Re: Review Request 75093: RANGER-4862: updated plugins packaging to include jackson-jaxrs-base library
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75093/#review226696 --- Ship it! Ship It! - Kishor Gollapalliwar On July 17, 2024, 2:43 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75093/ > --- > > (Updated July 17, 2024, 2:43 p.m.) > > > Review request for ranger, Abhishek Kumar, bhavik patel, Dineshkumar Yadav, > Fateh Singh, Abhay Kulkarni, Mehul Parikh, Mugdha Varadkar, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4862 > https://issues.apache.org/jira/browse/RANGER-4862 > > > Repository: ranger > > > Description > --- > > JacksonJsonProvider referenced in RangerRESTClient uses classes in > jackson-jaxrs-base library, hence updated plugins package to include this > library as well. > > > Diffs > - > > agents-common/pom.xml 7a6da8fd4 > distro/src/main/assembly/hbase-agent.xml 01ffea002 > distro/src/main/assembly/plugin-atlas.xml 6fa539639 > distro/src/main/assembly/plugin-elasticsearch.xml 51559b7be > distro/src/main/assembly/plugin-kafka.xml 770d05a71 > distro/src/main/assembly/plugin-ozone.xml dde9438f5 > distro/src/main/assembly/plugin-presto.xml f57ace6a7 > distro/src/main/assembly/plugin-solr.xml 348c37ec4 > distro/src/main/assembly/plugin-trino.xml 5c3a989d3 > distro/src/main/assembly/ranger-tools.xml 1c9c2e9fe > distro/src/main/assembly/sample-client.xml 37d0196de > distro/src/main/assembly/storm-agent.xml 1816490e5 > > > Diff: https://reviews.apache.org/r/75093/diff/1/ > > > Testing > --- > > - verified build and unit tests complete successfully > - setup Ranger components in docker and verified that following plugins > successfully initialize and enforce Ranger policies: > HDFS/Hive/HBase/Kafka/Yarn/Knox > > > Thanks, > > Madhan Neethiraj > >
[jira] [Updated] (RANGER-4848) Migrate Ranger modules to junit5 - phase 3
[ https://issues.apache.org/jira/browse/RANGER-4848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4848: - Description: This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-plugins-audit # ranger-plugins-common # ranger-knox-plugin # ranger-kudu-plugin # ranger-kylin-plugin # ranger-nifi-registry-plugin # ranger-nifi-plugin was: This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-hbase-plugin # ranger-hbase-plugin-shim # ranger-hdfs-plugin # ranger-hdfs-plugin-shim > Migrate Ranger modules to junit5 - phase 3 > -- > > Key: RANGER-4848 > URL: https://issues.apache.org/jira/browse/RANGER-4848 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-plugins-audit > # ranger-plugins-common > # ranger-knox-plugin > # ranger-kudu-plugin > # ranger-kylin-plugin > # ranger-nifi-registry-plugin > # ranger-nifi-plugin -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4848) Migrate Ranger modules to junit5 - phase 3
Kishor Gollapalliwar created RANGER-4848: Summary: Migrate Ranger modules to junit5 - phase 3 Key: RANGER-4848 URL: https://issues.apache.org/jira/browse/RANGER-4848 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Fix For: 3.0.0 This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-hbase-plugin # ranger-hbase-plugin-shim # ranger-hdfs-plugin # ranger-hdfs-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74962: RANGER-4781: Upgrade graalvm to 22.3.3
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74962/ --- Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-4781 https://issues.apache.org/jira/browse/RANGER-4781 Repository: ranger Description --- Upgrade graalvm to 22.3.3 Diffs - pom.xml efd152040 Diff: https://reviews.apache.org/r/74962/diff/1/ Testing --- mvn clean compile package install basic plugin enforcement Thanks, Kishor Gollapalliwar
[jira] [Created] (RANGER-4781) Upgrade graalvm to 22.3.3
Kishor Gollapalliwar created RANGER-4781: Summary: Upgrade graalvm to 22.3.3 Key: RANGER-4781 URL: https://issues.apache.org/jira/browse/RANGER-4781 Project: Ranger Issue Type: Bug Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Upgrade graalvm to 22.3.3 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (RANGER-4730) Migrate Ranger modules to junit5 - phase 2
[ https://issues.apache.org/jira/browse/RANGER-4730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar resolved RANGER-4730. -- Resolution: Fixed commit: https://github.com/apache/ranger/commit/8a3747edaf864ecbde3b48324663d668a81775ef > Migrate Ranger modules to junit5 - phase 2 > -- > > Key: RANGER-4730 > URL: https://issues.apache.org/jira/browse/RANGER-4730 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-kms > # ranger-kms-plugin > # ranger-kms-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74935: RANGER-4653: [addendum] Use Name validation regex instead of service name validation regex for Display name
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74935/#review226312 --- Ship it! Ship It! - Kishor Gollapalliwar On March 8, 2024, 3:48 p.m., Abhishek Patil wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74935/ > --- > > (Updated March 8, 2024, 3:48 p.m.) > > > Review request for ranger, Brijesh Bhalala, Dhaval Rajpara, Madhan Neethiraj, > Mehul Parikh, Mugdha Varadkar, and Ramesh Mani. > > > Bugs: RANGER-4653 > https://issues.apache.org/jira/browse/RANGER-4653 > > > Repository: ranger > > > Description > --- > > Currently, in the Service creation / edit form in Ranger react UI, there is a > validation for display name which does not allow spaces in displayName. The > validation has to be modified to include spaces, otherwise it won't allow > edit of Service from UI if the display name contains a space > > > Diffs > - > > > security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/ServiceForm.jsx > be179a981 > > > Diff: https://reviews.apache.org/r/74935/diff/1/ > > > Testing > --- > > Applied the patch on a cluster and tested the following scenarios :- > 1. Ensured that service creation is allowed for a display name containing a > space > 2. Ensured that service update operation is allowed for a display name > containing a space > 3. Ensured that service creation / update fails if service display name > contains a special character / if the name is longer than 255 characters. > > > Thanks, > > Abhishek Patil > >
Re: Review Request 74929: RANGER-4741: Hive plugin optimization to avoid excessive metastore API calls
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74929/#review226311 --- hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java Lines 3181 (patched) <https://reviews.apache.org/r/74929/#comment314537> LOG.info() ==> LOG.debug() - Kishor Gollapalliwar On March 8, 2024, 11:10 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74929/ > --- > > (Updated March 8, 2024, 11:10 p.m.) > > > Review request for ranger, Asit Vadhavkar, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and > Subhrat Chaudhary. > > > Bugs: RANGER-4741 > https://issues.apache.org/jira/browse/RANGER-4741 > > > Repository: ranger > > > Description > --- > > updated Ranger Hive authorizer to get owner of a table only once per query > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 9b25e2b8a > > > Diff: https://reviews.apache.org/r/74929/diff/2/ > > > Testing > --- > > - verified that the optimization results in significantly reduced time to > authorize access to tables with large number of columns. For a table with > 4000 columns, the time taked reduced from 100 seconds to 1.5 seconds > - verified that all existing tests pass successfully > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 74929: RANGER-4741: Hive plugin optimization to avoid excessive metastore API calls
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74929/#review226310 --- Ship it! Ship It! - Kishor Gollapalliwar On March 8, 2024, 11:10 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74929/ > --- > > (Updated March 8, 2024, 11:10 p.m.) > > > Review request for ranger, Asit Vadhavkar, Kishor Gollapalliwar, Abhay > Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and > Subhrat Chaudhary. > > > Bugs: RANGER-4741 > https://issues.apache.org/jira/browse/RANGER-4741 > > > Repository: ranger > > > Description > --- > > updated Ranger Hive authorizer to get owner of a table only once per query > > > Diffs > - > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 9b25e2b8a > > > Diff: https://reviews.apache.org/r/74929/diff/2/ > > > Testing > --- > > - verified that the optimization results in significantly reduced time to > authorize access to tables with large number of columns. For a table with > 4000 columns, the time taked reduced from 100 seconds to 1.5 seconds > - verified that all existing tests pass successfully > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 74926: RANGER-4076: Support Java 17 for build and runtime
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74926/#review226290 --- pom.xml Lines 428 (patched) <https://reviews.apache.org/r/74926/#comment314525> Are we planning to make changes in this class later to support build, if not instead of skipping class, shouldn't we remove it ? - Kishor Gollapalliwar On March 5, 2024, 7:10 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74926/ > --- > > (Updated March 5, 2024, 7:10 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4076 > https://issues.apache.org/jira/browse/RANGER-4076 > > > Repository: ranger > > > Description > --- > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. > > This patch enables manual and Docker-based build of Apache Ranger. It ensures > compatibility with Java 8, Java 11, and Java 17 for both build and runtime > environments. > (I encountered a TestCase Failure in the KnoxRangerTest class, so currently I > had excluded that class from jdk17 build) > > > Diffs > - > > agents-common/pom.xml 12e093f78 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java > 512d8d3ca > > agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java > db620df92 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java > 8d76c1d81 > dev-support/ranger-docker/.env 60bc4a9f2 > dev-support/ranger-docker/Dockerfile.ranger-build 9a192f152 > dev-support/ranger-docker/docker-compose.ranger-build.yml 3dd4a4a06 > distro/src/main/assembly/admin-web.xml 245d9ca09 > docs/src/site/resources/index.js bb876f28d > hdfs-agent/pom.xml dece8f46f > kms/pom.xml 2739bb81a > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java > 7188b19b2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java > b6fc32950 > plugin-nestedstructure/pom.xml 0e208f99c > > plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java > 77767767c > > plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java > 9cb161b8d > pom.xml cec2390f2 > ranger-tools/pom.xml cac8d7ba3 > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > 187d20227 > security-admin/pom.xml fc59287d0 > > > Diff: https://reviews.apache.org/r/74926/diff/1/ > > > Testing > --- > > This patch has been successfully tested and verified with Java versions 8, > 11, and 17. The verification process included both manual and Docker setup. > Now we are able to build and run on same jdk. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74926: RANGER-4076: Support Java 17 for build and runtime
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74926/#review226288 --- plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java Line 59 (original), 62 (patched) <https://reviews.apache.org/r/74926/#comment314524> Will this break backword compatibility. If a older setup is using Scripts (compatible with Nashorm), will they need to update ? pom.xml Line 1007 (original), 1100 (patched) <https://reviews.apache.org/r/74926/#comment314523> Why we need DEBUG logging ? - Kishor Gollapalliwar On March 5, 2024, 7:10 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74926/ > --- > > (Updated March 5, 2024, 7:10 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4076 > https://issues.apache.org/jira/browse/RANGER-4076 > > > Repository: ranger > > > Description > --- > > Currently only Java 8 and 11 are supported. Java 17 is a major LTS version > of Java and adding support would modernize our Java version support. > > This patch enables manual and Docker-based build of Apache Ranger. It ensures > compatibility with Java 8, Java 11, and Java 17 for both build and runtime > environments. > (I encountered a TestCase Failure in the KnoxRangerTest class, so currently I > had excluded that class from jdk17 build) > > > Diffs > - > > agents-common/pom.xml 12e093f78 > > agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java > 512d8d3ca > > agents-common/src/main/java/org/apache/ranger/plugin/util/NashornScriptEngineCreator.java > db620df92 > > agents-common/src/main/java/org/apache/ranger/plugin/util/ScriptEngineUtil.java > 8d76c1d81 > dev-support/ranger-docker/.env 60bc4a9f2 > dev-support/ranger-docker/Dockerfile.ranger-build 9a192f152 > dev-support/ranger-docker/docker-compose.ranger-build.yml 3dd4a4a06 > distro/src/main/assembly/admin-web.xml 245d9ca09 > docs/src/site/resources/index.js bb876f28d > hdfs-agent/pom.xml dece8f46f > kms/pom.xml 2739bb81a > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStore.java > 7188b19b2 > kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java > b6fc32950 > plugin-nestedstructure/pom.xml 0e208f99c > > plugin-nestedstructure/src/main/java/org/apache/ranger/authorization/nestedstructure/authorizer/RecordFilterJavaScript.java > 77767767c > > plugin-nestedstructure/src/test/java/org/apache/ranger/authorization/nestedstructure/authorizer/TestRecordFilterJavaScript.java > 9cb161b8d > pom.xml cec2390f2 > ranger-tools/pom.xml cac8d7ba3 > > ranger-tools/src/test/java/org/apache/ranger/policyengine/RangerPolicyEnginePerformanceTest.java > 187d20227 > security-admin/pom.xml fc59287d0 > > > Diff: https://reviews.apache.org/r/74926/diff/1/ > > > Testing > --- > > This patch has been successfully tested and verified with Java versions 8, > 11, and 17. The verification process included both manual and Docker setup. > Now we are able to build and run on same jdk. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74927: RANGER-4727: When tagDef delete fails, error message is not returned
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74927/#review226286
---
Ship it!
