Re: Review Request 74839: RANGER-4658: updated GDS policy evaluation to fix handling of _any access

2024-01-18 Thread Subhrat Chaudhary via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74839/#review226142
---


Ship it!




Ship It!

- Subhrat Chaudhary


On Jan. 17, 2024, 8:11 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74839/
> ---
> 
> (Updated Jan. 17, 2024, 8:11 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Asit Vadhavkar, Abhay 
> Kulkarni, Monika Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh Mani, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4658
> https://issues.apache.org/jira/browse/RANGER-4658
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated GDS policy evaluation to handle _any access-type, similar to 
> resource/tag-based policy evaluation
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
>  dd1184a0b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsSharedResourceEvaluator.java
>  2e073bb1c 
>   
> agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
>  71ecd225a 
> 
> 
> Diff: https://reviews.apache.org/r/74839/diff/1/
> 
> 
> Testing
> ---
> 
> - updated unit tests to cover _any access-type
> - verified that all existing test cases succesfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74839: RANGER-4658: updated GDS policy evaluation to fix handling of _any access

2024-01-18 Thread Ankita Sinha 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74839/#review226143
---


Ship it!




Ship It!

- Ankita Sinha


On Jan. 17, 2024, 2:41 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74839/
> ---
> 
> (Updated Jan. 17, 2024, 2:41 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Asit Vadhavkar, Abhay 
> Kulkarni, Monika Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh Mani, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4658
> https://issues.apache.org/jira/browse/RANGER-4658
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated GDS policy evaluation to handle _any access-type, similar to 
> resource/tag-based policy evaluation
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
>  dd1184a0b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsSharedResourceEvaluator.java
>  2e073bb1c 
>   
> agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
>  71ecd225a 
> 
> 
> Diff: https://reviews.apache.org/r/74839/diff/1/
> 
> 
> Testing
> ---
> 
> - updated unit tests to cover _any access-type
> - verified that all existing test cases succesfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: Review Request 74839: RANGER-4658: updated GDS policy evaluation to fix handling of _any access

2024-01-18 Thread Monika Kachhadiya via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74839/#review226144
---


Ship it!




Ship It!

- Monika Kachhadiya


On Jan. 17, 2024, 2:41 a.m., Madhan Neethiraj wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74839/
> ---
> 
> (Updated Jan. 17, 2024, 2:41 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Asit Vadhavkar, Abhay 
> Kulkarni, Monika Kachhadiya, Pradeep Agrawal, Prashant Satam, Ramesh Mani, 
> Subhrat Chaudhary, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-4658
> https://issues.apache.org/jira/browse/RANGER-4658
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> updated GDS policy evaluation to handle _any access-type, similar to 
> resource/tag-based policy evaluation
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsPolicyEngine.java
>  dd1184a0b 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/gds/GdsSharedResourceEvaluator.java
>  2e073bb1c 
>   
> agents-common/src/test/resources/policyengine/gds/test_gds_policy_engine_hive.json
>  71ecd225a 
> 
> 
> Diff: https://reviews.apache.org/r/74839/diff/1/
> 
> 
> Testing
> ---
> 
> - updated unit tests to cover _any access-type
> - verified that all existing test cases succesfully
> 
> 
> Thanks,
> 
> Madhan Neethiraj
> 
>

Re: [PR] RANGER-4640: Trino ranger plugin for 433 snapshot [ranger]

2024-01-18 Thread via GitHub 


shreyas-dview commented on PR #291:
URL: https://github.com/apache/ranger/pull/291#issuecomment-1898136958

   @mneethiraj  removed ranger-3.0.0-SNAPSHOT-trino-plugin.tar.gz, thanks for 
pointing that out.
   
