Re: Review Request 59523: RANGER-689 - "For Solr plugin, use resources folders for adding Ranger properties".

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59523/#review194153
---


Ship it!




Ship It!

- Alejandro Fernandez


On May 24, 2017, 11:08 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59523/
> ---
> 
> (Updated May 24, 2017, 11:08 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-689
> https://issues.apache.org/jira/browse/RANGER-689
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Put the Ranger properties into the SOLR resource folder instead of the webapp.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh 76ba8f0d 
> 
> 
> Diff: https://reviews.apache.org/r/59523/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with Solr 6.5.1.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64323: RANGER-1915:Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64323/#review192807
---


Ship it!




Ship It!

- Alejandro Fernandez


On Dec. 5, 2017, 2:39 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64323/
> ---
> 
> (Updated Dec. 5, 2017, 2:39 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1915
> https://issues.apache.org/jira/browse/RANGER-1915
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Default constructors didn't need to display declarations and Most of the 
> places using HttpServletResponse status code in RangerAdminRESTClient class.
> HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
> consistent.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
>  0aa400f 
> 
> 
> Diff: https://reviews.apache.org/r/64323/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63987: RANGER-1905 : fix maven assembly creation

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63987/#review191611
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 21, 2017, 4:01 p.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63987/
> ---
> 
> (Updated Nov. 21, 2017, 4:01 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1905
> https://issues.apache.org/jira/browse/RANGER-1905
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> As ranger-plugins-audit doesn't exclude guava from hadoop common, an older 
> guava
>  is leaked into embeddedwebserver classpath, which somehow filtered out by the
>  assembly plugin.
> If we explicitly exclude the old guava, and include the new (17.0) guava in 
> ranger-plugins-audit module, the generated tar.gz/zip distributions will 
> contain the necessary guava-17.0.jar in ews/lib path.
> 
> 
> Diffs
> -
> 
>   agents-audit/pom.xml c8bd1d8f3 
> 
> 
> Diff: https://reviews.apache.org/r/63987/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with executing:
> 
> mvn -DskipTests package assembly:assembly;
> unzip -Z1 target/ranger-1.0.0-SNAPSHOT-admin.zip | sort > FILES.txt
> 
> And comparing the results with different versions. With the patch, the guava 
> jar appears correctly.
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

Re: Review Request 63981: RANGER-1903:Simplify hdfs-agent dependency management in pom.xml

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63981/#review191571
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 21, 2017, 9:14 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63981/
> ---
> 
> (Updated Nov. 21, 2017, 9:14 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: https://issues.apache.org/jira/browse/RANGER-1903
> 
> https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-1903
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Simplify the dependency management for the Hdfs plugin for Ranger. In 
> addition, the hbase-server ,hive-common and hive-service jar is removed from 
> the distribution, as it is not required.
> Tested that the distribution ships the same jars as before, apart from 
> hbase-server ,hive-common and hive-service jar. Also tested a use-case 
> involving Ranger + Hdfs and Ranger + Hbase and .Ranger + Hive.
> 
> 
> Diffs
> -
> 
>   hdfs-agent/pom.xml 9f62060 
> 
> 
> Diff: https://reviews.apache.org/r/63981/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63921: RANGER-1896 : Remove deprecated extractedCommonCriterias call from the SearchUtil and fix the UserREST controller

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63921/#review191525
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 17, 2017, 4:48 p.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63921/
> ---
> 
> (Updated Nov. 17, 2017, 4:48 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1896
> https://issues.apache.org/jira/browse/RANGER-1896
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Deprecated code removed, and the newer extractCommonCriterias method is used
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java 
> ad307339a 
>   security-admin/src/main/java/org/apache/ranger/rest/UserREST.java 4bf18991a 
>   security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java 
> 373b6f348 
> 
> 
> Diff: https://reviews.apache.org/r/63921/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with calling :
> http://rangerhost/service/users?sortBy=userId
> http://rangerhost/service/users?sortBy=loginId
> http://rangerhost/service/users?sortBy=emailAddress
> http://rangerhost/service/users?sortBy=firstName
> http://rangerhost/service/users?sortBy=lastName
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

Re: Review Request 63949: RANGER-1898 - Simplify Knox plugin dependency management

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63949/#review191524
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 20, 2017, 1:18 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63949/
> ---
> 
> (Updated Nov. 20, 2017, 1:18 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1898
> https://issues.apache.org/jira/browse/RANGER-1898
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to simplify the dependency management for the Knox plugin for 
> Ranger. In addition, the hadoop-hdfs jar is removed from the distribution, as 
> it is not required.
> 
> 
> Diffs
> -
> 
>   knox-agent/pom.xml 52f15cd0 
>   src/main/assembly/knox-agent.xml 8357d498 
> 
> 
> Diff: https://reviews.apache.org/r/63949/diff/1/
> 
> 
> Testing
> ---
> 
> Tested that the distribution ships the same jars as before, apart from 
> hadoop-hdfs. Also tested a use-case involving Ranger + Knox.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63789: RANGER-1887:serviceDef.getResources().get(0).getName(); case IndexOutOfBoundsException in RangerServiceTag.class And print error in RangerServiceStorm

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63789/#review191374
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 17, 2017, 6:16 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63789/
> ---
> 
> (Updated Nov. 17, 2017, 6:16 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1887
> https://issues.apache.org/jira/browse/RANGER-1887
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> String tagResourceName = serviceDef.getResources().get(0).getName(); case 
> java.lang.IndexOutOfBoundsException in RangerServiceTag.class
> And print log error for RangerServiceStorm.class
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/services/tag/RangerServiceTag.java
>  ce6002b 
>   
> storm-agent/src/main/java/org/apache/ranger/services/storm/RangerServiceStorm.java
>  d4dbd7b 
> 
> 
> Diff: https://reviews.apache.org/r/63789/diff/3/
> 
> 
> Testing
> ---
> 
> Tested it
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 63870: RANGER-1861:There are errors when the "ranger-kms start" command was executed.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63870/#review191209
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 16, 2017, 10:03 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63870/
> ---
> 
> (Updated Nov. 16, 2017, 10:03 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1861
> https://issues.apache.org/jira/browse/RANGER-1861
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There are errors when the "ranger-kms start" command was executed.
> 
> 2017-10-28 23:23:33,339 ERROR XMLUtils - Error loading : 
> java.lang.IllegalArgumentException: InputStream cannot be null
>   at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:117)
>   at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:64)
>   at org.apache.ranger.plugin.util.XMLUtils.loadConfig(XMLUtils.java:48)
>   at 
> org.apache.ranger.server.tomcat.EmbeddedServer.(EmbeddedServer.java:77)
>   at 
> org.apache.ranger.server.tomcat.EmbeddedServer.main(EmbeddedServer.java:69)
> 
> 
> Diffs
> -
> 
>   
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
>  40eed861 
> 
> 
> Diff: https://reviews.apache.org/r/63870/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63182: RANGER-1849 - Remove PasswordGenerator and FileStoreUtil

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63182/#review191208
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 16, 2017, 12:18 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63182/
> ---
> 
> (Updated Nov. 16, 2017, 12:18 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1849
> https://issues.apache.org/jira/browse/RANGER-1849
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> PasswordGenerator is not used in any of the scripts and should be removed. 
> Same goes for FileStoreUtil.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/file/FileStoreUtil.java
>  3f408d76 
>   
> agents-installer/src/main/java/org/apache/ranger/utils/install/PasswordGenerator.java
>  a829957a 
> 
> 
> Diff: https://reviews.apache.org/r/63182/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63785: RANGER-1884 : Default Policy is not created for Ranger KMS and Tag service

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63785/#review190976
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 14, 2017, 4:59 a.m., bhavik patel wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63785/
> ---
> 
> (Updated Nov. 14, 2017, 4:59 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1884
> https://issues.apache.org/jira/browse/RANGER-1884
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Default Policy is not created for Ranger KMS as well as for Tag services.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java
>  25f9985 
>   
> plugin-kms/src/main/java/org/apache/ranger/services/kms/RangerServiceKMS.java 
> cd368e4 
> 
> 
> Diff: https://reviews.apache.org/r/63785/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Verified default policy is getting created for Ranger Kms & for Tag 
> service.
> 
> 
> Thanks,
> 
> bhavik patel
> 
>

Re: Review Request 63699: RANGER-1882 - Compilation error in kms module with Hadoop 2.8.x

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63699/#review190623
---




kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
Line 74 (original), 73 (patched)
<https://reviews.apache.org/r/63699/#comment268127>

Which other versions of Hadoop are supported?