Ship It!
- Kishor Gollapalliwar
On March 5, 2024, 7:32 a.m., Subhrat Chaudhary wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74927/
> ---
>
> (Updated March 5, 2024, 7:32 a.m.)
>
>
> Review request for ranger, Anand Nadar, Asit Vadhavkar, Madhan Neethiraj,
> Monika Kachhadiya, and Siddhesh Phatak.
>
>
> Bugs: RANGER-4727
> https://issues.apache.org/jira/browse/RANGER-4727
>
>
> Repository: ranger
>
>
> Description
> ---
>
> When tagDef and a linked tag is created, and delete of the tagDef is
> attempted with DELETE API - /service/tags/tagdef/{tagDefId}, it fails with
> 400 and no error message is returned.
> This is fixed by adding a check and throw excpetion with proper message - if
> the linked tag exists.
>
>
> Diffs
> -
>
> security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
> fb912d4f8
> security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
> ed3ed5eca
>
>
> Diff: https://reviews.apache.org/r/74927/diff/1/
>
>
> Testing
> ---
>
> Validated the the API with curl for the tagDef - PII_LOCATION (linked tag is
> exists), the error response contains message:
> {"statusCode":0,"msgDesc":"Cannot delete tag: PII_LOCATION, please delete
> linked resources first"}
>
> Validated existing JUnits are passing
>
>
> Thanks,
>
> Subhrat Chaudhary
>
>
Re: Review Request 74905: RANGER-4568: Upgrade Spring Security to 5.7.11 and spring framework to 5.3.32
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74905/#review226282 --- Ship it! Ship It! - Kishor Gollapalliwar On Feb. 28, 2024, 4:07 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74905/ > --- > > (Updated Feb. 28, 2024, 4:07 a.m.) > > > Review request for ranger, Abhishek Kumar, bhavik patel, Dhaval Shah, > Dineshkumar Yadav, Kishor Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4568 > https://issues.apache.org/jira/browse/RANGER-4568 > > > Repository: ranger > > > Description > --- > > Here I am proposing to Upgrade Spring Security version to 5.7.11 and spring > framework version to 5.3.32 > > > Diffs > - > > pom.xml b40fbcc5a > > > Diff: https://reviews.apache.org/r/74905/diff/1/ > > > Testing > --- > > Tested ranger admin installation, password change, CRUD operation on Ranger > service, policy, users and group. > > > Thanks, > > Pradeep Agrawal > >
[jira] [Commented] (RANGER-4730) Migrate Ranger modules to junit5 - phase 2
[ https://issues.apache.org/jira/browse/RANGER-4730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823040#comment-17823040 ] Kishor Gollapalliwar commented on RANGER-4730: -- RR: https://reviews.apache.org/r/74923/ > Migrate Ranger modules to junit5 - phase 2 > -- > > Key: RANGER-4730 > URL: https://issues.apache.org/jira/browse/RANGER-4730 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-kms > # ranger-kms-plugin > # ranger-kms-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74923: RANGER-4730: Migrate Ranger modules to junit5 - phase 2
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74923/ --- Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Ramesh Mani, Sailaja Polavarapu, Vikas Kumar, and Velmurugan Periasamy. Bugs: RANGER-4730 https://issues.apache.org/jira/browse/RANGER-4730 Repository: ranger Description --- This sub-task is responsible to migrate following maven sub-modules to junit5. 1. ranger-kms 2. ranger-kms-plugin 3. ranger-kms-plugin-shim Diffs - kms/pom.xml 2739bb81a kms/src/test/java/org/apache/hadoop/crypto/key/kms/TestRangerKeyStore.java bcdf2e337 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/RangerKeyStoreProviderTest.java 5fde0afc8 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/RangerMasterKeyTest.java f420322ca kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSACLs.java 80564d466 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAudit.java ec0bae877 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java e8ca7b714 kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKeyAuthorizationKeyProvider.java d7988e7b8 kms/src/test/java/org/apache/ranger/kms/metrics/TestKMSMetricsWrapper.java 209251026 plugin-kms/pom.xml 42e8ec25d plugin-kms/src/test/java/org/apache/ranger/authorization/kms/authorizer/RangerKmsAuthorizerTest.java 4baec7ba8 Diff: https://reviews.apache.org/r/74923/diff/1/ Testing --- mvn clean compile package install Thanks, Kishor Gollapalliwar
[jira] [Commented] (RANGER-4731) Migrate Ranger modules to junit5 - hdfs, hbase
[ https://issues.apache.org/jira/browse/RANGER-4731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17823028#comment-17823028 ] Kishor Gollapalliwar commented on RANGER-4731: -- These plugins are using underline component (hdfs/ hbase) classes in test classes. Hence they are dependent on underline classes. Since underline dependant classes are not using junit 5, we can not migrated these sub-modules/ plugins to junit 5 now. > Migrate Ranger modules to junit5 - hdfs, hbase > -- > > Key: RANGER-4731 > URL: https://issues.apache.org/jira/browse/RANGER-4731 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-hbase-plugin > # ranger-hbase-plugin-shim > # ranger-hdfs-plugin > # ranger-hdfs-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4731) Migrate Ranger modules to junit5 - hdfs, hbase
[ https://issues.apache.org/jira/browse/RANGER-4731?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4731: - Description: This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-hbase-plugin # ranger-hbase-plugin-shim # ranger-hdfs-plugin # ranger-hdfs-plugin-shim was: This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-kms # ranger-kms-plugin # ranger-kms-plugin-shim > Migrate Ranger modules to junit5 - hdfs, hbase > -- > > Key: RANGER-4731 > URL: https://issues.apache.org/jira/browse/RANGER-4731 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-hbase-plugin > # ranger-hbase-plugin-shim > # ranger-hdfs-plugin > # ranger-hdfs-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4731) Migrate Ranger modules to junit5 - hdfs, hbase
Kishor Gollapalliwar created RANGER-4731: Summary: Migrate Ranger modules to junit5 - hdfs, hbase Key: RANGER-4731 URL: https://issues.apache.org/jira/browse/RANGER-4731 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Fix For: 3.0.0 This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-kms # ranger-kms-plugin # ranger-kms-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4730) Migrate Ranger modules to junit5 - phase 2
[ https://issues.apache.org/jira/browse/RANGER-4730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4730: - Description: This sub-task is responsible to migrate following maven sub-modules to junit5. # ranger-kms # ranger-kms-plugin # ranger-kms-plugin-shim was: This sub-task is responsible to migrate following maven sub-modules to junit5. # conditions-enrichers # credentialsbuilder # embeddedwebserver # jisql # ldapconfigcheck # ranger-atlas-plugin # ranger-atlas-plugin-shim # ranger-authn # ranger-common-ha # ranger-elasticsearch-plugin # ranger-elasticsearch-plugin-shim # ranger-hive-plugin # ranger-hive-plugin-shim # ranger-intg # ranger-kafka-plugin # ranger-kafka-plugin-shim > Migrate Ranger modules to junit5 - phase 2 > -- > > Key: RANGER-4730 > URL: https://issues.apache.org/jira/browse/RANGER-4730 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # ranger-kms > # ranger-kms-plugin > # ranger-kms-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4730) Migrate Ranger modules to junit5 - phase 2
Kishor Gollapalliwar created RANGER-4730: Summary: Migrate Ranger modules to junit5 - phase 2 Key: RANGER-4730 URL: https://issues.apache.org/jira/browse/RANGER-4730 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Fix For: 3.0.0 This sub-task is responsible to migrate following maven sub-modules to junit5. # conditions-enrichers # credentialsbuilder # embeddedwebserver # jisql # ldapconfigcheck # ranger-atlas-plugin # ranger-atlas-plugin-shim # ranger-authn # ranger-common-ha # ranger-elasticsearch-plugin # ranger-elasticsearch-plugin-shim # ranger-hive-plugin # ranger-hive-plugin-shim # ranger-intg # ranger-kafka-plugin # ranger-kafka-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74812: RANGER-4632: Security Zone policies version increases by +2 when we update its policy
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74812/#review226192 --- Ship it! Ship It! - Kishor Gollapalliwar On Jan. 30, 2024, 12:49 p.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74812/ > --- > > (Updated Jan. 30, 2024, 12:49 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4632 > https://issues.apache.org/jira/browse/RANGER-4632 > > > Repository: ranger > > > Description > --- > > Security Zone policies version increases by +2 when we update its policy. > > STEPS TO REPRODUCE: > Create a security zone with any service. > Now edit the policy(policy name or description or resources) of above zone > created, so its policy get updated. > Check policy version of above policy, its increases by +2 version. > > CURRENT BEHAVIOUR: > Security Zone policies version increases by +2, when we update its policy. > > EXPECTED BEHAVIOUR: > Security Zone policies version increases by +1, when we update its policy. > > > Diffs > - > > > security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java > 9f3b11042 > > > Diff: https://reviews.apache.org/r/74812/diff/1/ > > > Testing > --- > > Verified when Security zone policy get updated its version increases by +1. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74753: RANGER-4521: All records not displayed on Admin Audits UI when filtered using session ID
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74753/#review226089 --- Ship it! Ship It! - Kishor Gollapalliwar On Dec. 19, 2023, 9:57 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74753/ > --- > > (Updated Dec. 19, 2023, 9:57 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4521 > https://issues.apache.org/jira/browse/RANGER-4521 > > > Repository: ranger > > > Description > --- > > Some audit entries for keyadmin user are missing when filtered using > sessionID or Audit Type = Ranger Policy. Also when moved to next page most > audit entries are missing > > (Audits for import and export are shown, audit corresponding to policy crud > operation is missing for keyadmin user) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java > 9d9e0bbc0 > > > Diff: https://reviews.apache.org/r/74753/diff/5/ > > > Testing > --- > > Tested All audits are displayed properly with filter and without filter for > admin and keyadmin user. > > > Thanks, > > Rakesh Gupta > >
[jira] [Commented] (RANGER-4467) User Agent info not logged under "Login sessions" when login fails
[ https://issues.apache.org/jira/browse/RANGER-4467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798517#comment-17798517 ] Kishor Gollapalliwar commented on RANGER-4467: -- commit: https://github.com/apache/ranger/commit/5cfe87313bbd67af20f3c8b68f60f0af08e7d73c > User Agent info not logged under "Login sessions" when login fails > -- > > Key: RANGER-4467 > URL: https://issues.apache.org/jira/browse/RANGER-4467 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: suja s >Assignee: Rakesh Gupta >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4467.patch > > > STEPS TO REPRODUCE: > Provide wrong uname or password on Ranger admin UI so that login fails > Verify login sessions under Audits page > CURRENT BEHAVIOUR: > User Agent info is missing when login fails > EXPECTED BEHAVIOUR: > User Agent info should be displayed > IMPACT: > User Agent info missing when login fails. Its good to display this detail as > it helps in knowing how the login was tried in case of failed login attempts -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74753: RANGER-4521: All records not displayed on Admin Audits UI when filtered using session ID
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74753/#review226062 --- security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java Line 111 (original), 106 (patched) <https://reviews.apache.org/r/74753/#comment314379> Please handle scenario when session is null security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java Lines 154 (patched) <https://reviews.apache.org/r/74753/#comment314380> What will happen if session is null ? - Kishor Gollapalliwar On Dec. 14, 2023, 7:26 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74753/ > --- > > (Updated Dec. 14, 2023, 7:26 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4521 > https://issues.apache.org/jira/browse/RANGER-4521 > > > Repository: ranger > > > Description > --- > > Some audit entries for keyadmin user are missing when filtered using > sessionID or Audit Type = Ranger Policy. Also when moved to next page most > audit entries are missing > > (Audits for import and export are shown, audit corresponding to policy crud > operation is missing for keyadmin user) > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java > 9d9e0bbc0 > > > Diff: https://reviews.apache.org/r/74753/diff/4/ > > > Testing > --- > > Tested All audits are displayed properly with filter and without filter for > admin and keyadmin user. > > > Thanks, > > Rakesh Gupta > >
Re: Review Request 74657: RANGER-4467: User Agent info not logged under "Login sessions" when login fails
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74657/#review226061 --- Ship it! Ship It! - Kishor Gollapalliwar On Oct. 10, 2023, 11:03 a.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74657/ > --- > > (Updated Oct. 10, 2023, 11:03 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4467 > https://issues.apache.org/jira/browse/RANGER-4467 > > > Repository: ranger > > > Description > --- > > User Agent info missing when login fails. Its good to display this detail as > it helps in knowing how the login was tried in case of failed login attempts > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java > 89bffa7c9 > > security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java > 8f46af968 > > security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthSuccessHandler.java > 52cf17ae1 > > > Diff: https://reviews.apache.org/r/74657/diff/1/ > > > Testing > --- > > Provided wrong uname or password on Ranger admin UI so that login fails. > Verified login sessions under Audits page that User Agent info is displayed > for Wrong Username/Password > > > Thanks, > > Rakesh Gupta > >