   Would 17 be the minimum JDK version after this patch? -> if you look at 
pom.xml changes I have removed trino-plugin from default and jdk-11 profile , 
so if anyone wants to build trino-plugin they have to use -Pranger-jdk17 
profile 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[jira] [Updated] (RANGER-4659) Add eye icon for password visibility in Ranger Login Page

2024-01-18 Thread Brijesh Bhalala (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brijesh Bhalala updated RANGER-4659:

Attachment: 0001-RANGER-4659.patch

> Add eye icon for password visibility in Ranger Login Page
> -
>
> Key: RANGER-4659
> URL: https://issues.apache.org/jira/browse/RANGER-4659
> Project: Ranger
>  Issue Type: Improvement
>  Components: Ranger
>Reporter: Brijesh Bhalala
>Assignee: Brijesh Bhalala
>Priority: Major
>  Labels: ranger-react
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4659.patch
>
>
> Add eye icon for password visibility in Ranger Login Page
> {*}Current Behaviour{*}:-
>  * The Ranger login page doesn't have the password visibility functionality.
>  * Users can't check the entered password, in case of wrong password.
> User should able to view the entered password by clicking on eye icon on 
> password field in Ranger Login page.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4663) Though tag service is selected while creating new service , it will get override with the new tag service created

2024-01-18 Thread Vanita Shankar Ubale (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vanita Shankar Ubale updated RANGER-4663:
-
Attachment: Screenshot from 2024-01-18 18-02-04.png

> Though tag service is selected while creating new service , it will get 
> override with the new tag service created
> -
>
> Key: RANGER-4663
> URL: https://issues.apache.org/jira/browse/RANGER-4663
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Vanita Shankar Ubale
>Priority: Major
> Attachments: Screenshot from 2024-01-18 18-02-04.png
>
>
> *Steps to Create:*
>  # Create new service in any repo
>  # While creating service select existing tag service 
>  # Confirm that service gets created successfully and it is linked with tag 
> service selected in step 2
>  # Confirm that no new tag service gets created other than existing service
> *Expected:*
>  # Service should get created successfully and tag service should get link to 
> it
>  # No new tag service should get created
> *Actual:*
>  # New tag service gets created for each new service created
>  # Though tag service is selected while creating service , it gets override 
> with the newly created tag service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (RANGER-4663) Though tag service is selected while creating new service , it will get override with the new tag service created

2024-01-18 Thread Vanita Shankar Ubale (Jira) 
Vanita Shankar Ubale created RANGER-4663:


 Summary: Though tag service is selected while creating new service 
, it will get override with the new tag service created
 Key: RANGER-4663
 URL: https://issues.apache.org/jira/browse/RANGER-4663
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Reporter: Vanita Shankar Ubale
 Attachments: Screenshot from 2024-01-18 18-02-04.png

*Steps to Create:*
 # Create new service in any repo
 # While creating service select existing tag service 
 # Confirm that service gets created successfully and it is linked with tag 
service selected in step 2
 # Confirm that no new tag service gets created other than existing service

*Expected:*
 # Service should get created successfully and tag service should get link to it
 # No new tag service should get created

*Actual:*
 # New tag service gets created for each new service created
 # Though tag service is selected while creating service , it gets override 
with the newly created tag service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4663) Though tag service is selected while creating new service , it will get override with the new tag service created

2024-01-18 Thread Vanita Shankar Ubale (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vanita Shankar Ubale updated RANGER-4663:
-
Attachment: (was: Screenshot from 2024-01-18 18-02-04.png)

> Though tag service is selected while creating new service , it will get 
> override with the new tag service created
> -
>
> Key: RANGER-4663
> URL: https://issues.apache.org/jira/browse/RANGER-4663
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Vanita Shankar Ubale
>Assignee: Siddhesh Phatak
>Priority: Major
>
> *Steps to Create:*
>  # Create new service in any repo
>  # While creating service select existing tag service 
>  # Confirm that service gets created successfully and it is linked with tag 
> service selected in step 2
>  # Confirm that no new tag service gets created other than existing service
> *Expected:*
>  # Service should get created successfully and tag service should get link to 
> it
>  # No new tag service should get created
> *Actual:*
>  # New tag service gets created for each new service created
>  # Though tag service is selected while creating service , it gets override 
> with the newly created tag service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-4663) Though tag service is selected while creating new service , it will get override with the new tag service created

