[jira] [Commented] (RANGER-4506) Illegal read lock usage in getMetadata/getKeyVersion
[
https://issues.apache.org/jira/browse/RANGER-4506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17824276#comment-17824276
]
Vikas Kumar commented on RANGER-4506:
-
Hi [~jianchun] , I am analysing this.
> Illegal read lock usage in getMetadata/getKeyVersion
>
>
> Key: RANGER-4506
> URL: https://issues.apache.org/jira/browse/RANGER-4506
> Project: Ranger
> Issue Type: Bug
> Components: kms
>Reporter: Jianchun Xu
>Assignee: Vikas Kumar
>Priority: Major
>
> RangerKeyStoreProvider illegally writes to key store under Read lock. This
> happens in both getMetadata and getKeyVersion.
> E.g. in following getKeyVersion, under Read lock, the code calls
> `dbStore.engineLoad(null, masterKey)` which reloads all the keys. Since
> multiple threads can hold the Read lock, multiple threads can enter and
> reload all the keys. Thus the 2nd `dbStore.engineContainsAlias(versionName)`
> test and following `dbStore.engineGetDecryptedZoneKeyByte(versionName)` can
> both get wrong result if another thread is reloading keys.
> [https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L331]
> {code:java}
> @Override
> public KeyVersion getKeyVersion(String versionName) throws IOException {
> if (logger.isDebugEnabled()) {
> logger.debug("==> getKeyVersion({})", versionName);
> }
> KeyVersion ret = null;
> try (AutoClosableReadLock ignored = new AutoClosableReadLock(lock)) {
> if (keyVaultEnabled) {
> try {
> boolean versionNameExists =
> dbStore.engineContainsAlias(versionName);
> if (!versionNameExists) {
> dbStore.engineLoad(null, masterKey);
> versionNameExists =
> dbStore.engineContainsAlias(versionName);
> }
> if (versionNameExists) {
> byte[] decryptKeyByte;
> try {
> decryptKeyByte =
> dbStore.engineGetDecryptedZoneKeyByte(versionName);
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4506) Illegal read lock usage in getMetadata/getKeyVersion
[
https://issues.apache.org/jira/browse/RANGER-4506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vikas Kumar reassigned RANGER-4506:
---
Assignee: Vikas Kumar
> Illegal read lock usage in getMetadata/getKeyVersion
>
>
> Key: RANGER-4506
> URL: https://issues.apache.org/jira/browse/RANGER-4506
> Project: Ranger
> Issue Type: Bug
> Components: kms
>Reporter: Jianchun Xu
>Assignee: Vikas Kumar
>Priority: Major
>
> RangerKeyStoreProvider illegally writes to key store under Read lock. This
> happens in both getMetadata and getKeyVersion.
> E.g. in following getKeyVersion, under Read lock, the code calls
> `dbStore.engineLoad(null, masterKey)` which reloads all the keys. Since
> multiple threads can hold the Read lock, multiple threads can enter and
> reload all the keys. Thus the 2nd `dbStore.engineContainsAlias(versionName)`
> test and following `dbStore.engineGetDecryptedZoneKeyByte(versionName)` can
> both get wrong result if another thread is reloading keys.
