[jira] [Commented] (RANGER-4933) Ranger API to Summary View of DataShares in GDS
[
https://issues.apache.org/jira/browse/RANGER-4933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896355#comment-17896355
]
Dineshkumar Yadav commented on RANGER-4933:
---
Hi [~radhikak], below changes are breaking for mysql
[https://github.com/apache/ranger/blob/master/security-admin/db/mysql/patches/075-add-validity_schedule-labels-keywords-in-x_gds_dataset.sql#L16]
can you please update patch with below solution will work
{code:java}
drop procedure if exists
add_validity_schedule_labels_keywords_in_x_gds_dataset();
change this to below
drop procedure if exists add_validity_schedule_labels_keywords_in_x_gds_dataset;
{code}
updated patch is attached
CC [~rmani]
> Ranger API to Summary View of DataShares in GDS
> ---
>
> Key: RANGER-4933
> URL: https://issues.apache.org/jira/browse/RANGER-4933
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Radhika Kundam
>Assignee: Radhika Kundam
>Priority: Major
> Fix For: 3.0.0
>
> Attachments:
> 0001-RANGER-4933-Ranger-API-to-Summary-View-of-DataShares.patch,
> SummaryView_Datashares_in_GDS_API_request_response.json
>
>
> Ranger API to Summary View of DataShares in a GDS
> Summary should have the following details.
> - DataShare
> - Number of Assets on the DataShare.
> - Created by and when details.
> - End of Support Date
> - Tags
> - Keywords
> - Number of external user which this DataShare is shared.
> A DataShare defined as - a Rager DataSet associated to a Ranger DataShare
> with resources ( iceberg tables) added to it. Each Ranger Dataset will have a
> policy for the Ranger DataSet and a policy item for a external user with
> permissions( READ for now) for sharing. To share the same Ranger Dataset with
> another external user, a policy item will be added to the new external user.
> *service/gds/dataset/summary* can be enhanced to provide the necessary info.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-4933) Ranger API to Summary View of DataShares in GDS
[
https://issues.apache.org/jira/browse/RANGER-4933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896355#comment-17896355
]
Dineshkumar Yadav edited comment on RANGER-4933 at 11/7/24 3:11 PM:
Hi [~radhikak], below changes are breaking for mysql
[https://github.com/apache/ranger/blob/master/security-admin/db/mysql/patches/075-add-validity_schedule-labels-keywords-in-x_gds_dataset.sql#L16]
can you please update patch with below solution will work
{code:java}
drop procedure if exists
add_validity_schedule_labels_keywords_in_x_gds_dataset();
change this to below
drop procedure if exists add_validity_schedule_labels_keywords_in_x_gds_dataset;
{code}
updated patch is attached :
0001-RANGER-4933-Ranger-API-to-Summary-View-of-DataShares.patch
CC [~rmani]
was (Author: dineshkumar-yadav):
Hi [~radhikak], below changes are breaking for mysql
[https://github.com/apache/ranger/blob/master/security-admin/db/mysql/patches/075-add-validity_schedule-labels-keywords-in-x_gds_dataset.sql#L16]
can you please update patch with below solution will work
{code:java}
drop procedure if exists
add_validity_schedule_labels_keywords_in_x_gds_dataset();
change this to below
drop procedure if exists add_validity_schedule_labels_keywords_in_x_gds_dataset;
{code}
updated patch is attached
CC [~rmani]
> Ranger API to Summary View of DataShares in GDS
> ---
>
> Key: RANGER-4933
> URL: https://issues.apache.org/jira/browse/RANGER-4933
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Radhika Kundam
>Assignee: Radhika Kundam
>Priority: Major
> Fix For: 3.0.0
>
> Attachments:
> 0001-RANGER-4933-Ranger-API-to-Summary-View-of-DataShares.patch,
> SummaryView_Datashares_in_GDS_API_request_response.json
>
>
> Ranger API to Summary View of DataShares in a GDS
> Summary should have the following details.
> - DataShare
> - Number of Assets on the DataShare.
> - Created by and when details.
> - End of Support Date
> - Tags
> - Keywords
> - Number of external user which this DataShare is shared.
> A DataShare defined as - a Rager DataSet associated to a Ranger DataShare
> with resources ( iceberg tables) added to it. Each Ranger Dataset will have a
> policy for the Ranger DataSet and a policy item for a external user with
> permissions( READ for now) for sharing. To share the same Ranger Dataset with
> another external user, a policy item will be added to the new external user.
> *service/gds/dataset/summary* can be enhanced to provide the necessary info.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4933) Ranger API to Summary View of DataShares in GDS
[ https://issues.apache.org/jira/browse/RANGER-4933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4933: -- Attachment: 0001-RANGER-4933-Ranger-API-to-Summary-View-of-DataShares.patch > Ranger API to Summary View of DataShares in GDS > --- > > Key: RANGER-4933 > URL: https://issues.apache.org/jira/browse/RANGER-4933 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Radhika Kundam >Assignee: Radhika Kundam >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-4933-Ranger-API-to-Summary-View-of-DataShares.patch, > SummaryView_Datashares_in_GDS_API_request_response.json > > > Ranger API to Summary View of DataShares in a GDS > Summary should have the following details. > - DataShare > - Number of Assets on the DataShare. > - Created by and when details. > - End of Support Date > - Tags > - Keywords > - Number of external user which this DataShare is shared. > A DataShare defined as - a Rager DataSet associated to a Ranger DataShare > with resources ( iceberg tables) added to it. Each Ranger Dataset will have a > policy for the Ranger DataSet and a policy item for a external user with > permissions( READ for now) for sharing. To share the same Ranger Dataset with > another external user, a policy item will be added to the new external user. > *service/gds/dataset/summary* can be enhanced to provide the necessary info. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4692) Sorting on the Ranger Admin - Plugin Status page by event(Download,Activation)
[
https://issues.apache.org/jira/browse/RANGER-4692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895530#comment-17895530
]
Dineshkumar Yadav commented on RANGER-4692:
---
Hi [~madhan], can you please review above approach.
Thanks
> Sorting on the Ranger Admin - Plugin Status page by event(Download,Activation)
> --
>
> Key: RANGER-4692
> URL: https://issues.apache.org/jira/browse/RANGER-4692
> Project: Ranger
> Issue Type: New Feature
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
>
> Currently there are different type like (Policy, Role, Tag, UserStore and
> GDS) on plugin status.
> when we have plugins(large enough to accommodate in single page), It will be
> helpful to identify any out-of-sync plugins based on download times, sorting
> them by policyDownloadTime, tagDownloadTime, roleDownloadTime,
> userstoreDownloadTime and gdsDownloadTime.
> *Design Approach*
> # Update ranger table x_plugin_info by adding below new columns to handle
> sorting of plugin status.
> {code:java}
> policy_download_time bigint(20) DEFAULT NULL
> policy_activation_time bigint(20) DEFAULT NULL
> tag_download_time bigint(20) DEFAULT NULL
> tag_activation_time bigint(20) DEFAULT NULL
> gds_download_time bigint(20) DEFAULT NULL
> gds_activation_time bigint(20) DEFAULT NULL
> role_download_time bigint(20) DEFAULT NULL
> role_activation_time bigint(20) DEFAULT NULL
> userstore_download_time bigint(20) DEFAULT NULL
> userstore_activation_time bigint(20) DEFAULT NULL
> cluster_name varchar(255) DEFAULT NULL
> {code}
> # create indexing for each new column.
> # create a view vx_plugin_info table to capture all plugins status details.
> # vx_plugin_info will fetch plugin info data from x_plugin_info,
> x_service_version_info, x_service_def table.
> *Ranger changes*
> # For Upgrade, we will provide DB and Java Patches.
> # DB Patches will add a new column to the x_plugin_info table and add
> indexes on each newly added column of the x_plugin_info table to optimize
> query performance.
> # After adding the new columns to the x_plugin_info table, will create a
> view table (vx_plugin_info) that fetches data from multiple tables
> (x_plugin_info, x_service_version_info, x_service_def).
> # After the database is updated, Java patches will update values into the
> new column of the x_plugin_info table.
> *API changes*
> 1.Plugin Status GET APIs for Sorting:
> {code:java}
> /service/plugins/info?sortType=desc&sortBy=policyDownloadTime
> /service/plugins/info?sortType=desc&sortBy=policyActivationTime
> /service/plugins/info?sortType=desc&sortBy=lastPolicyUpdateTime
> /service/plugins/info?sortType=desc&sortBy=tagDownloadTime
> /service/plugins/info?sortType=desc&sortBy=tagActivationTime
> /service/plugins/info?sortType=desc&sortBy=lasttagUpdateTime
> /service/plugins/info?sortType=desc&sortBy=gdsDownloadTime
> /service/plugins/info?sortType=desc&sortBy=gdsActivationTime
> /service/plugins/info?sortType=desc&sortBy=lastgdsUpdateTime
> /service/plugins/info?sortType=desc&sortBy=roleDownloadTime
> /service/plugins/info?sortType=desc&sortBy=roleActivationTime
> /service/plugins/info?sortType=desc&sortBy=lastroleUpdateTime
> /service/plugins/info?sortType=desc&sortBy=userstoreDownloadTime
> /service/plugins/info?sortType=desc&sortBy=userstoreActivationTime
> /service/plugins/info?sortType=desc&sortBy=clusterName
> /service/plugins/info?sortType=desc&sortBy=serviceType
> /service/plugins/info?sortType=desc&sortBy=pluginIpAddress
> {code}
> 2.Plugin Status GET APIs for Searching:
> {code:java}
> /service/plugins/info?serviceType={serviceTypeName}
> /service/plugins/info?clusterName={clusterName}
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4969) Ranger - Upgrade commons-io to 2.17.0
[ https://issues.apache.org/jira/browse/RANGER-4969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4969: - Assignee: Dineshkumar Yadav > Ranger - Upgrade commons-io to 2.17.0 > -- > > Key: RANGER-4969 > URL: https://issues.apache.org/jira/browse/RANGER-4969 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4972) Ranger User Type "federated user" should not log into Ranger for doing any operation
Dineshkumar Yadav created RANGER-4972: - Summary: Ranger User Type "federated user" should not log into Ranger for doing any operation Key: RANGER-4972 URL: https://issues.apache.org/jira/browse/RANGER-4972 Project: Ranger Issue Type: Task Components: Ranger Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Ranger User Type "federated user" should not log into Ranger for doing any operation. These users are external users for data-sharing, should be used for metrics around what resources are shared, access history and audits for data sharing features. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4964) Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch failure
[ https://issues.apache.org/jira/browse/RANGER-4964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4964: -- Fix Version/s: 2.6.0 > Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch > failure > --- > > Key: RANGER-4964 > URL: https://issues.apache.org/jira/browse/RANGER-4964 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0, 2.6.0 > > > The issue occurred because the previous patch(RANGER-4809) failed to verify > if the x_trx_log table existed before modifying the x_trx_log_IDX_trx_id > index, which could result in errors. A table existence check needs to be > added to the patch. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4964) Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch failure
[ https://issues.apache.org/jira/browse/RANGER-4964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893396#comment-17893396 ] Dineshkumar Yadav commented on RANGER-4964: --- Apache 2.6 : https://github.com/apache/ranger/commit/a4b276adcda875989ef787b13bc193af00f4aad2 > Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch > failure > --- > > Key: RANGER-4964 > URL: https://issues.apache.org/jira/browse/RANGER-4964 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0 > > > The issue occurred because the previous patch(RANGER-4809) failed to verify > if the x_trx_log table existed before modifying the x_trx_log_IDX_trx_id > index, which could result in errors. A table existence check needs to be > added to the patch. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4964) Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch failure
[ https://issues.apache.org/jira/browse/RANGER-4964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892501#comment-17892501 ] Dineshkumar Yadav commented on RANGER-4964: --- Apache master commit : https://github.com/apache/ranger/commit/926877837145b6c5470452814619225a14070518 > Issue with x_trx_log_IDX_trx_id Index in x_trx_log Table, causing patch > failure > --- > > Key: RANGER-4964 > URL: https://issues.apache.org/jira/browse/RANGER-4964 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > > The issue occurred because the previous patch(RANGER-4809) failed to verify > if the x_trx_log table existed before modifying the x_trx_log_IDX_trx_id > index, which could result in errors. A table existence check needs to be > added to the patch. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4969) Ranger - Upgrade commons-io to 2.17.0
Dineshkumar Yadav created RANGER-4969: - Summary: Ranger - Upgrade commons-io to 2.17.0 Key: RANGER-4969 URL: https://issues.apache.org/jira/browse/RANGER-4969 Project: Ranger Issue Type: Task Components: Ranger Reporter: Dineshkumar Yadav -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
[ https://issues.apache.org/jira/browse/RANGER-4949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4949: -- Fix Version/s: 2.6.0 > Creating security zone with any role selected fails for oracle DB > -- > > Key: RANGER-4949 > URL: https://issues.apache.org/jira/browse/RANGER-4949 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0, 2.6.0 > > > Log in to ranger UI and go to "Security Zone -> Create Zone" > Give the zone any name. > Under "Zone Administration" select any user for "Admin Users" > Select any role for "Auditor Roles" > Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
[ https://issues.apache.org/jira/browse/RANGER-4949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887541#comment-17887541 ] Dineshkumar Yadav commented on RANGER-4949: --- Apache ranger-2.6 commit : https://github.com/apache/ranger/commit/1a76c48dd89c1d406215136467b3853d632b8bd9 > Creating security zone with any role selected fails for oracle DB > -- > > Key: RANGER-4949 > URL: https://issues.apache.org/jira/browse/RANGER-4949 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > Log in to ranger UI and go to "Security Zone -> Create Zone" > Give the zone any name. > Under "Zone Administration" select any user for "Admin Users" > Select any role for "Auditor Roles" > Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3952) "plugins/policies/download/cm_hive" and "xusers/download/{serviceName}" APIs not accessible
[
https://issues.apache.org/jira/browse/RANGER-3952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887536#comment-17887536
]
Dineshkumar Yadav commented on RANGER-3952:
---
Hi [~abhishek.patil], This is as per design, we should use secure API only.
