[jira] [Commented] (RANGER-4506) Illegal read lock usage in getMetadata/getKeyVersion
[ https://issues.apache.org/jira/browse/RANGER-4506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17824276#comment-17824276 ] Vikas Kumar commented on RANGER-4506: - Hi [~jianchun] , I am analysing this. > Illegal read lock usage in getMetadata/getKeyVersion > > > Key: RANGER-4506 > URL: https://issues.apache.org/jira/browse/RANGER-4506 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Jianchun Xu >Assignee: Vikas Kumar >Priority: Major > > RangerKeyStoreProvider illegally writes to key store under Read lock. This > happens in both getMetadata and getKeyVersion. > E.g. in following getKeyVersion, under Read lock, the code calls > `dbStore.engineLoad(null, masterKey)` which reloads all the keys. Since > multiple threads can hold the Read lock, multiple threads can enter and > reload all the keys. Thus the 2nd `dbStore.engineContainsAlias(versionName)` > test and following `dbStore.engineGetDecryptedZoneKeyByte(versionName)` can > both get wrong result if another thread is reloading keys. > [https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L331] > {code:java} > @Override > public KeyVersion getKeyVersion(String versionName) throws IOException { > if (logger.isDebugEnabled()) { > logger.debug("==> getKeyVersion({})", versionName); > } > KeyVersion ret = null; > try (AutoClosableReadLock ignored = new AutoClosableReadLock(lock)) { > if (keyVaultEnabled) { > try { > boolean versionNameExists = > dbStore.engineContainsAlias(versionName); > if (!versionNameExists) { > dbStore.engineLoad(null, masterKey); > versionNameExists = > dbStore.engineContainsAlias(versionName); > } > if (versionNameExists) { > byte[] decryptKeyByte; > try { > decryptKeyByte = > dbStore.engineGetDecryptedZoneKeyByte(versionName); > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4506) Illegal read lock usage in getMetadata/getKeyVersion
[ https://issues.apache.org/jira/browse/RANGER-4506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vikas Kumar reassigned RANGER-4506: --- Assignee: Vikas Kumar > Illegal read lock usage in getMetadata/getKeyVersion > > > Key: RANGER-4506 > URL: https://issues.apache.org/jira/browse/RANGER-4506 > Project: Ranger > Issue Type: Bug > Components: kms >Reporter: Jianchun Xu >Assignee: Vikas Kumar >Priority: Major > > RangerKeyStoreProvider illegally writes to key store under Read lock. This > happens in both getMetadata and getKeyVersion. > E.g. in following getKeyVersion, under Read lock, the code calls > `dbStore.engineLoad(null, masterKey)` which reloads all the keys. Since > multiple threads can hold the Read lock, multiple threads can enter and > reload all the keys. Thus the 2nd `dbStore.engineContainsAlias(versionName)` > test and following `dbStore.engineGetDecryptedZoneKeyByte(versionName)` can > both get wrong result if another thread is reloading keys. > [https://github.com/apache/ranger/blob/master/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java#L331] > {code:java} > @Override > public KeyVersion getKeyVersion(String versionName) throws IOException { > if (logger.isDebugEnabled()) { > logger.debug("==> getKeyVersion({})", versionName); > } > KeyVersion ret = null; > try (AutoClosableReadLock ignored = new AutoClosableReadLock(lock)) { > if (keyVaultEnabled) { > try { > boolean versionNameExists = > dbStore.engineContainsAlias(versionName); > if (!versionNameExists) { > dbStore.engineLoad(null, masterKey); > versionNameExists = > dbStore.engineContainsAlias(versionName); > } > if (versionNameExists) { > byte[] decryptKeyByte; > try { > decryptKeyByte = > dbStore.engineGetDecryptedZoneKeyByte(versionName); > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4076) Support Java 17 for build and runtime
[ https://issues.apache.org/jira/browse/RANGER-4076?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rakesh Gupta reassigned RANGER-4076: Assignee: Rakesh Gupta > Support Java 17 for build and runtime > - > > Key: RANGER-4076 > URL: https://issues.apache.org/jira/browse/RANGER-4076 > Project: Ranger > Issue Type: New Feature > Components: admin, build-infra >Reporter: Andrew Luo >Assignee: Rakesh Gupta >Priority: Major > Attachments: > 0001-RANGER-4076-Support-Java-17-for-build-and-runtime.patch > > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
[ https://issues.apache.org/jira/browse/RANGER-4739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rakesh Gupta updated RANGER-4739: - Parent: RANGER-4076 Issue Type: Sub-task (was: Bug) > Unit test failures in KnoxRangerTest for JDK 17 > --- > > Key: RANGER-4739 > URL: https://issues.apache.org/jira/browse/RANGER-4739 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > > Build in master branch (mvn clean compile package install) fails due to > KnoxRangerTest class: > {code:java} > ERROR Error in generating certificate: java.lang.IllegalAccessException: > class org.apache.knox.gateway.util.X509CertificateUtil cannot access class > sun.security.x509.X509CertInfo (in module java.base) because module java.base > does not export sun.security.x509 to unnamed module @148080bb > java.lang.IllegalAccessException: class > org.apache.knox.gateway.util.X509CertificateUtil cannot access class > sun.security.x509.X509CertInfo (in module java.base) because module java.base > does not export