- Alejandro Fernandez


On Nov. 9, 2017, 1:17 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63699/
> ---
> 
> (Updated Nov. 9, 2017, 1:17 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1882
> https://issues.apache.org/jira/browse/RANGER-1882
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> There is a compilation failure in the KMS module when compiled with Hadoop 
> 2.8.x. The fix is just to use a constant String which works with both Hadoop 
> 2.7.x, 2.8.x.
> 
> 
> Diffs
> -
> 
>   
> kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
>  ada9a56f 
> 
> 
> Diff: https://reviews.apache.org/r/63699/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63686: TagSync update to process TRAIT_UPDATE notification from Atlas

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63686/#review190506
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 8, 2017, 11:16 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63686/
> ---
> 
> (Updated Nov. 8, 2017, 11:16 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1880
> https://issues.apache.org/jira/browse/RANGER-1880
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Atlas introduced a REST API to update attributes of a tag 
> (ATLAS-1751). A notification type, TRAIT_UPDATE, was added to notify when 
> attributes of a tag are updated using this new API. Apache Ranger TagSync 
> module should be updated to process this new notification type from Apache 
> Atlas.
> 
> 
> Diffs
> -
> 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
>  b2a7e1e 
> 
> 
> Diff: https://reviews.apache.org/r/63686/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63627: RANGER-1876 - Incorrect conf dir location for Yarn install script

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63627/#review190346
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 7, 2017, 3:29 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63627/
> ---
> 
> (Updated Nov. 7, 2017, 3:29 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1876
> https://issues.apache.org/jira/browse/RANGER-1876
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The conf dir location is not handled correctly for the Yarn plugin.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh f105f548 
> 
> 
> Diff: https://reviews.apache.org/r/63627/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the plugin installs correctly.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63461: Good coding practice in Ranger recommended by static code analysis

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63461/#review190192
---


Ship it!




Ship It!

- Alejandro Fernandez


On Nov. 1, 2017, 12:16 p.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63461/
> ---
> 
> (Updated Nov. 1, 2017, 12:16 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1868
> https://issues.apache.org/jira/browse/RANGER-1868
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice in Ranger recommended by static code analysis
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 
> e4d6a39 
>   
> storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
>  46e370e 
> 
> 
> Diff: https://reviews.apache.org/r/63461/diff/1/
> 
> 
> Testing
> ---
> 
> Verified CRUD of services,policies,users.
> Verified if ranger plugins are communating properly.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 63405: RANGER-1864: Resources are not rendering correctly in policy create/edit page.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63405/#review189634
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 30, 2017, 12:56 p.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63405/
> ---
> 
> (Updated Oct. 30, 2017, 12:56 p.m.)
> 
> 
> Review request for ranger, Gautam Borad, Madhan Neethiraj, Mehul Parikh, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1864
> https://issues.apache.org/jira/browse/RANGER-1864
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> UI not rendering correctly if we provide resources at the same level with 
> different parent resources in the service definitions.
> Looks like Ranger UI uses only levels in the service definitions' resource 
> property. It should use level as well as parent check to render resources 
> level hierarchies.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3f8697e 
> 
> 
> Diff: https://reviews.apache.org/r/63405/diff/1/
> 
> 
> Testing
> ---
> 
> Tested above scenario and also visited exisitng policy pages.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 63352: RANGER-1860:Provide a new service interface prompt function framework to resolved the defect of the current service interface, increase the flexibility of the function, impro

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63352/#review189633
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 30, 2017, 6:36 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63352/
> ---
> 
> (Updated Oct. 30, 2017, 6:36 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Nitin Galave, pengjianhua, 
> Ramesh Mani, Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1860
> https://issues.apache.org/jira/browse/RANGER-1860
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The ranger used the hard-coded way to achieve the service interface prompt 
> function, the result is that the codes have worse maintainability.
> if(!isPolicyForm) {
>   if(v.name == 'yarn.url'){
>   formObj.type = 'TextFiledWithIcon';
>   formObj.errorMsg = localization.tt("hintMsg.yarnRestUrl");
>   }else if(v.name == 'sqoop.url'){
>   formObj.type = 'TextFiledWithIcon';
>   formObj.errorMsg = localization.tt("hintMsg.sqoopRestUrl");
>   }else if(v.name == 'jdbc.url'){
>   formObj.type = 'TextFiledWithIcon';
>   formObj.errorMsg = localization.tt("hintMsg.hiveJDBCUrl");
>   }else if(v.name == 'fs.default.name'){
>   formObj.type = 'TextFiledWithIcon';
>   formObj.errorMsg = localization.tt("hintMsg.hdfsNameNodeUrl");
>   }else{
>   formObj.type = 'Text';
>   }
>   break;
> }
> Using the new issue we can directly modify the configuration file to meet the 
> requirements of the new prompt function. Such as we can modify the following 
> configuration to meet following requirements: 
> the configuration in the ranger-servicedef-yarn.json is as follows?
> "configs": 
> [
>   {
>   "itemId": 3,
>   "name": "yarn.url",
>   "type": "string",
>   "mandatory": true,
>   "defaultValue": "",
>   "validationRegEx":"",
>   "validationMessage": "",
>   "uiHint":"{\"TextFiledWithIcon\":true, \"info\": \"1.For one 
> url, eg.'http or https://ipaddr:8088'2.For multiple urls (use 
> , or ; delimiter), 
> eg.'http://ipaddr1:8088,http://ipaddr2:8088'\"}",
>   "label": "YARN REST URL"
>   }
> ]
> requirements: 
> adding text field with an icon( i.e information) on service form page,we 
> should add unified configuration management functions in the service 
> definition.
> 
> 
> Diffs
> -
> 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json 
> 519d6a8 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
> 5456e2b 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> 3f269fb 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json 
> 53f9e18 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3d62e31 
>   security-admin/src/main/webapp/scripts/models/VXGroup.js a8f891c 
>   security-admin/src/main/webapp/scripts/models/VXPortalUser.js d54fadc 
>   security-admin/src/main/webapp/scripts/modules/XAOverrides.js 5810d5d 
>   security-admin/src/main/webapp/scripts/views/users/UserForm.js 27e86a9 
> 
> 
> Diff: https://reviews.apache.org/r/63352/diff/2/
> 
> 
> Testing
> ---
> 
> tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 63403: RANGER-1862:generalName.get(1) cause IndexOutOfBoundsException in NiFiClient

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63403/#review189630
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 30, 2017, 3:22 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63403/
> ---
> 
> (Updated Oct. 30, 2017, 3:22 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1862
> https://issues.apache.org/jira/browse/RANGER-1862
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> when generalName.size() <=1 , generalName.get(1) cause 
> IndexOutOfBoundsException in NiFiClient.java
> 
> 
> Diffs
> -
> 
>   
> plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiClient.java
>  c03bc12 
> 
> 
> Diff: https://reviews.apache.org/r/63403/diff/2/
> 
> 
> Testing
> ---
> 
> tested it
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 63404: RANGER-1863:Optimize the code and keep the code style consistent, remove the invalid code in the RemoteUnixLoginModule class

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63404/#review189629
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 30, 2017, 6:03 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63404/
> ---
> 
> (Updated Oct. 30, 2017, 6:03 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1863
> https://issues.apache.org/jira/browse/RANGER-1863
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Optimize the code and keep the code style consistent, remove the invalid code 
> in the LoginModule class
> 1.Change from "serverCertValidation = (! (certValidationFlag != null && 
> ("false".equalsIgnoreCase(certValidationFlag.trim().toLowerCase();"
> to "serverCertValidation = (! (certValidationFlag != null && 
> ("false".equalsIgnoreCase(certValidationFlag.trim().;"
> 2.Change from "System.err.println("Skipping RemoteLogin - [" + 
> JAAS_ENABLED_PARAM + "] => [" + val + "]");"
> to "log("Skipping RemoteLogin - [" + JAAS_ENABLED_PARAM + "] => [" + val + 
> "]");"
> 3.remove invalid code /*
> Properties config = null;
> String val = (String) 
> options.get(REMOTE_UNIX_AUTHENICATION_CONFIG_FILE_PARAM);
> log("Remote Unix Auth Configuration file [" + val + "]");
> if (val != null)
> { XMLUtils.loadConfig(val, config); }
> if (config == null)
> { logError("Remote Unix Auth Configuration is being loaded from XML 
> configuration - not Properties"); config = new Properties(); 
> config.putAll(options); }
> */
> 
> 
> Diffs
> -
> 
>   
> unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.java
>  ff296b4 
> 
> 
> Diff: https://reviews.apache.org/r/63404/diff/1/
> 
> 
> Testing
> ---
> 
> tested it!
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63351: RANGER-1859:Fix new findBugs in HdfsClient.java

