[jira] [Created] (RANGER-4789) Admin audits for security-zone are blank for new and old value, when compression is enabled
Subhrat Chaudhary created RANGER-4789:
-
Summary: Admin audits for security-zone are blank for new and old
value, when compression is enabled
Key: RANGER-4789
URL: https://issues.apache.org/jira/browse/RANGER-4789
Project: Ranger
Issue Type: Bug
Components: admin
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
In security-zone when resource name is updated, admin audit is generated for
same, with details about old and new value.
When the json data compression is enabled in the security-zone with the
property:
{code:java}
ranger.admin.store.security.zone.compress.json_data{code}
the old and new value in the generated admin audit is blank, when only the
resource name is changed. The reason for this is, if compression is enabled,
only the resource count is added in the new and old values. Hence if the
resource count does not change, change details in the admin audit is blank.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4789) Admin audits for security-zone are blank for new and old value, when compression is enabled
[
https://issues.apache.org/jira/browse/RANGER-4789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Subhrat Chaudhary updated RANGER-4789:
--
Attachment: audit.png
> Admin audits for security-zone are blank for new and old value, when
> compression is enabled
> ---
>
> Key: RANGER-4789
> URL: https://issues.apache.org/jira/browse/RANGER-4789
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Reporter: Subhrat Chaudhary
>Assignee: Subhrat Chaudhary
>Priority: Major
> Attachments: audit.png
>
>
> In security-zone when resource name is updated, admin audit is generated for
> same, with details about old and new value.
> When the json data compression is enabled in the security-zone with the
> property:
> {code:java}
> ranger.admin.store.security.zone.compress.json_data{code}
> the old and new value in the generated admin audit is blank, when only the
> resource name is changed. The reason for this is, if compression is enabled,
> only the resource count is added in the new and old values. Hence if the
> resource count does not change, change details in the admin audit is blank.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[PR] RANGER-3409: remove org.codehaus.jackson ver 1.9 / add com.fasterxml.jackson ver 2.17 [ranger]
nblagodarnyi opened a new pull request, #312: URL: https://github.com/apache/ranger/pull/312 ## What changes were proposed in this pull request? According to https://issues.apache.org/jira/browse/RANGER-3409 all appearances of old org.codehaus.jackson dependencies (ver.1.9.13) were replaced by corresponding new versions from com.fasterxml.jackson. ## How was this patch tested? - Locally tested with existing unit/intergration tests in project with different Hadoop versions. ``` export JAVA_HOME=/path/to/java11; mvn clean package -Dhadoop.version=3.3.6; # with latest stable release mvn clean package; # with default Hadoop version ``` - In physical test environment where Hadoop 3.3.6 / Hive 4 are installed on Ubutnu 20. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Review Request 74974: RANGER-4789: Admin audits for security-zone are blank for new and old value, when compression is enabled
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74974/ --- Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj, Monika Kachhadiya, and Siddhesh Phatak. Bugs: RANGER-4789 https://issues.apache.org/jira/browse/RANGER-4789 Repository: ranger Description --- In security-zone when resource name is updated, admin audit is generated for same, with details about old and new value. When the json data compression is enabled in the security-zone with the property: ranger.admin.store.security.zone.compress.json_data the old and new value in the generated admin audit is blank, when only the resource name is changed. The reason for this is, if compression is enabled, only the resource count is added in the new and old values. Hence if the resource count does not change, change details in the admin audit is blank. In the code flow to update security-zone, when no change is noticed in the new and old values, a dummy admin audit is being added with null for old and new values. In this fix, removing the that code block. Diffs - security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 5534c8056 security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java a6cb2ae74 Diff: https://reviews.apache.org/r/74974/diff/1/ Testing --- Validations done: 1. For the change only in security-zone resource name (resource count of the zone is same), admin audit is not generated. 2. For above case x_service_version_info.policy_version is incremented (same as existing behavior). 3. If a resource is added or removed from the security-zone, admin audit is generated for same. 4. All the existing Junits are passing Thanks, Subhrat Chaudhary
