[jira] [Commented] (RANGER-4561) Adding the mechanism to eanble/disable Ranager Access logs based on property
[ https://issues.apache.org/jira/browse/RANGER-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789767#comment-17789767 ] Ramachandran commented on RANGER-4561: -- The review is available here :[https://reviews.apache.org/r/74759/] > Adding the mechanism to eanble/disable Ranager Access logs based on property > - > > Key: RANGER-4561 > URL: https://issues.apache.org/jira/browse/RANGER-4561 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Ramachandran >Assignee: Ramachandran >Priority: Major > > In the current Ranger Admin, we have enabled Ranger access logs by default. > If any of the customers wants to disable, the Ranger access logs, it can not > be done without making code changes.So we need to leverage this use case so > that customers can disable the ranger access logs if they needed via setting > properties -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74759: RANGER-4561:Adding the mechanism to eanble/disable Ranager Access logs based on property
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74759/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy. Bugs: RANGER-4561 https://issues.apache.org/jira/browse/RANGER-4561 Repository: ranger Description --- In the current Ranger Admin, we have enabled Ranger access logs by default. If any of the customers wants to disable, the Ranger access logs, it can not be done without making code changes.So we need to leverage this use case so that customers can disable the ranger access logs if they needed via setting properties Diffs - embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java a0d616925 Diff: https://reviews.apache.org/r/74759/diff/1/ Testing --- Thanks, Ramachandran Krishnan
Review Request 74758: Ranger Roles Cache improvement to reduce DB calls to the Database
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74758/ --- Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy. Bugs: RANGER-4560 https://issues.apache.org/jira/browse/RANGER-4560 Repository: ranger Description --- How Ranger uses the Roles Cache (In-Memory) When the lastKnownRoleVersion and rangerRoleVersionInDB are equal then return null. Because roles have not changed since the last time otherwise, It will fetch the roles from the Database update the cache, and then return roles to the User/Ranger Plugins As part of Ranger Roles Cache improvement, we have added the below logic When the rolesVersionInDB and cachedRolesVersion are equal then return cached RangerRoles.Because RangerRoles have not changed since the last time we fetched How it will improve the Ranger Roles Cache When the user/Client(Ranger Plugin) sends the lastKnownRoleVersion as -1 or null, Ranger Roles Cache internally check whether rolesVersionInDB and cachedRolesVersion are equal or not ?. If it equal means, it will fetch it from the Cache rather than fetching the roles from the database update the cache, and then return roles to the User/Ranger Plugins Diffs - security-admin/src/main/java/org/apache/ranger/common/RangerRoleCache.java 933104a16 Diff: https://reviews.apache.org/r/74758/diff/1/ Testing --- Thanks, Ramachandran Krishnan
[jira] [Created] (RANGER-4562) Build fails in security-admin test while installing npm
Madhan Neethiraj created RANGER-4562: Summary: Build fails in security-admin test while installing npm Key: RANGER-4562 URL: https://issues.apache.org/jira/browse/RANGER-4562 Project: Ranger Issue Type: Bug Components: admin Reporter: Madhan Neethiraj Build using {{mvn -Pranger-jdk11 -DskipTests=false clean compile package}} fails in security-admin module while installing npm: {noformat} ranger-build| [INFO] ranger-build| [INFO] --- frontend-maven-plugin:1.12.1:npm (npm install for tests) @ security-admin-web --- ranger-build| [INFO] Running 'npm install' in /home/ranger/src/security-admin/target/jstest ranger-build| [INFO] ranger-build| [INFO] > phantomjs-prebuilt@2.1.16 install /home/ranger/src/security-admin/target/jstest/node_modules/phantomjs-prebuilt ranger-build| [INFO] > node install.js ranger-build| [INFO] ranger-build| [INFO] PhantomJS not found on PATH ranger-build| [INFO] Downloading https://github.com/Medium/phantomjs/releases/download/v2.1.1/phantomjs-2.1.1-linux-x86_64.tar.bz2 ranger-build| [INFO] Saving to /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 ranger-build| [INFO] Receiving... ranger-build| [INFO] ranger-build| [INFO] Error