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63351/#review189439
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 27, 2017, 9:12 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63351/
> ---
> 
> (Updated Oct. 27, 2017, 9:12 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, Venkat Ranganathan, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1859
> https://issues.apache.org/jira/browse/RANGER-1859
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix new findBugs in HdfsClient.java
> 
> There is FindBugs: Performance  (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) in 
> org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(Map<String,
>  String>)
> {code}
> if (fsDefaultNameElements != null && fsDefaultNameElements.length >= 2) {
>   String cluster = "";
>   StringBuffer clusters = new StringBuffer();
>   configs.put("dfs.nameservices", "hdfscluster");
>   configs.put("fs.default.name", "hdfs://" + 
> configs.get("dfs.nameservices"));
>   configs.put("dfs.client.failover.proxy.provider." + 
> configs.get("dfs.nameservices"),
>   
> "org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider");
>   for (int i = 0; i < fsDefaultNameElements.length; i++) {
>   cluster = "namenode" + (i + 1);
>   configs.put("dfs.namenode.rpc-address." + 
> configs.get("dfs.nameservices") + "." + cluster,
>   fsDefaultNameElements[i]);
>   if (i == (fsDefaultNameElements.length - 1)) {
>   clusters.append(cluster);
>   } else {
>   clusters.append(cluster).append(",");
>   }
>   }
>   configs.put("dfs.ha.namenodes." + configs.get("dfs.nameservices"), 
> clusters.toString());
> }
> {code}
> 
> To view the defects in Coverity Scan visit, 
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroU5mWNsNiM7OVRdsl6DJR5LTUChq42fVbU-2Fr1jlwSSZ3yR3k4ycwZTS0QkKayVUGYhpHjV8vMdPHJwfZIZjeDvW59RoGHYuxr3UvsJzGHNk6gAvr6OuaH0vx6ZtLRw-2F0NLST5sMrn2kXHvdALOtTEjnQ-3D-3D
> 
> 
> Diffs
> -
> 
>   
> hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
>  39fb9e8 
> 
> 
> Diff: https://reviews.apache.org/r/63351/diff/2/
> 
> 
> Testing
> ---
> 
> Tested
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62882: Good coding practice-add additional headers in ranger

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62882/#review189112
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 17, 2017, 10:54 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62882/
> ---
> 
> (Updated Oct. 17, 2017, 10:54 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1828
> https://issues.apache.org/jira/browse/RANGER-1828
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice-add additional headers in ranger.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  721dd44 
> 
> 
> Diff: https://reviews.apache.org/r/62882/diff/2/
> 
> 
> Testing
> ---
> 
> 1)Verified if response contains additional headers on simple ranger(http).
> 2)Verified if response contains additional headers on kerberized ranger.
> 3)Verified if response contains additional headers on SSL ranger(https).
> 4)Verified if response contains additional headers on kerberized+SSL ranger.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/#review189003
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 23, 2017, 11:19 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63225/
> ---
> 
> (Updated Oct. 23, 2017, 11:19 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1781
> https://issues.apache.org/jira/browse/RANGER-1781
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch adds two service-def validations (a. for detecting cycles in 
> resource-def graph, and b. to ensure increasing level values in resource-def 
> hierarchies).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  d0f015d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  7a719ab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
>  3f2cc2a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  e8d85c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
>  1a48151 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
>  274028e 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
>  ca055ff 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
>  b779090 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
>  6b774f8 
> 
> 
> Diff: https://reviews.apache.org/r/63225/diff/2/
> 
> 
> Testing
> ---
> 
> Developed unit tests for additional validations.
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63225: Additional back-end work with more ServiceDef validations for Policy create/edit form should display only relevant accesses based on the user-selected resource

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63225/#review188998
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
Lines 588 (patched)
<https://reviews.apache.org/r/63225/#comment265929>

Nitpick - mixing of spaces and tabs makes this harder to read.



agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
Lines 601 (patched)
<https://reviews.apache.org/r/63225/#comment265930>

Add some JavaDoc for this function


- Alejandro Fernandez


On Oct. 23, 2017, 9:45 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63225/
> ---
> 
> (Updated Oct. 23, 2017, 9:45 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1781
> https://issues.apache.org/jira/browse/RANGER-1781
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This patch adds two service-def validations (a. for detecting cycles in 
> resource-def graph, and b. to ensure increasing level values in resource-def 
> hierarchies).
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
>  d0f015d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  7a719ab 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java
>  3f2cc2a 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java
>  e8d85c5 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerObjectFactory.java
>  1a48151 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefHelper.java
>  274028e 
>   
> agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java
>  ca055ff 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_hdfs_policy.json
>  b779090 
>   
> agents-common/src/test/resources/resourcematcher/test_defaultpolicyresourcematcher_for_resource_specific_policy.json
>  6b774f8 
> 
> 
> Diff: https://reviews.apache.org/r/63225/diff/1/
> 
> 
> Testing
> ---
> 
> Developed unit tests for additional validations.
> Ran all unit tests successfully.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63142: Ranger admin support hdfs HA configuration when creating hdfs service.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63142/#review188855
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 20, 2017, 6:18 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63142/
> ---
> 
> (Updated Oct. 20, 2017, 6:18 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1844
> https://issues.apache.org/jira/browse/RANGER-1844
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase ,like jdbc url in hive. In hdfs service, only need to 
> config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster ?old? 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000 ?new?
> 
> 
> Diffs
> -
> 
>   
> hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
>  c252213f 
>   security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js 
> 3f8697e7 
>   security-admin/src/main/webapp/scripts/modules/globalize/message/en.js 
> 811db0c9 
> 
> 
> Diff: https://reviews.apache.org/r/63142/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188803
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 20, 2017, 2:02 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated Oct. 20, 2017, 2:02 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63147: RANGER-1845 - Add support to configure JWT signature algorithms

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63147/#review188714
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 19, 2017, 1:18 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63147/
> ---
> 
> (Updated Oct. 19, 2017, 1:18 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1845
> https://issues.apache.org/jira/browse/RANGER-1845
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The next Knox release will feature the ability to change the signature 
> algorithm from the default RS256. This task is to add support to specify a 
> signature algorithm in Ranger, which the received token must match. The new 
> configuration parameter is "ranger.sso.expected.sigalg" with a default value 
> of "RS256".
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  5e4207c9 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
>  b8246a9a 
> 
> 
> Diff: https://reviews.apache.org/r/63147/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it with Knox.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63145: This JAVA_VERSION_REQUIRED configuration item is invalid in security admin installer, we should enable it to control the necessary java version.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63145/#review188713
---




security-admin/scripts/setup.sh
Line 305 (original), 304 (patched)
<https://reviews.apache.org/r/63145/#comment265730>

This will not work if the minor version ever changes to 2 digits, e.g., 
1.10.0_1

Instead, concatenate 
export java_major_minor="$major.$minor"

if [[ "$java_major_minor" != "$JAVA_VERSION_REQUIRED" ]]; then
   ...


- Alejandro Fernandez


On Oct. 19, 2017, 1 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63145/
> ---
> 
> (Updated Oct. 19, 2017, 1 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1846
> https://issues.apache.org/jira/browse/RANGER-1846
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The java version must be equal to or more than 1.8 when we set db_ssl_enabled 
> equal to true.
> This JAVA_VERSION_REQUIRED configuration item is invalid in security admin 
> installer, we should enable it to control the necessary java version.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh e2a69b71 
> 
> 
> Diff: https://reviews.apache.org/r/63145/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 63142: Ranger admin support hdfs HA configuration when creating hdfs service.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63142/#review188706
---




hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
Lines 300 (patched)
<https://reviews.apache.org/r/63142/#comment265718>

Doesn't this also have to set 
dfs.namenode.http-address.$cluster.$nn_id ?

and potentially https instead if SSL is enabled.


- Alejandro Fernandez


On Oct. 19, 2017, 11:41 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63142/
> ---
> 
> (Updated Oct. 19, 2017, 11:41 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1844
> https://issues.apache.org/jira/browse/RANGER-1844
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In ranger admin, when creating a hdfs service, if hdfs cluster is in HA 
> mode,you have to config a lot of configs in hdfs_dev,such as:
> Namenode URL *=hdfs://hdfscluster
> ===Add New Configurations===
> dfs.nameservices=hdfscluster
> dfs.client.failover.proxy.provider.hdfscluster=org.apache.hadoop.hdfs.server.namenode.ha.ConfiguredFailoverProxyProvider
> dfs.ha.namenodes.hdfscluster=nn1,nn2
> dfs.namenode.rpc-address.hdfscluster.nn1=hdfs://10.43.159.240:9000
> dfs.namenode.rpc-address.hdfscluster.nn2=hdfs://10.43.159.245:9000
> ===End of add New Configurations===
> And other big data components such as hbase,hive and so on can support HA 
> without config
> lots of "Add New Configurations",it is easy to config a url. like zk queue 
> configuration in hbase ,like jdbc url in hive. In hdfs service, only need to 
> config "fs.default.name" :
> Namenode URL *=hdfs://hdfscluster ?old? 
> Namenode URL *=hdfs://dap230-183:9000,hdfs://dap229-183:9000 ?new?
> 
> 
> Diffs
> -
> 
>   
> hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java
>  c252213f 
> 
> 
> Diff: https://reviews.apache.org/r/63142/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 63085: Tag enricher performance improvement in identifying tags for resource being accessed

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63085/#review188547
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 18, 2017, 6:13 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63085/
> ---
> 
> (Updated Oct. 18, 2017, 6:13 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-1843
> https://issues.apache.org/jira/browse/RANGER-1843
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Performance improvements in RANGER-1771, in finding the policies for a given 
> resource, should be made in tag-enricher as well - to optimize finding of 
> tags applicable for a given resource.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  5f0a422 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  210eb3d 
> 
> 
> Diff: https://reviews.apache.org/r/63085/diff/4/
> 
> 
> Testing
> ---
> 
> Passes all unit tests. Tested with perf-tool locally.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63115: RANGER-1820: Updated optimized db schema script for SQLServer DB