sun.security.x509 to unnamed module @148080bb > at > java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392) > at > java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) > at > java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489) > at > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) > at > org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) > at > org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) > at > org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) > at > org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) > at > org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266 > s <<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest > [ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s > <<< ERROR! > java.lang.NullPointerException: Cannot invoke > "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null > at > java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606) > at > java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190) > at java.base/java.security.KeyStore.store(KeyStore.java:1404) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) > at > org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) > at > org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) > at > org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) > at > org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) > at java.base/java.lang.reflect.Method.invoke(Method.java:568) > [INFO] > [INFO] Results: > [INFO] > [ERROR] Errors: > [ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke > "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null > [INFO] > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0 > {code} > Even after handling above JDK 17 error through config "--add-exports > java.base/sun.security.x509=ALL-UNNAMED" , its give Error > {code:java} > ERROR Error in generating certificate: java.lang.NoSuchFieldException: > md5WithRSAEncryption_oid > java.lang.NoSuchFieldException: md5WithRSAEncryption_oid > at java.base/java.lang.Class.getDeclaredField(C
[jira] [Updated] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
[ https://issues.apache.org/jira/browse/RANGER-4739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rakesh Gupta updated RANGER-4739: - Issue Type: Bug (was: Improvement) > Unit test failures in KnoxRangerTest for JDK 17 > --- > > Key: RANGER-4739 > URL: https://issues.apache.org/jira/browse/RANGER-4739 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > > Build in master branch (mvn clean compile package install) fails due to > KnoxRangerTest class: > {code:java} > ERROR Error in generating certificate: java.lang.IllegalAccessException: > class org.apache.knox.gateway.util.X509CertificateUtil cannot access class > sun.security.x509.X509CertInfo (in module java.base) because module java.base > does not export sun.security.x509 to unnamed module @148080bb > java.lang.IllegalAccessException: class > org.apache.knox.gateway.util.X509CertificateUtil cannot access class > sun.security.x509.X509CertInfo (in module java.base) because module java.base > does not export sun.security.x509 to unnamed module @148080bb > at > java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392) > at > java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) > at > java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489) > at > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) > at > org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) > at > org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) > at > org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) > at > org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) > at > org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266 > s <<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest > [ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s > <<< ERROR! > java.lang.NullPointerException: Cannot invoke > "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null > at > java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606) > at > java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190) > at java.base/java.security.KeyStore.store(KeyStore.java:1404) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) > at > org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) > at > org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) > at > org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) > at > org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) > at > org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) > at java.base/java.lang.reflect.Method.invoke(Method.java:568) > [INFO] > [INFO] Results: > [INFO] > [ERROR] Errors: > [ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke > "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null > [INFO] > [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0 > {code} > Even after handling above JDK 17 error through config "--add-exports > java.base/sun.security.x509=ALL-UNNAMED" , its give Error > {code:java} > ERROR Error in generating certificate: java.lang.NoSuchFieldException: > md5WithRSAEncryption_oid > java.lang.NoSuchFieldException: md5WithRSAEncryption_oid > at java.base/java.lang.Class.getDeclaredField(Class.java:2610) > at >
[jira] [Assigned] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