Thanks
> "plugins/policies/download/cm_hive" and "xusers/download/{serviceName}" APIs
> not accessible
> ---
>
> Key: RANGER-3952
> URL: https://issues.apache.org/jira/browse/RANGER-3952
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhishek
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> The API "\{BASE_URL}/plugins/policies/download/cm_hive" is not accessible.
> API reference :-
> [https://ranger.apache.org/apidocs/resource_ServiceREST.html#resource_ServiceREST_getServicePoliciesIfUpdated_GET]
> The API request fails for both kerberos auth and for basic auth.
> The user has admin permissions and the user is a part of
> "policy.download.auth.users"
> in the hive repo. But still the request fails for the user when trying to
> download policies for hive service repo
> But the user can access the API
> "\{BASE_URL}/plugins/secure/policies/download/\{hive_service_repo}".
> Even the API "\{BASE_URL}/service/xusers/download/\{serviceName}" is not
> accessible
> This API is not listed in the Ranger REST API list as well, but it is present
> in the code base.
> If these two APIs are no longer supported, then the documentation has to be
> updated,
> else they should be made accessible
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
[ https://issues.apache.org/jira/browse/RANGER-4949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4949: -- Fix Version/s: 3.0.0 > Creating security zone with any role selected fails for oracle DB > -- > > Key: RANGER-4949 > URL: https://issues.apache.org/jira/browse/RANGER-4949 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > Log in to ranger UI and go to "Security Zone -> Create Zone" > Give the zone any name. > Under "Zone Administration" select any user for "Admin Users" > Select any role for "Auditor Roles" > Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
[ https://issues.apache.org/jira/browse/RANGER-4949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17887509#comment-17887509 ] Dineshkumar Yadav commented on RANGER-4949: --- Apache master : https://github.com/apache/ranger/commit/a28c122d5d70949bfe250d057e8730f2a65b968c > Creating security zone with any role selected fails for oracle DB > -- > > Key: RANGER-4949 > URL: https://issues.apache.org/jira/browse/RANGER-4949 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > Log in to ranger UI and go to "Security Zone -> Create Zone" > Give the zone any name. > Under "Zone Administration" select any user for "Admin Users" > Select any role for "Auditor Roles" > Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
[ https://issues.apache.org/jira/browse/RANGER-4949?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4949: - Assignee: Dineshkumar Yadav > Creating security zone with any role selected fails for oracle DB > -- > > Key: RANGER-4949 > URL: https://issues.apache.org/jira/browse/RANGER-4949 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > Log in to ranger UI and go to "Security Zone -> Create Zone" > Give the zone any name. > Under "Zone Administration" select any user for "Admin Users" > Select any role for "Auditor Roles" > Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4949) Creating security zone with any role selected fails for oracle DB
Dineshkumar Yadav created RANGER-4949: - Summary: Creating security zone with any role selected fails for oracle DB Key: RANGER-4949 URL: https://issues.apache.org/jira/browse/RANGER-4949 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Dineshkumar Yadav Log in to ranger UI and go to "Security Zone -> Create Zone" Give the zone any name. Under "Zone Administration" select any user for "Admin Users" Select any role for "Auditor Roles" Click save -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4814) Ranger - Upgrade Aircompressor to 0.27
[ https://issues.apache.org/jira/browse/RANGER-4814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17880871#comment-17880871 ] Dineshkumar Yadav commented on RANGER-4814: --- Apache Ranger-2.6 commit : https://github.com/apache/ranger/commit/e93706255305c0ae4e77cfdbbccbf6ad8a5737bf > Ranger - Upgrade Aircompressor to 0.27 > -- > > Key: RANGER-4814 > URL: https://issues.apache.org/jira/browse/RANGER-4814 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0, 2.6.0 > > > Ranger - Upgrade Aircompressor to 0.27 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4814) Ranger - Upgrade Aircompressor to 0.27
[ https://issues.apache.org/jira/browse/RANGER-4814?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4814. --- Fix Version/s: 3.0.0 Resolution: Fixed > Ranger - Upgrade Aircompressor to 0.27 > -- > > Key: RANGER-4814 > URL: https://issues.apache.org/jira/browse/RANGER-4814 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > Ranger - Upgrade Aircompressor to 0.27 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4892) Upgrade Ranger Tomcat from 8.5.x to 9.x
[ https://issues.apache.org/jira/browse/RANGER-4892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4892: - Assignee: Dineshkumar Yadav > Upgrade Ranger Tomcat from 8.5.x to 9.x > --- > > Key: RANGER-4892 > URL: https://issues.apache.org/jira/browse/RANGER-4892 > Project: Ranger > Issue Type: Improvement > Components: kms, Ranger >Affects Versions: 3.0.0 >Reporter: Bhavik Patel >Assignee: Dineshkumar Yadav >Priority: Major > > Upgrade Ranger Tomcat from 8.5.x to 9.x as latest version of tomcat 8.5.100 > is impacted with critical vulnerability -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4892) Upgrade Ranger Tomcat from 8.5.x to 9.x
[ https://issues.apache.org/jira/browse/RANGER-4892?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4892: - Assignee: Sanket Shelar (was: Dineshkumar Yadav) > Upgrade Ranger Tomcat from 8.5.x to 9.x > --- > > Key: RANGER-4892 > URL: https://issues.apache.org/jira/browse/RANGER-4892 > Project: Ranger > Issue Type: Improvement > Components: kms, Ranger >Affects Versions: 3.0.0 >Reporter: Bhavik Patel >Assignee: Sanket Shelar >Priority: Major > > Upgrade Ranger Tomcat from 8.5.x to 9.x as latest version of tomcat 8.5.100 > is impacted with critical vulnerability -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4867) Role deletion shows "Data Not Found (400)." page when it is associated with some another role
[ https://issues.apache.org/jira/browse/RANGER-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4867. --- Fix Version/s: 2.5.0 Resolution: Duplicate > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role > - > > Key: RANGER-4867 > URL: https://issues.apache.org/jira/browse/RANGER-4867 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.5.0 >Reporter: Vishal Bhavsar >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 2.5.0 > > Attachments: Screenshot from 2024-07-22 19-46-56.png > > > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role. > Steps to reproduce: > # Create Role say role1. > # Create another Role say role2 and associated role1 to it. > # Now try deleting the role1, we would get "Data Not Found (400)." page. We > should get alert stating "Role 'role1' can not be deleted as it is referenced > in one or more other roles". > Snapshot is attached for reference. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4867) Role deletion shows "Data Not Found (400)." page when it is associated with some another role
[ https://issues.apache.org/jira/browse/RANGER-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17867961#comment-17867961 ] Dineshkumar Yadav commented on RANGER-4867: --- [~vishalbhavsar] this is similar issue as RANGER-4373. Patch is available at https://reviews.apache.org/r/74603/diff/1#index_header Thanks > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role > - > > Key: RANGER-4867 > URL: https://issues.apache.org/jira/browse/RANGER-4867 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.5.0 >Reporter: Vishal Bhavsar >Assignee: Dineshkumar Yadav >Priority: Major > Attachments: Screenshot from 2024-07-22 19-46-56.png > > > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role. > Steps to reproduce: > # Create Role say role1. > # Create another Role say role2 and associated role1 to it. > # Now try deleting the role1, we would get "Data Not Found (400)." page. We > should get alert stating "Role 'role1' can not be deleted as it is referenced > in one or more other roles". > Snapshot is attached for reference. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4867) Role deletion shows "Data Not Found (400)." page when it is associated with some another role
[ https://issues.apache.org/jira/browse/RANGER-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4867: - Assignee: Dineshkumar Yadav > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role > - > > Key: RANGER-4867 > URL: https://issues.apache.org/jira/browse/RANGER-4867 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 2.5.0 >Reporter: Vishal Bhavsar >Assignee: Dineshkumar Yadav >Priority: Major > Attachments: Screenshot from 2024-07-22 19-46-56.png > > > Role deletion shows "Data Not Found (400)." page when it is associated with > some another role. > Steps to reproduce: > # Create Role say role1. > # Create another Role say role2 and associated role1 to it. > # Now try deleting the role1, we would get "Data Not Found (400)." page. We > should get alert stating "Role 'role1' can not be deleted as it is referenced > in one or more other roles". > Snapshot is attached for reference. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4851) Upon editing an User we are seeing some discrepancy in its Audit Admin logs
[
https://issues.apache.org/jira/browse/RANGER-4851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17867363#comment-17867363
]
Dineshkumar Yadav commented on RANGER-4851:
---
Hi [~bpatel] , This fix also needs UI side fix (both react & backbone ), we
are done with server side changes working on UI . will let you know once done.
Thanks
CC [~Dhaval.Rajpara]
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
>
>
> Key: RANGER-4851
> URL: https://issues.apache.org/jira/browse/RANGER-4851
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Attachments: 0001-RANGER-4851-intermediate-patch.patch,
> snapshot1.png, snapshot2.png, snapshot3.png, snapshot4.png
>
>
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
> in "ranger-2.5" branch.
> Steps to repro:
> # Create user (eg vbuser1) by entering all the details in user create form
> except Group.
> # Now edit the user and add any group (eg group1) to it and save.
> # In Audit Admin tab we would see 3 corresponding logs entry for the above
> edit operation. Refer snapshot1
> ## One log is of "User profile updated {*}vbuser1{*}" of Audit Type: User
> Profile, upon clicking on it the modal opens which has "User Details: " table
> empty. Refer snapshot2
> ## Second log is of "User updated {*}vbuser1{*}" of Audit Type: Ranger User,
> upon clicking on it the modal opens with below observation. Refer snapshot3
> ### here "User Details: " table shows Password getting updated even when we
> did not edit the password
> ### in "Group: " table we are seeing groups numerical value instead of its
> string name i.e group1.