2024-01-18 Thread Vanita Shankar Ubale (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vanita Shankar Ubale reassigned RANGER-4663:


Assignee: Siddhesh Phatak

> Though tag service is selected while creating new service , it will get 
> override with the new tag service created
> -
>
> Key: RANGER-4663
> URL: https://issues.apache.org/jira/browse/RANGER-4663
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Reporter: Vanita Shankar Ubale
>Assignee: Siddhesh Phatak
>Priority: Major
>
> *Steps to Create:*
>  # Create new service in any repo
>  # While creating service select existing tag service 
>  # Confirm that service gets created successfully and it is linked with tag 
> service selected in step 2
>  # Confirm that no new tag service gets created other than existing service
> *Expected:*
>  # Service should get created successfully and tag service should get link to 
> it
>  # No new tag service should get created
> *Actual:*
>  # New tag service gets created for each new service created
>  # Though tag service is selected while creating service , it gets override 
> with the newly created tag service



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Re: Review Request 74840: RANGER-4660: While creating service, ranger logs show error if service name does not have underscore ('_') in it.

2024-01-18 Thread Siddhesh Phatak 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74840/
---

(Updated Jan. 18, 2024, 5:10 p.m.)


Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, and Subhrat Chaudhary.


Changes
---

Using linkedServiceType as tag service name, when the resource service name 
does not have _ in it.


Bugs: RANGER-4660
https://issues.apache.org/jira/browse/RANGER-4660


Repository: ranger


Description
---

When we create a service, a linked tag service also gets created for the same. 
While doing so, ranger generates a name for the tag service based on the 
service name. In this, ranger replaces word after the last underscore with 
'tag'. If the name does not contain any underscore, it returns null. Due to 
this, ranger tries to create a tag service with name null. This causes errors 
and service creation takes lot of time because of this.


Diffs (updated)
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
f9fd4941e 


Diff: https://reviews.apache.org/r/74840/diff/2/

Changes: https://reviews.apache.org/r/74840/diff/1-2/


Testing
---

After the changes, created service mytestknox and a tag service mytestknox_tag 
also got created successfully.
Steps to check
1) On ranger UI, click on add new service.
2) Service should get created successfully.
3) Click on tag tab. A tag service associated with our created service will be 
also creted.


Thanks,

Siddhesh Phatak

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

2024-01-18 Thread Ramesh Mani 


> On Jan. 10, 2024, 7:46 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
> > Lines 394 (patched)
> > 
> >
> > If there are many resource-evaluators, this will return false. Is that 
> > expected? Please review.

yes this is expected, same is done for exact match also.


> On Jan. 10, 2024, 7:46 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
> > Lines 403 (patched)
> > 
> >
> > Is the null check for the resourceValue needed here? In both cases, it 
> > is executing the same logic (lines 404 and 406. Please review.
> > 
> > Please consider if line 406 needs to be 
> > 
> > ret = matcher == null && matcher.isSomeMatch( resourceValue, 
> > evalContext);

This condition work as required, so no change needed. Suggetion will result in 
NPE.


> On Jan. 10, 2024, 7:46 p.m., Abhay Kulkarni wrote:
> > agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
> > Lines 276 (patched)
> > 
> >
> > Please review if this condition is correct. The first part of the 
> > condition may not be needed.
> > 
> > Can this condition be replaced with
> > 
> > ret = policyValues.containsAny(resValues);
> > 
> > ?

policyValues is a List, so will use isPolicyResourceContains(policyValues, 
resValues) method