> [https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L331]
> {code:java}
> @Override
> public KeyVersion getKeyVersion(String versionName) throws IOException {
> if (logger.isDebugEnabled()) {
> logger.debug("==> getKeyVersion({})", versionName);
> }
> KeyVersion ret = null;
> try (AutoClosableReadLock ignored = new AutoClosableReadLock(lock)) {
> if (keyVaultEnabled) {
> try {
> boolean versionNameExists =
> dbStore.engineContainsAlias(versionName);
> if (!versionNameExists) {
> dbStore.engineLoad(null, masterKey);
> versionNameExists =
> dbStore.engineContainsAlias(versionName);
> }
> if (versionNameExists) {
> byte[] decryptKeyByte;
> try {
> decryptKeyByte =
> dbStore.engineGetDecryptedZoneKeyByte(versionName);
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4076) Support Java 17 for build and runtime
[ https://issues.apache.org/jira/browse/RANGER-4076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rakesh Gupta reassigned RANGER-4076: Assignee: Rakesh Gupta > Support Java 17 for build and runtime > - > > Key: RANGER-4076 > URL: https://issues.apache.org/jira/browse/RANGER-4076 > Project: Ranger > Issue Type: New Feature > Components: admin, build-infra >Reporter: Andrew Luo >Assignee: Rakesh Gupta >Priority: Major > Attachments: > 0001-RANGER-4076-Support-Java-17-for-build-and-runtime.patch > > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
[
https://issues.apache.org/jira/browse/RANGER-4739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Gupta updated RANGER-4739:
-
Parent: RANGER-4076
Issue Type: Sub-task (was: Bug)
> Unit test failures in KnoxRangerTest for JDK 17
> ---
>
> Key: RANGER-4739
> URL: https://issues.apache.org/jira/browse/RANGER-4739
> Project: Ranger
> Issue Type: Sub-task
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
>
> Build in master branch (mvn clean compile package install) fails due to
> KnoxRangerTest class:
> {code:java}
> ERROR Error in generating certificate: java.lang.IllegalAccessException:
> class org.apache.knox.gateway.util.X509CertificateUtil cannot access class
> sun.security.x509.X509CertInfo (in module java.base) because module java.base
> does not export sun.security.x509 to unnamed module @148080bb
> java.lang.IllegalAccessException: class
> org.apache.knox.gateway.util.X509CertificateUtil cannot access class
> sun.security.x509.X509CertInfo (in module java.base) because module java.base
> does not export sun.security.x509 to unnamed module @148080bb
> at
> java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392)
> at
> java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674)
> at
> java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
> at
> org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
> at
> org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at
> org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
> at
> org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
> at
> org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
> [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266
> s <<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest
> [ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s
> <<< ERROR!
> java.lang.NullPointerException: Cannot invoke
> "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
> at
> java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190)
> at java.base/java.security.KeyStore.store(KeyStore.java:1404)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
> at
> org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at
> org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
> at
> org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
> at
> org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> [INFO]
> [INFO] Results:
> [INFO]
> [ERROR] Errors:
> [ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke
> "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
> [INFO]
> [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
> {code}
> Even after handling above JDK 17 error through config "--add-exports
> java.base/sun.security.x509=ALL-UNNAMED" , its give Error
> {code:java}
> ERROR Error in generating certificate: java.lang.NoSuchFieldException:
> md5WithRSAEncryption_oid
> java.lang.NoSuchFieldException: md5WithRSAEncryption_oid
> at
[jira] [Updated] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
[
https://issues.apache.org/jira/browse/RANGER-4739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rakesh Gupta updated RANGER-4739:
-
Issue Type: Bug (was: Improvement)
> Unit test failures in KnoxRangerTest for JDK 17
> ---
>
> Key: RANGER-4739
> URL: https://issues.apache.org/jira/browse/RANGER-4739
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
>
> Build in master branch (mvn clean compile package install) fails due to
> KnoxRangerTest class:
> {code:java}
> ERROR Error in generating certificate: java.lang.IllegalAccessException:
> class org.apache.knox.gateway.util.X509CertificateUtil cannot access class
> sun.security.x509.X509CertInfo (in module java.base) because module java.base
> does not export sun.security.x509 to unnamed module @148080bb
> java.lang.IllegalAccessException: class
> org.apache.knox.gateway.util.X509CertificateUtil cannot access class
> sun.security.x509.X509CertInfo (in module java.base) because module java.base
> does not export sun.security.x509 to unnamed module @148080bb
> at
> java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392)
> at
> java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674)
> at
> java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
> at
> org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
> at
> org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at
> org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
> at
> org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
> at
> org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
> [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266
> s <<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest
> [ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s
> <<< ERROR!