Re: Review Request 74958: RANGER-4775 : Ranger Kms is failing with oracle23 Database
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74958/#review226413 --- Ship it! Ship It! - Pradeep Agrawal On April 18, 2024, 8:57 a.m., Dhaval Shah wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74958/ > --- > > (Updated April 18, 2024, 8:57 a.m.) > > > Review request for ranger, bhavik patel, Dineshkumar Yadav, Jayendra Parab, > Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, Vikas Kumar, and Velmurugan > Periasamy. > > > Bugs: RANGER-4775 > https://issues.apache.org/jira/browse/RANGER-4775 > > > Repository: ranger > > > Description > --- > > Ranger KMS is failing with Oracle 23 database with below error. > > ``` > 2024-04-01 07:25:27,032 INFO org.apache.hadoop.crypto.key.RangerMasterKey: > Master Key doesn't exist in DB, Generating the Master Key > 2024-04-01 07:25:27,169 ERROR org.apache.hadoop.crypto.key.RangerMasterKey: > Error while saving master key in Database!!! > java.lang.ClassCastException: java.lang.String cannot be cast to java.sql.Clob > at > org.eclipse.persistence.platform.database.oracle.Oracle8Platform.writeLOB(Oracle8Platform.java:194) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.helper.LOBValueWriter.fetchLocatorAndWriteValue(LOBValueWriter.java:94) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processResultSet(DatabaseAccessor.java:758) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:673) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:567) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteCall(LOBValueWriter.java:79) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.helper.LOBValueWriter.buildAndExecuteSelectCalls(LOBValueWriter.java:190) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.flushSelectCalls(DatabaseAccessor.java:175) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:457) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:182) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:197) > ~[eclipselink-2.7.12.jar:2.7.12.v20230209-e5c4074ef3] > at > > ``` > > > Diffs > - > > kms/src/main/java/org/apache/ranger/entity/XXRangerKeyStore.java 6b541eca5 > kms/src/main/java/org/apache/ranger/entity/XXRangerMasterKey.java 64fdd56e4 > > > Diff: https://reviews.apache.org/r/74958/diff/1/ > > > Testing > --- > > Successful build with test cases. > Successfully validated with all the supported DB Flavor > > > Thanks, > > Dhaval Shah > >
Re: [PR] RANGER-3409: remove org.codehaus.jackson ver 1.9 / add com.fasterxml.jackson ver 2.17 [ranger]
sercanCyberVision commented on PR #312: URL: https://github.com/apache/ranger/pull/312#issuecomment-2093374126 I have build your branch with Docker option and checked the UI, I see below error in multiple endpoints:  For example: http://:/index.html#/users/usertab http://:/index.html#/reports/audit/admin I have seen jackson related serialization issues before which affect UI, you can see the details here: https://issues.apache.org/jira/browse/RANGER-4225 https://github.com/apache/ranger/pull/252 Could you please check the UI in your end just to make sure? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] RANGER-4783: remove duplicates for users/groups/roles during policy validation [ranger]
mneethiraj commented on code in PR #311:
URL: https://github.com/apache/ranger/pull/311#discussion_r1589731450
##
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java:
##
@@ -958,6 +958,22 @@ private String getDuplicate(List values) {
}
return duplicate;
}
+ private void removeDuplicates(List values){
+ if (values==null || values.isEmpty()){
+ return;
+ }
+ Iterator itr = values.iterator();
+ HashSet uniqueElements = new HashSet<>();
Review Comment:
Consider replacing #965 to #975 with the following:
```
Set uniqueElements = new HashSet<>();
for (Iterator iter = values.iterator(); iter.hasNext(); ) {
if (!uniqueElements.add(iter.next())) {
iter.remove();
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] RANGER-4783: remove duplicates for users/groups/roles during policy validation [ranger]
mneethiraj commented on code in PR #311:
URL: https://github.com/apache/ranger/pull/311#discussion_r1589733127
##
agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java:
##
@@ -958,6 +958,22 @@ private String getDuplicate(List values) {
}
return duplicate;
}
+ private void removeDuplicates(List values){
+ if (values==null || values.isEmpty()){
+ return;
+ }
+ Iterator itr = values.iterator();
+ HashSet uniqueElements = new HashSet<>();
Review Comment:
Consider this version as well:
```
Set uniqueElements = new HashSet<>();
values.removeIf(e -> !uniqueElements.add(e));
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