[ https://issues.apache.org/jira/browse/RANGER-4740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Kumar reassigned RANGER-4740: -- Assignee: Abhishek Kumar > [docker]: Add support for elasticsearch and de-couple solr from ranger > compose file > --- > > Key: RANGER-4740 > URL: https://issues.apache.org/jira/browse/RANGER-4740 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > > Currently, ranger compose file depends on solr to start up, proposal is to > separate out solr into a new compose file, add support for elastic search and > drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
Abhishek Kumar created RANGER-4740: -- Summary: [docker]: Add support for elasticsearch and de-couple solr from ranger compose file Key: RANGER-4740 URL: https://issues.apache.org/jira/browse/RANGER-4740 Project: Ranger Issue Type: Improvement Components: admin, Ranger Reporter: Abhishek Kumar Currently, ranger compose file depends on solr to start up, proposal is to separate out solr into a new compose file, add support for elastic search and drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4740) [docker]: Add support for elasticsearch and de-couple solr from ranger compose file
[ https://issues.apache.org/jira/browse/RANGER-4740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Abhishek Kumar updated RANGER-4740: --- Affects Version/s: 2.4.0 > [docker]: Add support for elasticsearch and de-couple solr from ranger > compose file > --- > > Key: RANGER-4740 > URL: https://issues.apache.org/jira/browse/RANGER-4740 > Project: Ranger > Issue Type: Improvement > Components: admin, Ranger >Affects Versions: 2.4.0 >Reporter: Abhishek Kumar >Assignee: Abhishek Kumar >Priority: Major > > Currently, ranger compose file depends on solr to start up, proposal is to > separate out solr into a new compose file, add support for elastic search and > drive the audit store dynamically depending on configs from .env -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4739) Unit test failures in KnoxRangerTest for JDK 17
Rakesh Gupta created RANGER-4739: Summary: Unit test failures in KnoxRangerTest for JDK 17 Key: RANGER-4739 URL: https://issues.apache.org/jira/browse/RANGER-4739 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Rakesh Gupta Assignee: Rakesh Gupta Build in master branch (mvn clean compile package install) fails due to KnoxRangerTest class: {code:java} ERROR Error in generating certificate: java.lang.IllegalAccessException: class org.apache.knox.gateway.util.X509CertificateUtil cannot access class sun.security.x509.X509CertInfo (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @148080bb java.lang.IllegalAccessException: class org.apache.knox.gateway.util.X509CertificateUtil cannot access class sun.security.x509.X509CertInfo (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @148080bb at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:392) at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:674) at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) at org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:69) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) at org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) at org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) at org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) at org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 7.266 s <<< FAILURE! - in org.apache.ranger.services.knox.KnoxRangerTest [ERROR] org.apache.ranger.services.knox.KnoxRangerTest Time elapsed: 7.266 s <<< ERROR! java.lang.NullPointerException: Cannot invoke "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null at java.base/sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:606) at java.base/sun.security.util.KeyStoreDelegator.engineStore(KeyStoreDelegator.java:190) at java.base/java.security.KeyStore.store(KeyStore.java:1404) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:503) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:194) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:166) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:160) at org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88) at org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:104) at org.apache.knox.gateway.GatewayTestDriver.setupGateway(GatewayTestDriver.java:162) at org.apache.ranger.services.knox.KnoxRangerTest.setupSuite(KnoxRangerTest.java:60) at java.base/java.lang.reflect.Method.invoke(Method.java:568) [INFO] [INFO] Results: [INFO] [ERROR] Errors: [ERROR] KnoxRangerTest.setupSuite:60 » NullPointer Cannot invoke "java.security.cert.Certificate.getEncoded()" because "entry.chain[i]" is null [INFO] [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0 {code} Even after handling above JDK 17 error through config "--add-exports java.base/sun.security.x509=ALL-UNNAMED" , its give Error {code:java} ERROR Error in generating certificate: java.lang.NoSuchFieldException: md5WithRSAEncryption_oid java.lang.NoSuchFieldException: md5WithRSAEncryption_oid at java.base/java.lang.Class.getDeclaredField(Class.java:2610) at org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:146) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:186) at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForG
Re: Review Request 74854: RANGER-4672: Tagsync log file name is not containing hostname and user