> java.lang.NullPointerException: Cannot invoke
> "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
> at
> java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190)
> at java.base/java.security.KeyStore.store(KeyStore.java:1404)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
> at
> org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
> at
> org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at
> org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
> at
> org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
> at
> org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> [INFO]
> [INFO] Results:
> [INFO]
> [ERROR] Errors:
> [ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke
> "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
> [INFO]
> [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
> {code}
> Even after handling above JDK 17 error through config "--add-exports
> java.base/sun.security.x509=ALL-UNNAMED" , its give Error
> {code:java}
> ERROR Error in generating certificate: java.lang.NoSuchFieldException:
> md5WithRSAEncryption_oid
> java.lang.NoSuchFieldException: md5WithRSAEncryption_oid
> at java.base/java.lang.Class.getDeclaredField(Class.java:2610)
> at
>
[jira] [Assigned] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
[ https://issues.apache.org/jira/browse/RANGER-4740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Kumar reassigned RANGER-4740: -- Assignee: Abhishek Kumar > [docker]: Add support for elasticsearch and de-couple solr from ranger > compose file > --- > > Key: RANGER-4740 > URL: https://issues.apache.org/jira/browse/RANGER-4740 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > > Currently, ranger compose file depends on solr to start up, proposal is to > separate out solr into a new compose file, add support for elastic search and > drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
Abhishek Kumar created RANGER-4740: -- Summary: [docker]: Add support for elasticsearch and de-couple solr from ranger compose file Key: RANGER-4740 URL: https://issues.apache.org/jira/browse/RANGER-4740 Project: Ranger Issue Type: Improvement Components: admin, Ranger Reporter: Abhishek Kumar Currently, ranger compose file depends on solr to start up, proposal is to separate out solr into a new compose file, add support for elastic search and drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
[ https://issues.apache.org/jira/browse/RANGER-4740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Kumar updated RANGER-4740: --- Affects Version/s: 2.4.0 > [docker]: Add support for elasticsearch and de-couple solr from ranger > compose file > --- > > Key: RANGER-4740 > URL: https://issues.apache.org/jira/browse/RANGER-4740 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Affects Versions: 2.4.0 >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > > Currently, ranger compose file depends on solr to start up, proposal is to > separate out solr into a new compose file, add support for elastic search and > drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
Rakesh Gupta created RANGER-4739:
Summary: Unit test failures in KnoxRangerTest for JDK 17
Key: RANGER-4739
URL: https://issues.apache.org/jira/browse/RANGER-4739
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Rakesh Gupta
Assignee: Rakesh Gupta
Build in master branch (mvn clean compile package install) fails due to
KnoxRangerTest class:
{code:java}
ERROR Error in generating certificate: java.lang.IllegalAccessException: class
org.apache.knox.gateway.util.X509CertificateUtil cannot access class
sun.security.x509.X509CertInfo (in module java.base) because module java.base
does not export sun.security.x509 to unnamed module @148080bb
java.lang.IllegalAccessException: class
org.apache.knox.gateway.util.X509CertificateUtil cannot access class
sun.security.x509.X509CertInfo (in module java.base) because module java.base
does not export sun.security.x509 to unnamed module @148080bb
at
java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392)
at
java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674)
at
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489)
at
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
at
org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
at
org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
at
org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
at
org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
at
org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266 s
<<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest
[ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s
<<< ERROR!