[jira] [Commented] (RANGER-4559) Migrate Ranger modules to junit5 - phase 1
[ https://issues.apache.org/jira/browse/RANGER-4559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789802#comment-17789802 ] Kishor Gollapalliwar commented on RANGER-4559: -- RR: https://reviews.apache.org/r/74756/ > Migrate Ranger modules to junit5 - phase 1 > -- > > Key: RANGER-4559 > URL: https://issues.apache.org/jira/browse/RANGER-4559 > Project: Ranger > Issue Type: Sub-task > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Kishor Gollapalliwar > Assignee: Kishor Gollapalliwar >Priority: Major > > This sub-task is responsible to migrate following maven sub-modules to junit5. > # conditions-enrichers > # credentialsbuilder > # embeddedwebserver > # jisql > # ldapconfigcheck > # ranger-atlas-plugin > # ranger-atlas-plugin-shim > # ranger-authn > # ranger-common-ha > # ranger-elasticsearch-plugin > # ranger-elasticsearch-plugin-shim > # ranger-hive-plugin > # ranger-hive-plugin-shim > # ranger-intg > # ranger-kafka-plugin > # ranger-kafka-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Review Request 74756: RANGER-4559: Migrate Ranger modules to junit5 - phase 1
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74756/ --- Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-4559 https://issues.apache.org/jira/browse/RANGER-4559 Repository: ranger Description --- This sub-task is responsible to migrate following maven sub-modules to junit5. 01. conditions-enrichers 02. credentialsbuilder 03. embeddedwebserver 04. jisql 05. ldapconfigcheck 06. ranger-atlas-plugin 07. ranger-atlas-plugin-shim 08. ranger-authn 09. ranger-common-ha 10. ranger-elasticsearch-plugin 11. ranger-elasticsearch-plugin-shim 12. ranger-hive-plugin 13. ranger-hive-plugin-shim 14. ranger-intg 15. ranger-kafka-plugin 16. ranger-kafka-plugin-shim Diffs - credentialbuilder/pom.xml c18d5585c credentialbuilder/src/test/java/org/apache/ranger/credentialapi/TestCredentialReader.java ff3ce843e credentialbuilder/src/test/java/org/apache/ranger/credentialapi/Testbuildks.java c9fb54c00 hive-agent/pom.xml 8a21ab81d hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 2f6f1d846 hive-agent/src/test/java/org/apache/ranger/services/hive/TestAllHiveOperationInRanger.java d424bb4fb intg/pom.xml 4654ef7f7 intg/src/test/java/org/apache/ranger/TestRangerClient.java 7da6b18a5 plugin-kafka/pom.xml 9fa913741 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerGSSTest.java f33405a2f plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java 90bd628f8 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java 9a7d5fe83 plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerTopicCreationTest.java e48dd2535 ranger-authn/pom.xml 4ee98f8a5 ranger-common-ha/pom.xml 2faa243e4 ranger-common-ha/src/test/java/org/apache/ranger/ha/service/TestRangerServiceServerIdSelector.java 0cd55a2a6 ranger-examples/conditions-enrichers/pom.xml 70e9c6c74 ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java 22e298df5 Diff: https://reviews.apache.org/r/74756/diff/1/ Testing --- 1. mvn clean compile package install 2. mvn clean compile package install -Psecurity-admin-react Thanks, Kishor Gollapalliwar
[jira] [Created] (RANGER-4559) Migrate Ranger modules to junit5 - phase 1
Kishor Gollapalliwar created RANGER-4559: Summary: Migrate Ranger modules to junit5 - phase 1 Key: RANGER-4559 URL: https://issues.apache.org/jira/browse/RANGER-4559 Project: Ranger Issue Type: Sub-task Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar This sub-task is responsible to migrate following maven sub-modules to junit5. # conditions-enrichers # credentialsbuilder # embeddedwebserver # jisql # ldapconfigcheck # ranger-atlas-plugin # ranger-atlas-plugin-shim # ranger-authn # ranger-common-ha # ranger-elasticsearch-plugin # ranger-elasticsearch-plugin-shim # ranger-hive-plugin # ranger-hive-plugin-shim # ranger-intg # ranger-kafka-plugin # ranger-kafka-plugin-shim -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74734: RANGER-4525: Upgrade spotbugs plugin to 4.7.3.5
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74734/#review225961 --- Ship it! Ship It! - Kishor Gollapalliwar On Nov. 10, 2023, 8:20 a.m., bhavik patel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74734/ > --- > > (Updated Nov. 10, 2023, 8:20 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Kishor > Gollapalliwar, Madhan Neethiraj, Pradeep Agrawal, Vishal Suvagia, and > Velmurugan Periasamy. > > > Bugs: RANGER-4525 > https://issues.apache.org/jira/browse/RANGER-4525 > > > Repository: ranger > > > Description > --- > > Upgrade spotbugs plugin to 4.7.3.5 as current version download the > commons-text-1.9 dependency and which is vulnerable. > > > Diffs > - > > pom.xml 6f3094c48 > > > Diff: https://reviews.apache.org/r/74734/diff/1/ > > > Testing > --- > > 1. commons-text-1.9 jar is not download in m2 repo. > 2. No additional spotbug findings. > > > Thanks, > > bhavik patel > >
Review Request 74736: RANGER-4528: Add JUnit 5 support
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74736/ --- Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy. Bugs: RANGER-4528 https://issues.apache.org/jira/browse/RANGER-4528 Repository: ranger Description --- Goal of this phase is to add support for JUnit 5, so that JUnit 4 & JUnit 5 both test should be supported. Diffs - agents-audit/pom.xml 791519b39 agents-common/pom.xml b753c1368 agents-cred/pom.xml 5130db80e credentialbuilder/pom.xml dea198b47 hbase-agent/pom.xml 36a466a76 hdfs-agent/pom.xml a23cdfea0 hive-agent/pom.xml 1e50cdd4f intg/pom.xml 191d1cfbb kms/pom.xml 1be5b0ccd knox-agent/pom.xml 3177fa8af plugin-kafka/pom.xml 0cf3d4dd1 plugin-kms/pom.xml 8e33b4c46 plugin-kudu/pom.xml 497c1c2f7 plugin-kylin/pom.xml 7a51744f0 plugin-nifi-registry/pom.xml 785f85ffb plugin-nifi/pom.xml f786d4d35 plugin-presto/pom.xml 5cdad44c0 plugin-schema-registry/pom.xml 50169ef44 plugin-sqoop/pom.xml f7830dc3d plugin-trino/pom.xml e7c82edfa pom.xml 6f3094c48 ranger-authn/pom.xml d027c7004 ranger-common-ha/pom.xml 267f75331 ranger-examples/conditions-enrichers/pom.xml 1fff9e793 ranger-knox-plugin-shim/pom.xml fbf4e4d10 ranger-metrics/pom.xml 1b0f860dc ranger-plugin-classloader/pom.xml bcc02812a ranger-tools/pom.xml 1bff58c1d security-admin/pom.xml 05fa7d836 storm-agent/pom.xml 91f78d881 tagsync/pom.xml 1df1ccb64 ugsync/pom.xml ecb03c97a Diff: https://reviews.apache.org/r/74736/diff/1/ Testing --- mvn clean compile package install Thanks, Kishor Gollapalliwar
[jira] [Assigned] (RANGER-4528) Add JUnit 5 support
[ https://issues.apache.org/jira/browse/RANGER-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar reassigned RANGER-4528: Assignee: Kishor Gollapalliwar > Add JUnit 5 support > --- > > Key: RANGER-4528 > URL: https://issues.apache.org/jira/browse/RANGER-4528 > Project: Ranger > Issue Type: Sub-task > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Goal of this phase is to add support for JUnit 5, so that JUnit 4 & JUnit 5 > both test should be supported. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4528) Add JUnit 5 support
Kishor Gollapalliwar created RANGER-4528: Summary: Add JUnit 5 support Key: RANGER-4528 URL: https://issues.apache.org/jira/browse/RANGER-4528 Project: Ranger Issue Type: Sub-task Components: Ranger Reporter: Kishor Gollapalliwar Goal of this phase is to add support for JUnit 5, so that JUnit 4 & JUnit 5 both test should be supported. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4527) Migrate to JUnit 5
Kishor Gollapalliwar created RANGER-4527: Summary: Migrate to JUnit 5 Key: RANGER-4527 URL: https://issues.apache.org/jira/browse/RANGER-4527 Project: Ranger Issue Type: Improvement Components: Ranger Affects Versions: 3.0.0 Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Currently Ranger repository is using JUnit 4, and we should consider migrating to JUnit 5 due to following reasons. * JUnit 4 is not actively maintained * Everything which can be achieve in JUnit 4 can also be achieved in JUnit 5 * JUnit 5 has new features which not only give us more granular control but also help us better organise test The migration will be done in following phases # Add support for JUnit 5: In this phase we will add support for JUnit 5, hence JUnit 4 & JUnit 5 both supported # Migrate each maven sub-module at a time to JUnit 5 # Remove support for JUnit 4 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4482) Upgrade Tomcat to 8.5.94 (for CVE fixes) in all Ranger services
[ https://issues.apache.org/jira/browse/RANGER-4482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17783614#comment-17783614 ] Kishor Gollapalliwar commented on RANGER-4482: -- master commit: https://github.com/apache/ranger/commit/cd8a752d008b417f3f7f01dccbcc6893571be629 > Upgrade Tomcat to 8.5.94 (for CVE fixes) in all Ranger services > --- > > Key: RANGER-4482 > URL: https://issues.apache.org/jira/browse/RANGER-4482 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Sanket Shelar >Assignee: Sanket Shelar >Priority: Major > Attachments: 0001-RANGER-4482.patch > > > Tomcat needs be upgraded to 8.5.94 to address the below CVE. > CVE-2023-45648 > [https://nvd.nist.gov/vuln/detail/CVE-2023-45648] > CVE-2023-42795 > [https://nvd.nist.gov/vuln/detail/CVE-2023-42795] > CVE-2023-42794 > [https://nvd.nist.gov/vuln/detail/CVE-2023-42794] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4482) Upgrade Tomcat to 8.5.94 (for CVE fixes) in all Ranger services
[ https://issues.apache.org/jira/browse/RANGER-4482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4482: - Fix Version/s: 3.0.0 > Upgrade Tomcat to 8.5.94 (for CVE fixes) in all Ranger services > --- > > Key: RANGER-4482 > URL: https://issues.apache.org/jira/browse/RANGER-4482 > Project: Ranger > Issue Type: Task > Components: Ranger >Reporter: Sanket Shelar >Assignee: Sanket Shelar >Priority: Major > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4482.patch > > > Tomcat needs be upgraded to 8.5.94 to address the below CVE. > CVE-2023-45648 > [https://nvd.nist.gov/vuln/detail/CVE-2023-45648] > CVE-2023-42795 > [https://nvd.nist.gov/vuln/detail/CVE-2023-42795] > CVE-2023-42794 > [https://nvd.nist.gov/vuln/detail/CVE-2023-42794] -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74684: RANGER-4482: Upgrade Tomcat to 8.5.94 (for CVE fixes) in all Ranger services
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74684/#review225941 --- Ship it! Ship It! - Kishor Gollapalliwar On Nov. 7, 2023, 9:20 a.m., sanket shelar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74684/ > --- > > (Updated Nov. 7, 2023, 9:20 a.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4482 > https://issues.apache.org/jira/browse/RANGER-4482 > > > Repository: ranger > > > Description > --- > > Tomcat needs be upgraded to 8.5.94 to address the below CVE. > > CVE-2023-45648 > https://nvd.nist.gov/vuln/detail/CVE-2023-45648 > CVE-2023-42795 > https://nvd.nist.gov/vuln/detail/CVE-2023-42795 > CVE-2023-42794 > https://nvd.nist.gov/vuln/detail/CVE-2023-42794 > > > Diffs > - > > pom.xml 115580ada > > > Diff: https://reviews.apache.org/r/74684/diff/1/ > > > Testing > --- > > Sanity testing completed with tomcat version 8.5.94 > > > Thanks, > > sanket shelar > >
Re: Review Request 74704: RANGER-4495: Upgrade netty to 4.1.100.Final
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74704/ --- (Updated Oct. 30, 2023, 5:56 a.m.) Review request for ranger, Dineshkumar Yadav, Harshal Chavan, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu. Bugs: RANGER-4495 https://issues.apache.org/jira/browse/RANGER-4495 Repository: ranger Description --- Upgrade netty to 4.1.100-final or higher Diffs - pom.xml 115580ada Diff: https://reviews.apache.org/r/74704/diff/1/ Testing --- 1. mvn clean compile package install Thanks, Kishor Gollapalliwar
[jira] [Commented] (RANGER-4495) Upgrade netty to 4.1.100-final
[ https://issues.apache.org/jira/browse/RANGER-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17780826#comment-17780826 ] Kishor Gollapalliwar commented on RANGER-4495: -- RR: https://reviews.apache.org/r/74704/ > Upgrade netty to 4.1.100-final > -- > > Key: RANGER-4495 > URL: https://issues.apache.org/jira/browse/RANGER-4495 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Upgrade netty to 4.1.100-final or higher -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4495) Upgrade netty to 4.1.100-final
[ https://issues.apache.org/jira/browse/RANGER-4495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar reassigned RANGER-4495: Assignee: Kishor Gollapalliwar (was: Pradeep Agrawal) > Upgrade netty to 4.1.100-final > -- > > Key: RANGER-4495 > URL: https://issues.apache.org/jira/browse/RANGER-4495 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 3.0.0 >Reporter: Pradeep Agrawal > Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Upgrade netty to 4.1.100-final or higher -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4402) Active role version is not updated while plugin download
[ https://issues.apache.org/jira/browse/RANGER-4402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4402: - Fix Version/s: 3.0.0 > Active role version is not updated while plugin download > > > Key: RANGER-4402 > URL: https://issues.apache.org/jira/browse/RANGER-4402 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > When plugin download, the active role version is not getting updated. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74601: RANGER-4399 : Need to fix zone drop-down option in policy listing for user not having 'Security Zone' module permission
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74601/#review225764
---
security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
Lines 141 (patched)
<https://reviews.apache.org/r/74601/#comment314184>
Please consider making securityZoneList, bigger than results.size().