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74854/#review226293 --- Ship it! Ship It! - bhavik patel On Jan. 24, 2024, 9:52 a.m., Himanshu Maurya wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74854/ > --- > > (Updated Jan. 24, 2024, 9:52 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, > Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4672 > https://issues.apache.org/jira/browse/RANGER-4672 > > > Repository: ranger > > > Description > --- > > Ranger admin and usersync logs file name is containing hostname and user but > tagsync is missing that > > > Diffs > - > > tagsync/conf.dist/logback.xml c1a94fee4 > tagsync/scripts/ranger-tagsync-services.sh 460c4a130 > > > Diff: https://reviews.apache.org/r/74854/diff/1/ > > > Testing > --- > > Checked the ranger-tagsync log files it is created with correct hostname and > user > > > Thanks, > > Himanshu Maurya > >
Re: Review Request 74926: RANGER-4076: Support Java 17 for build and runtime
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74926/#review226292 --- After starting the server have checked the catalina and ranger admin login file? - bhavik patel On March 5, 2024, 7:10 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74926/ > --- > > (Updated March 5, 2024, 7:10 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4076 > https://issues.apache.org/jira/browse/RANGER-4076 > > > Repository: ranger > > > Description > --- > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. > > This patch enables manual and Docker-based build of Apache Ranger. It ensures > compatibility with Java 8, Java 11, and Java 17 for both build and runtime > environments. > (I encountered a TestCase Failure in the KnoxRangerTest class, so currently I > had excluded that class from jdk17 build) > > > Diffs > - > > agents-common/pom.xml 12e093f78 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java > 512d8d3ca > > agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java > db620df92 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java > 8d76c1d81 > dev-support/ranger-docker/.env 60bc4a9f2 > dev-support/ranger-docker/Dockerfile.ranger-build 9a192f152 > dev-support/ranger-docker/docker-compose.ranger-build.yml 3dd4a4a06 > distro/src/main/assembly/admin-web.xml 245d9ca09 > docs/src/site/resources/index.js bb876f28d > hdfs-agent/pom.xml dece8f46f > kms/pom.xml 2739bb81a > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java > 7188b19b2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java > b6fc32950 > plugin-nestedstructure/pom.xml 0e208f99c > > plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java > 77767767c > > plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java > 9cb161b8d > pom.xml cec2390f2 > ranger-tools/pom.xml cac8d7ba3 > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > 187d20227 > security-admin/pom.xml fc59287d0 > > > Diff: https://reviews.apache.org/r/74926/diff/1/ > > > Testing > --- > > This patch has been successfully tested and verified with Java versions 8, > 11, and 17. The verification process included both manual and Docker setup. > Now we are able to build and run on same jdk. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74897: RANGER-4719: Policy condition expressions are split by the Ranger UI on commas
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74897/ --- (Updated March 6, 2024, 11:57 a.m.) Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin Galave, Pradeep Agrawal, and Velmurugan Periasamy. Bugs: RANGER-4719 https://issues.apache.org/jira/browse/RANGER-4719 Repository: ranger Description --- While using attributes with default values introduced in RANGER-3997 like GET_USER_ATTR('state', 'null') in policy condition. It is observed that ranger is splitting condition string in to parts separated by comma of the parameters passed to GET_USER_ATTR(), due to this it is not taking default value and conditions are converted to invalid strings. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java ea76e6c33 Diff: https://reviews.apache.org/r/74897/diff/2/ Testing --- Done the required code changes and installed ranger. Validated the policy conditions with default comma separated parameters passed with attributes. Thanks, Himanshu Maurya
Re: Review Request 74897: RANGER-4719: Policy condition expressions are split by the Ranger UI on commas
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74897/ --- (Updated March 6, 2024, 11:50 a.m.) Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin Galave, Pradeep Agrawal, and Velmurugan Periasamy. Repository: ranger Description --- While using attributes with default values introduced in RANGER-3997 like GET_USER_ATTR('state', 'null') in policy condition. It is observed that ranger is splitting condition string in to parts separated by comma of the parameters passed to GET_USER_ATTR(), due to this it is not taking default value and conditions are converted to invalid strings. Diffs (updated) - agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceDefUtil.java ea76e6c33 Diff: https://reviews.apache.org/r/74897/diff/2/ Changes: https://reviews.apache.org/r/74897/diff/1-2/ Testing --- Done the required code changes and installed ranger. Validated the policy conditions with default comma separated parameters passed with attributes. Thanks, Himanshu Maurya
[jira] [Updated] (RANGER-4643) Upgrade react-bootstrap library for GDS UI.
