react-webapp/src/views/Encryption/KeyCreate.jsx 5f7fc8af0 security-admin/src/main/webapp/react-webapp/src/views/Reports/UserAccessLayout.jsx e3d09c51e security-admin/src/main/webapp/react-webapp/src/views/SecurityZone/SecurityZoneForm.jsx 91d2a3758 Diff: https://reviews.apache.org/r/74695/diff/1/ Testing --- Testing is in progress Thanks, Brijesh Bhalala
[jira] [Assigned] (RANGER-4493) Keep the display for tag based and resource based services filtering for zone without any service
[ https://issues.apache.org/jira/browse/RANGER-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brijesh Bhalala reassigned RANGER-4493: --- Assignee: Brijesh Bhalala (was: Dhaval Rajpara) > Keep the display for tag based and resource based services filtering for zone > without any service > - > > Key: RANGER-4493 > URL: https://issues.apache.org/jira/browse/RANGER-4493 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Attachments: image (10).png, image (9).png > > > In Ranger admin, security zones can be now created without any > services/resources. > If a security zone is created without any service, and on the service manager > page, > if the resource based services are filtered based on the zone without any > service, > then the UI displays an image with the text "No Services". > But if the same service filtering is done for tag based services, then the UI > shows a service element for tag. > It will be better if the UI behaviour is consistent for both resource and tag > based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4493) Keep the display for tag based and resource based services filtering for zone without any service
[ https://issues.apache.org/jira/browse/RANGER-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek updated RANGER-4493: - Labels: ranger-react (was: ) > Keep the display for tag based and resource based services filtering for zone > without any service > - > > Key: RANGER-4493 > URL: https://issues.apache.org/jira/browse/RANGER-4493 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Priority: Major > Labels: ranger-react > > In Ranger admin, security zones can be now created without any > services/resources. > If a security zone is created without any service, and on the service manager > page, > if the resource based services are filtered based on the zone without any > service, > then the UI displays an image with the text "No Services". > But if the same service filtering is done for tag based services, then the UI > shows a service element for tag. > It will be better if the UI behaviour is consistent for both resource and tag > based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4493) Keep the display for tag based and resource based services filtering for zone without any service
[ https://issues.apache.org/jira/browse/RANGER-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek reassigned RANGER-4493: Assignee: Dhaval Rajpara > Keep the display for tag based and resource based services filtering for zone > without any service > - > > Key: RANGER-4493 > URL: https://issues.apache.org/jira/browse/RANGER-4493 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Dhaval Rajpara >Priority: Major > Labels: ranger-react > > In Ranger admin, security zones can be now created without any > services/resources. > If a security zone is created without any service, and on the service manager > page, > if the resource based services are filtered based on the zone without any > service, > then the UI displays an image with the text "No Services". > But if the same service filtering is done for tag based services, then the UI > shows a service element for tag. > It will be better if the UI behaviour is consistent for both resource and tag > based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4493) Keep the display for tag based and resource based services filtering for zone without any service
Abhishek created RANGER-4493: Summary: Keep the display for tag based and resource based services filtering for zone without any service Key: RANGER-4493 URL: https://issues.apache.org/jira/browse/RANGER-4493 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Abhishek In Ranger admin, security zones can be now created without any services/resources. If a security zone is created without any service, and on the service manager page, if the resource based services are filtered based on the zone without any service, then the UI displays an image with the text "No Services". But if the same service filtering is done for tag based services, then the UI shows a service element for tag. It will be better if the UI behaviour is consistent for both resource and tag based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4493) Keep the display for tag based and resource based services filtering for zone without any service
[ https://issues.apache.org/jira/browse/RANGER-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek updated RANGER-4493: - Attachment: image (9).png image (10).png > Keep the display for tag based and resource based services filtering for zone > without any service > - > > Key: RANGER-4493 > URL: https://issues.apache.org/jira/browse/RANGER-4493 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Dhaval Rajpara >Priority: Major > Labels: ranger-react > Attachments: image (10).png, image (9).png > > > In Ranger admin, security zones can be now created without any > services/resources. > If a security zone is created without any service, and on the service manager > page, > if the resource based services are filtered based on the zone without any > service, > then the UI displays an image with the text "No Services". > But if the same service filtering is done for tag based services, then the UI > shows a service element for tag. > It will be better if the UI behaviour is consistent for both resource and tag > based service filtering -- This message was sent by Atlassian Jira (v8.20.10#820010)