making request. ranger-build| [INFO] Error: connect ETIMEDOUT 185.199.108.133:443 ranger-build| [INFO] at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1191:14) ranger-build| [INFO] ranger-build| [INFO] Please report this full log at https://github.com/Medium/phantomjs ranger-build| [INFO] npm WARN security-admin@2.0.0 No description ranger-build| [INFO] npm WARN security-admin@2.0.0 No repository field. ranger-build| [INFO] npm WARN security-admin@2.0.0 No license field. ranger-build| [INFO] npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules/fsevents): ranger-build| [INFO] npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"}) ranger-build| [INFO] ranger-build| [INFO] npm ERR! code ELIFECYCLE ranger-build| [INFO] npm ERR! errno 1 ranger-build| [INFO] npm ERR! phantomjs-prebuilt@2.1.16 install: `node install.js` ranger-build| [INFO] npm ERR! Exit status 1 ranger-build| [INFO] npm ERR! ranger-build| [INFO] npm ERR! Failed at the phantomjs-prebuilt@2.1.16 install script. ranger-build| [INFO] npm ERR! This is probably not a problem with npm. There is likely additional logging output above. ranger-build| [INFO] ranger-build| [INFO] npm ERR! A complete log of this run can be found in: ranger-build| [INFO] npm ERR! /home/ranger/.npm/_logs/2023-11-25T19_25_13_719Z-debug.log ranger-build| [INFO] {noformat} [~mugdha.varadkar], [~ankita], [~pradeep], [~mehul] - can you please help resolve this issue? -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 73950: RANGER-3722 : Fix Test-case failure
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73950/#review226002 --- Ship it! Ship It! - Ramachandran Krishnan On April 8, 2023, 1:08 p.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73950/ > --- > > (Updated April 8, 2023, 1:08 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kirby Zhou, Abhay Kulkarni, > Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3722 > https://issues.apache.org/jira/browse/RANGER-3722 > > > Repository: ranger > > > Description > --- > > "test49importPoliciesFromFileAllowingOverride & > test50importPoliciesFromFileNotAllowingOverride" fail when maven surefire > report plugins used. > > > Diffs > - > > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > 09d55e89d > > > Diff: https://reviews.apache.org/r/73950/diff/1/ > > > Testing > --- > > Without fix: > > test49importPoliciesFromFileAllowingOverride + [ Detail ] 0.157 > ./src/test/java/org/apache/ranger/rest/importPolicy/import_policy_test_file.json > (No such file or directory) > > test50importPoliciesFromFileNotAllowingOverride + [ Detail ] 0.003 > ./src/test/java/org/apache/ranger/rest/importPolicy/import_policy_test_file.json > (No such file or directory) > > > With Fix: > test49importPoliciesFromFileAllowingOverride 0.378 > test50importPoliciesFromFileNotAllowingOverride 0.006 > > > Thanks, > > bhavik patel > >
[jira] [Created] (RANGER-4561) Adding the mechanism to eanble/disable Ranager Access logs based on property
Ramachandran created RANGER-4561: Summary: Adding the mechanism to eanble/disable Ranager Access logs based on property Key: RANGER-4561 URL: https://issues.apache.org/jira/browse/RANGER-4561 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Ramachandran Assignee: Ramachandran In the current Ranger Admin, we have enabled Ranger access logs by default. If any of the customers wants to disable, the Ranger access logs, it can not be done without making code changes.So we need to leverage this use case so that customers can disable the ranger access logs if they needed via setting properties -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4560) Ranger Roles Cache improvement to reduce DB calls to the Database
[ https://issues.apache.org/jira/browse/RANGER-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ramachandran updated RANGER-4560: - Affects Version/s: (was: 2.4.0) > Ranger Roles Cache improvement to reduce DB calls to the Database > - > > Key: RANGER-4560 > URL: https://issues.apache.org/jira/browse/RANGER-4560 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Ramachandran >Assignee: Ramachandran >Priority: Major > > How Ranger uses the Roles Cache (In-Memory) > When the lastKnownRoleVersion and rangerRoleVersionInDB are equal then return > null. Because roles have not changed since the last time > otherwise, It will fetch the roles from the Database update the cache, and > then return roles to the User/Ranger Plugins > As part