java.lang.NullPointerException: Cannot invoke
"java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
at
java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606)
at
java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190)
at java.base/java.security.KeyStore.store(KeyStore.java:1404)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160)
at
org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
at
org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104)
at
org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162)
at
org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
[INFO]
[INFO] Results:
[INFO]
[ERROR] Errors:
[ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke
"java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null
[INFO]
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
{code}
Even after handling above JDK 17 error through config "--add-exports
java.base/sun.security.x509=ALL-UNNAMED" , its give Error
{code:java}
ERROR Error in generating certificate: java.lang.NoSuchFieldException:
md5WithRSAEncryption_oid
java.lang.NoSuchFieldException: md5WithRSAEncryption_oid
at java.base/java.lang.Class.getDeclaredField(Class.java:2610)
at
org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:146)
at
org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186)
at
Re: Review Request 74854: RANGER-4672: Tagsync log file name is not containing hostname and user
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74854/#review226293 --- Ship it! Ship It! - bhavik patel On Jan. 24, 2024, 9:52 a.m., Himanshu Maurya wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74854/ > --- > > (Updated Jan. 24, 2024, 9:52 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, > Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4672 > https://issues.apache.org/jira/browse/RANGER-4672 > > > Repository: ranger > > > Description > --- > > Ranger admin and usersync logs file name is containing hostname and user but > tagsync is missing that > > > Diffs > - > > tagsync/conf.dist/logback.xml c1a94fee4 > tagsync/scripts/ranger-tagsync-services.sh 460c4a130 > > > Diff: https://reviews.apache.org/r/74854/diff/1/ > > > Testing > --- > > Checked the ranger-tagsync log files it is created with correct hostname and > user > > > Thanks, > > Himanshu Maurya > >
Re: Review Request 74926: RANGER-4076: Support Java 17 for build and runtime
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74926/#review226292 --- After starting the server have checked the catalina and ranger admin login file? - bhavik patel On March 5, 2024, 7:10 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74926/ > --- > > (Updated March 5, 2024, 7:10 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4076 > https://issues.apache.org/jira/browse/RANGER-4076 > > > Repository: ranger > > > Description > --- > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. > > This patch enables manual and Docker-based build of Apache Ranger. It ensures > compatibility with Java 8, Java 11, and Java 17 for both build and runtime > environments. > (I encountered a TestCase Failure in the KnoxRangerTest class, so currently I > had excluded that class from jdk17 build) > > > Diffs > - > > agents-common/pom.xml 12e093f78 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java > 512d8d3ca > > agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java > db620df92 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java > 8d76c1d81 > dev-support/ranger-docker/.env 60bc4a9f2 > dev-support/ranger-docker/Dockerfile.ranger-build 9a192f152 > dev-support/ranger-docker/docker-compose.ranger-build.yml 3dd4a4a06 > distro/src/main/assembly/admin-web.xml 245d9ca09 > docs/src/site/resources/index.js bb876f28d > hdfs-agent/pom.xml dece8f46f > kms/pom.xml 2739bb81a > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java > 7188b19b2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java > b6fc32950 > plugin-nestedstructure/pom.xml 0e208f99c > > plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java > 77767767c > > plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java > 9cb161b8d > pom.xml cec2390f2 > ranger-tools/pom.xml cac8d7ba3 > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > 187d20227 > security-admin/pom.xml fc59287d0 > > > Diff: https://reviews.apache.org/r/74926/diff/1/ > > > Testing > --- > > This patch has been successfully tested and verified with Java versions 8, > 11, and 17. The verification process included both manual and Docker setup. > Now we are able to build and run on same jdk. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74897: RANGER-4719: Policy condition expressions are split by the Ranger UI on commas
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74897/
---
(Updated March 6, 2024, 11:57 a.m.)
Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav,
Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin
Galave, Pradeep Agrawal, and Velmurugan Periasamy.
Bugs: RANGER-4719
https://issues.apache.org/jira/browse/RANGER-4719
Repository: ranger
Description
---
While using attributes with default values introduced in RANGER-3997 like
GET_USER_ATTR('state', 'null') in policy condition.
It is observed that ranger is splitting condition string in to parts separated
by comma of the parameters passed to GET_USER_ATTR(), due to this it is not
taking default value and conditions are converted to invalid strings.
Diffs
-
agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
ea76e6c33
Diff: https://reviews.apache.org/r/74897/diff/2/
Testing
---
Done the required code changes and installed ranger.
Validated the policy conditions with default comma separated parameters passed
with attributes.
Thanks,
Himanshu Maurya
Re: Review Request 74897: RANGER-4719: Policy condition expressions are split by the Ranger UI on commas
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74897/
---
(Updated March 6, 2024, 11:50 a.m.)
Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav,
Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin
Galave, Pradeep Agrawal, and Velmurugan Periasamy.
Repository: ranger
Description
---
While using attributes with default values introduced in RANGER-3997 like
GET_USER_ATTR('state', 'null') in policy condition.
It is observed that ranger is splitting condition string in to parts separated
by comma of the parameters passed to GET_USER_ATTR(), due to this it is not
taking default value and conditions are converted to invalid strings.