> ## Third log is of Audit Type: XA Group of Users , upon clicking on it modal
> opens which is blank i.e no detail seen. Refer snapshot4
> Have attached snapshots for reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4851) Upon editing an User we are seeing some discrepancy in its Audit Admin logs
[
https://issues.apache.org/jira/browse/RANGER-4851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17866414#comment-17866414
]
Dineshkumar Yadav commented on RANGER-4851:
---
Hi [~madhan] I am attaching intermediate patch which handles below use case
mentioned by [~vishalbhavsar]
* If a User does not have any group assigned and we edit its role then we are
not getting it corresponding Admin log in UI.
* If a User has any group assigned to it and if we try to edit the role for
that user we are getting "Page not found (404)".
* *Comment from description *
In Audit Admin tab we would see 3 corresponding logs entry for the above edit
operation. Refer snapshot1
# One log is of "User profile updated vbuser1" of Audit Type: User Profile,
upon clicking on it the modal opens which has "User Details: " table empty.
Refer snapshot2
# Second log is of "User updated vbuser1" of Audit Type: Ranger User, upon
clicking on it the modal opens with below observation. Refer snapshot3
here "User Details: " table shows Password getting updated even when we did not
edit the password
in "Group: " table we are seeing groups numerical value instead of its string
name i.e group1.
*Pending to handle*
Third log is of Audit Type: XA Group of Users , upon clicking on it modal opens
which is blank i.e no detail seen. Refer snapshot4
On above scenario when we edit user and add any Group to it. ---> it creates
separate transaction log for group user(CLASS_TYPE_XA_GROUP_USER = 1004) and
currently does not have any association with user update (CLASS_TYPE_XA_USER =
1003).
This need some kind of association with it's parent transaction in this case it
is User update operation.
can you please suggest how to handle this?
CC [~rakeshgupta264],[~vishalbhavsar]
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
>
>
> Key: RANGER-4851
> URL: https://issues.apache.org/jira/browse/RANGER-4851
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Attachments: 0001-RANGER-4851-intermediate-patch.patch,
> snapshot1.png, snapshot2.png, snapshot3.png, snapshot4.png
>
>
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
> in "ranger-2.5" branch.
> Steps to repro:
> # Create user (eg vbuser1) by entering all the details in user create form
> except Group.
> # Now edit the user and add any group (eg group1) to it and save.
> # In Audit Admin tab we would see 3 corresponding logs entry for the above
> edit operation. Refer snapshot1
> ## One log is of "User profile updated {*}vbuser1{*}" of Audit Type: User
> Profile, upon clicking on it the modal opens which has "User Details: " table
> empty. Refer snapshot2
> ## Second log is of "User updated {*}vbuser1{*}" of Audit Type: Ranger User,
> upon clicking on it the modal opens with below observation. Refer snapshot3
> ### here "User Details: " table shows Password getting updated even when we
> did not edit the password
> ### in "Group: " table we are seeing groups numerical value instead of its
> string name i.e group1.
> ## Third log is of Audit Type: XA Group of Users , upon clicking on it modal
> opens which is blank i.e no detail seen. Refer snapshot4
> Have attached snapshots for reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4851) Upon editing an User we are seeing some discrepancy in its Audit Admin logs
[
https://issues.apache.org/jira/browse/RANGER-4851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4851:
--
Attachment: 0001-RANGER-4851-intermediate-patch.patch
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
>
>
> Key: RANGER-4851
> URL: https://issues.apache.org/jira/browse/RANGER-4851
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Attachments: 0001-RANGER-4851-intermediate-patch.patch,
> snapshot1.png, snapshot2.png, snapshot3.png, snapshot4.png
>
>
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
> in "ranger-2.5" branch.
> Steps to repro:
> # Create user (eg vbuser1) by entering all the details in user create form
> except Group.
> # Now edit the user and add any group (eg group1) to it and save.
> # In Audit Admin tab we would see 3 corresponding logs entry for the above
> edit operation. Refer snapshot1
> ## One log is of "User profile updated {*}vbuser1{*}" of Audit Type: User
> Profile, upon clicking on it the modal opens which has "User Details: " table
> empty. Refer snapshot2
> ## Second log is of "User updated {*}vbuser1{*}" of Audit Type: Ranger User,
> upon clicking on it the modal opens with below observation. Refer snapshot3
> ### here "User Details: " table shows Password getting updated even when we
> did not edit the password
> ### in "Group: " table we are seeing groups numerical value instead of its
> string name i.e group1.
> ## Third log is of Audit Type: XA Group of Users , upon clicking on it modal
> opens which is blank i.e no detail seen. Refer snapshot4
> Have attached snapshots for reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (RANGER-4851) Upon editing an User we are seeing some discrepancy in its Audit Admin logs
[
https://issues.apache.org/jira/browse/RANGER-4851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav reassigned RANGER-4851:
-
Assignee: Dineshkumar Yadav
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
>
>
> Key: RANGER-4851
> URL: https://issues.apache.org/jira/browse/RANGER-4851
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Attachments: snapshot1.png, snapshot2.png, snapshot3.png,
> snapshot4.png
>
>
> Upon editing an User we are seeing some discrepancy in its Audit Admin logs
> in "ranger-2.5" branch.
> Steps to repro:
> # Create user (eg vbuser1) by entering all the details in user create form
> except Group.
> # Now edit the user and add any group (eg group1) to it and save.
> # In Audit Admin tab we would see 3 corresponding logs entry for the above
> edit operation. Refer snapshot1
> ## One log is of "User profile updated {*}vbuser1{*}" of Audit Type: User
> Profile, upon clicking on it the modal opens which has "User Details: " table
> empty. Refer snapshot2
> ## Second log is of "User updated {*}vbuser1{*}" of Audit Type: Ranger User,
> upon clicking on it the modal opens with below observation. Refer snapshot3
> ### here "User Details: " table shows Password getting updated even when we
> did not edit the password
> ### in "Group: " table we are seeing groups numerical value instead of its
> string name i.e group1.
> ## Third log is of Audit Type: XA Group of Users , upon clicking on it modal
> opens which is blank i.e no detail seen. Refer snapshot4
> Have attached snapshots for reference.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4854) Policy Import from UI is failing.
[
https://issues.apache.org/jira/browse/RANGER-4854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav resolved RANGER-4854.
---
Resolution: Fixed
> Policy Import from UI is failing.
> -
>
> Key: RANGER-4854
> URL: https://issues.apache.org/jira/browse/RANGER-4854
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.5.0
>
> Attachments: Screenshot from 2024-07-12 15-32-07.png, Screenshot from
> 2024-07-12 18-46-32.png
>
>
> UI Policy import is failing even when we are checking the Override Policy
> option. We are seeing below error message in UI.
> error msg
> {code:java}
> Unrecognized field \"listSize\" (Class
> org.apache.ranger.view.RangerExportPolicyList), not marked as ignorable\n at
> [Source: java.io.StringReader@5d0fd801; line: 1, column: 48449] (through
> reference chain:
> org.apache.ranger.view.RangerExportPolicyList[\"listSize\"]){code}
> Steps to reproduce:
> # From UI export policy json from top right export button.
> # Now import the same policy json and make sure to check the "Override
> Policy" checkbox. we would get the alert notification in UI with the error
> message.
> snapshot attached for reference
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4854) Policy Import from UI is failing.
[
https://issues.apache.org/jira/browse/RANGER-4854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17865930#comment-17865930
]
Dineshkumar Yadav commented on RANGER-4854:
---
Hi [~vishalbhavsar] This issue is fixed as part of RANGER-4225. closing this
jira.
Thanks
CC [~mad...@apache.org]
> Policy Import from UI is failing.
> -
>
> Key: RANGER-4854
> URL: https://issues.apache.org/jira/browse/RANGER-4854
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.5.0
>
> Attachments: Screenshot from 2024-07-12 15-32-07.png, Screenshot from
> 2024-07-12 18-46-32.png
>
>
> UI Policy import is failing even when we are checking the Override Policy
> option. We are seeing below error message in UI.
> error msg
> {code:java}
> Unrecognized field \"listSize\" (Class
> org.apache.ranger.view.RangerExportPolicyList), not marked as ignorable\n at
> [Source: java.io.StringReader@5d0fd801; line: 1, column: 48449] (through
> reference chain:
> org.apache.ranger.view.RangerExportPolicyList[\"listSize\"]){code}
> Steps to reproduce:
> # From UI export policy json from top right export button.
> # Now import the same policy json and make sure to check the "Override
> Policy" checkbox. we would get the alert notification in UI with the error
> message.
> snapshot attached for reference
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4854) Policy Import from UI is failing.
[
https://issues.apache.org/jira/browse/RANGER-4854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4854:
--
Fix Version/s: 2.5.0
> Policy Import from UI is failing.
> -
>
> Key: RANGER-4854
> URL: https://issues.apache.org/jira/browse/RANGER-4854
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 2.5.0
>Reporter: Vishal Bhavsar
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 2.5.0
>
> Attachments: Screenshot from 2024-07-12 15-32-07.png, Screenshot from
> 2024-07-12 18-46-32.png
>
>
> UI Policy import is failing even when we are checking the Override Policy
> option. We are seeing below error message in UI.
> error msg
> {code:java}
> Unrecognized field \"listSize\" (Class
> org.apache.ranger.view.RangerExportPolicyList), not marked as ignorable\n at
> [Source: java.io.StringReader@5d0fd801; line: 1, column: 48449] (through
> reference chain:
> org.apache.ranger.view.RangerExportPolicyList[\"listSize\"]){code}
> Steps to reproduce:
> # From UI export policy json from top right export button.
> # Now import the same policy json and make sure to check the "Override
> Policy" checkbox. we would get the alert notification in UI with the error
> message.
> snapshot attached for reference
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4795) Add validation in API to check emptiness on policyitem while creating policy.