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63115/#review188532
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 18, 2017, 5:21 p.m., Pradeep Agrawal wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63115/
> ---
> 
> (Updated Oct. 18, 2017, 5:21 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, 
> Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, 
> Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1820
> https://issues.apache.org/jira/browse/RANGER-1820
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> **Problem Statement:** DB schema script updated through RR-62717 does not 
> have new db patch entry(029) in optimized sql server script. Similarly java 
> patch J10008 and J10011 need to be added.
> 
> **Proposed Solution:** Proposed solution is having insert statement for sql 
> patch 029 and java patch J10008,J10011 in 
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> file.
> 
> **Note:** Patch for master branch shall be different than ranger-0.7 branch 
> patch as master branch script is already having changes related to java patch 
> J10008. Proposed patch for master branch is attached in Apache Jira 
> RANGER-1820.
> 
> 
> Diffs
> -
> 
>   security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> 27257e3 
> 
> 
> Diff: https://reviews.apache.org/r/63115/diff/1/
> 
> 
> Testing
> ---
> 
> 1) Executed DBA Setup and ensured that ranger-admin database and ranger-admin 
> DB user are created.
> 2) From a MSSQL Client tool executed 
> security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql 
> file on database created in previous step.
> 3) Executed DB setup and java patches execution command.
> 
> **Expected Behaviour :** Ranger setup process should skip the DB schema 
> creation and java patch execution. Ranger UI should work properly after 
> starting Ranger admin.
> Actual Behaviour : DB schema creation and java patch execution was skipped 
> and patches were marked executed in x_db_version_h table.
> 
> 
> Thanks,
> 
> Pradeep Agrawal
> 
>

Re: Review Request 63085: Tag enricher performance improvement in identifying tags for resource being accessed

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63085/#review188527
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
Lines 155 (patched)
<https://reviews.apache.org/r/63085/#comment265527>

Please add JavaDoc to new classes & methods.


- Alejandro Fernandez


On Oct. 18, 2017, 1:03 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63085/
> ---
> 
> (Updated Oct. 18, 2017, 1:03 a.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-1843
> https://issues.apache.org/jira/browse/RANGER-1843
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Performance improvements in RANGER-1771, in finding the policies for a given 
> resource, should be made in tag-enricher as well - to optimize finding of 
> tags applicable for a given resource.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/contextenricher/RangerTagEnricher.java
>  5f0a422d 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefHelper.java
>  210eb3d5 
> 
> 
> Diff: https://reviews.apache.org/r/63085/diff/3/
> 
> 
> Testing
> ---
> 
> Passes all unit tests. Tested with perf-tool locally.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 62882: Good coding practice-add additional headers in ranger

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62882/#review188343
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 17, 2017, 10:54 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62882/
> ---
> 
> (Updated Oct. 17, 2017, 10:54 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1828
> https://issues.apache.org/jira/browse/RANGER-1828
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice-add additional headers in ranger.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  721dd44 
> 
> 
> Diff: https://reviews.apache.org/r/62882/diff/2/
> 
> 
> Testing
> ---
> 
> 1)Verified if response contains additional headers on simple ranger(http).
> 2)Verified if response contains additional headers on kerberized ranger.
> 3)Verified if response contains additional headers on SSL ranger(https).
> 4)Verified if response contains additional headers on kerberized+SSL ranger.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 63068: RANGER-1842 - Don't catch Throwables in the test code

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63068/#review188342
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 17, 2017, 10:04 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63068/
> ---
> 
> (Updated Oct. 17, 2017, 10:04 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1842
> https://issues.apache.org/jira/browse/RANGER-1842
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> In a couple of the tests, we are catching Throwables. This means that the 
> Assert.fail() conditions inside the try statement are ineffective.
> 
> 
> Diffs
> -
> 
>   
> kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/RangerMasterKeyTest.java
>  cac22502 
>   
> storm-agent/src/test/java/org/apache/ranger/authorization/storm/StormRangerAuthorizerTest.java
>  53173078 
> 
> 
> Diff: https://reviews.apache.org/r/63068/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 63055: Audit log records for 'use dbName' and 'show databases' hive commands contain large number of tags

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63055/#review188244
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 16, 2017, 11:20 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63055/
> ---
> 
> (Updated Oct. 16, 2017, 11:20 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj and Ramesh Mani.
> 
> 
> Bugs: RANGER-1841
> https://issues.apache.org/jira/browse/RANGER-1841
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When a Hive service is configured for tag-based authorization, the audit log 
> generated for ‘use dbName’ or 'show databases' command would contain all the 
> tags associated with: the database, all tables in the database, all the 
> columns in the database. The number of tags in this audit log could be too 
> many; and having such large number of tags in audit logs of 'use ' 
> command may not be useful. It will be better not to log tags in audit logs 
> for 'use ' commands. Policy-id recorded in the audit log can be used 
> to identity the tag, if a tag-based policy authorized the command.
> 
> 
> Diffs
> -
> 
>   
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
>  9dea37a 
> 
> 
> Diff: https://reviews.apache.org/r/63055/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with local VM
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 62483: Service should not be renamed if tagged service resources exist for it

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62483/#review188190
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 16, 2017, 6:41 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62483/
> ---
> 
> (Updated Oct. 16, 2017, 6:41 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1795
> https://issues.apache.org/jira/browse/RANGER-1795
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> If a service is renamed in the presence of tagged service-resources that 
> refer to the service (through service-id), then a major discrepancy is 
> introduced in security+governance database. Therefore, it is necessary to 
> fail service update under these circumstances.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/ServiceStore.java 
> 89c3326 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> e433f08 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java 
> 9859992 
>   security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 54226d9 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java d3c22d7 
>   security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
> fa3c68e 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> 76e5088 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml a212e59 
>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
> c51aa2e 
>   security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
> 75cbdbd 
>   security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java 
> 4eaca03 
>   security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
> d65a426 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> 7c48d54 
> 
> 
> Diff: https://reviews.apache.org/r/62483/diff/2/
> 
> 
> Testing
> ---
> 
> Ran all unit tests successfully. Tested with local VM.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 63030: RANGER-1839 - Add the ability to specify SSO token audiences

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63030/#review188177
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 16, 2017, 2:38 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63030/
> ---
> 
> (Updated Oct. 16, 2017, 2:38 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1839
> https://issues.apache.org/jira/browse/RANGER-1839
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The KNOXSSO service can configure an audience parameter to restrict the 
> audience of a given issued token. However, we can't enforce this check in 
> Ranger. This task is to add a new configuration parameter 
> "ranger.sso.audiences", which is a comma separated String of audiences, one 
> of which must be contained (if specified) in the received token.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  7cfe0be8 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/SSOAuthenticationProperties.java
>  7706d9bf 
> 
> 
> Diff: https://reviews.apache.org/r/63030/diff/1/
> 
> 
> Testing
> ---
> 
> Tested that audience validation works correctly with KNOXSSO.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 62971: LOG class is imported error for RangerServiceService class

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62971/#review187987
---



What testing was done?

- Alejandro Fernandez


On Oct. 13, 2017, 10 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62971/
> ---
> 
> (Updated Oct. 13, 2017, 10 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1836
> https://issues.apache.org/jira/browse/RANGER-1836
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> LOG class is imported error for RangerServiceService class
> RangerServiceService.java import:
> import java.util.logging.Logger;
> I think java.util.logging.Logger class should be repalced with:
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
>  3dd761a2 
> 
> 
> Diff: https://reviews.apache.org/r/62971/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62967: RANGER-1835:The installer of the security admin should not repeatedly add a user to the same group.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62967/#review187986
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 13, 2017, 3:22 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62967/
> ---
> 
> (Updated Oct. 13, 2017, 3:22 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1835
> https://issues.apache.org/jira/browse/RANGER-1835
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The installer of the security admin will repeatedly add a user to the same 
> group if the user exists and the user belongs to the group. The installer 
> should check whether the user belongs to the group before adding user to 
> group.
> 
> 
> Diffs
> -
> 
>   security-admin/scripts/setup.sh 1630684c 
> 
> 
> Diff: https://reviews.apache.org/r/62967/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62850/#review187867
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 12, 2017, 8:57 p.m., Endre Zoltan Kovacs wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62850/
> ---
> 
> (Updated Oct. 12, 2017, 8:57 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1827
> https://issues.apache.org/jira/browse/RANGER-1827
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> created a microbenchmark for the policy evaluation engine
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  25f533476 
>   ranger-tools/pom.xml ff37fb3eb 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java 
> e6095cba2 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
>  PRE-CREATION 
>   
> ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java
>  PRE-CREATION 
>   ranger-tools/src/test/resources/log4j.properties 4ea9d854e 
>   ranger-tools/src/test/resources/testdata/performance-chart.template 
> PRE-CREATION 
>   ranger-tools/src/test/resources/testdata/single-policy-template.json 
> PRE-CREATION 
>   ranger-tools/src/test/resources/testdata/single-request-template.json 
> PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62850/diff/5/
> 
> 
> Testing
> ---
> 
> A parameterized JUnit test that tests the performance of RangerPolicyEngine 
> under increasing load of number of policies and concurrent calls.
> a cross product of the input parameters are generated and fed into the test 
> method.
> 
> This microbenchmark includes a warm-up phase so that any of the JIT 
> performance optimizations happen before the measurement of the policy 
> engine's performance.
> 
> 
> File Attachments
> 
> 
> 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch
>   
> https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch
> 
> 
> Thanks,
> 
> Endre Zoltan Kovacs
> 
>