[ https://issues.apache.org/jira/browse/RANGER-4643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dhaval Rajpara updated RANGER-4643: --- Attachment: 0001-RANGER-4643-Upgrade-react-bootstrap-library-for-GDS-.patch > Upgrade react-bootstrap library for GDS UI. > --- > > Key: RANGER-4643 > URL: https://issues.apache.org/jira/browse/RANGER-4643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Attachments: > 0001-RANGER-4643-Upgrade-react-bootstrap-library-for-GDS-.patch > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4738) Implement the creation of external user via Python API
[ https://issues.apache.org/jira/browse/RANGER-4738?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Loïc C. Chanel updated RANGER-4738: --- Description: Hi team, I noticed the creation of external user is not possible using the Python API. The improvement is fairly simple, we just have to modify {{ranger_user_mgmt_client.py}} file to include the following lines : After line 34 {code:python} def create_user_ext(self, user): resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT, request_data=user) return type_coerce(resp, RangerUser) {code} After line 163 {code:python} URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external' {code} After line 177 {code:python} CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST, HTTPStatus.NO_CONTENT) {code} Although the modification is minor, this would allow the creation of external user trough Python API. Thanks, was: Hi team, I noticed the creation of external user is not possible using the Python API. The improvement is fairly simple, we just have to modify ranger_user_mgmt_client.py file to include the following lines : After line 34 {code:python} def create_user_ext(self, user): resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT, request_data=user) return type_coerce(resp, RangerUser) {code} After line 163 {code:python} URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external' {code} After line 177 {code:python} CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST, HTTPStatus.NO_CONTENT) {code} Although the modification is minor, this would allow the creation of external user trough Python API. Thanks, > Implement the creation of external user via Python API > -- > > Key: RANGER-4738 > URL: https://issues.apache.org/jira/browse/RANGER-4738 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 2.4.0 >Reporter: Loïc C. Chanel >Priority: Major > > Hi team, > I noticed the creation of external user is not possible using the Python API. > The improvement is fairly simple, we just have to modify > {{ranger_user_mgmt_client.py}} file to include the following lines : > After line 34 > {code:python} > def create_user_ext(self, user): > resp = > self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT, > request_data=user) > return type_coerce(resp, RangerUser) > {code} > After line 163 > {code:python} > URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external' > {code} > After line 177 > {code:python} > CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST, > HTTPStatus.NO_CONTENT) > {code} > Although the modification is minor, this would allow the creation of external > user trough Python API. > Thanks, -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4738) Implement the creation of external user via Python API
Loïc C. Chanel created RANGER-4738: -- Summary: Implement the creation of external user via Python API Key: RANGER-4738 URL: https://issues.apache.org/jira/browse/RANGER-4738 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 2.4.0 Reporter: Loïc C. Chanel Hi team, I noticed the creation of external user is not possible using the Python API. The improvement is fairly simple, we just have to modify ranger_user_mgmt_client.py file to include the following lines : After line 34 {code:python} def create_user_ext(self, user): resp = self.client_http.call_api(RangerUserMgmtClient.CREATE_USER_EXT, request_data=user) return type_coerce(resp, RangerUser) {code} After line 163 {code:python} URI_XUSERS_USERS_EXT = URI_XUSERS_BASE + '/users/external' {code} After line 177 {code:python} CREATE_USER_EXT= API(URI_XUSERS_USERS_EXT, HttpMethod.POST, HTTPStatus.NO_CONTENT) {code} Although the modification is minor, this would allow the creation of external user trough Python API. Thanks, -- This message was sent by Atlassian Jira (v8.20.10#820010)