[ https://issues.apache.org/jira/browse/RANGER-4795?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4795: -- Summary: Add validation in API to check emptiness on policyitem while creating policy. (was: Add validation in API to check emptyness on policyitem while creating policy.) > Add validation in API to check emptiness on policyitem while creating policy. > - > > Key: RANGER-4795 > URL: https://issues.apache.org/jira/browse/RANGER-4795 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > > There is an inconsistency between Ranger API and UI not doing the same > validation for Policy creation. > Policy creation API should fail when a policy with all empty values and along > with [""] or ["null"] in policyItem --> users, groups and roles. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4782) Implement best coding practices for validating service configs
[ https://issues.apache.org/jira/browse/RANGER-4782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4782: -- Fix Version/s: 3.0.0 > Implement best coding practices for validating service configs > -- > > Key: RANGER-4782 > URL: https://issues.apache.org/jira/browse/RANGER-4782 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Sanket Shelar >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0 > > > Implement best coding practices for validating service configs -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4782) Implement best coding practices for validating service configs
[ https://issues.apache.org/jira/browse/RANGER-4782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17856697#comment-17856697 ] Dineshkumar Yadav commented on RANGER-4782: --- Apache master commit : https://github.com/apache/ranger/commit/73409bfb6d7241a6ce51f19d5b84575a177508ed > Implement best coding practices for validating service configs > -- > > Key: RANGER-4782 > URL: https://issues.apache.org/jira/browse/RANGER-4782 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Sanket Shelar >Assignee: Rakesh Gupta >Priority: Major > > Implement best coding practices for validating service configs -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4777) Improve API /public/v2/api/service-headers to filter services depending on user role
[ https://issues.apache.org/jira/browse/RANGER-4777?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4777: - Assignee: Rakesh Gupta (was: Madhan Neethiraj) > Improve API /public/v2/api/service-headers to filter services depending on > user role > > > Key: RANGER-4777 > URL: https://issues.apache.org/jira/browse/RANGER-4777 > Project: Ranger > Issue Type: Bug > Components: admin, Ranger >Reporter: Mugdha Varadkar >Assignee: Rakesh Gupta >Priority: Major > > Need to update the API - "/public/v2/api/service-headers" introduce in > RANGER-4533 with below : > # The API should be accessible for non-admin users as well. @PreAuthrize > annotation can be removed. > # Filtering of services depending on user role like done for existing API - > "/plugins/services" > cc [~dineshkumar-yadav] / [~Dhaval.Rajpara] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4814) Ranger - Upgrade Aircompressor to 0.27
Dineshkumar Yadav created RANGER-4814: - Summary: Ranger - Upgrade Aircompressor to 0.27 Key: RANGER-4814 URL: https://issues.apache.org/jira/browse/RANGER-4814 Project: Ranger Issue Type: Task Components: Ranger Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Ranger - Upgrade Aircompressor to 0.27 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4729) Upgrade commons-compress to 1.26.0
Dineshkumar Yadav created RANGER-4729: - Summary: Upgrade commons-compress to 1.26.0 Key: RANGER-4729 URL: https://issues.apache.org/jira/browse/RANGER-4729 Project: Ranger Issue Type: Task Components: Ranger Affects Versions: 3.0.0 Reporter: Dineshkumar Yadav Upgrade commons-compress to 1.26.0 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4710) HS2 logs having huge number of WARN logs from RangerHiveAuthorizer regarding connection to HMS for fetching hive object owner
[ https://issues.apache.org/jira/browse/RANGER-4710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4710: - Assignee: Dineshkumar Yadav > HS2 logs having huge number of WARN logs from RangerHiveAuthorizer regarding > connection to HMS for fetching hive object owner > - > > Key: RANGER-4710 > URL: https://issues.apache.org/jira/browse/RANGER-4710 > Project: Ranger > Issue Type: Bug > Components: plugins >Reporter: suja s >Assignee: Dineshkumar Yadav >Priority: Major > > CURRENT BEHAVIOUR: > HS2 logs having huge number of WARN logs from RangerHiveAuthorizer indicating > connection to HMS for fetching hive object owner > EXPECTED BEHAVIOUR: > Reduce the log level to DEBUG if this is expected behaviour. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4632) Security Zone policies version increases by +2 when we update its policy
[ https://issues.apache.org/jira/browse/RANGER-4632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813622#comment-17813622 ] Dineshkumar Yadav commented on RANGER-4632: --- Apache commit : https://github.com/apache/ranger/commit/e18f17991b97009161891f008975deba6be9aaca > Security Zone policies version increases by +2 when we update its policy > > > Key: RANGER-4632 > URL: https://issues.apache.org/jira/browse/RANGER-4632 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4632.patch > > > Security Zone policies version increases by +2 when we update its policy. > STEPS TO REPRODUCE: > Create a security zone with any service. > Now edit the policy(policy name or description or resources) of above zone > created, so its policy get updated. > Check policy version of above policy, its increases by +2 version. > CURRENT BEHAVIOUR: > Security Zone policies version increases by +2, when we update its policy. > EXPECTED BEHAVIOUR: > Security Zone policies version increases by +1, when we update its policy. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
[ https://issues.apache.org/jira/browse/RANGER-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813529#comment-17813529 ] Dineshkumar Yadav commented on RANGER-4684: --- master commit : https://github.com/apache/ranger/commit/c8fbd01b9d28550293ae61f6c2b26816c85a1b5b > Need to update createdBy ,updatedBy field for gds objects in case the creator > is deleted > > > Key: RANGER-4684 > URL: https://issues.apache.org/jira/browse/RANGER-4684 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > Fix For: 3.0.0 > > > Currently when the creator of dataset or any gds Object is deleted from > ranger we get Error as cannot Delete the user because the mapping exist for > the Gds objects for the column addedById, so when the delete operation will > be performed the values for fields createdBy and updatedBy should be changed > from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1 ) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4684) Need to update createdBy ,updatedBy field for gds objects in case the creator is deleted
[ https://issues.apache.org/jira/browse/RANGER-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4684: -- Fix Version/s: 3.0.0 > Need to update createdBy ,updatedBy field for gds objects in case the creator > is deleted > > > Key: RANGER-4684 > URL: https://issues.apache.org/jira/browse/RANGER-4684 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Prashant Satam >Assignee: Prashant Satam >Priority: Major > Fix For: 3.0.0 > > > Currently when the creator of dataset or any gds Object is deleted from > ranger we get Error as cannot Delete the user because the mapping exist for > the Gds objects for the column addedById, so when the delete operation will > be performed the values for fields createdBy and updatedBy should be changed > from the creator to the Ranger Admin (the seeded Ranger Admin having Id 1 ) -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-3081) Handle object locking process during policy creation in HA cluster
[ https://issues.apache.org/jira/browse/RANGER-3081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-3081. --- Resolution: Cannot Reproduce > Handle object locking process during policy creation in HA cluster > -- > > Key: RANGER-3081 > URL: https://issues.apache.org/jira/browse/RANGER-3081 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > > Observed intermittent issue during policy creation in HA environment. > DB object get locked while creating resources associated with policy. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4661) Multiple audits should be generated when access is granted by multiple policies.
Dineshkumar Yadav created RANGER-4661: - Summary: Multiple audits should be generated when access is granted by multiple policies. Key: RANGER-4661 URL: https://issues.apache.org/jira/browse/RANGER-4661 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Dineshkumar Yadav Assignee: Dineshkumar Yadav Currently single audit is getting generated when access (multiple access in single request) is granted by multiple policies. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4613) GDS : Need filter of objectId in /assets/report api to filter out history specific to a dataset/datashare
[ https://issues.apache.org/jira/browse/RANGER-4613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803510#comment-17803510 ] Dineshkumar Yadav commented on RANGER-4613: --- Hi [~madhan] I have committed the patch, can you please close the jira. Thanks > GDS : Need filter of objectId in /assets/report api to filter out history > specific to a dataset/datashare > - > > Key: RANGER-4613 > URL: https://issues.apache.org/jira/browse/RANGER-4613 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Anand Nadar >Assignee: Madhan Neethiraj >Priority: Major > Fix For: 3.0.0 > > Attachments: RANGER-4613.patch > > > We are creating a tab inside dataset/datashare detail layout to should the > history of changes done in that particular dataset/datashare. > The current api - /assets/report only filters the result on the basic of > objectClassType which will give result of all datasets/datashare history. > Therefore we need an additional filter of objectId, and then we can use > objectClassType and objectId together to filter out the history of a > particular dataset/datashare. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4613) GDS : Need filter of objectId in /assets/report api to filter out history specific to a dataset/datashare
[ https://issues.apache.org/jira/browse/RANGER-4613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803507#comment-17803507 ] Dineshkumar Yadav commented on RANGER-4613: --- Apache patch 1 : [commit link|https://github.com/apache/ranger/commit/c18743d779a16c1687de63b9242fa068f5e5868a] Apache patch 2 : [commit link|https://github.com/apache/ranger/commit/8ef4e516feb5abc303c103fbf93f6adb8e342fc1] > GDS : Need filter of objectId in /assets/report api to filter out history > specific to a dataset/datashare > - > > Key: RANGER-4613 > URL: https://issues.apache.org/jira/browse/RANGER-4613 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Anand Nadar >Assignee: Madhan Neethiraj >Priority: Major > Fix For: 3.0.0 > > Attachments: RANGER-4613.patch > > > We are creating a tab inside dataset/datashare detail layout to should the > history of changes done in that particular dataset/datashare. > The current api - /assets/report only filters the result on the basic of > objectClassType which will give result of all datasets/datashare history. > Therefore we need an additional filter of objectId, and then we can use > objectClassType and objectId together to filter out the history of a > particular dataset/datashare. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4611) Security zone form not populate resources value properly while creating and editing zone.
[ https://issues.apache.org/jira/browse/RANGER-4611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803172#comment-17803172 ] Dineshkumar Yadav commented on RANGER-4611: --- apache commit : https://github.com/apache/ranger/commit/c2b83f5767495024ed52fd0f7176ddb1c0bd7e66 > Security zone form not populate resources value properly while creating and > editing zone. > - > > Key: RANGER-4611 > URL: https://issues.apache.org/jira/browse/RANGER-4611 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4611.patch > > > Step to Reproduce: > 1) Go to the security zone page. > 2) Click on Create zone button. > 3) Add multiple resources in that time previous value of added resources not > populate properly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4611) Security zone form not populate resources value properly while creating and editing zone.
[ https://issues.apache.org/jira/browse/RANGER-4611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4611: -- Fix Version/s: 3.0.0 > Security zone form not populate resources value properly while creating and > editing zone. > - > > Key: RANGER-4611 > URL: https://issues.apache.org/jira/browse/RANGER-4611 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4611.patch > > > Step to Reproduce: > 1) Go to the security zone page. > 2) Click on Create zone button. > 3) Add multiple resources in that time previous value of added resources not > populate properly. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4513) Policy listing page experiences an unexpected reset to Access tab when attempting to filter the service and zone dropdown options
[ https://issues.apache.org/jira/browse/RANGER-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803171#comment-17803171 ] Dineshkumar Yadav commented on RANGER-4513: --- apache commit : https://github.com/apache/ranger/commit/ed3a0f3a4c5d3c888f5a33034b16ce52abe41d45 > Policy listing page experiences an unexpected reset to Access tab when > attempting to filter the service and zone dropdown options > -- > > Key: RANGER-4513 > URL: https://issues.apache.org/jira/browse/RANGER-4513 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 4-RANGER-4513.patch, 0001-RANGER-4513.patch, > 0002-RANGER-4513.patch, 0003-RANGER-4513.patch, 0005-RANGER-4513.patch > > > The policy listing page experiences an unexpected reset when attempting to > filter the service and zone dropdown options. > *Steps to Reproduce:* > # Navigate to the "hive" policy listing page. > # Goto Masking tab > # Select the "Service" dropdown to filter policies based on a specific > service. > # Select the "Zone" dropdown to filter policies based on specific zone. > # Observe that the page resets to the default "Access" tab > *Expected Behavior:* > The page should retain the selected tab when filtering the service and zone > dropdown. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4532) Optimize policy listing loader after session timeout and Audit Admin session ID modal loader
[ https://issues.apache.org/jira/browse/RANGER-4532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17803170#comment-17803170 ] Dineshkumar Yadav commented on RANGER-4532: --- apache commit : https://github.com/apache/ranger/commit/592de52086fee89f5fc4b5e4b9a32bcfa2261df2 > Optimize policy listing loader after session timeout and Audit Admin > session ID modal loader > --- > > Key: RANGER-4532 > URL: https://issues.apache.org/jira/browse/RANGER-4532 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4532.patch, 0002-RANGER-4532.patch, > 0003-RANGER-4532.patch > > > Optimize policy listing loader after session timeout and Audit Admin session > ID modal loader. > Current behaviour :- > 1) After session timeout, if we navigate to policy listing page then > "Something went wrong page is seen" for fraction of seconds. > 2) In Audit admin session Id modal, the loader is not in sync. > Improvising the loader logic in both above the scenarios. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4492) Optimize "plugins/definitions" API Call for Initial Load in Multiple Ranger-React Modules
[ https://issues.apache.org/jira/browse/RANGER-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802954#comment-17802954 ] Dineshkumar Yadav commented on RANGER-4492: --- apache commit : https://github.com/apache/ranger/commit/f3e15646d05fab09a96e833733ddb8fd7b91830e > Optimize "plugins/definitions" API Call for Initial Load in Multiple > Ranger-React Modules > - > > Key: RANGER-4492 > URL: https://issues.apache.org/jira/browse/RANGER-4492 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4492.patch, 0002-RANGER-4492.patch > > > In Ranger React, we have already implemented the "plugins/definitions" API > call at the initial load for optimization. > This optimization is currently implemented on the Service Manager page and > needs to be extended to the following modules: > 1)Audit > 2)Report > 3)Security Zone > 4)Key Manager > This enhancement aims to improve the initial load performance by efficiently > utilizing the "plugins/definitions" API call across multiple modules within > Ranger-React. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4615) Keep the LDAP usersync details popup names same as the backbone js names
[ https://issues.apache.org/jira/browse/RANGER-4615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802901#comment-17802901 ] Dineshkumar Yadav commented on RANGER-4615: --- apache commit : https://github.com/apache/ranger/commit/271986ed72a1ceb840b58535a4d610c99ed4c2ee > Keep the LDAP usersync details popup names same as the backbone js names > > > Key: RANGER-4615 > URL: https://issues.apache.org/jira/browse/RANGER-4615 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Mugdha Varadkar >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4615.patch > > > The data field names are different in the usersync audits sync details popup > in ReactJS when compared to backbone JS. > Ideally, both BackBone JS and React JS field names should be the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4615) Keep the LDAP usersync details popup names same as the backbone js names
[ https://issues.apache.org/jira/browse/RANGER-4615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4615: -- Fix Version/s: 3.0.0 > Keep the LDAP usersync details popup names same as the backbone js names > > > Key: RANGER-4615 > URL: https://issues.apache.org/jira/browse/RANGER-4615 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Harshal Chavan >Assignee: Mugdha Varadkar >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4615.patch > > > The data field names are different in the usersync audits sync details popup > in ReactJS when compared to backbone JS. > Ideally, both BackBone JS and React JS field names should be the same. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4613) GDS : Need filter of objectId in /assets/report api to filter out history specific to a dataset/datashare
[ https://issues.apache.org/jira/browse/RANGER-4613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802898#comment-17802898 ] Dineshkumar Yadav commented on RANGER-4613: --- Patch set 2 : https://reviews.apache.org/r/74816/ > GDS : Need filter of objectId in /assets/report api to filter out history > specific to a dataset/datashare > - > > Key: RANGER-4613 > URL: https://issues.apache.org/jira/browse/RANGER-4613 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: Anand Nadar >Assignee: Madhan Neethiraj >Priority: Major > Fix For: 3.0.0 > > Attachments: RANGER-4613.patch > > > We are creating a tab inside dataset/datashare detail layout to should the > history of changes done in that particular dataset/datashare. > The current api - /assets/report only filters the result on the basic of > objectClassType which will give result of all datasets/datashare history. > Therefore we need an additional filter of objectId, and then we can use > objectClassType and objectId together to filter out the history of a > particular dataset/datashare. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4010) Update policy UI to support multiple resource-sets for react ranger.