- Ramesh


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74825/#review226124
---


On Jan. 17, 2024, 8:32 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74825/
> ---
> 
> (Updated Jan. 17, 2024, 8:32 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-4638
> https://issues.apache.org/jira/browse/RANGER-4638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-4638:Multiple Columns Revoke not generating policies with correct 
> number of columns
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  7fe2a2eb3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  0a14b387a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  f16157ce6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
>  e1cd89b70 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
>  5eee8d11a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
>  ec22e01bf 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceisCompleteOrSomeMatchMatcher.java
>  PRE-CREATION 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresource_isCompleteOrSomeMatch_matcher.json
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
> 15a1e7118 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> 84ee31ba2 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cc9df27d6 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java 
> 60e34c0c7 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> a630e575b 
> 
> 
> Diff: https://reviews.apache.org/r/74825/diff/2/
> 
> 
> Testing
> ---
> 
> Impala / Hive beeline.
> 
> 1) "grant select(col1, col2, col3)  on table demo.test  to role Role1"  => 
> Create a Grant Policy for the given resource in Hadoop Sql
>
> 
> 2) "grant select(col1, col2, col3, col4)  on table demo.test  to role Role1"  
> => updates the policy created in #1 with new col4 resource
> 
>  if  "revoke select(col1, col2, col3, col4) on table demo.test from role 
> Role1" is done => Since all the columns are revoked for Select, we update the 
> policy created in #1 with no policy Item for it.
>  if  "revoke select(col1, col2, col3) on table demo.test from role Role1" 
> is done => policy created in #1 will be updated to remove col1,col2,col3 from 
> the polic

Review Request 74844: RANGER-4663: New tag service will not be created if a tag service is selected while creating a resource service.

2024-01-18 Thread Siddhesh Phatak 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74844/
---

Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika 
Kachhadiya, Prashant Satam, Subhrat Chaudhary, and Vanita Ubale.


Bugs: RANGER-4663
https://issues.apache.org/jira/browse/RANGER-4663


Repository: ranger


Description
---

If a tag service is selected while creating a resource service, a new tag 
service should not be created for this resource service. This has been fixed by 
adding the condition to check if user has selected tag service or not.


Diffs
-

  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
f9fd4941e 


Diff: https://reviews.apache.org/r/74844/diff/1/


Testing
---

Following cases have been tested and working as expected.
Case 1: 
1) Create a service in ranger
2) Do not select tag service.
3) A resource service will be created, a new tag service will also get created 
and it will be linked to the resource service.

Case 2: 
1) Create a resource service in ranger.
2) Select a tag service for it.
3) A resource service will get created, a new tag service will not get created 
and the selected tag service will be linked to the resource service.


Thanks,

Siddhesh Phatak

Re: Review Request 74825: RANGER-4638:Multiple Columns Revoke not generating policies with correct number of columns

2024-01-18 Thread Abhay Kulkarni 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74825/#review226146
---




security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java
Line 435 (original), 435 (patched)


If rangerAccessRequest contains exactly the same resource(s) specified in 
the GrantRevokeRequest, the call to getLikeMatchPolicyEvaluators() will not get 
all potentially matching policies. Please see if the resource to be searched 
needs to be one-level higher in the hierarchy. (if the resource in 
GrantRevokeRequest is a column, then the argument to 
getLikelyMatchPolicyEvaluators need to be the table(s) in which the columns may 
appear). Please review.



security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Lines 1282 (patched)


This code (and at line 1399) seems to process only the first policy in the 
list of complete or partially matched policies. Elsewhere (line 1602) all 
policies are processed. Please review.



security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
Line 968 (original), 946 (patched)


grantResources ==> revokeResources? or
getRevokedResources() => getGrantedResources()?



security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
Lines 1032 (patched)


Is the test for the sizes of the policyResources and revokedResources 
necessary? Only exclusion seems to be when the sizes of these collections is 
equal. Please review.