- Kishor Gollapalliwar
On Sept. 14, 2023, 5:04 a.m., Dineshkumar Yadav wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74601/
> ---
>
> (Updated Sept. 14, 2023, 5:04 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Dhaval Rajpara, Kishor
> Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Mugdha
> Varadkar, Pradeep Agrawal, Ramesh Mani, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4399
> https://issues.apache.org/jira/browse/RANGER-4399
>
>
> Repository: ranger
>
>
> Description
> ---
>
> This patch added open API for SecurityZoneHeaderInfo based on serviceId
> service/public/v2/api/zones/zone-headers/for-service?serviceId=1=false
>
> where isTagService is false by default
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
> 02927b07b
> security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
> 44bca7489
> security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
> 5f73b64ea
> security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
> 92ade823b
> security-admin/src/main/resources/META-INF/jpa_named_queries.xml 23085a273
>
>
> Diff: https://reviews.apache.org/r/74601/diff/1/
>
>
> Testing
> ---
>
> Tested manualy using curl request
> -- for non-tag based service, below curl works
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1=false'
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=1'
>
> -- for tag based service need to pass isTagService=ture
> curl -u {user}:{user_pass} -X GET
> '{hostname}/service/public/v2/api/zones/zone-headers/for-service?serviceId=2=true'
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
[jira] [Commented] (RANGER-4401) Configurable Graalvm features
[ https://issues.apache.org/jira/browse/RANGER-4401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17766315#comment-17766315 ] Kishor Gollapalliwar commented on RANGER-4401: -- RR: https://reviews.apache.org/r/74588/ > Configurable Graalvm features > - > > Key: RANGER-4401 > URL: https://issues.apache.org/jira/browse/RANGER-4401 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Currently the only way of enabling GraalVm features/ options is by passing > JVM options. Which might not be feasible always. Hence we need a plugin > config, which will make GraalVm feature enabling configurable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74588: RANGER-4401: Configurable Graalvm features
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74588/
---
(Updated Sept. 13, 2023, 9:50 a.m.)
Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
---
Handled follow-up comments by Madhan, please review
Bugs: RANGER-4401
https://issues.apache.org/jira/browse/RANGER-4401
Repository: ranger
Description
---
Currently the only way of enabling GraalVm features/ options is by passing JVM
options. Which might not be feasible always. Hence we need a plugin config,
which will make GraalVm feature enabling configurable.
Diffs (updated)
-
agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
10c2de6b3
Diff: https://reviews.apache.org/r/74588/diff/3/
Changes: https://reviews.apache.org/r/74588/diff/2-3/
Testing
---
1. mvn clean compile package install
2. Verified following policy conditions scenarios for hive plugin
2.1 ctx.getAttributeValue("kg_tag", "name").equals("hivetag");
2.2 ctx.getUser().equals("kgtest");
2.3 ctx.getUserGroups().size() > 0;
2.4 ctx.getClientIPAddress().equals("xxx.xx.xxx.xx");
2.5 _ctx.request.accessType == 'select';
2.6 _ctx.request.user == 'kgtest';
2.7 _ctx.request.userGroups.length > 0;
2.8 Object.keys(_ctx.request.userAttributes).length > 0;
2.9 Object.keys(_ctx.request.userGroupAttributes).length > 0;
2.10 Object.keys(_ctx.tags).length > 0;
Thanks,
Kishor Gollapalliwar
Re: Review Request 74588: RANGER-4401: Configurable Graalvm features
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74588/
---
(Updated Sept. 13, 2023, 7:28 a.m.)
Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
---
Handled, comments shared by Madhan. Please review
Bugs: RANGER-4401
https://issues.apache.org/jira/browse/RANGER-4401
Repository: ranger
Description
---
Currently the only way of enabling GraalVm features/ options is by passing JVM
options. Which might not be feasible always. Hence we need a plugin config,
which will make GraalVm feature enabling configurable.
Diffs (updated)
-
agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
10c2de6b3
Diff: https://reviews.apache.org/r/74588/diff/2/
Changes: https://reviews.apache.org/r/74588/diff/1-2/
Testing
---
1. mvn clean compile package install
2. Verified following policy conditions scenarios for hive plugin
2.1 ctx.getAttributeValue("kg_tag", "name").equals("hivetag");
2.2 ctx.getUser().equals("kgtest");
2.3 ctx.getUserGroups().size() > 0;
2.4 ctx.getClientIPAddress().equals("xxx.xx.xxx.xx");
2.5 _ctx.request.accessType == 'select';
2.6 _ctx.request.user == 'kgtest';
2.7 _ctx.request.userGroups.length > 0;
2.8 Object.keys(_ctx.request.userAttributes).length > 0;
2.9 Object.keys(_ctx.request.userGroupAttributes).length > 0;
2.10 Object.keys(_ctx.tags).length > 0;
Thanks,
Kishor Gollapalliwar
Review Request 74589: RANGER-4402: Active role version is not updated while plugin download
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74589/ --- Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Bugs: RANGER-4402 https://issues.apache.org/jira/browse/RANGER-4402 Repository: ranger Description --- When plugin download, the active role version is not getting updated. Diffs - agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPluginInfo.java 396896cde Diff: https://reviews.apache.org/r/74589/diff/1/ Testing --- 1. mvn clean compile package install 2. Change role version (via admin) and confirmed plugin is showing correct active version Thanks, Kishor Gollapalliwar
[jira] [Assigned] (RANGER-4402) Active role version is not updated while plugin download
[ https://issues.apache.org/jira/browse/RANGER-4402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar reassigned RANGER-4402: Assignee: Kishor Gollapalliwar > Active role version is not updated while plugin download > > > Key: RANGER-4402 > URL: https://issues.apache.org/jira/browse/RANGER-4402 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > When plugin download, the active role version is not getting updated. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4402) Active role version is not updated while plugin download
Kishor Gollapalliwar created RANGER-4402: Summary: Active role version is not updated while plugin download Key: RANGER-4402 URL: https://issues.apache.org/jira/browse/RANGER-4402 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar When plugin download, the active role version is not getting updated. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74588: RANGER-4401: Configurable Graalvm features
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74588/
---
(Updated Sept. 11, 2023, 2:02 a.m.)
Review request for ranger, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj,
Mehul Parikh, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-4401
https://issues.apache.org/jira/browse/RANGER-4401
Repository: ranger
Description
---
Currently the only way of enabling GraalVm features/ options is by passing JVM
options. Which might not be feasible always. Hence we need a plugin config,
which will make GraalVm feature enabling configurable.