[ https://issues.apache.org/jira/browse/RANGER-4010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17792775#comment-17792775 ] Dineshkumar Yadav commented on RANGER-4010: --- Apache master : https://github.com/apache/ranger/commit/2e4a8c17baec963c190966be11a934f72373644b > Update policy UI to support multiple resource-sets for react ranger. > > > Key: RANGER-4010 > URL: https://issues.apache.org/jira/browse/RANGER-4010 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4010.patch > > > Policy model enhancements in RANGER_3796 enable a Ranger policy to be created > with multiple resource sets – like: > * database: [ db1 ], table: [ tbl1 ], column: [ * ] > * database: [ db1 ], udf: [ * ] > * database: [ db2 ], table: [ tbl2 ], column: [ * ] > > Policy UI needs to be updated to support multiple resource sets, some what > similar to security-zone UI that allows multiple resource sets to be added in > a zone. For policy UI, I suggest retaining the existing UI for > RangerPolicy.resources and having a separate optional UI (triggered via _More > Resources_ button?) to capture additional resources. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4556) policy creation without resource is being allowed through rest api
[ https://issues.apache.org/jira/browse/RANGER-4556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17792760#comment-17792760 ] Dineshkumar Yadav commented on RANGER-4556: --- Apache master :https://github.com/apache/ranger/commit/ac76738e56787e5a0a5d4f945f9dec6e240e3579 > policy creation without resource is being allowed through rest api > -- > > Key: RANGER-4556 > URL: https://issues.apache.org/jira/browse/RANGER-4556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-4556-policy-creation-without-resource-is-bein.patch > > > At the time of policy creation at least one resource should present. > Currently Hive global policy can be created without any resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4370) [Ranger UI] [React JS]"Select All permissions for all components." checkbox missing in tag based policy permission popup
[
https://issues.apache.org/jira/browse/RANGER-4370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789520#comment-17789520
]
Dineshkumar Yadav commented on RANGER-4370:
---
apache master :
https://github.com/apache/ranger/commit/98558adc98b604e6ee6371a28eaebdb0cf4508f5
> [Ranger UI] [React JS]"Select All permissions for all components." checkbox
> missing in tag based policy permission popup
>
>
> Key: RANGER-4370
> URL: https://issues.apache.org/jira/browse/RANGER-4370
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhishek
>Assignee: Brijesh Bhalala
>Priority: Minor
> Labels: ranger-react
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4370.patch, 0002-RANGER-4370.patch,
> 0003-RANGER-4370.patch
>
>
> {color:#172b4d}In the permissions selector popup for tag based policies in
> Backbone UI,{color}
> {color:#172b4d}there is a checkbox which allows users to select all
> permissions for all components selected.{color}
> {color:#172b4d}But in React UI, this checkbox is missing.{color}
> {color:#172b4d}This is a minor bug.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4370) [Ranger UI] [React JS]"Select All permissions for all components." checkbox missing in tag based policy permission popup
[
https://issues.apache.org/jira/browse/RANGER-4370?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4370:
--
Fix Version/s: 3.0.0
> [Ranger UI] [React JS]"Select All permissions for all components." checkbox
> missing in tag based policy permission popup
>
>
> Key: RANGER-4370
> URL: https://issues.apache.org/jira/browse/RANGER-4370
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Abhishek
>Assignee: Brijesh Bhalala
>Priority: Minor
> Labels: ranger-react
> Fix For: 3.0.0
>
> Attachments: 0001-RANGER-4370.patch, 0002-RANGER-4370.patch,
> 0003-RANGER-4370.patch
>
>
> {color:#172b4d}In the permissions selector popup for tag based policies in
> Backbone UI,{color}
> {color:#172b4d}there is a checkbox which allows users to select all
> permissions for all components selected.{color}
> {color:#172b4d}But in React UI, this checkbox is missing.{color}
> {color:#172b4d}This is a minor bug.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4347) User name with comma split in old Ranger admin UI
[ https://issues.apache.org/jira/browse/RANGER-4347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4347: -- Fix Version/s: 3.0.0 > User name with comma split in old Ranger admin UI > - > > Key: RANGER-4347 > URL: https://issues.apache.org/jira/browse/RANGER-4347 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-4347-User-name-with-comma-split-in-old-Ranger.patch > > > when using Ranger Audit filter to filter out the audit for a specific user: > Usually, if we input a username, it would be no issue, but if we input the > user like: “CN=SZH-C-004VX,CN=Machine,CN=PKI,DC=Bosch,DC=com”. > We found that once we saved the audit filter policy, the user was split into > “CN=SZH-C-004VX”, “CN=Machine”, “CN=PKI”, “DC=Bosch”, “DC=com” > It happens because Ranger UI recognize “,” to be separate items. > Same scenario is present in : > 1) Security Zone Form > 2) Permission modules > 3) Role Form -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4347) User name with comma split in old Ranger admin UI
[ https://issues.apache.org/jira/browse/RANGER-4347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789323#comment-17789323 ] Dineshkumar Yadav commented on RANGER-4347: --- Apache Master :https://github.com/apache/ranger/commit/39479100fdaafaf6360e4648b8048280669116eb > User name with comma split in old Ranger admin UI > - > > Key: RANGER-4347 > URL: https://issues.apache.org/jira/browse/RANGER-4347 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-4347-User-name-with-comma-split-in-old-Ranger.patch > > > when using Ranger Audit filter to filter out the audit for a specific user: > Usually, if we input a username, it would be no issue, but if we input the > user like: “CN=SZH-C-004VX,CN=Machine,CN=PKI,DC=Bosch,DC=com”. > We found that once we saved the audit filter policy, the user was split into > “CN=SZH-C-004VX”, “CN=Machine”, “CN=PKI”, “DC=Bosch”, “DC=com” > It happens because Ranger UI recognize “,” to be separate items. > Same scenario is present in : > 1) Security Zone Form > 2) Permission modules > 3) Role Form -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4461) Implement best coding practices for validating user input
[ https://issues.apache.org/jira/browse/RANGER-4461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789138#comment-17789138 ] Dineshkumar Yadav commented on RANGER-4461: --- Apache master commit https://github.com/apache/ranger/commit/f1e6e2e9a68558d26a0e3d539bf85228ae71ccdc > Implement best coding practices for validating user input > -- > > Key: RANGER-4461 > URL: https://issues.apache.org/jira/browse/RANGER-4461 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4461.patch > > > Implement best coding practices for validating user input -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4461) Implement best coding practices for validating user input
[ https://issues.apache.org/jira/browse/RANGER-4461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4461: -- Fix Version/s: 3.0.0 > Implement best coding practices for validating user input > -- > > Key: RANGER-4461 > URL: https://issues.apache.org/jira/browse/RANGER-4461 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4461.patch > > > Implement best coding practices for validating user input -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4556) policy creation without resource is being allowed through rest api
[ https://issues.apache.org/jira/browse/RANGER-4556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4556: -- Attachment: 0001-RANGER-4556-policy-creation-without-resource-is-bein.patch > policy creation without resource is being allowed through rest api > -- > > Key: RANGER-4556 > URL: https://issues.apache.org/jira/browse/RANGER-4556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > Attachments: > 0001-RANGER-4556-policy-creation-without-resource-is-bein.patch > > > At the time of policy creation at least one resource should present. > Currently Hive global policy can be created without any resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4556) policy creation without resource is being allowed through rest api
[ https://issues.apache.org/jira/browse/RANGER-4556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4556: -- Description: At the time of policy creation at least one resource should present. Currently Hive global policy can be created without any resource. was:At the time of policy creation at least one resource should present. > policy creation without resource is being allowed through rest api > -- > > Key: RANGER-4556 > URL: https://issues.apache.org/jira/browse/RANGER-4556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > At the time of policy creation at least one resource should present. > Currently Hive global policy can be created without any resource. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4556) policy creation without resource is being allowed through rest api
[ https://issues.apache.org/jira/browse/RANGER-4556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav reassigned RANGER-4556: - Assignee: Dineshkumar Yadav > policy creation without resource is being allowed through rest api > -- > > Key: RANGER-4556 > URL: https://issues.apache.org/jira/browse/RANGER-4556 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > At the time of policy creation at least one resource should present. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4556) policy creation without resource is being allowed through rest api
Dineshkumar Yadav created RANGER-4556: - Summary: policy creation without resource is being allowed through rest api Key: RANGER-4556 URL: https://issues.apache.org/jira/browse/RANGER-4556 Project: Ranger Issue Type: Bug Components: Ranger Affects Versions: 3.0.0 Reporter: Dineshkumar Yadav Fix For: 3.0.0 At the time of policy creation at least one resource should present. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4495) Upgrade netty to 4.1.100-final
[ https://issues.apache.org/jira/browse/RANGER-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17781031#comment-17781031 ] Dineshkumar Yadav commented on RANGER-4495: --- Apache commit : https://github.com/apache/ranger/commit/353af28d79ea165701cf883bddf9ba7ed099e923 > Upgrade netty to 4.1.100-final > -- > > Key: RANGER-4495 > URL: https://issues.apache.org/jira/browse/RANGER-4495 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Upgrade netty to 4.1.100-final or higher -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4451) RANGER-4286 allows security-zone to exist without any services/resources assigned yet, so when the last service is removed from zone, the zone should not get deleted
[ https://issues.apache.org/jira/browse/RANGER-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17773112#comment-17773112 ] Dineshkumar Yadav commented on RANGER-4451: --- Apache Commit : https://github.com/apache/ranger/commit/db665595f90949b79ed92e6d2a68e7e443e8958b > RANGER-4286 allows security-zone to exist without any services/resources > assigned yet, so when the last service is removed from zone, the zone should > not get deleted > - > > Key: RANGER-4451 > URL: https://issues.apache.org/jira/browse/RANGER-4451 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: suja s >Assignee: Madhan Neethiraj >Priority: Major > > STEPS TO REPRODUCE: > Create a service (cm_test) > Create a security zone z1 with cm_test service added > z1 is created successfully > Delete cm_test > CURRENT BEHAVIOUR: > Zone z1 also gets deleted > EXPECTED BEHAVIOUR: > Zone z1 should not be deleted -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4451) RANGER-4286 allows security-zone to exist without any services/resources assigned yet, so when the last service is removed from zone, the zone should not get deleted
[ https://issues.apache.org/jira/browse/RANGER-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4451. --- Fix Version/s: 3.0.0 Assignee: Dineshkumar Yadav (was: Madhan Neethiraj) Resolution: Fixed > RANGER-4286 allows security-zone to exist without any services/resources > assigned yet, so when the last service is removed from zone, the zone should > not get deleted > - > > Key: RANGER-4451 > URL: https://issues.apache.org/jira/browse/RANGER-4451 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: suja s >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > STEPS TO REPRODUCE: > Create a service (cm_test) > Create a security zone z1 with cm_test service added > z1 is created successfully > Delete cm_test > CURRENT BEHAVIOUR: > Zone z1 also gets deleted > EXPECTED BEHAVIOUR: > Zone z1 should not be deleted -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4451) RANGER-4286 allows security-zone to exist without any services/resources assigned yet, so when the last service is removed from zone, the zone should not get deleted