of Ranger Roles Cache improvement, we have added the below logic > When the rolesVersionInDB and cachedRolesVersion are equal then return cached > RangerRoles.Because RangerRoles have not changed since the last time we > fetched > How it will improve the Ranger Roles Cache > When the user/Client(Ranger Plugin) sends the lastKnownRoleVersion as -1 or > null, Ranger Roles Cache internally check whether rolesVersionInDB and > cachedRolesVersion are equal or not ?. If it equal means, it will fetch it > from the Cache rather than fetching the roles from the database update the > cache, and then return roles to the User/Ranger Plugins -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4560) Ranger Roles Cache improvement to reduce DB calls to the Database
Ramachandran created RANGER-4560: Summary: Ranger Roles Cache improvement to reduce DB calls to the Database Key: RANGER-4560 URL: https://issues.apache.org/jira/browse/RANGER-4560 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 2.4.0 Reporter: Ramachandran Assignee: Ramachandran How Ranger uses the Roles Cache (In-Memory) When the lastKnownRoleVersion and rangerRoleVersionInDB are equal then return null. Because roles have not changed since the last time otherwise, It will fetch the roles from the Database update the cache, and then return roles to the User/Ranger Plugins As part of Ranger Roles Cache improvement, we have added the below logic When the rolesVersionInDB and cachedRolesVersion are equal then return cached RangerRoles.Because RangerRoles have not changed since the last time we fetched How it will improve the Ranger Roles Cache When the user/Client(Ranger Plugin) sends the lastKnownRoleVersion as -1 or null, Ranger Roles Cache internally check whether rolesVersionInDB and cachedRolesVersion are equal or not ?. If it equal means, it will fetch it from the Cache rather than fetching the roles from the database update the cache, and then return roles to the User/Ranger Plugins -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74757: RANGER-4438: fixed setup scripts to not require java_opts in install.properties
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74757/ --- Review request for ranger, Ankita Sinha, Abhay Kulkarni, Monika Kachhadiya, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Subhrat Chaudhary, and Velmurugan Periasamy. Bugs: RANGER-4438 https://issues.apache.org/jira/browse/RANGER-4438 Repository: ranger Description --- updated setup.sh of Ranger admin and KMS to not fail the setup when java_opts is not present in install.properties Diffs - kms/scripts/setup.sh e64c32aa1 security-admin/scripts/setup.sh ee53d873b Diff: https://reviews.apache.org/r/74757/diff/1/ Testing --- - verified that setup of Ranger admin and KMS succeed even when java_opts is not present in install.properties Thanks, Madhan Neethiraj
Review Request 74756: RANGER-4559: Migrate Ranger modules to junit5 - phase 1
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74756/ --- Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-4559 https://issues.apache.org/jira/browse/RANGER-4559 Repository: ranger Description --- This sub-task is responsible to migrate following maven sub-modules to junit5. 01. conditions-enrichers 02. credentialsbuilder 03. embeddedwebserver 04. jisql 05. ldapconfigcheck 06. ranger-atlas-plugin 07. ranger-atlas-plugin-shim 08. ranger-authn 09. ranger-common-ha 10. ranger-elasticsearch-plugin 11. ranger-elasticsearch-plugin-shim 12. ranger-hive-plugin 13. ranger-hive-plugin-shim 14. ranger-intg 15. ranger-kafka-plugin 16. ranger-kafka-plugin-shim Diffs - credentialbuilder/pom.xml c18d5585c credentialbuilder/src/test/java/org/apache/ranger/credentialapi/TestCredentialReader.java ff3ce843e credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java c9fb54c00 hive-agent/pom.xml 8a21ab81d hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 2f6f1d846 hive-agent/src/test/java/org/apache/ranger/services/hive/TestAllHiveOperationInRanger.java d424bb4fb intg/pom.xml 4654ef7f7 intg/src/test/java/org/apache/ranger/TestRangerClient.java 7da6b18a5 plugin-kafka/pom.xml 9fa913741 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java f33405a2f plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java 90bd628f8 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java 9a7d5fe83 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java e48dd2535 ranger-authn/pom.xml 4ee98f8a5 ranger-common-ha/pom.xml 2faa243e4 ranger-common-ha/src/test/java/org/apache/ranger/ha/service/TestRangerServiceServerIdSelector.java 0cd55a2a6 ranger-examples/conditions-enrichers/pom.xml 70e9c6c74 ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java 22e298df5 Diff: https://reviews.apache.org/r/74756/diff/1/ Testing --- 1. mvn clean compile package install 2. mvn clean compile package install -Psecurity-admin-react Thanks, Kishor Gollapalliwar