Diffs
-
agents-common/src/main/java/org/apache/ranger/plugin/util/GraalScriptEngineCreator.java
10c2de6b3
Diff: https://reviews.apache.org/r/74588/diff/1/
Testing
---
1. mvn clean compile package install
2. Verified following policy conditions scenarios for hive plugin
2.1 ctx.getAttributeValue("kg_tag", "name").equals("hivetag");
2.2 ctx.getUser().equals("kgtest");
2.3 ctx.getUserGroups().size() > 0;
2.4 ctx.getClientIPAddress().equals("xxx.xx.xxx.xx");
2.5 _ctx.request.accessType == 'select';
2.6 _ctx.request.user == 'kgtest';
2.7 _ctx.request.userGroups.length > 0;
2.8 Object.keys(_ctx.request.userAttributes).length > 0;
2.9 Object.keys(_ctx.request.userGroupAttributes).length > 0;
2.10 Object.keys(_ctx.tags).length > 0;
Thanks,
Kishor Gollapalliwar
Re: Review Request 74280: RANGER-4041 : Upgrade netty-all version to 4.1.86.Final
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74280/#review225726 --- pom.xml Line 178 (original), 178 (patched) <https://reviews.apache.org/r/74280/#comment314170> I believe another patch to upgrade netty version went in, https://github.com/apache/ranger/commit/7cac1d33090951e2f9dc62b51dc554d84083a03d, please check if this patch is still relevent and close if needed. - Kishor Gollapalliwar On Feb. 8, 2023, 6:56 a.m., Himanshu Maurya wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74280/ > --- > > (Updated Feb. 8, 2023, 6:56 a.m.) > > > Review request for ranger, bhavik patel, Dhaval Shah, Dineshkumar Yadav, > Harshal Chavan, Kishor Gollapalliwar, Madhan Neethiraj, Mehul Parikh, Nitin > Galave, Pradeep Agrawal, and Velmurugan Periasamy. > > > Bugs: RANGER-4041 > https://issues.apache.org/jira/browse/RANGER-4041 > > > Repository: ranger > > > Description > --- > > Upgraded netty-all version from 4.1.85.Final to 4.1.86.Final > > > Diffs > - > > pom.xml e402bcc5d > > > Diff: https://reviews.apache.org/r/74280/diff/1/ > > > Testing > --- > > Tested all CRUD operations like:- > 1) Policies > 2) Services > 3) Zones > 4) Users/Groups/Roles > 5) Keys from KMS > 6) Checked all Audit event generate properly > Also checked password and permission updation for users > Run queries from backend for Hive, HBase, HDFS and YARN as different users > and checked the policies and plugins are working good > > > Thanks, > > Himanshu Maurya > >
[jira] [Created] (RANGER-4401) Configurable Graalvm features
Kishor Gollapalliwar created RANGER-4401: Summary: Configurable Graalvm features Key: RANGER-4401 URL: https://issues.apache.org/jira/browse/RANGER-4401 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Currently the only way of enabling GraalVm features/ options is by passing JVM options. Which might not be feasible always. Hence we need a plugin config, which will make GraalVm feature enabling configurable. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4371) Ranger authn - add doAs support for JWT authentication
[ https://issues.apache.org/jira/browse/RANGER-4371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4371: - Fix Version/s: 3.0.0 > Ranger authn - add doAs support for JWT authentication > -- > > Key: RANGER-4371 > URL: https://issues.apache.org/jira/browse/RANGER-4371 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > add doAs support for JWT based authentication -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74575: RANGER-4285: Ranger Java Patch for adding uiHint in policy condition for upgrade scenario
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74575/#review225707 --- Ship it! Ship It! - Kishor Gollapalliwar On Aug. 29, 2023, 12:03 p.m., sanket shelar wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74575/ > --- > > (Updated Aug. 29, 2023, 12:03 p.m.) > > > Review request for ranger, dinesh akhand, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4285 > https://issues.apache.org/jira/browse/RANGER-4285 > > > Repository: ranger > > > Description > --- > > Ranger Java Patch for adding uiHint in policy condition for upgrade scenario > > > Diffs > - > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > a3b05d851 > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > 91ec963ed > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > 97eeea6ff > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > cbae01f82 > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 583464890 > > security-admin/src/main/java/org/apache/ranger/patch/PatchForAllServiceDefForPolicyConditionUpdate_J10057.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/74575/diff/1/ > > > Testing > --- > > Tested upgrade scenarios for all DB flavours. > > > Thanks, > > sanket shelar > >
Re: Review Request 74565: RANGER-4319: Restricting policy name character to configurable length
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74565/#review225696 --- Ship it! Ship It! - Kishor Gollapalliwar On Aug. 25, 2023, 1:13 p.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74565/ > --- > > (Updated Aug. 25, 2023, 1:13 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4319 > https://issues.apache.org/jira/browse/RANGER-4319 > > > Repository: ranger > > > Description > --- > > while creating a policy, policy-name should not be greater than 255 > characters(by default), > > > it can be configured using below param. > > > ranger.policyname.maxlength > > This will be flag base implementation (for backward compatibility) and by > default flag will be enabled. > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > a307293eb > > > Diff: https://reviews.apache.org/r/74565/diff/1/ > > > Testing > --- > > Tested while creating a policy, policy-name should not be allowed more than > 255 characters(by default). > > > Thanks, > > Rakesh Gupta > >
[jira] [Created] (RANGER-4371) Ranger authn - add doAs support for JWT authentication
Kishor Gollapalliwar created RANGER-4371: Summary: Ranger authn - add doAs support for JWT authentication Key: RANGER-4371 URL: https://issues.apache.org/jira/browse/RANGER-4371 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar add doAs support for JWT based authentication -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74506: RANGER-4308: Upgrade netty to 4.1.94-final
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74506/#review225600 --- Ship it! Ship It! - Kishor Gollapalliwar On July 6, 2023, 7:15 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74506/ > --- > > (Updated July 6, 2023, 7:15 a.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4308 > https://issues.apache.org/jira/browse/RANGER-4308 > > > Repository: ranger > > > Description > --- > > Upgrade netty to 4.1.94-final > > > Diffs > - > > pom.xml 9fc946731 > > > Diff: https://reviews.apache.org/r/74506/diff/1/ > > > Testing > --- > > Build successful. > Verified Service,policy and User CRUD operations. > > > Thanks, > > Pradeep Agrawal > >
[jira] [Created] (RANGER-4310) Add group extracting from JWT functionality in Ranger
Kishor Gollapalliwar created RANGER-4310: Summary: Add group extracting from JWT functionality in Ranger Key: RANGER-4310 URL: https://issues.apache.org/jira/browse/RANGER-4310 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Currently the JWT support we have in Ranger does not offer, group extraction functionality/ feature. We need code to extract group information if present for JWT. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: Review Request 74457: RANGER-4257: Upgrade Tomcat to 8.5.89
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74457/#review225535 --- Ship it! Ship It! - Kishor Gollapalliwar On May 30, 2023, 11:33 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74457/ > --- > > (Updated May 30, 2023, 11:33 a.m.) > > > Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4257 > https://issues.apache.org/jira/browse/RANGER-4257 > > > Repository: ranger > > > Description > --- > > Here I am proposing to change tomcat version > > > from 8.5.86 ==> 8.5.89 > > > Changelog link : https://tomcat.apache.org/tomcat-8.5-doc/changelog.html > > > Diffs > - > > pom.xml ca1c5d5d3 > > > Diff: https://reviews.apache.org/r/74457/diff/1/ > > > Testing > --- > > Tested fresh and upgrade install of ranger with and without SSL. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74468: RANGER-4262: Upgrade aws-java-sdk to 1.12.481
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74468/#review225534 --- Ship it! Ship It! - Kishor Gollapalliwar On June 6, 2023, 4:52 a.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74468/ > --- > > (Updated June 6, 2023, 4:52 a.m.) > > > Review request for ranger, Abhishek Kumar, Dineshkumar Yadav, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, > Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4262 > https://issues.apache.org/jira/browse/RANGER-4262 > > > Repository: ranger > > > Description > --- > > Proposing to upgrade aws java sdk library to 1.12.481 version > > > Diffs > - > > pom.xml ca1c5d5d3 > > > Diff: https://reviews.apache.org/r/74468/diff/1/ > > > Testing > --- > > Build and junit test run completed successfully > aws-java-sdk-bundle-1.12.481.jar is being packaged. > > > Thanks, > > Pradeep Agrawal > >
Re: Review Request 74292: RANGER-4025: Ranger improvement - Roles Import/export API for ranger admin
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74292/#review225502
---
Ship it!
Ship It!
- Kishor Gollapalliwar
On May 31, 2023, 8:14 a.m., Rakesh Gupta wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74292/
> ---
>
> (Updated May 31, 2023, 8:14 a.m.)
>
>
> Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani,
> sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-4025
> https://issues.apache.org/jira/browse/RANGER-4025
>
>
> Repository: ranger
>
>
> Description
> ---
>
> Provide API for Roles import/export.
>
>
> Diffs
> -
>
> agents-common/src/main/java/org/apache/ranger/plugin/model/RangerRole.java
> 682bbd640
> security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
> c19e3e1a1
> security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java
> 421b2312d
> security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
> 04aee289e
> security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 4f0edd2b0
> security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
> 3447eb20e
>
> security-admin/src/main/java/org/apache/ranger/view/RangerExportRoleList.java
> PRE-CREATION
> security-admin/src/main/java/org/apache/ranger/view/RangerPolicyList.java
> 4799b3f03
> security-admin/src/main/java/org/apache/ranger/view/RangerRoleList.java
> adbe93db6
> security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
> 9d17553a4
>
>
> Diff: https://reviews.apache.org/r/74292/diff/8/
>
>
> Testing
> ---
>
> Tested the below Rest API's for Roles import/export to make sure everything
> works fine.
>
> RoleREST Rest API :GET /roles/roles/exportJson
> RoleREST Rest API :GET
> /roles/roles/exportJson?roleName={rolename},{rolename},
>
> RoleREST Rest API :GET /roles/roles/importRolesFromFile
> RoleREST Rest API :GET /roles/roles/importRolesFromFile?updateIfExists=true
> RoleREST Rest API :GET
> /roles/roles/importRolesFromFile?createNonExistUserGroupRole=true
>
>
> Thanks,
>
> Rakesh Gupta
>
>
Re: Review Request 74170: RANGER-3947 fix thread leak in SolrCollectionBootstrapper
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74170/#review225489 --- Ship it! Ship It! - Kishor Gollapalliwar On May 18, 2023, 6:38 a.m., Sai Sandeep Rangisetti wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74170/ > --- > > (Updated May 18, 2023, 6:38 a.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, > Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and > Velmurugan Periasamy. > > > Bugs: RANGER-3947 > https://issues.apache.org/jira/browse/RANGER-3947 > > > Repository: ranger > > > Description > --- > > Closing the solr cloud client in SolrCollectionBootstrapper's retry loop of > creating solr config and collection. Without this new solr cloud client is > created in every loop and new connection pools which will not be cleaned up > and create large number of threads > > > Diffs > - > > > embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java > fe4006f76 > > > Diff: https://reviews.apache.org/r/74170/diff/2/ > > > Testing > --- > > Ran ranger-admin without ranger_audit config in zk and no > contrib/solr_for_audit_setup/conf file which leads to retry loop and verified > that threads aren't increasinng > > > Thanks, > > Sai Sandeep Rangisetti > >
Re: Review Request 74439: RANGER-4241: Fix sql patch 65 syntax issue for oracle db
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74439/#review225461 --- Ship it! Ship It! - Kishor Gollapalliwar On May 16, 2023, 2:33 p.m., Pradeep Agrawal wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74439/ > --- > > (Updated May 16, 2023, 2:33 p.m.) > > > Review request for ranger, bhavik patel, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4241 > https://issues.apache.org/jira/browse/RANGER-4241 > > > Repository: ranger > > > Description > --- > > **Problem Statement:** Sql Patch 065 have an incorrect drop index statement > which may cause failure of the patch. > **Proposed Solution:** drop index statmenet should be modified so that patch > 065 should not fail. > > **Incorrect statement:** > DROP INDEX x_rms_svc_res_IDX_res_sgn ON > x_rms_service_resource(resource_signature); > > **Correct statement: ** > DROP INDEX x_rms_svc_res_IDX_res_sgn; > > > Diffs > - > > > security-admin/db/oracle/patches/065-add-uk-on-x_rms_service_resource-resource_signature.sql > f91dfef06 > > > Diff: https://reviews.apache.org/r/74439/diff/1/ > > > Testing > --- > > > Thanks, > > Pradeep Agrawal > >
[jira] [Updated] (RANGER-4182) Ranger Admin - Enable isRecursive option to additional default policies while service creation
[
https://issues.apache.org/jira/browse/RANGER-4182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kishor Gollapalliwar updated RANGER-4182:
-
Fix Version/s: 3.0.0
> Ranger Admin - Enable isRecursive option to additional default policies while
> service creation
> --
>
> Key: RANGER-4182
> URL: https://issues.apache.org/jira/browse/RANGER-4182
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
>Reporter: Kishor Gollapalliwar
> Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Currently while service creation when we create additional default policies
> via curl we do not have option to support isRecursive. This is mostly due to
> [https://github.com/apache/ranger/blob/2d9af00153e8326c7b5eb80e7c86e1e8988dfbdc/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java#L209,]
> where we are setting it explicitly false. We need a mechanism where in user
> should be able to dynamically enable/ disable is-isRecursive option for a
> resource using JSON provided.
>
> Sample curl command to create service & additional default policies
> {code:java}
> curl -u admin: -ivk -H "Accept:application/json" -H
> "Content-Type:application/json" -X POST
> 'http://localhost:6080/service/plugins/services' -d @hive_test.json {code}
> {code:java}
> vim hive_test.json
> { "isEnabled": "true", "type": "hive", "configs": { "username":
> "hive", "password": "hive", "cluster.name": "My Dummy Cluster",
> "jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver", "jdbc.url":
> "none", "enable.hive.metastore.lookup": "true",
> "hive.site.file.path": "/etc/hive/conf/hive-site.xml",
> "policy.download.auth.users": "hive,hdfs,impala",
> "tag.download.auth.users": "hive,hdfs,impala",
> "policy.grantrevoke.auth.users": "hive,impala",
> "setup.additional.default.policies": "true", "default-policy.1.name":
> "User URL Policy", "default-policy.1.resource.url": "/test/kishor",
> "default-policy.1.policyItem.1.users": "kishor",
> "default-policy.1.policyItem.1.accessTypes": "read,write",
> "default-policy.1.resource-flag.is-recursive": "true",
> "default.policy.users": "impala,hive,hue,beacon,admin,dpprofiler" },
> "name": "hive_test", "displayName": "Hive service", "description": "Hive
> repository/ service for Kishor" }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (RANGER-3739) Add JWT filter in Ranger Admin
[
https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17713473#comment-17713473
]
Kishor Gollapalliwar commented on RANGER-3739:
--
master commit:
https://github.com/apache/ranger/commit/2734df910286df939a3260ba54b0204346b73611
> Add JWT filter in Ranger Admin
> --
>
> Key: RANGER-3739
> URL: https://issues.apache.org/jira/browse/RANGER-3739
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Add JWT auth filter in Ranger Admin, which authenticates browser &
> non-browser JWT requests without altering existing authentication filters.