[ https://issues.apache.org/jira/browse/RANGER-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17772557#comment-17772557 ] Dineshkumar Yadav commented on RANGER-4451: --- [~madhan] Please review [https://reviews.apache.org/r/74647/] This patch will stop deleting security zone when last service is removed from it. Whenever only Service from zone is get deleted, It will get removed from Security Zone. > RANGER-4286 allows security-zone to exist without any services/resources > assigned yet, so when the last service is removed from zone, the zone should > not get deleted > - > > Key: RANGER-4451 > URL: https://issues.apache.org/jira/browse/RANGER-4451 > Project: Ranger > Issue Type: Improvement > Components: admin >Reporter: suja s >Assignee: Madhan Neethiraj >Priority: Major > > STEPS TO REPRODUCE: > Create a service (cm_test) > Create a security zone z1 with cm_test service added > z1 is created successfully > Delete cm_test > CURRENT BEHAVIOUR: > Zone z1 also gets deleted > EXPECTED BEHAVIOUR: > Zone z1 should not be deleted -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771877#comment-17771877
]
Dineshkumar Yadav commented on RANGER-4399:
---
apache commit :
https://github.com/apache/ranger/commit/f400998bdac38b5f9cfd5401345155017e9d05f9
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Dineshkumar Yadav
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the
> Dashboard page to reduce server side API call for zone change operation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4399:
--
Fix Version/s: 3.0.0
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Dineshkumar Yadav
>Priority: Critical
> Labels: ranger-react
> Fix For: 3.0.0
>
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the
> Dashboard page to reduce server side API call for zone change operation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Resolved] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav resolved RANGER-4399.
---
Resolution: Fixed
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Dineshkumar Yadav
>Priority: Critical
> Labels: ranger-react
> Fix For: 3.0.0
>
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
> {code}
> Apart from above fixes, this jira is also handling one improvement on the
> Dashboard page to reduce server side API call for zone change operation.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo
[ https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4348: -- Fix Version/s: 3.0.0 > Filter audits for cc_metric_reporter user on Kafka service repo > --- > > Key: RANGER-4348 > URL: https://issues.apache.org/jira/browse/RANGER-4348 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Abhishek >Assignee: Sanket Shelar >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4348.patch > > > A lot of audits are generated for cc_metric_reporter user for the kafka > service repo for the resource "__CruiseControlMetrics". > These audits will fill up the audit logs, and not much value is added by > these audits. > Hence, it will be better to add a default audit filter to filter the audits > from cc_metric_reporter user on the kafka service repo. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4419) In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies flag false.
[ https://issues.apache.org/jira/browse/RANGER-4419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4419: -- Fix Version/s: 3.0.0 > In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item > is not showing services permissions which have > enableDenyAndExceptionsInPolicies flag false. > > > Key: RANGER-4419 > URL: https://issues.apache.org/jira/browse/RANGER-4419 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4419.patch > > > Step to reproduce : > 1) Click on Create tag base policy button. > 2) Go to Allow conditions --> Component Permissions > 3) Click on Component Permissions + icon > 4) In Component Permissions modal Select component, it is not showing > component(services) which has flag "enableDenyAndExceptionsInPolicies = false" > The following service components have the option > "enableDenyAndExceptionsInPolicies=false" in service definition. > * elasticsearch > * kylin > * nifi-registry > * nifi > * sqoop > However, these service components should be shown in the Allow condition. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4419) In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item is not showing services permissions which have enableDenyAndExceptionsInPolicies flag false
[ https://issues.apache.org/jira/browse/RANGER-4419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771514#comment-17771514 ] Dineshkumar Yadav commented on RANGER-4419: --- Apache master : https://github.com/apache/ranger/commit/e23d09f49f7188b8333032445a6e7e292722eaad > In Tag-based policy from Ranger Admin UI, Allow Conditions permissions item > is not showing services permissions which have > enableDenyAndExceptionsInPolicies flag false. > > > Key: RANGER-4419 > URL: https://issues.apache.org/jira/browse/RANGER-4419 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Dhaval Rajpara >Assignee: Dhaval Rajpara >Priority: Major > Attachments: 0001-RANGER-4419.patch > > > Step to reproduce : > 1) Click on Create tag base policy button. > 2) Go to Allow conditions --> Component Permissions > 3) Click on Component Permissions + icon > 4) In Component Permissions modal Select component, it is not showing > component(services) which has flag "enableDenyAndExceptionsInPolicies = false" > The following service components have the option > "enableDenyAndExceptionsInPolicies=false" in service definition. > * elasticsearch > * kylin > * nifi-registry > * nifi > * sqoop > However, these service components should be shown in the Allow condition. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4348) Filter audits for cc_metric_reporter user on Kafka service repo
[ https://issues.apache.org/jira/browse/RANGER-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17771506#comment-17771506 ] Dineshkumar Yadav commented on RANGER-4348: --- Apache commit : https://github.com/apache/ranger/commit/ee7bf6909d652054e36b36c1972791f5e44d6a2a > Filter audits for cc_metric_reporter user on Kafka service repo > --- > > Key: RANGER-4348 > URL: https://issues.apache.org/jira/browse/RANGER-4348 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Abhishek >Assignee: Sanket Shelar >Priority: Major > Attachments: 0001-RANGER-4348.patch > > > A lot of audits are generated for cc_metric_reporter user for the kafka > service repo for the resource "__CruiseControlMetrics". > These audits will fill up the audit logs, and not much value is added by > these audits. > Hence, it will be better to add a default audit filter to filter the audits > from cc_metric_reporter user on the kafka service repo. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4407) Add server side validation for service audit filter
[ https://issues.apache.org/jira/browse/RANGER-4407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4407. --- Fix Version/s: 3.0.0 Resolution: Fixed > Add server side validation for service audit filter > --- > > Key: RANGER-4407 > URL: https://issues.apache.org/jira/browse/RANGER-4407 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Mugdha Varadkar >Assignee: Dineshkumar Yadav >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > > This jira is tracking two fixes : > 1) Add Server side validation for service audit filters at the time of create > / edit service > 2) Add UI side fix to catch any error while parsing the service audit filters > without breaking the page -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4399:
--
Description:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API for SecurityZoneHeaderInfo based on
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId=}'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service/{serviceId}?isTagService=true'
{code}
was:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API for SecurityZoneHeaderInfo based on
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
{code}
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service/{serviceId=}?isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u
[jira] [Commented] (RANGER-4402) Active role version is not updated while plugin download
[ https://issues.apache.org/jira/browse/RANGER-4402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17767107#comment-17767107 ] Dineshkumar Yadav commented on RANGER-4402: --- Apache commit : https://github.com/apache/ranger/commit/a280d1dc3454b40d577f319c9d1c18ab3870018e > Active role version is not updated while plugin download > > > Key: RANGER-4402 > URL: https://issues.apache.org/jira/browse/RANGER-4402 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > When plugin download, the active role version is not getting updated. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17764779#comment-17764779
]
Dineshkumar Yadav commented on RANGER-4399:
---
server side changes : https://reviews.apache.org/r/74601/
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4399:
--
Description:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API for SecurityZoneHeaderInfo based on
serviceId
{code:java}
service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
{code}
was:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API to support UI
{code:java}
service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
{code}
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API for SecurityZoneHeaderInfo based
> on serviceId
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostn
[jira] [Updated] (RANGER-4399) Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
[
https://issues.apache.org/jira/browse/RANGER-4399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4399:
--
Description:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
As part of this fix provided below open API to support UI
{code:java}
service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
{code}
isTagService query param is false by default
use below curl request
– for non-tag based service, below curl request will works
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
{code}
– for tag based service need to pass isTagService=ture
{code:java}
curl -u {user}:{user_pass} -X GET
'{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
{code}
was:
While testing permission module use cases, developer found one case for user
role. Policy listing page stuck on loading when 'Security Zone' module
permission of user with user-role is revoked.
By default user with user role has permission to 'Security Zone' module.
Impact here is user with user-role will not be able to access policies from
policy listing page in Ranger Admin UI with React JS.
However there is a work around which is to give permission to the user with
user-role in the 'Security Zone' module.
Need to provide a fix to handle this use case where we should not use the
modules level API and try to implement and use API which is open to access data
even if user don't have permission on certain modules.
> Need to fix zone drop-down option in policy listing for user not having
> 'Security Zone' module permission
> -
>
> Key: RANGER-4399
> URL: https://issues.apache.org/jira/browse/RANGER-4399
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 3.0.0
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Critical
> Labels: ranger-react
>
> While testing permission module use cases, developer found one case for user
> role. Policy listing page stuck on loading when 'Security Zone' module
> permission of user with user-role is revoked.
> By default user with user role has permission to 'Security Zone' module.
> Impact here is user with user-role will not be able to access policies from
> policy listing page in Ranger Admin UI with React JS.
> However there is a work around which is to give permission to the user with
> user-role in the 'Security Zone' module.
> Need to provide a fix to handle this use case where we should not use the
> modules level API and try to implement and use API which is open to access
> data even if user don't have permission on certain modules.
> As part of this fix provided below open API to support UI
> {code:java}
> service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false
> {code}
> isTagService query param is false by default
> use below curl request
> – for non-tag based service, below curl request will works
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1&isTagService=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
> {code}
> – for tag based service need to pass isTagService=ture
> {code:java}
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2&isTagService=true'
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4392) Tag based policy with boolean expression is not working
[
https://issues.apache.org/jira/browse/RANGER-4392?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17762722#comment-17762722
]
Dineshkumar Yadav commented on RANGER-4392:
---
apache commit :
https://github.com/apache/ranger/commit/2f1b005a1f304906ccd5a10aa15d04babe1524d8
> Tag based policy with boolean expression is not working
> ---
>
> Key: RANGER-4392
> URL: https://issues.apache.org/jira/browse/RANGER-4392
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Mugdha Varadkar
>Assignee: Mugdha Varadkar
>Priority: Major
> Labels: ranger-react
> Attachments: 0001-RANGER-4392.patch
>
>
> h3. Reproduction
> h4. Precondition
> 1. Hive table with name "testtable1_polcond" exists with tag with attributes
> expire_date, and name. Expiry date is in the future, and name has value:
> "hivetag".