[jira] [Created] (RANGER-4559) Migrate Ranger modules to junit5 - phase 1
Kishor Gollapalliwar created RANGER-4559: Summary: Migrate Ranger modules to junit5 - phase 1 Key: RANGER-4559 URL: https://issues.apache.org/jira/browse/RANGER-4559 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar This sub-task is responsible to migrate following maven sub-modules to junit5. # conditions-enrichers # credentialsbuilder # embeddedwebserver # jisql # ldapconfigcheck # ranger-atlas-plugin # ranger-atlas-plugin-shim # ranger-authn # ranger-common-ha # ranger-elasticsearch-plugin # ranger-elasticsearch-plugin-shim # ranger-hive-plugin # ranger-hive-plugin-shim # ranger-intg # ranger-kafka-plugin # ranger-kafka-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4438) Read JAVA_OPTS in ranger db setup python script
[ https://issues.apache.org/jira/browse/RANGER-4438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789653#comment-17789653 ] Madhan Neethiraj commented on RANGER-4438: -- [~pradeep] - with the updates, Ranger admin setup fails when {{install.properties}} doesn't contain property {{{}java_opts{}}}. This would result in existing deployment scripts to fail, for example docker scripts under {{dev-support/ranger-docker}} fail to setup Ranger. Instead of requiring updates to existing deployment scripts, the setup script should assume empty value for java_opts. Please review the attached patch, RANGER-4438-2.patch, which addresses this issue. > Read JAVA_OPTS in ranger db setup python script > --- > > Key: RANGER-4438 > URL: https://issues.apache.org/jira/browse/RANGER-4438 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4438.patch, RANGER-4438-2.patch > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4438) Read JAVA_OPTS in ranger db setup python script
[ https://issues.apache.org/jira/browse/RANGER-4438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Madhan Neethiraj updated RANGER-4438: - Attachment: RANGER-4438-2.patch > Read JAVA_OPTS in ranger db setup python script > --- > > Key: RANGER-4438 > URL: https://issues.apache.org/jira/browse/RANGER-4438 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Pradeep Agrawal >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4438.patch, RANGER-4438-2.patch > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74755: RANGER-4558 : User is allowed to create/update sharedResource, even if the user is not zoneAdmin in the linked dataShared
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74755/#review226001 --- > 5)Expected : The current user should be zoneAdmin as well as dataShare Admin > to create/upadate shared Resource Prashant - user with one of the following privileges should be allowed to create/update/delete shared-resources in a dataShare - Datashare admin - Zone admin - Service admin - Ranger admin - Madhan Neethiraj On Nov. 24, 2023, 11:14 a.m., Prashant Satam wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74755/ > --- > > (Updated Nov. 24, 2023, 11:14 a.m.) > > > Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, > Monika Kachhadiya, Subhrat Chaudhary, and Vanita Ubale. > > > Bugs: RANGER-4558 > https://issues.apache.org/jira/browse/RANGER-4558 > > > Repository: ranger > > > Description > --- > > User should be zoneAdmin along with datashare admin of linked sharedResource > to create/update > > Steps to check >1)Create SecurityZone >2)Create dataShare link SecurityZone to it >3)Current user is only zoneAdmin not datashare admin >4)Current User is able to create/upadate shared Resource >5)Expected : The current user should be zoneAdmin as well as dataShare > Admin to create/upadate shared Resource > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidator.java > d0a1142f6 > > > Diff: https://reviews.apache.org/r/74755/diff/1/ > > > Testing > --- > > Steps to Check > 1)Create SecurityZone > 2)Create dataShare link SecurityZone to it > 3)Current user is zoneAdmin and datashare admin > 4)Current User is able to create/upadate shared Resource > > > Thanks, > > Prashant Satam > >