> The existing authorization process must be alter to incorporate following
> cases
> |*Token*|*SSO Enabled*|*First Authorizer / Filter*|
> |Present|Yes|RangerSSOAuthenticationFilter|
> |Absent|Yes|RangerSSOAuthenticationFilter|
> |Present|No|RangerJwtAuthFilter ({*}NEW{*})|
> |Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (RANGER-3739) Add JWT filter in Ranger Admin
[
https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17713473#comment-17713473
]
Kishor Gollapalliwar edited comment on RANGER-3739 at 4/18/23 8:24 AM:
---
follow-up patch master commit:
[https://github.com/apache/ranger/commit/2734df910286df939a3260ba54b0204346b73611]
was (Author: kishor.gollapalliwar):
master commit:
https://github.com/apache/ranger/commit/2734df910286df939a3260ba54b0204346b73611
> Add JWT filter in Ranger Admin
> --
>
> Key: RANGER-3739
> URL: https://issues.apache.org/jira/browse/RANGER-3739
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Add JWT auth filter in Ranger Admin, which authenticates browser &
> non-browser JWT requests without altering existing authentication filters.
> The existing authorization process must be alter to incorporate following
> cases
> |*Token*|*SSO Enabled*|*First Authorizer / Filter*|
> |Present|Yes|RangerSSOAuthenticationFilter|
> |Absent|Yes|RangerSSOAuthenticationFilter|
> |Present|No|RangerJwtAuthFilter ({*}NEW{*})|
> |Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: Review Request 74386: RANGER-4177: fail policy create/update when it references non-existing users/groups/roles
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74386/#review225382 --- Ship it! Ship It! - Kishor Gollapalliwar On April 10, 2023, 4:07 p.m., Madhan Neethiraj wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74386/ > --- > > (Updated April 10, 2023, 4:07 p.m.) > > > Review request for ranger, Abhishek Kumar, Anand Nadar, Ankita Sinha, Kishor > Gollapalliwar, Abhay Kulkarni, Mehul Parikh, Monika Kachhadiya, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, Subhrat Chaudhary, Tejas Patil, and > Velmurugan Periasamy. > > > Bugs: RANGER-4177 > https://issues.apache.org/jira/browse/RANGER-4177 > > > Repository: ranger > > > Description > --- > > - updated policy create/update to fail when the policy references > non-existing users/groups/roles > - added an option to create missing users/groups/roles for admin users via > query parameter named createPrincipalsIfAbsent > > > Diffs > - > > security-admin/src/main/java/org/apache/ranger/biz/PolicyRefUpdater.java > 4581112fe > security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java > f9294c1e1 > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 562467e80 > > security-admin/src/main/java/org/apache/ranger/security/context/RangerAdminOpContext.java > a447882ab > > security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java > 782fe1173 > > > Diff: https://reviews.apache.org/r/74386/diff/2/ > > > Testing > --- > > - verified that policy create/update fails when the policy references > non-existing users/groups/roles > - verified that for admin users, such policy create/update succeeds with > query parameter createPrincipalsIfAbsent=true, > - verified that for non-admin users, such policy create/update fails even > with query parameter createPrincipalsIfAbsent=true > > > Thanks, > > Madhan Neethiraj > >
Re: Review Request 74368: RANGER-4149 : Create common module for HA support
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74368/#review225372 --- Ship it! Ship It! - Kishor Gollapalliwar On April 12, 2023, 11:21 a.m., Dineshkumar Yadav wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74368/ > --- > > (Updated April 12, 2023, 11:21 a.m.) > > > Review request for ranger, Ankita Sinha, Jayendra Parab, Kishor > Gollapalliwar, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep > Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-4149 > https://issues.apache.org/jira/browse/RANGER-4149 > > > Repository: ranger > > > Description > --- > > This patch is part of RANGER-4148. > This common module act as common jar and will help other component to > implement HA. > > > Diffs > - > > pom.xml d658bf985 > ranger-common-ha/pom.xml PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/RangerHAInitializer.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveInstanceElectorService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveInstanceState.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ActiveStateChangeHandler.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/CuratorFactory.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/HAConfiguration.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/RangerServiceServerIdSelector.java > PRE-CREATION > ranger-common-ha/src/main/java/org/apache/ranger/ha/ServiceState.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/ZookeeperSecurityProperties.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/annotation/HAService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/service/HARangerService.java > PRE-CREATION > > ranger-common-ha/src/main/java/org/apache/ranger/ha/service/ServiceManager.java > PRE-CREATION > > ranger-common-ha/src/test/java/org/apache/ranger/ha/service/TestRangerServiceServerIdSelector.java > PRE-CREATION > ranger-common-ha/src/test/resources/log4j.xml PRE-CREATION > ranger-common-ha/src/test/resources/ranger-tagsync-site.xml PRE-CREATION > > > Diff: https://reviews.apache.org/r/74368/diff/4/ > > > Testing > --- > > > Thanks, > > Dineshkumar Yadav > >
Re: Review Request 74382: RANGER-4150 : Create HA support for UserSync
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74382/#review225371
---
Ship it!
Ship It!
- Kishor Gollapalliwar
On April 10, 2023, 1:57 p.m., Dineshkumar Yadav wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74382/
> ---
>
> (Updated April 10, 2023, 1:57 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Kishor Gollapalliwar, Abhay
> Kulkarni, Madhan Neethiraj, Mehul Parikh, Mugdha Varadkar, and Ramesh Mani.
>
>
> Bugs: RANGER-4150
> https://issues.apache.org/jira/browse/RANGER-4150
>
>
> Repository: ranger
>
>
> Description
> ---
>
> This Patch eanbles Usersync to support HA. This patch is dependent on
> RANGER-4149
>
>
> Diffs
> -
>
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerMetricsUtil.java
> d85009d18
> distro/src/main/assembly/usersync.xml 187d535e4
> ugsync/pom.xml 62e6b41ce
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
> ad440f257
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/ha/UserSyncHAInitializerImpl.java
> PRE-CREATION
>
> ugsync/src/main/java/org/apache/ranger/unixusersync/process/PolicyMgrUserGroupBuilder.java
> 27e48202e
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserGroupSync.java
> 575042620
>
> ugsync/src/main/java/org/apache/ranger/usergroupsync/UserSyncMetricsProducer.java
> 9846a1bf5
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 0ae76eb55
>
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
> d03f45087
>
>
> Diff: https://reviews.apache.org/r/74382/diff/1/
>
>
> Testing
> ---
>
> Below steps are perfomed for testing
>
> 1. Steps to make UserSync Application HA
> 2. Decide the number of nodes on which you want to have UserSync up and
> running.
> 3. Deploy the Usersync on all the nodes decided on Step 1.
> 4. SSH to node on which userSync is deployed.
> 5. go to usersync conf/ directory and open ranger-ugsync-site.xml
> 6. update below configuration and restart the UserSync.
>a. ranger-ugsync.server.ha.enabled= true
>b. ranger-ugsync.server.ha.zookeeper.connect={add zookeeper host:port
> comma separated}
>c. ranger-ugsync.server.ha.ids={add ids for number of host you have
> for usersync ex. if you have 2 node add id1,id2 }
>d. ranger-ugsync.server.ha.address.id1={host:port of usersync node1}
>e. ranger-ugsync.server.ha.address.id2={host:port of usersync node2}
>f. ranger-ugsync.server.ha.zookeeper.auth={auth:} if you want to
> provide acl auth otherwise keep blank
> 7. Perform 3, 4 & 5 to all the UserSync nodes.
>
>
> Thanks,
>
> Dineshkumar Yadav
>
>
[jira] [Comment Edited] (RANGER-4152) Create common module for metrics and add metrics in Admin
[ https://issues.apache.org/jira/browse/RANGER-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17710959#comment-17710959 ] Kishor Gollapalliwar edited comment on RANGER-4152 at 4/11/23 1:38 PM: --- master-commit: [https://github.com/apache/ranger/commit/932bc3404eb760148e4458071faba1c29baa7dcc] was (Author: kishor.gollapalliwar): commit: https://github.com/apache/ranger/commit/932bc3404eb760148e4458071faba1c29baa7dcc > Create common module for metrics and add metrics in Admin > - > > Key: RANGER-4152 > URL: https://issues.apache.org/jira/browse/RANGER-4152 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. Also add > metrics in Ranger Admin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4152) Create common module for metrics and add metrics in Admin
[ https://issues.apache.org/jira/browse/RANGER-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4152: - Fix Version/s: 3.0.0 > Create common module for metrics and add metrics in Admin > - > > Key: RANGER-4152 > URL: https://issues.apache.org/jira/browse/RANGER-4152 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. Also add > metrics in Ranger Admin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4182) Ranger Admin - Enable isRecursive option to additional default policies while service creation
Kishor Gollapalliwar created RANGER-4182:
Summary: Ranger Admin - Enable isRecursive option to additional
default policies while service creation
Key: RANGER-4182
URL: https://issues.apache.org/jira/browse/RANGER-4182
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Kishor Gollapalliwar
Assignee: Kishor Gollapalliwar
Currently while service creation when we create additional default policies via
curl we do not have option to support isRecursive. This is mostly due to
[https://github.com/apache/ranger/blob/2d9af00153e8326c7b5eb80e7c86e1e8988dfbdc/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java#L209,]
where we are setting it explicitly false. We need a mechanism where in user
should be able to dynamically enable/ disable is-isRecursive option for a
resource using JSON provided.