Diffs (updated)
-
agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java
ea76e6c33
Diff: https://reviews.apache.org/r/74897/diff/2/
Changes: https://reviews.apache.org/r/74897/diff/1-2/
Testing
---
Done the required code changes and installed ranger.
Validated the policy conditions with default comma separated parameters passed
with attributes.
Thanks,
Himanshu Maurya
[jira] [Updated] (RANGER-4643) Upgrade react-bootstrap library for GDS UI.
[ https://issues.apache.org/jira/browse/RANGER-4643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara updated RANGER-4643: --- Attachment: 0001-RANGER-4643-Upgrade-react-bootstrap-library-for-GDS-.patch > Upgrade react-bootstrap library for GDS UI. > --- > > Key: RANGER-4643 > URL: https://issues.apache.org/jira/browse/RANGER-4643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Attachments: > 0001-RANGER-4643-Upgrade-react-bootstrap-library-for-GDS-.patch > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4738) Implement the creation of external user via Python API
[
https://issues.apache.org/jira/browse/RANGER-4738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Loïc C. Chanel updated RANGER-4738:
---
Description:
Hi team,
I noticed the creation of external user is not possible using the Python API.
The improvement is fairly simple, we just have to modify
{{ranger_user_mgmt_client.py}} file to include the following lines :
After line 34
{code:python}
def create_user_ext(self, user):
resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT,
request_data=user)
return type_coerce(resp, RangerUser)
{code}
After line 163
{code:python}
URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external'
{code}
After line 177
{code:python}
CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST,
HTTPStatus.NO_CONTENT)
{code}
Although the modification is minor, this would allow the creation of external
user trough Python API.
Thanks,
was:
Hi team,
I noticed the creation of external user is not possible using the Python API.
The improvement is fairly simple, we just have to modify
ranger_user_mgmt_client.py file to include the following lines :
After line 34
{code:python}
def create_user_ext(self, user):
resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT,
request_data=user)
return type_coerce(resp, RangerUser)
{code}
After line 163
{code:python}
URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external'
{code}
After line 177
{code:python}
CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST,
HTTPStatus.NO_CONTENT)
{code}
Although the modification is minor, this would allow the creation of external
user trough Python API.
Thanks,
> Implement the creation of external user via Python API
> --
>
> Key: RANGER-4738
> URL: https://issues.apache.org/jira/browse/RANGER-4738
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 2.4.0
>Reporter: Loïc C. Chanel
>Priority: Major
>
> Hi team,
> I noticed the creation of external user is not possible using the Python API.
> The improvement is fairly simple, we just have to modify
> {{ranger_user_mgmt_client.py}} file to include the following lines :
> After line 34
> {code:python}
> def create_user_ext(self, user):
> resp =
> self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT,
> request_data=user)
> return type_coerce(resp, RangerUser)
> {code}
> After line 163
> {code:python}
> URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external'
> {code}
> After line 177
> {code:python}
> CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST,
> HTTPStatus.NO_CONTENT)
> {code}
> Although the modification is minor, this would allow the creation of external
> user trough Python API.
> Thanks,
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (RANGER-4738) Implement the creation of external user via Python API
Loïc C. Chanel created RANGER-4738:
--
Summary: Implement the creation of external user via Python API
Key: RANGER-4738
URL: https://issues.apache.org/jira/browse/RANGER-4738
Project: Ranger
Issue Type: Improvement
Components: Ranger
Affects Versions: 2.4.0
Reporter: Loïc C. Chanel
Hi team,
I noticed the creation of external user is not possible using the Python API.
The improvement is fairly simple, we just have to modify
ranger_user_mgmt_client.py file to include the following lines :
After line 34
{code:python}
def create_user_ext(self, user):
resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT,
request_data=user)
return type_coerce(resp, RangerUser)
{code}
After line 163
{code:python}
URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external'
{code}
After line 177
{code:python}
CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST,
HTTPStatus.NO_CONTENT)
{code}
Although the modification is minor, this would allow the creation of external
user trough Python API.
Thanks,
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