- Abhay Kulkarni


On Jan. 17, 2024, 8:32 a.m., Ramesh Mani wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74825/
> ---
> 
> (Updated Jan. 17, 2024, 8:32 a.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, 
> Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-4638
> https://issues.apache.org/jira/browse/RANGER-4638
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> RANGER-4638:Multiple Columns Revoke not generating policies with correct 
> number of columns
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  7fe2a2eb3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
>  0a14b387a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  f16157ce6 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerPolicyResourceMatcher.java
>  e1cd89b70 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java
>  5eee8d11a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java
>  ec22e01bf 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceisCompleteOrSomeMatchMatcher.java
>  PRE-CREATION 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresource_isCompleteOrSomeMatch_matcher.json
>  PRE-CREATION 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdmin.java 
> 15a1e7118 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyAdminImpl.java 
> 84ee31ba2 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> cc9df27d6 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java 
> 60e34c0c7 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> a630e575b 
> 
> 
> Diff: https://reviews.apache.org/r/74825/diff/2/
> 
> 
> Testing
> ---
> 
> Impala / Hive beeline.
> 
> 1) "grant select(col1, col2, col3)  on table demo.test  to role Role1"  => 
> Create a Grant Policy for the given resource in Hadoop Sql
>
> 
> 2) "grant select(col1, col2, col3, col4)  on table demo.test  to role Role1"  
> => updates the policy created in #1 with new col4 resource
> 
>  if  "revoke select(col1, col2, col3, col4) on table demo.test from role 
> Role1" is done => Since all the columns are revoked for Select, we update the 
> policy created in #1 with no policy Item for it.
>  if  "revoke select(col1, col2, col3) on table demo.test from role Role1" 
> is done => policy created in #1 will be updated to remove col1,col2,col3 from 
> the policy to revoke the access.
>  
> 3) If "revoke select(col1, col2, col3, col4) on table demo.test from role 
> Role1" found 2 Matching polcies,  say 1

Re: Review Request 74844: RANGER-4663: New tag service will not be created if a tag service is selected while creating a resource service.

2024-01-18 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74844/#review226147
---


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 18, 2024, 5:21 p.m., Siddhesh Phatak wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74844/
> ---
> 
> (Updated Jan. 18, 2024, 5:21 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, Subhrat Chaudhary, and Vanita Ubale.
> 
> 
> Bugs: RANGER-4663
> https://issues.apache.org/jira/browse/RANGER-4663
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> If a tag service is selected while creating a resource service, a new tag 
> service should not be created for this resource service. This has been fixed 
> by adding the condition to check if user has selected tag service or not.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f9fd4941e 
> 
> 
> Diff: https://reviews.apache.org/r/74844/diff/1/
> 
> 
> Testing
> ---
> 
> Following cases have been tested and working as expected.
> Case 1: 
> 1) Create a service in ranger
> 2) Do not select tag service.
> 3) A resource service will be created, a new tag service will also get 
> created and it will be linked to the resource service.
> 
> Case 2: 
> 1) Create a resource service in ranger.
> 2) Select a tag service for it.
> 3) A resource service will get created, a new tag service will not get 
> created and the selected tag service will be linked to the resource service.
> 
> 
> Thanks,
> 
> Siddhesh Phatak
> 
>

Re: Review Request 74844: RANGER-4663: New tag service will not be created if a tag service is selected while creating a resource service.

2024-01-18 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74844/#review226148
---




security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
Line 767 (original), 767 (patched)


This would skip creation of specified tag service (service.getTagService()) 
as well. This doesn't look correct. Consider updating the logic that derives 
tag service name from resource service name - to use service.getTagService() 
when it is not blank.


- Madhan Neethiraj


On Jan. 18, 2024, 5:21 p.m., Siddhesh Phatak wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74844/
> ---
> 
> (Updated Jan. 18, 2024, 5:21 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, Subhrat Chaudhary, and Vanita Ubale.
> 
> 
> Bugs: RANGER-4663
> https://issues.apache.org/jira/browse/RANGER-4663
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> If a tag service is selected while creating a resource service, a new tag 
> service should not be created for this resource service. This has been fixed 
> by adding the condition to check if user has selected tag service or not.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f9fd4941e 
> 
> 
> Diff: https://reviews.apache.org/r/74844/diff/1/
> 
> 
> Testing
> ---
> 
> Following cases have been tested and working as expected.
> Case 1: 
> 1) Create a service in ranger
> 2) Do not select tag service.
> 3) A resource service will be created, a new tag service will also get 
> created and it will be linked to the resource service.
> 
> Case 2: 
> 1) Create a resource service in ranger.
> 2) Select a tag service for it.
> 3) A resource service will get created, a new tag service will not get 
> created and the selected tag service will be linked to the resource service.
> 
> 
> Thanks,
> 
> Siddhesh Phatak
> 
>

Re: Review Request 74840: RANGER-4660: While creating service, ranger logs show error if service name does not have underscore ('_') in it.