Sample curl command to create service & additional default policies
{code:java}
curl -u admin: -ivk -H "Accept:application/json" -H
"Content-Type:application/json" -X POST
'http://localhost:6080/service/plugins/services' -d @hive_test.json {code}
{code:java}
vim hive_test.json
{ "isEnabled": "true", "type": "hive", "configs": { "username":
"hive", "password": "hive", "cluster.name": "My Dummy Cluster",
"jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver", "jdbc.url":
"none", "enable.hive.metastore.lookup": "true", "hive.site.file.path":
"/etc/hive/conf/hive-site.xml", "policy.download.auth.users":
"hive,hdfs,impala", "tag.download.auth.users": "hive,hdfs,impala",
"policy.grantrevoke.auth.users": "hive,impala",
"setup.additional.default.policies": "true", "default-policy.1.name": "User
URL Policy", "default-policy.1.resource.url": "/test/kishor",
"default-policy.1.policyItem.1.users": "kishor",
"default-policy.1.policyItem.1.accessTypes": "read,write",
"default-policy.1.resource-flag.is-recursive": "true",
"default.policy.users": "impala,hive,hue,beacon,admin,dpprofiler" },
"name": "hive_test", "displayName": "Hive service", "description": "Hive
repository/ service for Kishor" }
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: Review Request 74259: RANGER-3998: Support Ranger KMS integration with AWS KMS
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74259/#review225323 --- kms/src/main/java/org/apache/hadoop/crypto/key/RangerAWSKMSProvider.java Lines 24 (patched) <https://reviews.apache.org/r/74259/#comment313994> Please consider importing individual classes instead of all. - Kishor Gollapalliwar On Jan. 17, 2023, 9:49 a.m., Kirby Zhou wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74259/ > --- > > (Updated Jan. 17, 2023, 9:49 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Gautam Borad, > Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen Mansoori, Mehul > Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal Suvagia, and > Velmurugan Periasamy. > > > Bugs: ranger-3998 > https://issues.apache.org/jira/browse/ranger-3998 > > > Repository: ranger > > > Description > --- > > AWS KMS is widely used by many customers. > Therefore, RangerKMS should support hosting MasterKey to AWS KMS. > > > Diffs > - > > distro/src/main/assembly/kms.xml 4b4a2ac8e > kms/config/kms-webapp/dbks-site.xml 258d331d8 > kms/pom.xml e97b993d7 > kms/scripts/install.properties 0e5da3c75 > kms/scripts/setup.sh f723e09bb > kms/src/main/java/org/apache/hadoop/crypto/key/RangerAWSKMSProvider.java > PRE-CREATION > kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java > 429d1ce45 > > kms/src/main/java/org/apache/hadoop/crypto/key/RangerTencentKMSProvider.java > 1f0125967 > > > Diff: https://reviews.apache.org/r/74259/diff/5/ > > > Testing > --- > > Tested under macos-13 and centos-8 > > > Thanks, > > Kirby Zhou > >
Re: Review Request 74353: RANGER-4137: Add yarn and impala users to audit filter for solr servicedef to avoid logging of audits
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74353/#review225295 --- Ship it! Ship It! - Kishor Gollapalliwar On March 20, 2023, 1:13 p.m., Rakesh Gupta wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74353/ > --- > > (Updated March 20, 2023, 1:13 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Mehul Parikh, and sanket shelar. > > > Bugs: RANGER-4137 > https://issues.apache.org/jira/browse/RANGER-4137 > > > Repository: ranger > > > Description > --- > > Currently, service users other than yarn and impala are included in audit > filters to avoid logging of audits for solr access (query and update - for > audits collection). This JIRA is filed to include yarn and impala users to > the list of users > > > Diffs > - > > agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json > 4bbb6ffaa > > > Diff: https://reviews.apache.org/r/74353/diff/1/ > > > Testing > --- > > Tested and verified that yarn and impala users has been successfully added to > audit filter for solr servicedef. > > > Thanks, > > Rakesh Gupta > >
[jira] [Commented] (RANGER-4137) Add yarn and impala users to audit filter for solr servicedef to avoid logging of audits
[ https://issues.apache.org/jira/browse/RANGER-4137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17704207#comment-17704207 ] Kishor Gollapalliwar commented on RANGER-4137: -- master: https://github.com/apache/ranger/commit/f1a4aa22c4069d09049b4e108e00f7e4d65245dc > Add yarn and impala users to audit filter for solr servicedef to avoid > logging of audits > > > Key: RANGER-4137 > URL: https://issues.apache.org/jira/browse/RANGER-4137 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Rakesh Gupta >Assignee: Rakesh Gupta >Priority: Major > Attachments: 0001-RANGER-4137.patch, solr_auditfilter.png > > > Currently, service users other than yarn and impala are included in audit > filters to avoid logging of audits for solr access (query and update - for > audits collection). This JIRA is filed to include yarn and impala users to > the list of users -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4152) Create common module for metrics and add metrics in Admin
[ https://issues.apache.org/jira/browse/RANGER-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4152: - Summary: Create common module for metrics and add metrics in Admin (was: Create common module for handling metrics) > Create common module for metrics and add metrics in Admin > - > > Key: RANGER-4152 > URL: https://issues.apache.org/jira/browse/RANGER-4152 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (RANGER-4152) Create common module for metrics and add metrics in Admin
[ https://issues.apache.org/jira/browse/RANGER-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-4152: - Description: Create common sub-module which will be responsible to handle/ incorporate common metrics in project. Individual sub-modules leveraging this common module, can have their specific metrics apart making it complete. Also add metrics in Ranger Admin. (was: Create common sub-module which will be responsible to handle/ incorporate common metrics in project. Individual sub-modules leveraging this common module, can have their specific metrics apart making it complete. ) > Create common module for metrics and add metrics in Admin > - > > Key: RANGER-4152 > URL: https://issues.apache.org/jira/browse/RANGER-4152 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. Also add > metrics in Ranger Admin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Assigned] (RANGER-4152) Create common module for handling metrics
[ https://issues.apache.org/jira/browse/RANGER-4152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar reassigned RANGER-4152: Assignee: Kishor Gollapalliwar > Create common module for handling metrics > - > > Key: RANGER-4152 > URL: https://issues.apache.org/jira/browse/RANGER-4152 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Create common sub-module which will be responsible to handle/ incorporate > common metrics in project. Individual sub-modules leveraging this common > module, can have their specific metrics apart making it complete. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (RANGER-4152) Create common module for handling metrics
Kishor Gollapalliwar created RANGER-4152: Summary: Create common module for handling metrics Key: RANGER-4152 URL: https://issues.apache.org/jira/browse/RANGER-4152 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Create common sub-module which will be responsible to handle/ incorporate common metrics in project. Individual sub-modules leveraging this common module, can have their specific metrics apart making it complete. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-4089) Getting browser specific pop-up message if try to delete policy after edit
[ https://issues.apache.org/jira/browse/RANGER-4089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17696857#comment-17696857 ] Kishor Gollapalliwar commented on RANGER-4089: -- master commit : https://github.com/apache/ranger/commit/f77be0acc7b9b2f6a5dde5c9cb2fd63c36d92426 > Getting browser specific pop-up message if try to delete policy after edit > --- > > Key: RANGER-4089 > URL: https://issues.apache.org/jira/browse/RANGER-4089 > Project: Ranger > Issue Type: Bug > Components: Ranger >Reporter: Anupam Rai >Assignee: Brijesh Bhalala >Priority: Critical > Labels: ranger-react > Fix For: 3.0.0 > > Attachments: 0001-RANGER-4089.patch, Screenshot 2023-02-15 at 5.44.05 > PM.png > > > Getting browser specific pop-up message if try to delete policy after edit > Steps to reproduce : > 1. Create a policy > 2. Edit policy , instead of save click on delete , user is getting browser > specic pop-up . > 3. If move to different tab Policy is deleted & user will be present on > Deleted policy edit page . > Expected : Behaviour should be like old UI , Once system specific Delete > confirmation popup should be enough. > Thanks -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-3739) Add JWT filter in Ranger Admin
[
https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17551667#comment-17551667
]
Kishor Gollapalliwar commented on RANGER-3739:
--
RR follow-up patch: https://reviews.apache.org/r/74014/
> Add JWT filter in Ranger Admin
> --
>
> Key: RANGER-3739
> URL: https://issues.apache.org/jira/browse/RANGER-3739
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Add JWT auth filter in Ranger Admin, which authenticates browser &
> non-browser JWT requests without altering existing authentication filters.
> The existing authorization process must be alter to incorporate following
> cases
> |*Token*|*SSO Enabled*|*First Authorizer / Filter*|
> |Present|Yes|RangerSSOAuthenticationFilter|
> |Absent|Yes|RangerSSOAuthenticationFilter|
> |Present|No|RangerJwtAuthFilter ({*}NEW{*})|
> |Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
Review Request 74014: RANGER-3739: Add JWT filter in Ranger Admin
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74014/ --- Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Repository: ranger Description --- Add JWT auth filter in Ranger Admin, which authenticates browser & non-browser JWT requests without altering existing authentication filters. The existing authorization process must be alter to incorporate following cases Token SSO Enabled First Authorizer / Filter Present Yes RangerSSOAuthenticationFilter Absent Yes RangerSSOAuthenticationFilter Present No RangerJwtAuthFilter (NEW) Absent No RangerJwtAuthFilter (NEW) Enabled JWT filter by default. Diffs - security-admin/src/main/resources/conf.dist/security-applicationContext.xml 7db9c3850 Diff: https://reviews.apache.org/r/74014/diff/1/ Testing --- 1. mvn clean compile package install -U 2. Login ModHeader (chrome plugin): invalid JWT 3. Login ModHeader (chrome plugin): expired JWT 4. Login ModHeader (chrome plugin): tampered JWT 5. Login ModHeader (chrome plugin): valid JWT 6. Curl Access API: invalid JWT 7. Curl Access API: expired JWT 8. Curl Access API: tampered JWT 9. Curl Access API: valid JWT Thanks, Kishor Gollapalliwar
[jira] [Commented] (RANGER-3740) Create Ranger Admin API to refresh tag cache
[ https://issues.apache.org/jira/browse/RANGER-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17551593#comment-17551593 ] Kishor Gollapalliwar commented on RANGER-3740: -- master follow-up commit: https://github.com/apache/ranger/commit/2a057768fc6a345fce013a89c72d5d67d0df666d > Create Ranger Admin API to refresh tag cache > > > Key: RANGER-3740 > URL: https://issues.apache.org/jira/browse/RANGER-3740 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Commented] (RANGER-3740) Create Ranger Admin API to refresh tag cache
[ https://issues.apache.org/jira/browse/RANGER-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17544965#comment-17544965 ] Kishor Gollapalliwar commented on RANGER-3740: -- follow-up patch RR : https://reviews.apache.org/r/74006/ > Create Ranger Admin API to refresh tag cache > > > Key: RANGER-3740 > URL: https://issues.apache.org/jira/browse/RANGER-3740 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
Review Request 74006: RANGER-3740: Create Ranger Admin API to refresh tag cache -- follow-up patch
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74006/ --- Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-3740 https://issues.apache.org/jira/browse/RANGER-3740 Repository: ranger Description --- Create Ranger Admin API to refresh tag cache, which will help refreshing cache externally. Problem: In the current API, if a user accidently do not pass service_name, it resets everything. Changes: 1. Updated existing API: enforcing service_name as mandatory parameter 2. Created new API: reset/ remove everything (all service policy cache) Diffs - security-admin/src/main/java/org/apache/ranger/rest/TagREST.java 79dbdc76d Diff: https://reviews.apache.org/r/74006/diff/1/ Testing --- 1. mvn clean compile package install -U 2. Hit API without service name (http://localhost:6080/service/tags/tags/cache/reset) 3. Hit API with empty service name (http://localhost:6080/service/tags/tags/cache/reset?serviceName=) 4. Hit API with invalid service name (http://localhost:6080/service/tags/tags/cache/reset?serviceName=invalid_service) 5. Hit API with valid service name (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) 6. Hit API with valid service name when cache is empty (http://localhost:6080/service/tags/tags/cache/reset?serviceName=test_hdfs) 7. Hit API when cache is not empty (http://localhost:6080/service/tags/tags/cache/reset-all) 8. Hit API when cache is empty (http://localhost:6080/service/tags/tags/cache/reset-all) Thanks, Kishor Gollapalliwar
[jira] [Commented] (RANGER-3724) Create Ranger Admin API to refresh policy cache
[ https://issues.apache.org/jira/browse/RANGER-3724?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17536567#comment-17536567 ] Kishor Gollapalliwar commented on RANGER-3724: -- master follow-up commit: https://github.com/apache/ranger/commit/2f776deceaccd94ec4402679acbf528af42b1c76 > Create Ranger Admin API to refresh policy cache > --- > > Key: RANGER-3724 > URL: https://issues.apache.org/jira/browse/RANGER-3724 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh policy cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3740) Create Ranger Admin API to refresh tag cache
[ https://issues.apache.org/jira/browse/RANGER-3740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-3740: - Fix Version/s: 3.0.0 > Create Ranger Admin API to refresh tag cache > > > Key: RANGER-3740 > URL: https://issues.apache.org/jira/browse/RANGER-3740 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > Fix For: 3.0.0 > > > Create Ranger Admin API to refresh tag cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3739) Add JWT filter in Ranger Admin
[
https://issues.apache.org/jira/browse/RANGER-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kishor Gollapalliwar updated RANGER-3739:
-
Fix Version/s: 3.0.0
> Add JWT filter in Ranger Admin
> --
>
> Key: RANGER-3739
> URL: https://issues.apache.org/jira/browse/RANGER-3739
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Reporter: Kishor Gollapalliwar
>Assignee: Kishor Gollapalliwar
>Priority: Major
> Fix For: 3.0.0
>
>
> Add JWT auth filter in Ranger Admin, which authenticates browser &
> non-browser JWT requests without altering existing authentication filters.