Re: Review Request 62947: Update Ranger to use 0.8.1 Atlas version

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62947/#review187858
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 12, 2017, 7:27 p.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62947/
> ---
> 
> (Updated Oct. 12, 2017, 7:27 p.m.)
> 
> 
> Review request for ranger and Madhan Neethiraj.
> 
> 
> Bugs: RANGER-1833
> https://issues.apache.org/jira/browse/RANGER-1833
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Update Ranger to use 0.8.1 Atlas version
> 
> 
> Diffs
> -
> 
>   pom.xml 3958014 
>   
> tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasTagSource.java
>  12b02d9 
> 
> 
> Diff: https://reviews.apache.org/r/62947/diff/1/
> 
> 
> Testing
> ---
> 
> Ensured that tagsync starts up without any errors.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Re: Review Request 62882: Good coding practice-add additional headers in ranger

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62882/#review187822
---




security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
Lines 144 (patched)
<https://reviews.apache.org/r/62882/#comment264870>

This should include "includeSubDomains"
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet


- Alejandro Fernandez


On Oct. 12, 2017, 7:16 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62882/
> ---
> 
> (Updated Oct. 12, 2017, 7:16 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1828
> https://issues.apache.org/jira/browse/RANGER-1828
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice-add additional headers in ranger.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
>  721dd44 
> 
> 
> Diff: https://reviews.apache.org/r/62882/diff/1/
> 
> 
> Testing
> ---
> 
> 1)Verified if response contains additional headers on simple ranger(http).
> 2)Verified if response contains additional headers on kerberized ranger.
> 3)Verified if response contains additional headers on SSL ranger(https).
> 4)Verified if response contains additional headers on kerberized+SSL ranger.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 62724: RANGER-1822 - Remove ssoEnabled accessors in RangerSSOAuthenticationFilter

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62724/#review187613
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 2, 2017, 2:11 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62724/
> ---
> 
> (Updated Oct. 2, 2017, 2:11 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1822
> https://issues.apache.org/jira/browse/RANGER-1822
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to remove the ssoEnabled accessors in 
> RangerSSOAuthenticationFilter. "ssoEnabled" is currently a class variable, 
> but it is overridden every time in the doFilter method. It should instead 
> just be created per-request in doFilter.
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSSOAuthenticationFilter.java
>  481fe8e7 
> 
> 
> Diff: https://reviews.apache.org/r/62724/diff/1/
> 
> 
> Testing
> ---
> 
> Tested with Knox.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62850/#review187572
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 10, 2017, 11:51 a.m., Endre Zoltan Kovacs wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62850/
> ---
> 
> (Updated Oct. 10, 2017, 11:51 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1827
> https://issues.apache.org/jira/browse/RANGER-1827
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> created a microbenchmark for the policy evaluation engine
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  25f533476 
>   ranger-tools/pom.xml ff37fb3eb 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java 
> e6095cba2 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
>  PRE-CREATION 
>   
> ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java
>  PRE-CREATION 
>   ranger-tools/src/test/resources/log4j.properties 4ea9d854e 
>   ranger-tools/src/test/resources/testdata/single-policy-template.json 
> PRE-CREATION 
>   ranger-tools/src/test/resources/testdata/single-request-template.json 
> PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62850/diff/3/
> 
> 
> Testing
> ---
> 
> A parameterized JUnit test that tests the performance of RangerPolicyEngine 
> under increasing load of number of policies and concurrent calls.
> a cross product of the input parameters are generated and fed into the test 
> method.
> 
> This microbenchmark includes a warm-up phase so that any of the JIT 
> performance optimizations happen before the measurement of the policy 
> engine's performance.
> 
> 
> File Attachments
> 
> 
> 0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch
>   
> https://reviews.apache.org/media/uploaded/files/2017/10/10/3fc881bb-c8ea-427b-a6b4-8d1236159c82__0001-RANGER-1827-microbenchmark-for-RangerPolicyEngine.patch
> 
> 
> Thanks,
> 
> Endre Zoltan Kovacs
> 
>

Re: Review Request 62850: RANGER-1827: microbenchmark for policy evaluation

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62850/#review187462
---


Fix it, then Ship it!





agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
Line 88 (original), 90 (patched)
<https://reviews.apache.org/r/62850/#comment264458>

May be good to include "(microsec)"



ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
Lines 62 (patched)
<https://reviews.apache.org/r/62850/#comment264457>

Please add JavaDoc to all new classes and important methods


- Alejandro Fernandez


On Oct. 9, 2017, 9:19 p.m., Endre Zoltan Kovacs wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62850/
> ---
> 
> (Updated Oct. 9, 2017, 9:19 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1827
> https://issues.apache.org/jira/browse/RANGER-1827
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> created a microbenchmark for the policy evaluation engine
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PerfDataRecorder.java
>  25f533476 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/PerfTestClient.java 
> e6095cba2 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerAccessRequestDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/RangerResourceDeserializer.java
>  PRE-CREATION 
>   
> ranger-tools/src/main/java/org/apache/ranger/policyengine/perftest/v2/RangerPolicyFactory.java
>  PRE-CREATION 
>   
> ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java
>  PRE-CREATION 
>   ranger-tools/src/test/resources/log4j.properties 4ea9d854e 
>   ranger-tools/src/test/resources/testdata/single-policy-template.json 
> PRE-CREATION 
>   ranger-tools/src/test/resources/testdata/single-request-template.json 
> PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62850/diff/1/
> 
> 
> Testing
> ---
> 
> A parameterized JUnit test that tests the performance of RangerPolicyEngine 
> under increasing load of number of policies and concurrent calls.
> a cross product of the input parameters are generated and fed into the test 
> method.
> 
> This microbenchmark includes a warm-up phase so that any of the JIT 
> performance optimizations happen before the measurement of the policy 
> engine's performance.
> 
> 
> Thanks,
> 
> Endre Zoltan Kovacs
> 
>

Re: Review Request 62686: RANGER-1816:When the error occurs, the system does not record the error message

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62686/#review187428
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 9, 2017, 2:49 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62686/
> ---
> 
> (Updated Oct. 9, 2017, 2:49 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, pengjianhua, 
> and Ramesh Mani.
> 
> 
> Bugs: RANGER-1816
> https://issues.apache.org/jira/browse/RANGER-1816
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> these java files are as follows:
> RangerPolicyService.java
> XGroupService.java
> XUserService.java
> 
> 
> Diffs
> -
> 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
>  f55a103 
>   security-admin/src/main/java/org/apache/ranger/service/XGroupService.java 
> fd57430 
>   security-admin/src/main/java/org/apache/ranger/service/XUserService.java 
> 9be833c 
> 
> 
> Diff: https://reviews.apache.org/r/62686/diff/2/
> 
> 
> Testing
> ---
> 
> Tested!
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62714: RANGER-1819: Not able to delete group that is having special character(ampersand) from ranger admin.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62714/#review187111
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Line 373 (original), 373 (patched)
<https://reviews.apache.org/r/62714/#comment264040>

Should use StringUtils.isNotBlank(userName)


- Alejandro Fernandez


On Oct. 4, 2017, 10:38 a.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62714/
> ---
> 
> (Updated Oct. 4, 2017, 10:38 a.m.)
> 
> 
> Review request for ranger, Gautam Borad, Mehul Parikh, Pradeep Agrawal, and 
> Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1819
> https://issues.apache.org/jira/browse/RANGER-1819
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Trying to delete some of the group with special character from the ranger 
> admin, but not able to delete.
> This issue happens only if there is `&` in the groupname like groupspecial#$@&
> 
> Same issue present in case of users.
> 
> 
> Solution : Replace currently API (i.e delete by name) call with delete by 
> user id API.So we don't have to do extra handling for special charactes and 
> it also includes best practices for REST API.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 5a58346 
>   security-admin/src/main/webapp/scripts/model_bases/VXGroupBase.js b86120b 
>   security-admin/src/main/webapp/scripts/model_bases/VXUserBase.js c4a0d6c 
>   security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js 
> 65a1d18 
>   
> unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
>  d3e25fe 
> 
> 
> Diff: https://reviews.apache.org/r/62714/diff/2/
> 
> 
> Testing
> ---
> 
> Testing :
> 
> 1. Verified CRUD for users and groups.
> 2. Verified delete for users and groups with/without special characters 
> including `#`.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62751: RANGER-1824 - Upgrade Spring Framework to 3.2.18

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62751/#review186951
---


Ship it!