2024-01-18 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74840/#review226149
---


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 18, 2024, 5:10 p.m., Siddhesh Phatak wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74840/
> ---
> 
> (Updated Jan. 18, 2024, 5:10 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4660
> https://issues.apache.org/jira/browse/RANGER-4660
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When we create a service, a linked tag service also gets created for the 
> same. While doing so, ranger generates a name for the tag service based on 
> the service name. In this, ranger replaces word after the last underscore 
> with 'tag'. If the name does not contain any underscore, it returns null. Due 
> to this, ranger tries to create a tag service with name null. This causes 
> errors and service creation takes lot of time because of this.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f9fd4941e 
> 
> 
> Diff: https://reviews.apache.org/r/74840/diff/2/
> 
> 
> Testing
> ---
> 
> After the changes, created service mytestknox and a tag service 
> mytestknox_tag also got created successfully.
> Steps to check
> 1) On ranger UI, click on add new service.
> 2) Service should get created successfully.
> 3) Click on tag tab. A tag service associated with our created service will 
> be also creted.
> 
> 
> Thanks,
> 
> Siddhesh Phatak
> 
>

Re: [PR] RANGER-4640: Trino ranger plugin for 433 snapshot [ranger]

2024-01-18 Thread via GitHub 


mneethiraj commented on PR #291:
URL: https://github.com/apache/ranger/pull/291#issuecomment-1899216773

   > if you look at pom.xml changes I have removed trino-plugin from default 
and jdk-11 profile , so if anyone wants to build trino-plugin they have to use 
-Pranger-jdk17 profile
   
   @shreyas-dview  - build fails with the following error due to changes to 
agents-common module. Can you please review and update?
   
   > [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ 
ranger-plugins-common ---
   > [INFO] Compiling 250 source files to 
/home/build/Apache/git/ranger/agents-common/target/classes
   > [INFO] -
   > [ERROR] COMPILATION ERROR :
   > [INFO] -
   > [ERROR] 
/home/build/Apache/git/ranger/agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java:[26,40]
 error: cannot access ClassFilter
   > [INFO] 1 error
   > [INFO] -


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: Review Request 74840: RANGER-4660: While creating service, ranger logs show error if service name does not have underscore ('_') in it.

2024-01-18 Thread Ankita Sinha 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74840/#review226150
---


Ship it!




Ship It!

- Ankita Sinha


On Jan. 18, 2024, 5:10 p.m., Siddhesh Phatak wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74840/
> ---
> 
> (Updated Jan. 18, 2024, 5:10 p.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Subhrat Chaudhary.
> 
> 
> Bugs: RANGER-4660
> https://issues.apache.org/jira/browse/RANGER-4660
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When we create a service, a linked tag service also gets created for the 
> same. While doing so, ranger generates a name for the tag service based on 
> the service name. In this, ranger replaces word after the last underscore 
> with 'tag'. If the name does not contain any underscore, it returns null. Due 
> to this, ranger tries to create a tag service with name null. This causes 
> errors and service creation takes lot of time because of this.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> f9fd4941e 
> 
> 
> Diff: https://reviews.apache.org/r/74840/diff/2/
> 
> 
> Testing
> ---
> 
> After the changes, created service mytestknox and a tag service 
> mytestknox_tag also got created successfully.
> Steps to check
> 1) On ranger UI, click on add new service.
> 2) Service should get created successfully.
> 3) Click on tag tab. A tag service associated with our created service will 
> be also creted.
> 
> 
> Thanks,
> 
> Siddhesh Phatak
> 
>