> The existing authorization process must be alter to incorporate following
> cases
> |*Token*|*SSO Enabled*|*First Authorizer / Filter*|
> |Present|Yes|RangerSSOAuthenticationFilter|
> |Absent|Yes|RangerSSOAuthenticationFilter|
> |Present|No|RangerJwtAuthFilter ({*}NEW{*})|
> |Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
[jira] [Created] (RANGER-3740) Create Ranger Admin API to refresh tag cache
Kishor Gollapalliwar created RANGER-3740: Summary: Create Ranger Admin API to refresh tag cache Key: RANGER-3740 URL: https://issues.apache.org/jira/browse/RANGER-3740 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Create Ranger Admin API to refresh tag cache, which will help refreshing cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (RANGER-3739) Add JWT filter in Ranger Admin
Kishor Gollapalliwar created RANGER-3739:
Summary: Add JWT filter in Ranger Admin
Key: RANGER-3739
URL: https://issues.apache.org/jira/browse/RANGER-3739
Project: Ranger
Issue Type: Improvement
Components: Ranger
Reporter: Kishor Gollapalliwar
Assignee: Kishor Gollapalliwar
Add JWT auth filter in Ranger Admin, which authenticates browser & non-browser
JWT requests without altering existing authentication filters.
The existing authorization process must be alter to incorporate following cases
|*Token*|*SSO Enabled*|*First Authorizer / Filter*|
|Present|Yes|RangerSSOAuthenticationFilter|
|Absent|Yes|RangerSSOAuthenticationFilter|
|Present|No|RangerJwtAuthFilter ({*}NEW{*})|
|Absent|No|RangerJwtAuthFilter ({*}NEW{*})|
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
Re: Review Request 73958: RANGER-3727: Create common module for handling authentication
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73958/ --- (Updated April 28, 2022, 11:20 a.m.) Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, Vishal Suvagia, and Velmurugan Periasamy. Bugs: RANGER-3727 https://issues.apache.org/jira/browse/RANGER-3727 Repository: ranger Description --- Create common sub-module which will be responsible to handle authentication in project. Currently added only JWT auth support, with time will create follow-up patches to add other auths (Kerberos, Delegation Token, etc). Diffs (updated) - pom.xml 52f493e8f ranger-authn/.gitignore PRE-CREATION ranger-authn/pom.xml PRE-CREATION ranger-authn/src/main/java/org/apache/ranger/authz/handler/RangerAuth.java PRE-CREATION ranger-authn/src/main/java/org/apache/ranger/authz/handler/RangerAuthHandler.java PRE-CREATION ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerDefaultJwtAuthHandler.java PRE-CREATION ranger-authn/src/main/java/org/apache/ranger/authz/handler/jwt/RangerJwtAuthHandler.java PRE-CREATION Diff: https://reviews.apache.org/r/73958/diff/2/ Changes: https://reviews.apache.org/r/73958/diff/1-2/ Testing --- mvn clean compile package install -U Thanks, Kishor Gollapalliwar
Re: Review Request 73951: RANGER-3724: Create Ranger Admin API to refresh policy cache
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73951/ --- (Updated April 27, 2022, 1:35 p.m.) Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and Velmurugan Periasamy. Changes --- Handled service not present in cache use-case & fixed invalid service use-case Bugs: RANGER-3724 https://issues.apache.org/jira/browse/RANGER-3724 Repository: ranger Description --- Create Ranger Admin API to refresh policy cache, which will help refreshing cache externally. Diffs (updated) - security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java f58dcd2be security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java ba38836ac security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 2d2c80fc1 Diff: https://reviews.apache.org/r/73951/diff/5/ Changes: https://reviews.apache.org/r/73951/diff/4-5/ Testing --- 1. mvn clean compile package install -U 2. Hit API with empty service name (http://localhost:6182/service/plugins/policies/cache/reset) 3. Hit API with valid service name (http://localhost:6182/service/plugins/policies/cache/reset?name=test_hdfs) 4. Hit API with invalid service name (http://localhost:6182/service/plugins/policies/cache/reset?name=invalid_service) Thanks, Kishor Gollapalliwar
[jira] [Created] (RANGER-3727) Create common module for handling authentication
Kishor Gollapalliwar created RANGER-3727: Summary: Create common module for handling authentication Key: RANGER-3727 URL: https://issues.apache.org/jira/browse/RANGER-3727 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Create common sub-module which will be responsible to handle authentication in project -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Updated] (RANGER-3724) Create Ranger Admin API to refresh policy cache
[ https://issues.apache.org/jira/browse/RANGER-3724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar updated RANGER-3724: - Description: Create Ranger Admin API to refresh policy cache, which will help refreshing cache externally. (was: Create Ranger Admin API to refresh policy cache) > Create Ranger Admin API to refresh policy cache > --- > > Key: RANGER-3724 > URL: https://issues.apache.org/jira/browse/RANGER-3724 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Create Ranger Admin API to refresh policy cache, which will help refreshing > cache externally. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Assigned] (RANGER-3724) Create Ranger Admin API to refresh policy cache
[ https://issues.apache.org/jira/browse/RANGER-3724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kishor Gollapalliwar reassigned RANGER-3724: Assignee: Kishor Gollapalliwar > Create Ranger Admin API to refresh policy cache > --- > > Key: RANGER-3724 > URL: https://issues.apache.org/jira/browse/RANGER-3724 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Create Ranger Admin API to refresh policy cache -- This message was sent by Atlassian Jira (v8.20.7#820007)
[jira] [Created] (RANGER-3724) Create Ranger Admin API to refresh policy cache
Kishor Gollapalliwar created RANGER-3724: Summary: Create Ranger Admin API to refresh policy cache Key: RANGER-3724 URL: https://issues.apache.org/jira/browse/RANGER-3724 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Create Ranger Admin API to refresh policy cache -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: Review Request 73835: RANGER-3611 Uncatched NullPointerException when missing lastKnownVersion in ServiceREST::getServicePoliciesIfUpdated
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73835/#review224229 --- Ship it! Ship It! - Kishor Gollapalliwar On March 3, 2022, 3:48 a.m., Kirby Zhou wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73835/ > --- > > (Updated March 3, 2022, 3:48 a.m.) > > > Review request for ranger, Ankita Sinha, Dhaval Shah, Dineshkumar Yadav, > Gautam Borad, Jayendra Parab, Kishor Gollapalliwar, Abhay Kulkarni, Mateen > Mansoori, Mehul Parikh, Pradeep Agrawal, VaradreawiZTV VaradreawiZTV, Vishal > Suvagia, and Velmurugan Periasamy. > > > Bugs: RANGER-3611 > https://issues.apache.org/jira/browse/RANGER-3611 > > > Repository: ranger > > > Description > --- > > A simple Rest API call by CURL will cause uncatched NullPointerException in > logs. > It happens at some spring generated code. Set a value to lastKnownVersion > will fix it > > Actual: > > ``` > ]% curl -v http://localhost:6080/service/plugins/policies/download/hdfsdev > ... > < HTTP/1.1 404 Not Found > ... > No Message here > * Closing connection 0 > ``` > > And logs in catalina.out > > ``` > EVERE: Servlet.service() for servlet [REST Service] in context with path [] > threw exception > java.lang.NullPointerException > at > org.apache.ranger.rest.ServiceREST.getServicePoliciesIfUpdated(ServiceREST.java:3054) > at > org.apache.ranger.rest.ServiceREST$$FastClassBySpringCGLIB$$92dab672.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692) > at > org.apache.ranger.rest.ServiceREST$$EnhancerBySpringCGLIB$$43bccb60.getServicePoliciesIfUpdated() > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) > at > com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) > at > com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) > at > com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at > com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) > at > com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) > at > com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) > at > com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) > at > com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplica
[jira] [Commented] (RANGER-3675) Upgrade tomcat due to intermittent READ TIMEOUT
[ https://issues.apache.org/jira/browse/RANGER-3675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17509917#comment-17509917 ] Kishor Gollapalliwar commented on RANGER-3675: -- RR: https://reviews.apache.org/r/73905/ > Upgrade tomcat due to intermittent READ TIMEOUT > --- > > Key: RANGER-3675 > URL: https://issues.apache.org/jira/browse/RANGER-3675 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > There are intermittent READ-TIMEOUTs observed in tomcat 8.5.75 upgrade it to > 8.5.76 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3675) Upgrade tomcat due to intermittent READ TIMEOUT
Kishor Gollapalliwar created RANGER-3675: Summary: Upgrade tomcat due to intermittent READ TIMEOUT Key: RANGER-3675 URL: https://issues.apache.org/jira/browse/RANGER-3675 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar There are intermittent READ-TIMEOUTs observed in tomcat 8.5.75 upgrade it to 8.5.76 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (RANGER-3655) Add JWT capability to REST Clients
[ https://issues.apache.org/jira/browse/RANGER-3655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17502338#comment-17502338 ] Kishor Gollapalliwar commented on RANGER-3655: -- RR : https://reviews.apache.org/r/73893/ > Add JWT capability to REST Clients > -- > > Key: RANGER-3655 > URL: https://issues.apache.org/jira/browse/RANGER-3655 > Project: Ranger > Issue Type: Improvement > Components: Ranger > Reporter: Kishor Gollapalliwar >Assignee: Kishor Gollapalliwar >Priority: Major > > Current Ranger REST clients do not support JWT capabilities. Add JWT > capabilities to Ranger REST clients -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Created] (RANGER-3655) Add JWT capability to REST Clients
Kishor Gollapalliwar created RANGER-3655: Summary: Add JWT capability to REST Clients Key: RANGER-3655 URL: https://issues.apache.org/jira/browse/RANGER-3655 Project: Ranger Issue Type: Improvement Components: Ranger Reporter: Kishor Gollapalliwar Assignee: Kishor Gollapalliwar Current Ranger REST clients do not support JWT capabilities. Add JWT capabilities to Ranger REST clients -- This message was sent by Atlassian Jira (v8.20.1#820001)
Re: Review Request 73673: RANGER-3502: Make GET zone APIs accessible to authorized users only
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73673/
---
(Updated Dec. 6, 2021, 12:22 p.m.)
Review request for ranger, Dhaval Rajpara, Abhay Kulkarni, Madhan Neethiraj,
Mahesh Bandal, Nitin Galave, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu,
Vishal Suvagia, and Velmurugan Periasamy.
Bugs: RANGER-3502
https://issues.apache.org/jira/browse/RANGER-3502
Repository: ranger
Description
---
Currently get zones API returns all zones even for users who are not authorized
to zone modules. Restrict this API to only users who are authorized to zone
module.
Steps to reproduce:
Create a internal user name, test_user1
Remove the permission on Security Zone module for a user
Login as test_user1 user to Ranger Admin, user should not be able to see
Security Zone tab
Access the API using following curls
1. curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
"Content-Type:application/json"
"https://:6182/service/zones/zones"
2. curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
"Content-Type:application/json"
"https://:6182/service/zones/zones/{ID}"
3. curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H
"Content-Type:application/json"
"https://:6182/service/zones/zones/name/{ZONE_NAME}"
Diffs (updated)
-
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
PRE-CREATION
agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
PRE-CREATION
security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
12ad7e676
security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
46ff16f37
security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
f5c1a882f
security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java
c30dba1ce
security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
204cadbf0
security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
fcf843370
security-admin/src/main/resources/META-INF/jpa_named_queries.xml 539d600c8
security-admin/src/main/webapp/scripts/controllers/Controller.js 74f2af513
security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js f7d3b7316
security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
11d471137
security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js
67a577c20
security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js 2acf35f3d
security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
e6ec81f27
security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
f9ea26a31
security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
d6384a694
Diff: https://reviews.apache.org/r/73673/diff/6/
Changes: https://reviews.apache.org/r/73673/diff/5-6/
Testing
---
1. mvn clean compile package install verify
2. Verified UI login with admin user
3. Verified curl (GET zones API) with admin user
4. Verified UI login with non-admin user having access to zone module
5. Verified curl (GET zones API) with non-admin user having access to zone
module
6. Verified UI login with non-admin user having NO access to zone module
7. Verified curl (GET zones API) with non-admin user having NO access to zone
module
8. Created /Updated deleted services
9. Created /Updated deleted policies
10. Created /Updated deleted zones & associated attached them to services
11. Verified behaviour on dashboard, report, access audit import & export
functionalities
Thanks,
Kishor Gollapalliwar