Ship It!

- Alejandro Fernandez


On Oct. 3, 2017, 2:09 p.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62751/
> ---
> 
> (Updated Oct. 3, 2017, 2:09 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1824
> https://issues.apache.org/jira/browse/RANGER-1824
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> When starting the Admin console, the following appears in the logs:
> 
> 2017-10-02 10:00:35,651 [localhost-startStop-1] WARN 
> org.springframework.security.core.SpringSecurityCoreVersion 
> (SpringSecurityCoreVersion.java:60) -  You are advised to use Spring 
> 3.2.18.RELEASE or later with this version. You are running: 3.2.10.RELEASE
> 
> We should update Spring to 3.2.18
> 
> 
> Diffs
> -
> 
>   pom.xml 3958014c 
> 
> 
> Diff: https://reviews.apache.org/r/62751/diff/1/
> 
> 
> Testing
> ---
> 
> Tested the admin console started properly + can load policies etc.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2

[Alejandro Fernandez]

> On Oct. 2, 2017, 6:13 p.m., Alejandro Fernandez wrote:
> >

Awesome contribution.


- Alejandro


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62710/#review186860
---


On Sept. 30, 2017, 8:34 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62710/
> ---
> 
> (Updated Sept. 30, 2017, 8:34 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1810
> https://issues.apache.org/jira/browse/RANGER-1810
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> PRE-CREATION 
>   plugin-sqoop/.gitignore PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION 
>   plugin-sqoop/pom.xml PRE-CREATION 
>   plugin-sqoop/scripts/install.properties PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-sqoop-plugin-shim/.gitignore PRE-CREATION 
>   ranger-sqoop-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 0e97818 
>   src/main/assembly/plugin-sqoop.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62710/diff/1/
> 
> 
> Testing
> ---
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62710: RANGER-1810:Ranger supports plugin to enable, monitor and manage apache Sqoop2

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62710/#review186860
---




plugin-sqoop/scripts/install.properties
Lines 39 (patched)
<https://reviews.apache.org/r/62710/#comment263707>

Should all of these commented lines be removed?



plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
Lines 49 (patched)
<https://reviews.apache.org/r/62710/#comment263704>

Add JavaDoc to all new classes and methods.



plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
Lines 85 (patched)
<https://reviews.apache.org/r/62710/#comment263703>

If any errors are found, should this raise an exception instead of just 
logging?



plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
Lines 103 (patched)
<https://reviews.apache.org/r/62710/#comment263705>

Are there any paths in which the response object needs to be .closed()?



plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
Lines 21 (patched)
<https://reviews.apache.org/r/62710/#comment263706>

Add JavaDoc


- Alejandro Fernandez


On Sept. 30, 2017, 8:34 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62710/
> ---
> 
> (Updated Sept. 30, 2017, 8:34 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, sam  rome, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1810
> https://issues.apache.org/jira/browse/RANGER-1810
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Apache Sqoop is a tool designed for efficiently transferring bulk data 
> between Apache Hadoop and structured datastores such as relational databases. 
> You can use Sqoop to import data from external structured datastores into 
> Hadoop Distributed File System or related systems like Hive and HBase. 
> Conversely, Sqoop can be used to extract data from Hadoop and export it to 
> external structured datastores such as relational databases and enterprise 
> data warehouses.It successfully graduated from the Incubator in March of 2012 
> and is now a Top-Level Apache project.
> The Ranger will further expand the influence in the hadoop ecosystem if it 
> supports sqoop authorization. So we should develop sqoop plugin to enable, 
> monitor and manage apache Sqoop2.
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Diffs
> -
> 
>   agents-common/scripts/enable-agent.sh d31a264 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java
>  9463ab8 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
>   agents-common/src/main/resources/service-defs/ranger-servicedef-sqoop.json 
> PRE-CREATION 
>   plugin-sqoop/.gitignore PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-policymgr-ssl.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-audit.xml PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security-changes.cfg PRE-CREATION 
>   plugin-sqoop/conf/ranger-sqoop-security.xml PRE-CREATION 
>   plugin-sqoop/pom.xml PRE-CREATION 
>   plugin-sqoop/scripts/install.properties PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/RangerServiceSqoop.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopClient.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/SqoopResourceMgr.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorResponse.java
>  PRE-CREATION 
>   
> plugin-sqoop/src/main/java/org/apache/ranger/services/sqoop/client/json/model/SqoopConnectorsResponse.java
>  PRE-CREATION 
>   pom.xml 3958014 
>   ranger-sqoop-plugin-shim/.gitignore PRE-CREATION 
>   ranger-sqoop-plugin-shim/pom.xml PRE-CREATION 
>   
> ranger-sqoop-plugin-shim/src/main/java/org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.java
>  PRE-CREATION 
>   src/main/assembly/admin-web.xml 0e97818 
>   src/main/assembly/plugin-sqoop.xml PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62710/diff/1/
> 
> 
> Testing
> ---
> 
> Our test specialists have rigorously tested this feature.
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62713: RANGER 1818: Good coding practice in Ranger recommended by static code analysis

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62713/#review186857
---


Fix it, then Ship it!





unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
Line 117 (original), 117 (patched)
<https://reviews.apache.org/r/62713/#comment263698>

Put a space after the ","


- Alejandro Fernandez


On Sept. 30, 2017, 10:17 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62713/
> ---
> 
> (Updated Sept. 30, 2017, 10:17 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1818
> https://issues.apache.org/jira/browse/RANGER-1818
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Good coding practice in Ranger recommended by static code analysis on the 
> last commit made.Instead of printing the entire object we are printing only 
> the error message that gives clear information about the error.
> 
> 
> Diffs
> -
> 
>   
> unixauthclient/src/main/java/org/apache/ranger/authentication/unix/jaas/PamLoginModule.java
>  0b3d2e6 
>   
> unixauthservice/src/main/java/org/apache/ranger/authentication/PasswordValidator.java
>  20ced89 
> 
> 
> Diff: https://reviews.apache.org/r/62713/diff/1/
> 
> 
> Testing
> ---
> 
> 1.Tested SSO Authentication
> 2.Junit test was successful
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 62657: The drop-down box name "database" is not showing full when edit hive policy

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62657/#review186595
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 28, 2017, 11:50 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62657/
> ---
> 
> (Updated Sept. 28, 2017, 11:50 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1813
> https://issues.apache.org/jira/browse/RANGER-1813
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The drop-down box name "database" is not showing full when edit hive policy.
> Please see picture (database.PNG)
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/styles/xa.css 9751d90b 
> 
> 
> Diff: https://reviews.apache.org/r/62657/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62657: The drop-down box name "database" is not showing full when edit hive policy

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62657/#review186596
---



Which browsers was this tested on?

- Alejandro Fernandez


On Sept. 28, 2017, 11:50 a.m., Qiang Zhang wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62657/
> ---
> 
> (Updated Sept. 28, 2017, 11:50 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, pengjianhua, Ramesh Mani, 
> Selvamohan Neethiraj, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1813
> https://issues.apache.org/jira/browse/RANGER-1813
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The drop-down box name "database" is not showing full when edit hive policy.
> Please see picture (database.PNG)
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/styles/xa.css 9751d90b 
> 
> 
> Diff: https://reviews.apache.org/r/62657/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Qiang Zhang
> 
>

Re: Review Request 62662: Fix invalid code and error logic for the BaseDao class

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62662/#review186594
---



Any testing done on this?

- Alejandro Fernandez


On Sept. 28, 2017, 12:38 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62662/
> ---
> 
> (Updated Sept. 28, 2017, 12:38 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1815
> https://issues.apache.org/jira/browse/RANGER-1815
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fix invalid code and error logic for the BaseDao class
> 
> 
> Diffs
> -
> 
>   agents-audit/src/main/java/org/apache/ranger/audit/dao/BaseDao.java 
> 75593d2f 
> 
> 
> Diff: https://reviews.apache.org/r/62662/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62659: RANGER-1814 : Move the reader into a local variable in LocalFileLogBuffer

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62659/#review186584
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 28, 2017, 11:27 a.m., Zsombor Gegesy wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62659/
> ---
> 
> (Updated Sept. 28, 2017, 11:27 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1814
> https://issues.apache.org/jira/browse/RANGER-1814
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Static code analyser flagged sendCurrentFile in LogFileLogBuffer as dubious 
> BufferedReader usage - because it's not clear if that reader is closed 
> properly. Suggested to move from instance variable to method local variable
> 
> 
> Diffs
> -
> 
>   
> agents-audit/src/main/java/org/apache/ranger/audit/provider/LocalFileLogBuffer.java
>  56a24ed 
> 
> 
> Diff: https://reviews.apache.org/r/62659/diff/1/
> 
> 
> Testing
> ---
> 
> Tested locally, travis build: 
> https://travis-ci.org/gzsombor/ranger/builds/280822647
> 
> 
> Thanks,
> 
> Zsombor Gegesy
> 
>