> 2. A ranger tag-based policy exists with "Accessed after expiry_date": no,
> and the following boolean expression:
> {code:java}
> ctx.getAttributeValue("VALID_HIVETABLE_TAG_24", "name").equals("hivetag");
> {code}
> providing access to user test_user
> h4. Test steps
> 1. As user test_user in beeline, execute:
> {code:java}
> select * from testdb1_polcond.testtable1_polcond;
> {code}
> h4. Expected behavior
> Query should be executed successfully as tag based policy provides access.
> h4. Actual behavior
> Permisson denied. In hive logs, the following is seen:
> {code:java}
> 2023-08-28 11:43:34,716 INFO org.apache.hadoop.hive.ql.Driver:
> [a95535bb-6daf-466b-9464-fe505f224a0b etp597410879-285]: Compiling command(q
> ueryId=hive_20230828114334_adddcc28-722b-48ae-b0c9-0662a1661435): select *
> from testdb1_polcond.testtable1_polcond
> ...
> 2023-08-28 11:43:34,944 ERROR
> org.apache.ranger.plugin.policyengine.RangerRequestScriptEvaluator:
> [a95535bb-6daf-466b-9464-fe505f224a0b etp5
> 97410879-285]: RangerRequestScriptEvaluator.evaluateScript(): failed to
> evaluate script, exception=javax.script.ScriptException: org.graalvm
> .polyglot.PolyglotException: SyntaxError: :1:66 Expected , but found eof
> exit=null;quit=null;ctx.getAttributeValue("VALID_HIVETABLE_TAG_82"
> {code}
> Policy condition response :
> {code:java}
> curl -u 'admin:Admin123'
> 'https://quasar-leyqrl-1.quasar-leyqrl.root.hwx.site:6182/service/plugins/policies/102'
> \
> -H 'Accept: application/json, text/plain, \{*}/\{*}' \
> --insecure
> {code}
> In the resulting json, the value for the policy condition is the following:
> {code:java}
> "conditions": [
> {
> "type": "accessed-after-expiry",
> "values": [
> "no"
> ]
> },
> {
> "type": "expression",
> "values": [
> "ctx.getAttributeValue(\"VALID_HIVETABLE_TAG_82\"",
> "\"name\").equals(\"hivetag\");"
> ]
> }
> ],
> {code}
> It looks as if Ranger Admin would split the content of the "expression" field
> along the comma, and that's what leads to syntax error in hive logs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4371) Ranger authn - add doAs support for JWT authentication
[ https://issues.apache.org/jira/browse/RANGER-4371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760383#comment-17760383 ] Dineshkumar Yadav commented on RANGER-4371: --- apache commit : https://github.com/apache/ranger/commit/5bc3cb303e1100e25e7b45df1407b250e662bc77 > Ranger authn - add doAs support for JWT authentication > -- > > Key: RANGER-4371 > URL: https://issues.apache.org/jira/browse/RANGER-4371 > Project: Ranger > Issue Type: Improvement > Components: Ranger >Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > add doAs support for JWT based authentication -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4119) [UI] Syntax check button missing in policy level condition
[
https://issues.apache.org/jira/browse/RANGER-4119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758415#comment-17758415
]
Dineshkumar Yadav commented on RANGER-4119:
---
apache commit :
https://github.com/apache/ranger/commit/34ab1057084e966c581ee785c7f34dbbb6180044
> [UI] Syntax check button missing in policy level condition
> --
>
> Key: RANGER-4119
> URL: https://issues.apache.org/jira/browse/RANGER-4119
> Project: Ranger
> Issue Type: Bug
> Components: admin
>Affects Versions: 2.4.0
>Reporter: Madhan Neethiraj
>Assignee: Dhaval Rajpara
>Priority: Major
> Labels: ranger-react
> Attachments: image-2023-03-03-00-04-10-367.png,
> image-2023-03-03-00-04-45-845.png
>
>
> Ranger policy UI provides {{Syntax check}} button that allows policy authors
> to check if condition expression entered is valid or not. This button is
> available for condition in policy-item level, but its not available for
> condition at policy level - as seen in following images:
>
> Policy-item level:
> !image-2023-03-03-00-04-45-845.png|width=661,height=453!
>
> Policy level:
> !image-2023-03-03-00-04-10-367.png|width=661,height=488!
>
> CC: [~ni3galave], [~Dhaval.Rajpara]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4300) HBase shell revoke command failed with 'HTTP 400 Error: processSecureRevokeRequest processing failed'
[
https://issues.apache.org/jira/browse/RANGER-4300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17750939#comment-17750939
]
Dineshkumar Yadav commented on RANGER-4300:
---
Reverting this patch as we want to maintain existing behaviour intact as per
hbase-native behaviour.
revert commit :
https://github.com/apache/ranger/commit/f1f5c02e29e50fb175c1dcb7756638e58f65c207
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> -
>
> Key: RANGER-4300
> URL: https://issues.apache.org/jira/browse/RANGER-4300
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0002-RANGER-4300.patch
>
>
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> {code:java}
> hbase:001:0> revoke 'hrt_11'
> ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: HTTP 400
> Error: processSecureRevokeRequest processing failed
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1309)
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1128)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1857)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:558)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:631)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRevoke(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.master.MasterRpcServices.revoke(MasterRpcServices.java:2740)
> at
> org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:387)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:139)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:369)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:349)
> For usage try 'help "revoke"'
> Took 1.3487 seconds
> hbase:002:0> grant 'hrt_2', 'R'
> Took 0.7979 seconds
> hbase:003:0> grant 'hrt_11', 'R'
> Took 0.9092 seconds
> {code}
> Steps to reproduce:
> Case 1 :
> Grant access request from shell command
> Revoke access twice
> Case 2 :
> Grant access to user1 from shell command
> revoke access from user2 from shell command
> Case 3 :
> Ranger policy created at Group/Role access level
> Revoke access request for user belongs to Group/Roles from shell command
> Case 4 :
> Grant access to user with Table from shell command
> revoke access from user without Table from shell command
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-2704) Support browser login using kerberized authentication
[ https://issues.apache.org/jira/browse/RANGER-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17749610#comment-17749610 ] Dineshkumar Yadav commented on RANGER-2704: --- Hi [~vishalsuvagia], can you please confirm out of 4 patches attached above which one intended to merge in the branch. > Support browser login using kerberized authentication > - > > Key: RANGER-2704 > URL: https://issues.apache.org/jira/browse/RANGER-2704 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0, 2.3.0 >Reporter: Vishal Suvagia >Assignee: Vishal Suvagia >Priority: Minor > Fix For: 3.0.0, 2.3.0 > > Attachments: RANGER-2704.01.patch, RANGER-2704.02.patch, > RANGER-2704.03.patch, RANGER-2704.patch > > > Need to support browser login using kerberos authentication. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4086) An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
[ https://issues.apache.org/jira/browse/RANGER-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4086. --- Resolution: Won't Fix Working as per designed. > An admin user without permissions on all permission modules is able to view > permissions module page and assign permissions to self > -- > > Key: RANGER-4086 > URL: https://issues.apache.org/jira/browse/RANGER-4086 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Dineshkumar Yadav >Priority: Major > > On the Ranger UI, create a new admin user and login as the newly created user > in a different browser. > Then remove the permissions for the user on any module. > In the second browser, the newly created user is still able to access the > permissions module page and is able to assign permissions to self. > Ideally, if a user does not have access to all the permission modules, then > the user should not be able to edit permissions, > or if a user tries to remove permissions for an admin user, it should result > in an error or a notification stating that permissions for admin users can't > be removed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4086) An admin user without permissions on all permission modules is able to view permissions module page and assign permissions to self
[ https://issues.apache.org/jira/browse/RANGER-4086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17743758#comment-17743758 ] Dineshkumar Yadav commented on RANGER-4086: --- Hi [~abhishek.patil], As per designed Ranger Admin user can perform all activity. so closing this jira. > An admin user without permissions on all permission modules is able to view > permissions module page and assign permissions to self > -- > > Key: RANGER-4086 > URL: https://issues.apache.org/jira/browse/RANGER-4086 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Dineshkumar Yadav >Priority: Major > > On the Ranger UI, create a new admin user and login as the newly created user > in a different browser. > Then remove the permissions for the user on any module. > In the second browser, the newly created user is still able to access the > permissions module page and is able to assign permissions to self. > Ideally, if a user does not have access to all the permission modules, then > the user should not be able to edit permissions, > or if a user tries to remove permissions for an admin user, it should result > in an error or a notification stating that permissions for admin users can't > be removed -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4132) [Ranger UI] If view policy button is clicked for a policy which is deleted, then the page gets stuck in loading state
[ https://issues.apache.org/jira/browse/RANGER-4132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4132: -- Fix Version/s: 3.0.0 > [Ranger UI] If view policy button is clicked for a policy which is deleted, > then the page gets stuck in loading state > - > > Key: RANGER-4132 > URL: https://issues.apache.org/jira/browse/RANGER-4132 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4132.patch, 0002-RANGER-4132.patch > > > In Ranger Admin UI, the policies list for a specific service are not updated > automatically. > So in case a page is open for a specific service and it contains a policy, > for e.g with policy id 99, and the policy is deleted from another tab / from > an API request, > and if the user clicks on the view policy button, the server returns a 400 > bad request error, but the page gets stuck with the message "Please wait". > In such scenarios, there should be a message which states that the policy has > been deleted and it should refresh the list of policies for a specific service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4132) [Ranger UI] If view policy button is clicked for a policy which is deleted, then the page gets stuck in loading state
[ https://issues.apache.org/jira/browse/RANGER-4132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17742699#comment-17742699 ] Dineshkumar Yadav commented on RANGER-4132: --- apache commit : https://github.com/apache/ranger/commit/9a132c5d017c4f0a08837180625786a54539b758 > [Ranger UI] If view policy button is clicked for a policy which is deleted, > then the page gets stuck in loading state > - > > Key: RANGER-4132 > URL: https://issues.apache.org/jira/browse/RANGER-4132 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Abhishek >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Attachments: 0001-RANGER-4132.patch, 0002-RANGER-4132.patch > > > In Ranger Admin UI, the policies list for a specific service are not updated > automatically. > So in case a page is open for a specific service and it contains a policy, > for e.g with policy id 99, and the policy is deleted from another tab / from > an API request, > and if the user clicks on the view policy button, the server returns a 400 > bad request error, but the page gets stuck with the message "Please wait". > In such scenarios, there should be a message which states that the policy has > been deleted and it should refresh the list of policies for a specific service -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4148) HA support for Ranger Tag Sync/User Sync
[ https://issues.apache.org/jira/browse/RANGER-4148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav resolved RANGER-4148. --- Fix Version/s: 3.0.0 Resolution: Fixed > HA support for Ranger Tag Sync/User Sync > > > Key: RANGER-4148 > URL: https://issues.apache.org/jira/browse/RANGER-4148 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Dineshkumar Yadav >Priority: Major > Fix For: 3.0.0 > > > This enhancement will enable HA support for TagSync/UserSync. > HA will be implemented using Active/Passive architecture supported by Apache > curator-framework. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4151) Create HA support for tagSync
[
https://issues.apache.org/jira/browse/RANGER-4151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17742368#comment-17742368
]
Dineshkumar Yadav commented on RANGER-4151:
---
apache commit :
https://github.com/apache/ranger/commit/433a2ffa44c12b278806daf61dca432a70636e74
> Create HA support for tagSync
> -
>
> Key: RANGER-4151
> URL: https://issues.apache.org/jira/browse/RANGER-4151
> Project: Ranger
> Issue Type: Sub-task
> Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
>
> This enhancement will provide High Availability support for TagSync
> application
> Steps to make TagSync Application HA
> Decide the number of nodes on which you want to have TagSync up and running.