[jira] [Created] (RANGER-4664) SQL Exception is thrown, if resource is null in POST sharedResource API

2024-01-18 Thread Subhrat Chaudhary (Jira) 
Subhrat Chaudhary created RANGER-4664:
-

 Summary: SQL Exception is thrown, if resource is null in POST 
sharedResource API
 Key: RANGER-4664
 URL: https://issues.apache.org/jira/browse/RANGER-4664
 Project: Ranger
  Issue Type: Bug
  Components: admin
Reporter: Subhrat Chaudhary


 

If resource is not passed in sharedResource request body (POST API 
/service/gds/resource):

 
{code:java}
{
    "name": "SHR4",
    "dataShareId": 5,
    "resource": { }
}{code}
 

Following error is received:

 
{code:java}
{
    "statusCode": 1,
    "msgDesc": "Exception [EclipseLink-4002] (Eclipse Persistence Services - 
2.7.12.v20230209-e5c4074ef3): 
org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: 
java.sql.SQLIntegrityConstraintViolationException: (conn=106) Column 'resource' 
cannot be null\nError Code: 1048\nCall: INSERT INTO x_gds_shared_resource 
(access_types, ADDED_BY_ID, additional_info, condition_expr, CREATE_TIME, 
data_share_id, description, guid, is_enabled, name, options, profiles, 
resource, resource_signature, row_filter, sub_resource, sub_resource_masks, 
sub_resource_type, UPDATE_TIME, UPD_BY_ID, version) VALUES (?, ?, ?, ?, ?, ?, 
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\n\tbind => [21 parameters 
bound]\nQuery: ValueReadQuery(name=\"X_GDS_SHARED_RESOURCE_SEQ\" sql=\"SELECT 
LAST_INSERT_ID()\")"
}{code}
Ideally in response, HTTP Status code 400 (Bad request) should be thrown with 
custom error message.

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-4664) SQL Exception is thrown, if resource is null in POST sharedResource API

2024-01-18 Thread Subhrat Chaudhary (Jira) 


 [ 
https://issues.apache.org/jira/browse/RANGER-4664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Subhrat Chaudhary reassigned RANGER-4664:
-

Assignee: Subhrat Chaudhary

> SQL Exception is thrown, if resource is null in POST sharedResource API
> ---
>
> Key: RANGER-4664
> URL: https://issues.apache.org/jira/browse/RANGER-4664
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
>
>  
> If resource is not passed in sharedResource request body (POST API 
> /service/gds/resource):
>  
> {code:java}
> {
>     "name": "SHR4",
>     "dataShareId": 5,
>     "resource": { }
> }{code}
>  
> Following error is received:
>  
> {code:java}
> {
>     "statusCode": 1,
>     "msgDesc": "Exception [EclipseLink-4002] (Eclipse Persistence Services - 
> 2.7.12.v20230209-e5c4074ef3): 
> org.eclipse.persistence.exceptions.DatabaseException\nInternal Exception: 
> java.sql.SQLIntegrityConstraintViolationException: (conn=106) Column 
> 'resource' cannot be null\nError Code: 1048\nCall: INSERT INTO 
> x_gds_shared_resource (access_types, ADDED_BY_ID, additional_info, 
> condition_expr, CREATE_TIME, data_share_id, description, guid, is_enabled, 
> name, options, profiles, resource, resource_signature, row_filter, 
> sub_resource, sub_resource_masks, sub_resource_type, UPDATE_TIME, UPD_BY_ID, 
> version) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 
> ?)\n\tbind => [21 parameters bound]\nQuery: 
> ValueReadQuery(name=\"X_GDS_SHARED_RESOURCE_SEQ\" sql=\"SELECT 
> LAST_INSERT_ID()\")"
> }{code}
> Ideally in response, HTTP Status code 400 (Bad request) should be thrown with 
> custom error message.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)