Re: Review Request 62436: RANGER-1779 : last resource gets duplicated during update policy if policy is created through public api rest call

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62436/#review186486
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 27, 2017, 10:10 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62436/
> ---
> 
> (Updated Sept. 27, 2017, 10:10 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1779
> https://issues.apache.org/jira/browse/RANGER-1779
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> 1) create a policy with multiple resource *,default using public api
> 2) go to ranger admin ui and update the policy without any change
> 3) again view the policy.
> Issue:
> default gets duplicated as resource in the policy.
> and even new entry is added in resource map table for the last resource.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> da65074 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java
>  634082c 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62436/diff/4/
> 
> 
> Testing
> ---
> 
> 1)Verified if same resource does not get duplicated during create and update 
> policy.
> 2)Verified if resource duplication does not happen through public API and 
> Public APIv2 as well.
> 3)Verified if policies are getting created with multiple distinct resource.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 62024: RANGER-1756: Handle role related restrictions for users having User role.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186458
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 27, 2017, 11:27 a.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> ---
> 
> (Updated Sept. 27, 2017, 11:27 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul 
> Parikh, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Handle role related restrictions for users having User role.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 
> 320a9a4 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad 
> 
> 
> Diff: https://reviews.apache.org/r/62024/diff/4/
> 
> 
> Testing
> ---
> 
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has 
> USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62437: RANGER-1779 : last resource gets duplicated during update policy if policy is created through public api rest call

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62437/#review186452
---




security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java
Lines 108 (patched)
<https://reviews.apache.org/r/62437/#comment263006>

Might want to add some javadoc


- Alejandro Fernandez


On Sept. 27, 2017, 10:11 a.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62437/
> ---
> 
> (Updated Sept. 27, 2017, 10:11 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1779
> https://issues.apache.org/jira/browse/RANGER-1779
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> 1) create a policy with multiple resource *,default using public api
> 2) go to ranger admin ui and update the policy without any change
> 3) again view the policy.
> Issue:
> default gets duplicated as resource in the policy.
> and even new entry is added in resource map table for the last resource.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 63fdf4f 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java
>  634082c 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62437/diff/4/
> 
> 
> Testing
> ---
> 
> 1)Verified if same resource does not get duplicated during create and update 
> policy.
> 2)Verified if resource duplication does not happen through public API and 
> Public APIv2 as well.
> 3)Verified if policies are getting created with multiple distinct resource.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 62520: Here is a error in getStatusResponse() when post data exception for AtlasClient class

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62520/#review186451
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 27, 2017, 1:59 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62520/
> ---
> 
> (Updated Sept. 27, 2017, 1:59 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1802
> https://issues.apache.org/jira/browse/RANGER-1802
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Here is a error in getStatusResponse() when post data exception for 
> AtlasClient class
> {code}
> try {
>   statusResponse = 
> webResource.type("application/x-www-form-urlencoded").post(ClientResponse.class,
>   formData);
>   } catch (Exception e) {
>   String msgDesc = "Unable to get a valid 
> statusResponse for " + "expected mime type : ["
>   + EXPECTED_MIME_TYPE + "] URL : 
> " + statusUrl + " - got null response.";
>   LOG.error(msgDesc);
>   }
> {code}
> 
> should be
> 
> {code}
> try {
>   statusResponse = 
> webResource.type("application/x-www-form-urlencoded").post(ClientResponse.class,
>   formData);
>   } catch (Exception e) {
>   String msgDesc = "Unable to get a valid 
> statusResponse for " + "expected mime type : 
> [application/x-www-form-urlencoded] URL : " + statusUrl + " - got null 
> response.";
>   LOG.error(msgDesc);
>   }
> {code}
> 
> 
> Diffs
> -
> 
>   
> plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
>  c10da79c 
> 
> 
> Diff: https://reviews.apache.org/r/62520/diff/5/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62567: RANGER-1727 : Ranger allows user to change an external user's password with 'null' old password

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62567/#review186450
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 26, 2017, 11:56 a.m., Fatima Khan wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62567/
> ---
> 
> (Updated Sept. 26, 2017, 11:56 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1727
> https://issues.apache.org/jira/browse/RANGER-1727
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Ranger allows user to change an external user's password with 'null' old 
> password
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java cc81029 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 447aebb 
>   security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java 
> d0fb3dc 
> 
> 
> Diff: https://reviews.apache.org/r/62567/diff/1/
> 
> 
> Testing
> ---
> 
> 1.External user is not able to change the password using ranger Api's (same 
> as ui).
> 2.Verified all the existing unit tests are passing.
> 3.Verified password change feature for internal users.
> 
> 
> Thanks,
> 
> Fatima Khan
> 
>

Re: Review Request 62555: RANGER-1801: group user mapping updates to ranger admin fail when the mapping is already existed in ranger DB

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62555/#review186330
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 589 (patched)
<https://reviews.apache.org/r/62555/#comment262822>

Small nitpick here, there are 2 spaces after "groupname ="


- Alejandro Fernandez


On Sept. 26, 2017, 8:35 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62555/
> ---
> 
> (Updated Sept. 26, 2017, 8:35 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1801
> https://issues.apache.org/jira/browse/RANGER-1801
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Added code to check if the groupname and userid entry is already existing in 
> ranger db before adding or updating the entry.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 7450302 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java 
> 1a76d27 
>   
> security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java 
> d1901d9 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 68548a5 
> 
> 
> Diff: https://reviews.apache.org/r/62555/diff/2/
> 
> 
> Testing
> ---
> 
> 1. Performed some functional tests with delta sync and update group 
> memberships in AD.
> 2. Verified all the existing unit tests are passing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 62519: RANGER-1800: Usersync fails to update users and groups during incremental sync with nested groups and group first search enabled

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62519/#review186316
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 22, 2017, 10:43 p.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62519/
> ---
> 
> (Updated Sept. 22, 2017, 10:43 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1800
> https://issues.apache.org/jira/browse/RANGER-1800
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Fixed a minor issue where groups are not properly added to the cache.
> 
> 
> Diffs
> -
> 
>   
> ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java
>  394bde2 
> 
> 
> Diff: https://reviews.apache.org/r/62519/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Successfully ran the unit tests for regressions
> 2. Ran few functional tested with AD as the sync source.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Re: Review Request 62436: RANGER-1779 : last resource gets duplicated during update policy if policy is created through public api rest call

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62436/#review186294
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10010.java
Lines 43 (patched)
<https://reviews.apache.org/r/62436/#comment262770>

Please add some Javadoc for what this class does.


- Alejandro Fernandez


On Sept. 26, 2017, 4:27 p.m., Nikhil P wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62436/
> ---
> 
> (Updated Sept. 26, 2017, 4:27 p.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
> Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan 
> Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1779
> https://issues.apache.org/jira/browse/RANGER-1779
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> 1) create a policy with multiple resource *,default using public api
> 2) go to ranger admin ui and update the policy without any change
> 3) again view the policy.
> Issue:
> default gets duplicated as resource in the policy.
> and even new entry is added in resource map table for the last resource.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> da65074 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java
>  634082c 
>   
> security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10010.java
>  PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/62436/diff/3/
> 
> 
> Testing
> ---
> 
> 1)Verified if same resource does not get duplicated during create and update 
> policy.
> 2)Verified if resource duplication does not happen through public API and 
> Public APIv2 as well.
> 3)Verified if policies are getting created with multiple distinct resource.
> 
> 
> Thanks,
> 
> Nikhil P
> 
>

Re: Review Request 62024: RANGER-1756: Handle role related restrictions for users having User role.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186293
---


Fix it, then Ship it!





security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Line 358 (original), 367 (patched)
<https://reviews.apache.org/r/62024/#comment262769>

Nitpick here, but should have a space before and after = sign.
Same in line 353 and 382


- Alejandro Fernandez


On Sept. 25, 2017, 5:05 a.m., Nitin Galave wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> ---
> 
> (Updated Sept. 25, 2017, 5:05 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul 
> Parikh, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Handle role related restrictions for users having User role.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad 
> 
> 
> Diff: https://reviews.apache.org/r/62024/diff/3/
> 
> 
> Testing
> ---
> 
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has 
> USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
> 
> 
> Thanks,
> 
> Nitin Galave
> 
>

Re: Review Request 62398: From the ease of use point of view, Select / Deselect All and other checkbox should be associated in add/edit permissions pop window.