> Deploy the TagSync on all the nodes decided on Step 1.
> go to TagSync conf/ directory (which will be created after running setup.sh
> in step 2) and open ranger-tagsync-site.xml
>
> {code:java}
> update below configuration and restart the TagSync.
> 1. ranger-tagsync.server.ha.enabled= true
> 2. ranger-tagsync.server.ha.zookeeper.connect={add zookeeper host:port comma
> separated}
> 3. ranger-tagsync.server.ha.ids={add ids for number of hosts you have for
> tagsync ex. if you have 2 nodes add id1,id2 }
> 4. ranger-tagsync.server.ha.address.id1={host:port of tagsync node1}
> 5. ranger-tagsync.server.ha.address.id2={host:port of tagsync node2}
> 6. ranger-tagsync.server.ha.zookeeper.auth={auth:} if you want to provide acl
> auth otherwise keep blank
> {code}
> 7. Perform 3, 4 & 5 to all the TagSync nodes.
> Note : if there is no port provide only hostname
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (RANGER-4151) Create HA support for tagSync
[
https://issues.apache.org/jira/browse/RANGER-4151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4151:
--
Fix Version/s: 3.0.0
> Create HA support for tagSync
> -
>
> Key: RANGER-4151
> URL: https://issues.apache.org/jira/browse/RANGER-4151
> Project: Ranger
> Issue Type: Sub-task
> Components: Ranger
>Reporter: Dineshkumar Yadav
>Assignee: Dineshkumar Yadav
>Priority: Major
> Fix For: 3.0.0
>
>
> This enhancement will provide High Availability support for TagSync
> application
> Steps to make TagSync Application HA
> Decide the number of nodes on which you want to have TagSync up and running.
> Deploy the TagSync on all the nodes decided on Step 1.
> go to TagSync conf/ directory (which will be created after running setup.sh
> in step 2) and open ranger-tagsync-site.xml
>
> {code:java}
> update below configuration and restart the TagSync.
> 1. ranger-tagsync.server.ha.enabled= true
> 2. ranger-tagsync.server.ha.zookeeper.connect={add zookeeper host:port comma
> separated}
> 3. ranger-tagsync.server.ha.ids={add ids for number of hosts you have for
> tagsync ex. if you have 2 nodes add id1,id2 }
> 4. ranger-tagsync.server.ha.address.id1={host:port of tagsync node1}
> 5. ranger-tagsync.server.ha.address.id2={host:port of tagsync node2}
> 6. ranger-tagsync.server.ha.zookeeper.auth={auth:} if you want to provide acl
> auth otherwise keep blank
> {code}
> 7. Perform 3, 4 & 5 to all the TagSync nodes.
> Note : if there is no port provide only hostname
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-4025) Ranger improvement - Roles Import/export API for ranger admin
[ https://issues.apache.org/jira/browse/RANGER-4025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17742284#comment-17742284 ] Dineshkumar Yadav commented on RANGER-4025: --- Apache commit : https://github.com/apache/ranger/commit/bce5150e271c2e4da095b316fa5536da334d121e > Ranger improvement - Roles Import/export API for ranger admin > - > > Key: RANGER-4025 > URL: https://issues.apache.org/jira/browse/RANGER-4025 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Rakesh Gupta >Priority: Major > Attachments: 0011-RANGER-4025.patch > > > Provide API for Roles import/export. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4025) Ranger improvement - Roles Import/export API for ranger admin
[ https://issues.apache.org/jira/browse/RANGER-4025?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dineshkumar Yadav updated RANGER-4025: -- Fix Version/s: 3.0.0 > Ranger improvement - Roles Import/export API for ranger admin > - > > Key: RANGER-4025 > URL: https://issues.apache.org/jira/browse/RANGER-4025 > Project: Ranger > Issue Type: New Feature > Components: Ranger >Reporter: Dineshkumar Yadav >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0 > > Attachments: 0011-RANGER-4025.patch > > > Provide API for Roles import/export. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4297) [Ranger UI] [React JS] Scroll to Newly added row functionality in listing tables is not working.
[ https://issues.apache.org/jira/browse/RANGER-4297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741610#comment-17741610 ] Dineshkumar Yadav commented on RANGER-4297: --- Apache commit : https://github.com/apache/ranger/commit/ad762546b193ff7303788ad6910dbc22ae21e31d > [Ranger UI] [React JS] Scroll to Newly added row functionality in listing > tables is not working. > > > Key: RANGER-4297 > URL: https://issues.apache.org/jira/browse/RANGER-4297 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Brijesh Bhalala >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4297.patch, 0002-RANGER-4297.patch > > > Steps to reproduce:- > 1)Create a user. > 2)After creating the user it will go to last page of the table. > 3)But it does not scroll to that newly created user > Current behaviour: > Not get scrolled to newly added row in listing tables > Expected behaviour: > User should be scroll to newly added row in listing table. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4295) [Ranger UI] [React JS] Option might require to clear all filter at once for resource policy side bars
[ https://issues.apache.org/jira/browse/RANGER-4295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741609#comment-17741609 ] Dineshkumar Yadav commented on RANGER-4295: --- apache commit : https://github.com/apache/ranger/commit/593d15a3f80c7c94a40c3335c81019ce7cd08e58 > [Ranger UI] [React JS] Option might require to clear all filter at once for > resource policy side bars > - > > Key: RANGER-4295 > URL: https://issues.apache.org/jira/browse/RANGER-4295 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Anupam Rai >Assignee: Brijesh Bhalala >Priority: Major > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4295-Addendum.patch, 0001-RANGER-4295.patch, > Screenshot 2023-06-19 at 5.36.39 PM.png > > > Option might require to clear all filter at once for resouce policy side bars > Expected : Simillar option like in policy filter (Which woul refresh > services and clear filter as well ) > Attached screenshot -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4300) HBase shell revoke command failed with 'HTTP 400 Error: processSecureRevokeRequest processing failed'
[
https://issues.apache.org/jira/browse/RANGER-4300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dineshkumar Yadav updated RANGER-4300:
--
Fix Version/s: 3.0.0
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> -
>
> Key: RANGER-4300
> URL: https://issues.apache.org/jira/browse/RANGER-4300
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
> Fix For: 3.0.0
>
> Attachments: 0002-RANGER-4300.patch
>
>
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> {code:java}
> hbase:001:0> revoke 'hrt_11'
> ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: HTTP 400
> Error: processSecureRevokeRequest processing failed
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1309)
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1128)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1857)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:558)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:631)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRevoke(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.master.MasterRpcServices.revoke(MasterRpcServices.java:2740)
> at
> org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:387)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:139)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:369)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:349)
> For usage try 'help "revoke"'
> Took 1.3487 seconds
> hbase:002:0> grant 'hrt_2', 'R'
> Took 0.7979 seconds
> hbase:003:0> grant 'hrt_11', 'R'
> Took 0.9092 seconds
> {code}
> Error log from Ranger admin log
> {code:java}
> 2023-05-30 09:49:15,474 ERROR org.apache.ranger.rest.ServiceREST:
> [https-jsse-nio-6182-exec-8]: processSecureRevokeRequest processing failed
> 2023-05-30 09:49:15,475 ERROR org.apache.ranger.rest.ServiceREST:
> [https-jsse-nio-6182-exec-8]: secureRevokeAccess(cm_hbase,
> GrantRevokeRequest={grantor={hbase} grantorGroups={hbase }
> resource={column-family=*; column=*; table=*; } users={hrt_11 } groups={}
> accessTypes={read create admin write execute } delegateAdmin={true}
> enableAudit={true} replaceExistingPermissions={true} isRecursive={false}
> clientIPAddress={10.64.62.37} clientType={null} requestData={UserPermission:
> user=hrt_11, [GlobalPermission: actions=]} sessionId={null}
> clusterName={null} zoneName={null} }) failed
> java.lang.Exception: processSecureRevokeRequest processing failed
> at
> org.apache.ranger.rest.ServiceREST.secureRevokeAccess(ServiceREST.java:1590)
> [classes/:?]
> at
> org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke()
> [classes/:?]
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> [spring-core-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> [spring-ao
[jira] [Commented] (RANGER-4300) HBase shell revoke command failed with 'HTTP 400 Error: processSecureRevokeRequest processing failed'
[
https://issues.apache.org/jira/browse/RANGER-4300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17741539#comment-17741539
]
Dineshkumar Yadav commented on RANGER-4300:
---
Apache commit
:https://github.com/apache/ranger/commit/ff38d0b3ee474c9fa9332311ed31b56e53e858dd
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> -
>
> Key: RANGER-4300
> URL: https://issues.apache.org/jira/browse/RANGER-4300
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Reporter: Rakesh Gupta
>Assignee: Rakesh Gupta
>Priority: Major
> Attachments: 0002-RANGER-4300.patch
>
>
> HBase shell revoke command failed with 'HTTP 400 Error:
> processSecureRevokeRequest processing failed'
> {code:java}
> hbase:001:0> revoke 'hrt_11'
> ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: HTTP 400
> Error: processSecureRevokeRequest processing failed
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1309)
> at
> org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.preRevoke(RangerAuthorizationCoprocessor.java:1128)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1857)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost$162.call(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost$ObserverOperationWithoutResult.callObserver(CoprocessorHost.java:558)
> at
> org.apache.hadoop.hbase.coprocessor.CoprocessorHost.execOperation(CoprocessorHost.java:631)
> at
> org.apache.hadoop.hbase.master.MasterCoprocessorHost.preRevoke(MasterCoprocessorHost.java:1854)
> at
> org.apache.hadoop.hbase.master.MasterRpcServices.revoke(MasterRpcServices.java:2740)
> at
> org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos$MasterService$2.callBlockingMethod(MasterProtos.java)
> at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:387)
> at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:139)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:369)
> at
> org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:349)
> For usage try 'help "revoke"'
> Took 1.3487 seconds
> hbase:002:0> grant 'hrt_2', 'R'
> Took 0.7979 seconds
> hbase:003:0> grant 'hrt_11', 'R'
> Took 0.9092 seconds
> {code}
> Error log from Ranger admin log
> {code:java}
> 2023-05-30 09:49:15,474 ERROR org.apache.ranger.rest.ServiceREST:
> [https-jsse-nio-6182-exec-8]: processSecureRevokeRequest processing failed
> 2023-05-30 09:49:15,475 ERROR org.apache.ranger.rest.ServiceREST:
> [https-jsse-nio-6182-exec-8]: secureRevokeAccess(cm_hbase,
> GrantRevokeRequest={grantor={hbase} grantorGroups={hbase }
> resource={column-family=*; column=*; table=*; } users={hrt_11 } groups={}
> accessTypes={read create admin write execute } delegateAdmin={true}
> enableAudit={true} replaceExistingPermissions={true} isRecursive={false}
> clientIPAddress={10.64.62.37} clientType={null} requestData={UserPermission:
> user=hrt_11, [GlobalPermission: actions=]} sessionId={null}
> clusterName={null} zoneName={null} }) failed
> java.lang.Exception: processSecureRevokeRequest processing failed
> at
> org.apache.ranger.rest.ServiceREST.secureRevokeAccess(ServiceREST.java:1590)
> [classes/:?]
> at
> org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke()
> [classes/:?]
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> [spring-core-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> [spring-aop-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
> [spring-tx-5.3.27.jar:5.3.27]
> at
> org.springframework.