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62398/#review186292
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 21, 2017, 8:47 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62398/
> ---
> 
> (Updated Sept. 21, 2017, 8:47 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1790
> https://issues.apache.org/jira/browse/RANGER-1790
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> The current logic is as following:
> 1. Other checkbox will be selected when the "Select checkbox" was selected.
> 2. Other checkbox will be deselected when the "Deselect checkbox" was 
> selected.
> 3. The "Select / Deselect All" checkbox was not automatically selected when 
> all checkbox were Selected.
> 4. The "Select / Deselect All" checkbox was not automatically deselected when 
> all checkbox were deselected.
> The right logic should be as following:
> 1. Other checkbox will be selected when the "Select checkbox" was selected.
> 2. Other checkbox will be deselected when the "Deselect checkbox" was 
> selected.
> 3. The "Select / Deselect All" checkbox was automatically selected when all 
> checkbox were Selected.
> 4. The "Select / Deselect All" checkbox was automatically deselected when all 
> checkbox were deselected.
> Please refer to select-all-permissions.png and select-all-permissions-01.png.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/webapp/scripts/views/policies/PermissionList.js 
> 0803945e 
> 
> 
> Diff: https://reviews.apache.org/r/62398/diff/1/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62490: Updated masking policy for hive to support for deny/allowException/denyExceptions

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62490/#review186290
---


Ship it!




Ship It!

- Alejandro Fernandez


On Sept. 26, 2017, 7:31 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62490/
> ---
> 
> (Updated Sept. 26, 2017, 7:31 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1796
> https://issues.apache.org/jira/browse/RANGER-1796
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Masking policy for hive should support for deny/allowException/denyExceptions 
> to meet further business needs. Such as masking policy for hive should 
> support as following scene and so on:
> USER1, USER2 and USER3 belong to the user group GROUPA. Select GROUPA group 
> when created masking policy. The USER1 does not use masking and USER2, USER3 
> need masking.
> 
> We rigorously tested this issue. The test result shows that the feature is ok.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java 
> 60daed9 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
>  0b5fc0e 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
>  067ca04 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
>  f5d7ad3 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java
>  47b4921 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyItemEvaluator.java
>  edbde29 
>   
> security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java 
> 1b6f440 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> da65074 
>   
> security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
>  f55a103 
>   security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad 
>   security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js 
> 9a8d82d 
> 
> 
> Diff: https://reviews.apache.org/r/62490/diff/2/
> 
> 
> Testing
> ---
> 
> tested it
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62555: RANGER-1801: group user mapping updates to ranger admin fail when the mapping is already existed in ranger DB

[Alejandro Fernandez]

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62555/#review186179
---




security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
Lines 589 (patched)
<https://reviews.apache.org/r/62555/#comment262633>

Suggest using String.format()



security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java
Lines 118 (patched)
<https://reviews.apache.org/r/62555/#comment262634>

Should this check using StringUtils.isNotBlank instead of just null?



security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java
Line 86 (original), 86 (patched)
<https://reviews.apache.org/r/62555/#comment262635>

Can remove unnecessary var.


- Alejandro Fernandez


On Sept. 26, 2017, 12:01 a.m., Sailaja Polavarapu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62555/
> ---
> 
> (Updated Sept. 26, 2017, 12:01 a.m.)
> 
> 
> Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
> Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja 
> Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1801
> https://issues.apache.org/jira/browse/RANGER-1801
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Added code to check if the groupname and userid entry is already existing in 
> ranger db before adding or updating the entry.
> 
> 
> Diffs
> -
> 
>   security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 7450302 
>   security-admin/src/main/java/org/apache/ranger/db/XXGroupUserDao.java 
> 1a76d27 
>   
> security-admin/src/main/java/org/apache/ranger/service/XGroupUserService.java 
> d1901d9 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 68548a5 
> 
> 
> Diff: https://reviews.apache.org/r/62555/diff/1/
> 
> 
> Testing
> ---
> 
> 1. Performed some functional tests with delta sync and update group 
> memberships in AD.
> 2. Verified all the existing unit tests are passing.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

[Alejandro Fernandez (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alejandro Fernandez updated RANGER-1780:

Description: 
AuditSummaryQueue already has logic to enable the summarization, but it 
requires 2 events to have the exact same resource path (plus a couple of other 
fields such as user, access type, access result, action, client ip, session).
This Jira is to add a config called 
xasecure.audit.provider.summary.aggregate.level so that if it is set to 
"directory" then 2 events can still be aggregated if they are files in the same 
directory.
If the config is not specified its default value will be "file" which preserves 
the existing behavior.

See [^ranger_summary.png] for screenshot on desired behavior.

  was:
AuditSummaryQueue already has logic to enable the summarization, but it 
requires 2 events to have the exact same resource path (plus a couple of other 
fields such as user, access type, access result, action, client ip, session).
This Jira is to add a config called 
xasecure.audit.provider.summary.aggregate.level so that if it is set to 
"directory" then 2 events can still be aggregated if they are files in the same 
directory.
If the config is not specified its default value will be "file" which preserves 
the existing behavior.


> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>    Affects Versions: 0.7.1
>Reporter: Alejandro Fernandez
> Fix For: 1.0.0
>
> Attachments: RANGER-1780.patch, ranger_summary.png
>
>
> AuditSummaryQueue already has logic to enable the summarization, but it 
> requires 2 events to have the exact same resource path (plus a couple of 
> other fields such as user, access type, access result, action, client ip, 
> session).
> This Jira is to add a config called 
> xasecure.audit.provider.summary.aggregate.level so that if it is set to 
> "directory" then 2 events can still be aggregated if they are files in the 
> same directory.
> If the config is not specified its default value will be "file" which 
> preserves the existing behavior.
> See [^ranger_summary.png] for screenshot on desired behavior.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

[Alejandro Fernandez (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alejandro Fernandez updated RANGER-1780:

Attachment: ranger_summary.png

> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 0.7.1
>    Reporter: Alejandro Fernandez
> Fix For: 1.0.0
>
> Attachments: RANGER-1780.patch, ranger_summary.png
>
>
> AuditSummaryQueue already has logic to enable the summarization, but it 
> requires 2 events to have the exact same resource path (plus a couple of 
> other fields such as user, access type, access result, action, client ip, 
> session).
> This Jira is to add a config called 
> xasecure.audit.provider.summary.aggregate.level so that if it is set to 
> "directory" then 2 events can still be aggregated if they are files in the 
> same directory.
> If the config is not specified its default value will be "file" which 
> preserves the existing behavior.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

[Alejandro Fernandez (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alejandro Fernandez updated RANGER-1780:

Description: 
AuditSummaryQueue already has logic to enable the summarization, but it 
requires 2 events to have the exact same resource path (plus a couple of other 
fields such as user, access type, access result, action, client ip, session).
This Jira is to add a config called 
xasecure.audit.provider.summary.aggregate.level so that if it is set to 
"directory" then 2 events can still be aggregated if they are files in the same 
directory.
If the config is not specified its default value will be "file" which preserves 
the existing behavior.

  was:
When processing a list of AuthzAuditEvents, a chain of them can be grouped (or 
rather 2...n skipped) if they share similar attributes (same user, access type, 
access result, time window during the access time, etc.

https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14


> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 0.7.1
>Reporter: Alejandro Fernandez
> Fix For: 1.0.0
>
>
> AuditSummaryQueue already has logic to enable the summarization, but it 
> requires 2 events to have the exact same resource path (plus a couple of 
> other fields such as user, access type, access result, action, client ip, 
> session).
> This Jira is to add a config called 
> xasecure.audit.provider.summary.aggregate.level so that if it is set to 
> "directory" then 2 events can still be aggregated if they are files in the 
> same directory.
> If the config is not specified its default value will be "file" which 
> preserves the existing behavior.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1780) Allow AuditSummaryQueue to aggregate events in the same directory

[Alejandro Fernandez (JIRA)]

 [ 
https://issues.apache.org/jira/browse/RANGER-1780?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alejandro Fernandez updated RANGER-1780:

Summary: Allow AuditSummaryQueue to aggregate events in the same directory  
(was: Optimize Audit Logging by Aggregating/Skipping similar AuthzAuditEvents)

> Allow AuditSummaryQueue to aggregate events in the same directory
> -
>
> Key: RANGER-1780
> URL: https://issues.apache.org/jira/browse/RANGER-1780
> Project: Ranger
>  Issue Type: Improvement
>  Components: audit
>Affects Versions: 0.7.1
>    Reporter: Alejandro Fernandez
> Fix For: 1.0.0
>
>
> When processing a list of AuthzAuditEvents, a chain of them can be grouped 
> (or rather 2...n skipped) if they share similar attributes (same user, access 
> type, access result, time window during the access time, etc.
> https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1780) Optimize Audit Logging by Aggregating/Skipping similar AuthzAuditEvents

[Alejandro Fernandez (JIRA)]

Alejandro Fernandez created RANGER-1780:
---

 Summary: Optimize Audit Logging by Aggregating/Skipping similar 
AuthzAuditEvents
 Key: RANGER-1780
 URL: https://issues.apache.org/jira/browse/RANGER-1780
 Project: Ranger
  Issue Type: Improvement
  Components: audit
Affects Versions: 0.7.1
Reporter: Alejandro Fernandez
 Fix For: 1.0.0


When processing a list of AuthzAuditEvents, a chain of them can be grouped (or 
rather 2...n skipped) if they share similar attributes (same user, access type, 
access result, time window during the access time, etc.

https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java#L14



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)